The document discusses protecting critical infrastructure through a multi-layered cybersecurity approach. It notes the increasing dependence on ICTs and rising cyber threats. A coordinated response is needed across international, regional, and national levels. Key aspects include legal measures, technical/procedural measures, organizational structures, capacity building, and international cooperation. The ITU promotes cybersecurity strategies, drives implementation efforts, and fosters a global culture of cybersecurity through activities like its National CIRT Programme and Global Cybersecurity Index.

1. www.itu150.org
Protecting Critical Infrastructure
A multi-layered approach
Tomas Lamanauskas
Head, Corporate Strategy Division
21 April 2015

2. Committed to Connecting the World
2
The importance of Cybersecurity
• From industrial age to information societies
- Increasing dependence on the availability of ICTs
- Number of Internet users growing constantly (now 40% of world’s population)
• Statistics and reports show that cyber-
threats are on the rise
- The likely annual cost to the global economy from
Cybercrime is estimated at more than $455 billion
(Source: McAfee Report on Economic Impact of Cybercrime, 2013).
• Developing countries most at risk as they
adopt broader use of ICTs
- E.g. Africa leading in Mobile-broadband
penetration: almost 20% in 2014- up from less
than 2% in 2010 (Source: ITU ICT Statistics)
• Need for building cybersecurity capacity
- Protection is crucial for the socio-economic
wellbeing of a country in the adoption of new
technologies
Source: Symantec 2014 Internet Security Threat Report

3. Committed to Connecting the World
3
Critical Infrastructure Protection and Cybersecurity

4. Committed to Connecting the World
4

5. Committed to Connecting the World
Coordinated Response
Need for a multi-level response to the cybersecurity challenges
International Cooperation
frameworks and exchange of
information
Harmonization of legislation and best
practices at regional level
National strategies and policies
National response capabilities
Country level capacity building and training
International
Regional
National
5

6. Committed to Connecting the World
6

7. Committed to Connecting the World
7
Legal Measures
- Legal Measures
Strategy
- Government Legal
Authority
- Adequate
Cybercrime legislation
Technical/Proce
dural Measures
- National
Cybersecurity Goals
and Framework
- Secure Government
Infrastructure
- Global Technical
Collaboration
Organizational
Structures
- Government
Coordination
- National Focal Point
- National CIRT
- Public-Private
Partnerships
Capacity Building
- Cybersecurity Skills
and Training
- Culture of
Cybersecurity
- Cybersecurity
Innovation
International
Cooperation
- Multi-/Bilateral
collaboration
- Inter-Agency
Collaboration
Holistic Approach- Five areas of action

8. Committed to Connecting the World
8
ITU Activities

9. Committed to Connecting the World
ITU and Cybersecurity
2003 – 2005
WSIS entrusted ITU as sole facilitator for WSIS Action Line C5
“Building Confidence and Security in the use of ICTs”
2007
ITU Secretary-General launched the Global Cybersecurity
Agenda (GCA). A framework for international cooperation in
cybersecurity
2008 - 2010
ITU Membership endorsed the GCA as the ITU-wide strategy on
international cooperation.
In 2008 the Child Online Protection Initiative was launched, as
an international and multistakeholder collaborative framework
fostering the protection of children online 9

10. Committed to Connecting the World
10
100 National CIRTs Worldwide
Need to fill the gaps
National CIRTs are in the first line of cyber-response
• Providing incident response support;
• Dissemination of early warnings and
alerts
• Facilitating communications and
information sharing among stakeholders
• Developing mitigation and response
strategies and coordinating incident
response
• Sharing data and information about the
incident and corresponding responses
• Publicising best practices in incident
response and prevention advice
• Coordinating international cooperation on
cyber incidents

11. Committed to Connecting the World
11
National CIRT Programme
 Assess existing capability
of/need for national
cybersecurity mechanisms
 On-site assessment through
meetings, training, interview
sessions and site visits
 Form recommendations for plan
of action (institutional,
organizational and technical
requirements)
 Implement based on the identified
needs and organizational structures
of the country
 Assist with planning,
implementation, and operation of
the CIRT.
 Continued collaboration with the
newly established CIRT for
additional support
 Capacity Building and trainings on
the operational and technical details
 Exercises organized at both
regional and international
levels
 Help enhance the
communication and
response capabilities of the
participating CIRTs
 Improve overall
cybersecurity readiness in
the region
 Provide opportunities for
public-private cooperation

12. Committed to Connecting the World
12
ITU’s National CIRT Programme
• Assessments conducted for 64 countries
• Implementation completed for 9 countries
​Burkina Faso, Côte d'Ivoire, Cyprus, Ghana, Kenya​, Montenegro, Tanzania, Uganda, Zambia
• Implementation in progress for 6 countries
Barbados, ​Burundi, Gambia, Jamaica, Lebanon​, Trinidad and Tobago
• 9 cyber drills conducted with participation of over 100
countries
Organized in Myanmar, Jordan, Bulgaria, Uruguay, Oman, Lao P.D.R., Turkey, Peru, Zambia

13. Committed to Connecting the World
Objective
The Global Cybersecurity Index (GCI)
measures and ranks each nation state’s
level of cybersecurity development in five
main areas:
• Legal Measures
• Technical Measures
• Organizational Measures
• Capacity Building
• National and International Cooperation
Goals
- Promote cyberesecurity strategies at a
national level
- Drive implementation efforts across
industries and sectors
- Integrate security into the core of
technological progress
- Foster a global culture of cybersecurity
13
Final Global and Regional Results 2014 are on ITU Website
Next iteration in progress

14. Committed to Connecting the World
14
Enhancing Cybersecurity in Least Developed Countries project
Aims at supporting the 49 Least Developed Countries in strengthening their cybersecurity
capabilities.
How
• Assessment for selected key government ministries &
subsequent solutions provision
• Capacity building through training of trainers, workshops,..
• Customised guidelines on legislation, regulation and technologies
End Result
• protection of their national infrastructure, including the critical information
infrastructure, thereby making the Internet safer and protecting Internet users
• serve national priorities and maximize socio-economic benefits in line with the
objectives of the World Summit on the Information Society (WSIS) and the Millennium
Development Goals (MDGs).
We are only as secure as our weakest link
Implemented in 4 countries
Different stages of planning/implementation in 15 more

15. Committed to Connecting the World
Economic Impact
of Standardization
Adds 0.3% - 1% to
the GDP
Source: European Commission
ITU-T Study Group 17 – Security
• Over 300 standards (ITU-T Recommendations)
relevant to security
• Key areas of current work:
• Cybersecurity
• Child Online Protection
• Security architectures and frameworks
• Countering spam
• Identity management
• Security of applications and services
for the Internet of Things, web
services, social networks, cloud
computing and Big Data
Standardization
15

16. Committed to Connecting the World
16
Capacity building initiatives, joint consultations and more.
Best practices in cybercrime legislations, joint technical assistance to member
states, information sharing
Tap on expertise of globally recognized industry players and accelerate
info sharing with ITU member states
Building a global partnership
Collaboration with ABI Research – The Global Cybersecurity Index (GCI)
Collaboration with FIRST – To share best practices on computer incident response, engage
in joint events, facilitate affiliation of national CIRTS of member states
Collaboration with Member States – Regional Cybersecurity Centres

17. Committed to Connecting the World
UN-wide cooperation mechanisms
UN-wide Framework on Cybersecurity and Cybercrime (2013)
 Developed by ITU and UNODC along with 33 UN Agencies.
 Enables enhanced coordination among UN entities in their response to
concerns of Member States regarding cybercrime and cybersecurity
UN System Internal Coordination Plan on Cybersecurity and
Cybercrime (2014)
 Developed building on the UN-wide Framework on Cybersecurity and
Cybercrime upon request by the UN Secretary-General, Mr. Ban Ki-moon
 Designed as a guide to improve the internal coordination activities of the
UN system organizations on related matters
17

18. Committed to Connecting the World
• Cyberdrill for African Region
5-7 May 2015, Kigali, Rwanda
• Cyberdrill for Arab Region
17-19 May 2015, Hurghada, Egypt
• Capacity Building Programme on Critical National Infrastructure Protection
20-21 May 2015, Hurghada, Egypt
• International Conference on Computer Security in a Nuclear World: Expert
Discussion and Exchange
1-5 June 2015, Vienna, Austria. Organized by IAEA in cooperation with
INTERPOL, ITU, UNICRI and IEC
18
Upcoming Relevant Events

19. 19
Thank You
www.itu.int/cybersecurity www.itu150.org
tomas.lamanauskas@itu.int
itu150.org