Internet Governance Forum

1

• Forum on Next Generation Network Standardization
• Colombo, Sri Lanka, 7-10 April 2009

ITU Global Cybesercurity Agenda and ITU-T SG17
activities on Cybersecurity

Paolo Rosa Head, Workshops and Promotion
Division Telecommunication Standardization
Bureau
2
ITU Cybersecurity activities
WSIS Action Line C.5Building Confidence and
security in the use of ICTs http//www.itu.int/wsi
s/c5/index.html
ITU Global Cybersecurity AgendaFramework for
international cooperation in Cybersecurity
ITU Cybersecurity GatewayInformation resource
on Cybersecurity
3
Strategic direction
Cybersecurity one of the top priorities of the
ITU

• WSIS Action Line C5, Building confidence and
  security in use of ICTs
• A fundamental role of ITU, following the World
  Summit on the Information Society (WSIS) and the
  2006 ITU Plenipotentiary Conference is to build
  confidence and security in the use of ICTs.
• At the WSIS, world leaders and governments
  designated ITU to facilitate the implementation
  of WSIS Action Line C5, Building confidence and
  security in the use of ICTs.
• In this capacity, ITU is seeking consensus on a
  framework for international cooperation in
  cybersecurity to reach a common understanding of
  cybersecurity threats among countries at all
  stages of economic development.

4
Strategic direction II

• Plenipotentiary Resolution 130 (2006),
  Strengthening the role of ITU in building
  confidence and security in the use of information
  and communication technologies Instructs
  Director of TSB to intensify work in study
  groups, address threats vulnerabilities,
  collaborate, and share information
• Plenipotentiary Resolution 149 (2006), Study of
  definitions and terminology relating to building
  confidence and security in the use of information
  and communication technologies - Instructs
  Council to study terminology

5
Strategic Direction III

• WTSA-08 Resolution 50, Cybersecurity Instructs
  Director of TSB to develop a plan to undertake
  evaluations of ITU-T existing and evolving
  Recommendations, and especially signalling and
  communications protocol Recommendations with
  respect to their robustness of design and
  potential for exploitation by malicious parties
  to interfere destructively with their deployment
• WTSA-08 Resolution 52, Countering and combating
  spam Instructs relevant study groups to
  develop, as a matter of urgency, technical
  Recommendations, including required definitions,
  on countering spam
• WTSA-08 Resolution 58, Encourage the creation of
  national Computer Incident Response Teams,
  particularly for developing countries instructs
  the Director of TSB, in collaboration with the
  Director of BDT to identify best practices to
  establish CIRTs to identify where CIRTs are
  needed to collaborate with international experts
  and bodies to establish national CIRTs to
  provide support, as appropriate, within existing
  budgetary resources to facilitate collaboration
  between national CIRTs, such as capacity building
  and exchange of information, within an
  appropriate framework

6
Cybersecurity Cyberspace
7
Draft new ITU-T Rec.X1205Overview of
Cybersecurity

• Cybersecurity collection of tools, policies,
  guidelines, risk management approaches, actions,
  training, best practices, assurance and
  technologies that can be used to protect the
  cyberspace against relevant security risks such
  as unauthorized access, modification, theft,
  disruption, or other threats
• Cyberspace the cyber environment including
  software, connected computing devices, computing
  users, applications/services, communications
  systems, multimedia communication, and the
  totality of transmitted and/or stored information
  connected directly or indirectly to the Internet.
  It includes hosting infrastructures and isolated
  devices

8
Changing nature of cyberspace
Source Presentation materials at ITU workshop on
Ubiquitous Network Societies, April 2005.
9
Threats in cyberspace

• Inherited architecture of the Internet was not
  designed to optimize security
• Constant evolution of the nature of cyberthreats
• Low entry barriers and increasing sophistication
  of cybercrime
• Constant evolution in protocols and algorithms
• Loopholes in current legal frameworks
• Introduction of Next-Generation Networks (NGN)
• Convergence among ICT services and networks
• Network effects risks far greater
• Possibility of anonymity on the Internet
• Absence of appropriate organizational structures
• Internationalization requires cross-border
  cooperation
• Vulnerabilities of software applications

10
Attackers, hackers and intruders(generally users
cannot be trusted)

• Taxonomy of security threats
• Unauthorized illegal access insufficient
  security measures autent./author/unprotected
  passwords
• IP spoofing assume a trusted host identity,
  disable host, assume attackers identity, access
  to IP addresses)
• Network sniffers read source and destination
  addressess, passwords,data
• Denial of Service (DoS) connectivity, network
  elements or applications availability
• Bucket brigade attacks messages
  interception/modificat.
• Back door traps placed by system developers /
  employees /operating system/created by virus
• Masquerading accessto the network as false
  legitimate personnel
• Reply attacks read authentication information
  from messages
• Modification of messages without detection
• Insider attacks legitimate users behave in
  unauthorized way, needed perdiodical auditing
  actions, screening of personnel, hardware and
  software

11
Challenges Policy

• Lack of relevant cybercrime and anti-spam
  legislation
• Establish where none
• Base model law needed (which is separate ITU
  initiative)
• Modify existing cybercrime/spam laws where needed
  to reflect botnet-related crime
• Capacity building for regulators, police,
  judiciary
• Training existing officials may be supplemented
  by co-opting or active recruitment of technical
  experts
• Weak international cooperation and outreach
• Participation in local, regional and
  international initiatives
• Engagement of relevant government, regulators,
  law enforcement with peers and other stakeholders
  around globe
• Targeted outreach to countries and stakeholders
  known to be particularly vulnerable to cybercrime

12
The Global Cybersecurity Agenda (GCA)
Launched in May 2007 by the ITUs
Secretary-General, Dr. Hamadoun Touré on World
Telecommunication and Information Society Day
GCA a ITU framework for international
cooperation aimed at proposing strategies for
solutions to enhance confidence and security in
the use of ICTs, built on existing national and
regional initiatives, avoiding duplication and
encouraging e collaboration
17 May 2007, International Herald Tribune
9 July 2007 UN Secretary-General Historic visit
to ITU
13
Global Cybersecurity Agenda Framework for
International Cooperation in Cybersecurity
Leveraging expertise for international
consensus On a Global level, from government,
international organizations to industry For a
Harmonized approach to build synergies between
initiatives Through Comprehensive strategies on
all levels in 5 work areas
14
ITUs Global Cybersecurity Agenda Global
Strategic Report

• Legal Measures
• International investigations depending
• on reliable means of cooperation
• and effective harmonization
• of laws
• Technical and Procedural Measures
•  Organizational Structures
• Capacity Building
• International Cooperation

15
Current GCA Projects
Curbing Cyberthreats IMPACT Partnership with the
International Multilateral Partnership Against
Cyber-Threats (IMPACT)  
Child Online Protection COP The Child Online
Protection (COP) initiative in partnership with
organizations from around the world
16
ITU-IMPACT Collaboration
IMPACT is the physical home for the GCA,
providing expertise and facilities for all ITU
Member States to address global cyber-threats
17
Child Online Protection (COP) Internet Governance
Forum Action for Global Cybersecurity

• An unique initiative bringing together partners
  from all sectors of the international community
  with the aim of creating a safe online experience
  for children everywhere.
• Key Objectives
• Identify the main risks and vulnerabilities to
  children in cyberspace
• Create awareness of the risks and issues through
  multiple channels
• Develop practical tools to help governments,
  organizations and educators minimize risk
• Share knowledge and experience while facilitating
  international strategic partnerships to define
  and implement concrete initiatives

18
The High Level Segment (Council)

• Held on the opening of the ITU council meetings
• Participation of Ministers
• Questions addressed
• Greatest cyberthreats faced worldwide
• Key elements to formulate national strategies and
  to prevent cybercrime
• Role of governments in promoting a cibersecurity
  culture
• Highest priority activities to address current
  and emerging cyberthreats

19
ITU-T SG 17 SecurityResponsible for studies
relating to security including cybersecurity,
countering spam and identity management. Also
responsible for the application of open system
communications including directory and object
identifiers, and for technical languages, the
method for their usage and other issues related
to the software aspects of telecommunication
systems.

• Study Group 17 is the lead study group in the
  ITU-T for security responsible for
• Coordination of security work
• Development of core Recommendations
• Most of the other study groups have
  responsibilities for standardizing security
  aspects specific to their technologies, e.g.,
• SG 2 for TMN security
• SG 9 for IPCablecom security
• SG 13 for NGN security
• SG 16 for Multimedia security

20
ICT security standards roadmap

• Part 1 contains information about organizations
  working on ICT security standards
• Part 2 is database of existing security standards
  and includes ITU-T, ISO/IEC JTC 1,IETF, IEEE,
  ATIS, ETSI and OASIS security standards
• Part 3 is a list of standards in development
• Part 4 identifies future needs and proposed new
  standards
• Part 5 includes Security Best Practices

http//www.itu.int/ITU-T/studygroups/com17/ict/
21

• ITU-T SG 17 structure

• Working Party 1 Network and information security
• Q 1 Telecommunications systems security project
• Q 2 Security architecture and framework
• Q 3 Telecommunications information security
  management
• Q 4 Cybersecurity
• Q 5 Countering spam by technical means

Forum on Next Generation Network
Standardization Colombo, Sri Lanka, 7-10 April
2009
21 of 37
22

• ITU-T SG 17 structure (cont.)

• Working Party 2 Application security
• Q 6 Security aspects of ubiquitous
  telecommunication services
• Q 7 Secure application services
• Q 8 Telebiometrics
• Q 9 Service oriented architecture security

Forum on Next Generation Network
Standardization Colombo, Sri Lanka, 7-10 April
2009
22 of 37
23

• ITU-T SG 17 structure (cont.)

• Working party 3 Identity management and
  languages
• Q 10 Identity management architecture and
  mechanisms
• Q 11 Directory services, Directory systems, and
  public-key/attribute certificates
• Q 12 Abstract Syntax Notation One (ASN.1),
  Object Identifiers (OIDs) and associated
  registration
• Q 13 Formal languages and telecommunication
  software
• Q 14 Testing languages, methodologies and
  framework
• Q 15 Open Systems Interconnection (OSI)

Forum on Next Generation Network
Standardization Colombo, Sri Lanka, 7-10 April
2009
23 of 37
24

• Core Security Recommendations

• Strong ramp-up on developing core security
  Recommendations in SG 17
• 14 approved in 2007
• 27 approved in 2008
• 56 under development for approval this study
  period
• Subjects include
• Architecture and Frameworks ? Web services ?
  Directory
• Identity management ? Risk management ?
  Cybersecurity
• Incident management ? Mobile security ?
  Countering spam
• Security management ? Secure applications ?
  Telebiometrics
• Ubiquitous Telecommunication services ? SOA
  security
• Ramping up on
• ? Traceback ? Ubiquitous sensor networks
• Collaboration with others on many items

Forum on Next Generation Network
Standardization Colombo, Sri Lanka, 7-10 April
2009
24 of 37
25

• Challenges

• Addressing security to enhance trust and
  confidence of users in networks, applications and
  services
• Balance between centralized and distributed
  efforts on developing security standards
• Legal and regulatory aspects of cybersecurity,
  spam, identity/privacy
• Address full cycle vulnerabilities, threats
  and risk analysis prevention detection
  response and mitigation forensics learning
• Uniform language for security terms and
  definitions
• Effective cooperation and collaboration across
  the many bodies doing cybersecurity work within
  the ITU and with external organizations
• Keeping ICT security database up-to-date

Forum on Next Generation Network
Standardization Colombo, Sri Lanka, 7-10 April
2009
25 of 37
26

• SG 17 Security Project 1/3
• (Major focus is on coordination and outreach)

• Security coordination
• ISO/IEC/ITU-T Strategic Advisory Group Security
• Oversees standardization activities in ISO, IEC
  and ITU-T relevant to security provides advice
  and guidance relative to coordination of security
  work and, in particular, identifies areas where
  new standardization initiatives may be warranted.
• Portal established
• Workshops conducted
• Global Standards Collaboration
• ITU and participating standards organizations
  exchange information on the progress of standards
  development in the different regions and
  collaborate in planning future standards
  development to gain synergy and to reduce
  duplication. GSC- 13 resolutions concerning
  security include
• GSC-13/11 Cybersecurity
• GSC-13/04 Identity Management
• GSC-13/03 Network aspects of identification
  systems
• GSC-13/25 Personally Identifiable Information
  Protection

Forum on Next Generation Network
Standardization Colombo, Sri Lanka, 7-10 April
2009
26 of 37
27
SG 17 Security Project 2/3 (Major focus is on
coordination and outreach)

• Security coordination (cont.)

Cybersecurity Rapporteur group adopted a focussed
action plan including outreach and collaboration
with other organizations addressing cybersecurity
and infrastructure protection. Basic needs to
identify and effecting lines of communication
among all these organizations. Address the
needs of countries with lack in resources and
part of the global network cybersecurity and
vulnerability mosaic.
Forum on Next Generation Network
Standardization Colombo, Sri Lanka, 7-10 April
2009
27 of 37
28
SG 17 Security Project 4/4

• Security Compendium
• Includes catalogs of approved security-related
  Recommendations and security definitions
  extracted from approved Recommendations
• Security Standards Roadmap
• Includes searchable database of approved ICT
  security standards from ITU-T and others (e.g.,
  ISO/IEC, IETF, ETSI, IEEE, ATIS)
• ITU-T Security Manual
• Assisted in its development

29

• Security standardization strategy

1. Assure the continued relevance of security
standards by keeping them current with
rapidly-developing telecommunications
technologies and operators trends. (in
e-commerce, e-payments, e-banking, telemedicine,
fraud-monitoring, fraud-management, fraud
identification, digital identity infrastructure
creation, billing systems, IPTV, Video-on-demand,
grid network computing, ubiquitous networks,
etc.). 2. Give attention to the issue of trust
between network providers and communication
infrastructure vendors, in particular, in terms
of communication hardware and software security.
Forum on Next Generation Network
Standardization Colombo, Sri Lanka, 7-10 April
2009
29 of 37
30

• Identity Management Overall objectives

• a security enabler by providing trust in the
  identity of both parties to an e-transaction
• a very important capability for significantly
  improving security and trust
• 3. provides Network Operators an opportunity to
  increase revenues by offering advanced
  identity-based services
• 4. ITU-Ts IdM work on global trust and
  interoperability of diverse IdM capabilities in
  telecommunications focused on leveraging and
  bridging existing solution

Forum on Next Generation Network
Standardization Colombo, Sri Lanka, 7-10 April
2009
30 of 37
31

• Recommendations in progress

• First IdM Recommendations for ITU-T SG 17
• X.1250, Capabilities for global identity
  management trust and interoperability
• X.1251, A framework for user control of digital
  identity
• And one Supplement approved
• Supplement to X.1250-series, Overview of IdM in
  the context of cybersecurity
• Many additional IdM Recommendations are under
  development (specially IdM terms and definitions)

Forum on Next Generation Network
Standardization Colombo, Sri Lanka, 7-10 April
2009
31 of 37
32
Survey of developing countries ICT security needs

• Questionnaire initiated May 2008
• Key Results
• The overall level of concern about cyber security
  is high
• There is a high level of interest in the
  possibility of obtaining advice and/or assistance
  on ICT security from the ITU
• The ITU needs to do better in promoting its ICT
  security products
• Details of analysis at
• http//www.itu.int/dms_pub/itu-t/oth/0A/0D/T0A0D00
  00180001PDFE.pdf

33
Challenges
Addressing security to enhance trust and
confidence of users in networks, applications and
services

• With global cyberspace, what are the security
  priorities for the ITU with its government /
  private sector partnership?
• Balance between centralized and distributed
  efforts on developing security standards
• Legal and regulatory aspects of cybersecurity,
  spam, identity/privacy
• Address full cycle vulnerabilities, threats
  and risk analysis prevention detection
  response and mitigation forensics learning
• Uniform definitions of cybersecurity terms and
  definitions
• Effective cooperation and collaboration across
  the many bodies doing cybersecurity work within
  the ITU and with external organizations
• Keeping ICT security database up-to-date
• There is no silver bullet for cybersecurity

34
Some useful web resources

• ITU Global Cybersecurity Agenda (GCA)
  http//www.itu.int/osg/csd/cybersecurity/gca/
• ITU-T Home page http//www.itu.int/ITU-T/
• Study Group 17 http//www.itu.int/ITU-T/studygroup
  s/com17/index.asp
• e-mail tsbsg17_at_itu.int
• LSG on Security http//www.itu.int/ITU-T/studygrou
  ps/com17/tel-security.html
• Security Roadmap http//www.itu.int/ITU-T/studygro
  ups/com17/ict/index.html
• Security Manual http//www.itu.int/publ/T-HDB-SEC.
  03-2006/en
• Cybersecurity Portal http//www.itu.int/cybersecur
  ity/
• Cybersecurity Gateway http//www.itu.int/cybersecu
  rity/gateway/index.html
• ITU-T Recommendations http//www.itu.int/ITU-T/pu
  blications/recs.html
• ITU-T Lighthouse http//www.itu.int/ITU-T/lighthou
  se/index.phtml
• ITU-T Workshops http//www.itu.int/ITU-T/worksem/
  index.html

35

• Thank you!
• Paolo Rosa
• paolo.rosa_at_itu.int

Forum on Next Generation Network
Standardization Colombo, Sri Lanka, 7-10 April
2009
35 of 37
36

• ADDITIONAL SLIDES

37
ITU GCA main goals

• Elaboration of strategies to
• develop a model cybercrime legislation globally
  applicable, interoperable with existing national
  / regional legislative measures
• create national and regional organizational
  structures and policies on cybercrime
• establish globally accepted minimum security
  criteria and accreditation schemes for software
  applications and systems
• create a global framework for watch, warning and
  incident response to ensure cross-border
  coordination of initiatives
• create and endorse a generic and universal
  digital identity system and the necessary
  organizational structures to ensure the
  recognition of digital credentials for
  individuals across geographical boundaries
• develop a global strategy to facilitate human and
  institutional capacity-building to enhance
  knowledge and know-how across sectors and in all
  the above-mentioned areas
• advice on potential framework for a global
  multi-stakeholder strategy for international
  cooperation, dialogue and coordination in all the
  above-mentioned areas.

38
Initiatives

• ITUs Global Cybersecurity Agenda housed in new
  centre in Malaysia
• The International Multilateral Partnership
  Against Cyber Threats (IMPACT) headquarters in
  Cyberjaya (Kuala Lumpur) to focus on
  strengthening network security 20 March 2009
• ITUs Telecommunication Development Bureau (BDT)
  will facilitate the deployment of IMPACT
  services, such as the Global Response Centre,
  which aims at providing state-of-the-art
  cybersecurity capabilities for ITU Member States
  to strengthen network security worldwide.

39

• ITU-T SG 17 structure

Recommendations under development in WP1
Guidelines on security of the individual information service for operators ? Architecture of external interrelations for a telecommunication network security system ? Information security governance framework ? Information security management framework for telecommunications ? Requirement of security information sharing framework ? Abnormal traffic detection and control guideline for telecommunication network ? Frameworks for botnet detection and response ? Digital evidence exchange file format ? Guideline on preventing malicious code spreading in a data communication network? Mechanism and procedure for distributing policies for network security ? Framework for countering cyber attacks in SIP-based services? Traceback use cases and capabilities ? Framework for countering IP multimedia spam ? Functions and interfaces for countering email spam sent by botnet ? Technical means for countering spam Interactive countering spam gateway system ? Technical means for countering VoIP spam
Forum on Next Generation Network
Standardization Colombo, Sri Lanka, 7-10 April
2009
39 of 37
40
ITU-T SG 17 structure
Recommendations under development in WP2
? Functional requirements and mechanisms for secure transcodable scheme of IPTV ? Key management framework for secure IPTV services ? Algorithm selection scheme for SCP descrambling ? SCP interoperability scheme ? Security requirement and framework for multicast communication ? Security aspects of mobile multi-homed communications ? Security framework for ubiquitous sensor network ? USN middleware security guidelines ? Secure routing mechanisms for wireless sensor network ? SAML 2.0 ? XACML 2.0 ? Security requirements and mechanisms of peer-to-peer-based telecommunication network ? Management framework for one time password based authentication service ? Security framework for enhanced web based telecommunication services ? Telebiometrics issues
Forum on Next Generation Network
Standardization Colombo, Sri Lanka, 7-10 April
2009
40 of 37
41

• ITU-T SG 17 structure

Recommendations under development in WP3
? Baseline capabilities for enhanced global identity management trust and interoperability ? A framework for user control of digital identity Entity authentication assurance ? Extended validation certificate Common identity data model ? Framework architecture for interoperable identity management systems ? IdM terms and definitions ? Security guidelines for identity management systems ? Criteria for assessing the level of protection for personally identifiable information in identity management ? Guideline on protection for personally identifiable information in RFID applications ? Object identifier resolution system ? UML profile for ASN.1 ? Information technology reference model issues ? SDL issues ? Message sequence chart (MSC) issues ? User requirements notation (URN) issues ? Testing and test control notation issues
Forum on Next Generation Network
Standardization Colombo, Sri Lanka, 7-10 April
2009
41 of 37
42

• Business use of telecommunications/ICT top
  security standards

• The report will consist of summary sheets for
  analysed top security standards
• ? Status and summary of standards ? Who does the
  standard affect? ? Business benefits ?
  Technologies involved ? Technical implications
• ITU-T SG 17 seeks comment on the work activity
  from the ITU-D and other standards development
  organizations. Specifically, your views on the
  following would be appreciated
• Do you agree that this work activity would be
  useful to organizations and/or DC/CETs planning
  to deploy telecommunications/ICT security
  systems?
• Does your organization have existing information
  that may be related to this work activity or that
  may be used to progress this work?
• Does your organization have contact with DC/CETs
  that may further elaborate on their needs and
  detail the information they may find most useful
  to capture in the activity output?
• Does your organization have any suggestions to
  provide additional detail regarding the proposed
  summary sheet elements or criteria to select
  standards?
• Would your organization be willing to assist the
  ITU-T SG 17 in progressing this work?
• ITU-T SG 17 welcomes your consideration and your
  response on this matter.

Forum on Next Generation Network
Standardization Colombo, Sri Lanka, 7-10 April
2009
42 of 37
43
The High Level Segment HLEG

• Held on the opening of the ITU council meetings
• Participation of Ministers
• Questions addressed
• Greatest cyberthreats faced worldwide
• Key elements to formulate national strategies and
  to prevent cybercrime
• Role of governments in promoting a cibersecurity
  culture
• Highest priority activities to address current
  and emerging cyberthreats

44
HLS 2008 Sessions on Cybersecurity II

• Managing cyberthreats through harmonized
  policies and organizational structures
• Objective to examine how cyberthreats can be
  detected and managed effectively through
  harmonized policies and improved organization
  structures.
• The absence of effective institutions to deal
  with cyber-attacks is a major issue. Some
  countries have established specific agencies with
  watch, warning and incident response
  capabilities. Other countries prefer to promote
  capacity to deal with cyber-incidents within
  existing law enforcement agencies. What lessons
  can be learned from the experience of different
  countries? And how can cooperation and the flow
  of information between national institutions be
  improved?

45
High-Level Segment (HLS) of Council 2008 Geneva,
12-13 November 2008

• Designed to provide Ministers and Councillors
  with an opportunity to exchange views on issues
  of strategic importance to the Union and on
  emerging trends in the sector. This year,
  speakers offered their perspectives on Climate
  Change and Cybersecurity.
• Inaugurated by two Heads of State, H.E. Mr Paul
  Kagame, President of Rwanda, and H.E. Mr Blaise
  Compaoré, President of Burkina Faso, as well as
  by United Nations Secretary-General Mr Ban
  Ki-moon via video message.
• Attended by some 400 participants, 21 Ministers,
  Ambassadors and heads of regulatory organizations
  and UN agencies.

46
HLS 2008 Sessions on Cybersecurity 1/2

• Managing cyberthreats through harmonized
  policies and organizational structures
• Objective to examine how cyberthreats can be
  detected and managed effectively through
  harmonized policies and improved organization
  structures.
• Addressing the technical and legal challenges
  related to the borderless nature of cybercrime
• Objective to consider how the technical and
  legal challenges associated with cybercrime can
  best be addressed.

47
HLS 2008 Sessions on Cybersecurity 2/2

• Be Safe Online A Call to Action
• Objective What can be done and what should be
  done to protect our most valuable resource our
  children?
• ITU Global Cybersecurity Agenda Towards an
  International Roadmap for Cybersecurity
• Objective How the framework and expert proposals
  developed within the GCA can help countries
  promote cybersecurity.

48
HLS 2008 Sessions on Cybersecurity III

• Addressing the technical and legal challenges
  related to the borderless nature of cybercrime
• Objective to consider how the technical and
  legal challenges associated with cybercrime can
  best be addressed.
• Threats to cybersecurity are global in nature.
  Cybercriminals can strike at will, exploiting
  technical vulnerabilities and legal loopholes
  through cross-border operations that show no
  respect for geographical boundaries or
  jurisdictional borders. This makes it difficult
  for any single national or regional legal
  framework to address cyberthreats effectively.
  What are the major challenges countries face in
  fighting cybercrime? How can countries deal with
  these challenges?

49
HLS 2008 Sessions on Cybersecurity IV

• Be Safe Online A Call to Action
• Objective What can be done and what should be
  done to protect our most valuable resource our
  children?
• The most vulnerable Internet users online are
  children. In industrialized countries, as many as
  60 of children and teenagers use online
  chatrooms regularly, and evidence suggests that
  as many of three-quarters of these may be willing
  to share personal information in exchange for
  online goods and services. In some countries, as
  many as one in five children may be targeted by a
  predator or paedophile each year. These trends
  are increasingly true in many emerging and
  developing countries as well.

50
HLS 2008 Sessions on Cybersecurity V

• ITU Global Cybersecurity Agenda Towards an
  International Roadmap for Cybersecurity
• Objective How the framework and expert proposals
  developed within the GCA can help countries
  promote cybersecurity.
• There are many valuable national and regional
  initiatives underway to promote cybersecurity.
  However, the growing global cyberthreats need a
  global basis on which they can be addressed. On
  17 May 2007, the ITU Secretary-General Dr.
  Hamadoun Touré launched the Global Cybersecurity
  Agenda (GCA) as a framework for international
  cooperation to promote cybersecurity and enhance
  confidence and security in the information
  society. The GCA seeks to encourage collaboration
  amongst all relevant partners in building
  confidence and security in the use of ICTs.