Legal Frameworks for ICTs Building Capacity and Implementing Regulation St. Julian’s Malta 4 – 8 March 2013

1. Legal Frameworks for ICTs Building Capacity and Implementing Regulation St. Julian’s Malta 4 – 8 March 2013 Relevant activities of ITU on cybersecurity

2. Legal Measures • ITU and UNODC MoU • Understanding Cybercrime: a Guide for Developing Countries, 6th Edition, Sep. 2012 • Compendium: status of cybercrime legislations in countries, national strategies and CIRTs

3. Legal Measures ITU-EC Projects • Three sub-projects launched to address specific needs of each region • HIPCAR (15 countries): Enhancing competitiveness in the Caribbean through the harmonization of ICT Policies, Legislation and Regulatory Procedures; • HIPSSA (43 countries): Support for harmonization of the ICT Policies in Sub-Saharan Africa; • ICB4PAC (15 countries): Capacity Building and ICT Policy, Regulatory and Legislative Frameworks Support for Pacific Countries.

4. ITU-D Sector Members • Industry leaders in cybersecurity became sector members of ITU-D • Symantec, Kaspersky Labs, (ISC)2,ABI Research are some of the big names that joined ITU-D.

5. ITU-IMPACT Partner Countries 2013 – 145 Partner Countries Jamaica ‐ 145th country to join the ITU‐IMPACT coalition on January 2013

6. ITU-IMPACT Services Global Services Deployment

7. CIRT Readiness Assessment • Cybersecurity readiness assessment (conducted for over 40 countries) • The main objective is to study and evaluate the partner country CIRT's structure and capability to ensure that cybersecurity incidents, intrusion attempts, and emergencies are appropriately managed to levels consistent with industry standards and good business practices • ITU-IMPACT reports on key issues and analysis, recommending a phased implementation plan for national CIRT. • CIRT assessment already done in • Africa • Arab • Asia Pacific • CIS • Caribbean • 41 countries covered • Some 10 countries foreseen in 2013 • Europe • South America

8. CIRT Deployment Computer Incident Response Team • To assist countries to setup national CIRTs to proactively manage cyber incidents and responding to cyber threats • ITU-IMPACT has deployed 4 national CIRTs in 2012 • Montenegro • Zambia • Kenya • Burkina Faso • Planned Implementations for 2013 - 2014 • Trinidad and Tobago • Jamaica • Macedonia • Bhutan • Monaco • Uganda • Tanzania • Ivory Coast • Burundi • Barbados

10. ITU-IMPACT Regional Centre Arab Region • To further enhance nations’ capacity and capability in cybersecurity, the setting up of regional centres will help to provide a more concerted and regional efforts in this endeavour • The 1st regional centre will be hosted by Oman for the Arab region covering 22 nations. Oman will be represented by the Information Technology Authority (ITA) and Oman CERT (OCERT) • Countries in other regions have expressed interest to host centers for their respective regions.

11. Cyber Drill Applied Learning for Emergency Response Team (ALERT) • Designed to maintain and strengthen international cooperation between partner countries and ensure a continued collective efforts against cyber threats and exercises designed to enhance communication and incident response capabilities.   • The cyber drill simulation runs through a scenario with each participating country divided into two roles, representing a player and an observer • Cyber drills conducted: • Dec 2011 – Cambodia, Lao, Vietnam & Myanmar (4 CERTs) • July 2012 – Qatar, Oman, Sudan, Egypt, Tunisia & UAE (5 CERTs) • Oct 2012 – Europe & CIS Region (8 CERTs) • Cyber Drills planned for 2013 • Asia-Pacific Region– Host Country: Sri Lanka • Africa – 2stQuarter 2013 • South America – 2nd Quarter 2013 • Caribbean – 3rd Quarter 2013 • UN Agencies – 4th Quarter 2013

12. Collaboration INTERPOL • In expanding collaborations, IMPACT have signed MoU with Interpol during the General Assembly in Rome on 6th November, under the framework of ITU-IMPACT • Memorandum of Understanding (MoU) will see collaboration in the following areas: • To promote capacity building in the area of cybersecurity • To share and exchange information on digital forensics, malware and information relevant to cybersecurity • To assist in cybercrime investigation • Cybercrime Investigation • ITU-IMPACT initiated malware investigations in 2012 with Kaspersky Labs. • Kaspersky Labs detected the Flame & Gauss malware. ITU-IMPACT issued the alert to all 145 countries • ITU-IMPACT immediately made the tool available to all its 144 partner countries globally and this collaboration and effort has helped nations mitigate these attacks that could have potentially cause major disruption any economic losses to these nations

13. ITU-LDC Project • Objectives: • To enhance capacity, capability, readiness, skill and knowledge of LDC countries in the area of cybersecurity; • To assist participating countries in conducting assessment for selected key government ministries and subsequently enhance the state of readiness for mitigating cyber threats

14. Child Online Protection • ITU is in the second phase of concrete activities under the COP Global Initiative, launched by the ITU Secretary-General in November 2010 together with a new COP patron, H.E. Laura Chinchilla, President of Costa Rica. • June 2012: A regional working group was created in order to develop an Arab regional legal framework on COP, following the ITU Regional Workshop on Legal Aspects of COP in the Arab Region. • July 2012: Over 10 Arab States participated in the ITU-IMPACT Arab region cybersecurity workshop. • October 2012: ITU, in partnership with the Commonwealth Telecommunication Organization (CTO), began to facilitate the establishment of COP National Frameworks in: Nigeria, Ghana, Sierra Leone, Gambia, Mauritius, and Cameroon. • ITU, in partnership with the IWF(Internet Watch Foundation), have developed a template to establish efficient and cost effective methods of fighting against online child sexual abuse content, for those countries that do not have access to IWF assistance

15. Child Online Protection • 6-9th June 2013: Africa Child Online Protection (ACOP) Summit, organized by ITU and COP Partners, which aims to: • Groom young people to make informed decisions, and use digital technologies for their personal and socio-economic development; and • Lay the foundations for the implementation of national, regional and international COP Policies, instruments, and tools. • The outcome of the ACOP Summit will feed into the Global Youth Summit 2013. • 9-11th September 2013: The Global Youth Summit 2013, organized under the Patronage of the President of Costa Rica, will be a global platform for youth to join forces and create solutions for social good, enabled through widespread access to Information and Communication Technologies (ICTs).

16. Thank you cybersecurity(at)itu.int marco.obiso (at) itu.int

17. ITU-IMPACT Collaboration Cybersecurity Executing Arm ITU & IMPACT signed a Cooperation Agreement in May 2011. IMPACT became the cybersecurity executing arm of the United Nations’ specialised agency, the International Telecommunication Union. Impact will now expand its services to the UN System.

18. Global Coalition

19. ITU-IMPACT’s Global Partnership

20. Collaboration SYMANTEC • Symantec signed MoU with ITU • ITU will use Symantec quarterly Internet Security Report to increase awareness and readiness for cybersecurity risks among its members. • ITU aims to help better prepare governments around the world to respond to cyber attacks.