itu national cybersecurity framework · joseph richardson [email protected] for ict...
TRANSCRIPT
InternationalTelecommunicationUnion
Committed to Connecting the World
ITU National Cybersecurity ITU National Cybersecurity FrameworkFramework
16 July 2008
Joseph [email protected]
forICT Applications and Cybersecurity Division
Policies and Strategies Department ITU Telecommunication Development Bureau
July 2008
Committed to Connecting the World
2
This Presentation
Introduce the ITU Cybersecurity FrameworkIdentify Issues for Implementing the Framework NationallyIntroduce the ITU Self-Assessment Toolkit
July 2008
Committed to Connecting the World
3
Why a Framework?
Why is a National Strategy needed?Cybersecurity/Critical Information Infrastructure Protection (CIIP) is a SHARED responsibilityAll “participants” must be involved
Appropriate to their roles
July 2008
Committed to Connecting the World
4
Participants
“Participants” responsible for cybersecurity:
“Government, business, other organizations, and individual users who develop, own, provide, manage, service and use information systems and networks”
– From “UNGA Resolution 57/239 Creation of a global culture of cybersecurity”
July 2008
Committed to Connecting the World
55
NationalStrategy
GovernmentIndustry
Collaboration
DeterringCybercrime
IncidentManagementCapabilities
Culture ofCybersecurity
ITU Cybersecurity Framework for National Action
July 2008
Committed to Connecting the World
6
Framework for Action
For each of these five elements, the Framework recommends:
POLICY: to guide national effortsGOALS: to implement the policySPECIFIC STEPS: to achieve goals
July 2008
Committed to Connecting the World
7international telecommunication union
July 2008
Committed to Connecting the World
8
Implementing the Framework Nationally
Actions by GovernmentCollaboration by other participants
July 2008
Committed to Connecting the World
9
Government ActionsProvide leadership, guidance and coordination
Identify lead persons and institutionsDevelop CSIRT with national responsibilityIdentify cooperative arrangements and mechanisms among all participantsIdentify international counterparts and relationshipsIdentify expertsEstablish integrated risk management processAssess and periodically reassess cybersecurityIdentify training requirements
July 2008
Committed to Connecting the World
10
ITU National Cybersecurity/CIIP Self–Assessment Toolkit
Intended to assist national authorities to review their domestic situation related to goals and actions identified in:
UN Resolutions 55/63 (2000) and 56/121 (2001): Combating the Criminal Misuse of Information Technologies Council of Europe’s Convention on Cybercrime (2001)
Adapted from work in APEC-TEL
http://www.itu.int/ITU-D/cyb/cybersecurity/projects/readiness.html
July 2008
Committed to Connecting the World
11
ITU Self–Assessment Toolkit
Based on Best Practices documentFocus: national management and policy levelIntended to assist national governments:
Understand existing national approachDevelop “baseline” re Best PracticesIdentify areas for attentionPrioritize national efforts
July 2008
Committed to Connecting the World
12
Considerations
No nation starting at ZERONo “right” answer or approachContinual review and revision neededAll “participants” must be involved
appropriate to their roles
July 2008
Committed to Connecting the World
13
The Self-Assessment Toolkit
Examines each element of Framework at management and policy level:
National StrategyGovernment - Industry CollaborationDeterring CybercrimeNational Incident Management CapabilitiesCulture of Cybersecurity
July 2008
Committed to Connecting the World
14
The Self-Assessment Toolkit
Looks at organizational issues for each element of Framework:
The peopleThe institutionsThe relationshipsThe policiesThe proceduresThe budget and resources
July 2008
Committed to Connecting the World
15
The Self-Assessment Toolkit
Identifies issues and poses questions:
What Actions have been taken?What Actions are planned?What Actions are to be considered?What is the Status of these actions?
July 2008
Committed to Connecting the World
16
The Framework and Self-Assessment Toolkit
Objective: assist nations organize and manage national efforts to
PreventPrepare forProtect againstRespond to, andRecover from cybersecurity incidents.
July 2008
Committed to Connecting the World
17
Next Steps
What are the next stepsfor your nation?for your region?
July 2008
Committed to Connecting the World
18
International Telecommunication
Union
Committed to connecting the world