ITU Regional Cybersecurity Forum for Asia-Pacific
and Seminar on the Economics of Cybersecurity
Forum Agenda
Description: At the start of the 21st century, modern societies have a growing dependency on information and communication technologies (ICTs) that are globally interconnected. This interconnectivity creates interdependencies and risks that must be managed at national, regional and international levels. At the national level, each nation should consider organizing itself to take coordinated action related to the prevention of, preparation for, response to, and recovery from cyber incidents. Such action requires coordination and cooperation among national participants, including, those in government, business, and other organizations, as well as individual users, who develop, own, provide, manage, service and use information systems and networks. The formulation and implementation by all nations of a national framework for cybersecurity and critical information infrastructure protection (CIIP) represents a first step in addressing the challenges arising from globally interconnected ICT infrastructures.
This Regional Cybersecurity Forum for Asia-Pacific, hosted by the Department of Broadband, Communications and the Digital Economy (DBCDE), Government of Australia, aims to identify the main challenges faced by countries in the region in developing frameworks for cybersecurity and CIIP, to consider best practices, share information on development activities being undertaken by ITU as well as other entities, and review the role of various actors in promoting a culture of cybersecurity. This forum, one in a series of regional events organized by ITU-D, is being held in response to ITU Plenipotentiary Resolution 130: Strengthening the role of ITU in building confidence and security in the use of information and communication technologies (Antalya, 2006) and the 2006 World Telecommunication Development Conference Doha Action Plan establishing ITU-D Study Group Question 22/1: Securing information and communication networks: Best practices for developing a culture of cybersecurity. As part of this activity, ITU is developing a Report on Best Practices for a National Approach to Cybersecurity which outlines a Framework for Organizing a National Approach to Cybersecurity identifying five key elements of a national effort, including: 1) Developing a national cybersecurity strategy; 2) Establishing national government-industry collaboration; 3) Creating a national incident management capability; 4) Deterring cybercrime; and 5) Promoting a national culture of cybersecurity.
In addition, the meeting will address, through separate sessions, some of the unique cybersecurity related challenges faced by Small Island Developing States including the Pacific Island countries.
The first day of the event, 15 July 2008, will be dedicated to an ITU Tariff Group for Asia and Oceania (TAS) Seminar on the Economics of Cybersecurity.
|
|
Seminar on the Economics of Cybersecurity
|
|
TUESDAY 15 JULY 2008
|
|
08:30−09:30
|
Meeting Registration and Badging (Online pre-registration required)
|
|
09:00−10:00 |
Morning Coffee/Tea
|
|
10:00−10:30
|
Meeting Opening and Welcome
|
|
|
Welcoming Address: Colin Oliver, Assistant Secretary / Jason Ashurst, Director, ITU and Treaties Section, International Branch, Department of Broadband, Communications and the Digital Economy (DBCDE), Australia
Welcoming Address and Opening Remarks: Seminar Chairperson Sahib Dayal Saxena from the ITU Tariff Group for Asia and Oceania (TAS)
|
|
10:30−12:00
|
Seminar Session 1: The Economics of Cybersecurity and The Financial Aspects of Network Security: Malware and Spam
|
|
|
Session Description: The costs and revenues of all stakeholders across the value network of information services, such as software vendors, network operators, Internet Service Providers, and users are affected by malware and spam. These impacts may include, but are not limited to, the costs of preventative measures, the costs of remediation, the direct costs of bandwidth and equipment, and the opportunity costs of congestion. This is further complicated by the fact that spam and malware also create new revenue streams, both legitimate and illegitimate. They enable legitimate business models (e.g., anti-virus and anti-spam products, infrastructure, and bandwidth) as well as criminal business models (renting out of botnets, commissions on spam-induced sales, pump and dump stock schemes). Consequently, they create mixed, sometimes conflicting incentives for stakeholders, which complicate coherent responses to the problem. This session provides an introduction to the economics of cybersecurity and reviews some of the current leading thinking and research in this area. More specifically the session will explore the financial impacts of malware, and especially the economics of spam.
Session Moderator: Sahib Dayal Saxena from the ITU Tariff Group for Asia and Oceania (TAS)
Speaker: Johannes Bauer, Professor, Michigan State University, “ITU Study on the Financial Aspects of Network Security: Malware and Spam”
Speaker: Marco Gercke, Lecturer, University of Cologne, Germany, “The Cost to Developing Countries”
|
|
12:00−13:30
|
Lunch
|
|
13:30−14:45
|
Seminar Session 2: The Botnet Economy
|
|
|
Session Description: Botnets (also called zombie armies or drone armies) are networks of compromised computers infected with viruses or malware to turn them into “zombies” or “robots” — computers that can be controlled without the owners’ knowledge. Criminals can use the collective computing power of these externally-controlled networks for malicious purposes and criminal activities, including, inter alia, generation of spam e-mails, launching of Distributed Denial of Service (DDoS) attacks (e.g., for blackmail purposes), alteration or destruction of data, and identity theft. An underground economy has sprung up around botnets, yielding significant revenues for authors of computer viruses, botnet controllers and criminals who commission this illegal activity by renting botnets. While many countries are investing a lot to deal with the problems related to malware and spam, some experts recommend countries to focus their attention on botnets in their fight against criminal online activities. This session seeks to explore the different motivators behind the botnet economy and elaborate on possible steps that countries can take to take down these botnets.
Session Moderator: Sahib Dayal Saxena from the ITU Tariff Group for Asia and Oceania (TAS)
Speaker: Bruce Matthews, Manager, Anti-Spam Section, Australian Communications and Media Authority (ACMA), Australian Internet Security Initiative (AISI), Australia, “Australia’s Spam and Zombie Botnet Initiatives: Economic Drivers”
Speaker: Suresh Ramasubramanian, Consultant, India, “ITU Botnet Mitigation Toolkit”
|
|
14:45−15:00
|
Coffee/Tea Break
|
|
15:00−15:30
|
Seminar Session 3: Elaboration and Development of Indicators for Cybersecurity
|
|
|
Session Description: To gain an insight into the reliability of today’s ICT networks and the challenges they face (and ultimately whether any progress is being made in building confidence and security in the use of ICTs), one important requirement would be to benchmark different elements of cybersecurity (e.g. spam, viruses, phishing). This benchmarking can then be used for a more detailed analysis of cybersecurity trends, both at the level of geography (national, regional, and international) and in terms of the different threats. This session will look at the requirements behind and usefulness of a common set of metrics for cybersecurity.
Session Moderator: Sahib Dayal Saxena from the ITU Tariff Group for Asia and Oceania (TAS)
Speaker: Hwang Seong Weon, Senior Researcher, Strategic Planning Team, Korea Information Security Agency (KISA), Republic of Korea
Speaker: Karl Hanmore, AusCERT, Australia
|
|
15:30−16:00
|
Seminar Wrap-Up and Conclusions
|
|
|
Session Description: The final session of the special seminar on the economics of cybersecurity will discuss and report on some of the main findings from the event. It will review some of the ongoing regional and international cooperation initiatives in order to encourage meeting participants to participate in further concrete actions that could be implemented in the region and internationally.
Closing Remarks: Sahib Dayal Saxena from the ITU Tariff Group for Asia and Oceania (TAS)
|
|
|
|
|
ITU Regional Cybersecurity Forum for Asia-Pacific
|
|
WEDNESDAY 16 JULY 2008
|
|
08:00−09:00
|
Meeting Registration and Badging (Online pre-registration required)
|
|
09:00−10:15
|
Meeting Opening and Welcome
|
|
|
Welcoming Address: Keith Besgrove, First Assistant Secretary, Department of Broadband, Communications and the Digital Economy (DBCDE), Australia
Opening Remarks: Eun-Ju Kim, Head, ITU Regional Office for Asia and Pacific
Opening Remarks: Joong Yeon Hwang, President and CEO, Korea Information Security Agency (KISA), Republic of Korea Representative
|
|
10:15−10:30
|
Coffee/Tea Break
|
|
10:30−11:45
|
Session 1: Towards a Framework for Cybersecurity and Critical Information Infrastructure Protection
|
|
|
Session Description: The necessity of building confidence and security in the use of ICTs, promoting cybersecurity and protecting critical infrastructures at national levels is generally acknowledged. As national public and private actors bring their own perspective to the relevant importance of issues, in order to have a consistent approach, some countries have established cybersecurity/CIIP institutional framework structures while others have used a light-weight and non-institutional approach. This session will review, from a broad perspective, different approaches to such frameworks and their often similar components in order to provide meeting participants with a broad overview of the issues and challenges involved. The session will also present an overview of the ITU Management Framework for Organizing National Cybersecurity/CIIP Efforts and the ITU National Cybersecurity/CIIP Self Assessment Toolkit. The toolkit is intended to assist national governments in examining their existing national policies, procedures, norms, institutions, and relationships in light of national needs to enhance cybersecurity and address critical information infrastructure protection.
Session Moderator: Keith Besgrove, First Assistant Secretary, Department of Broadband, Communications and the Digital Economy (DBCDE), Australia
Presentation: Christine Sund, Cybersecurity Coordinator, ICT Applications and Cybersecurity Division, ITU Telecommunication Development Bureau (BDT), “ITU-D’s Activities in the Area of Cybersecurity and CIIP”, including “ITU-D Study Group Question 22/1: Report on Recommended Best Practices for Achieving Cybersecurity”
Presentation: Joseph Richardson, Consultant, United States of America, “Overview of the Management Framework for Organizing National Cybersecurity/CIIP Efforts” and the “ITU Cybersecurity Self-Assessment Toolkit”
Presentation: Mike Rothery, Assistant Secretary of Critical Infrastructure Protection, Attorney-General’s Department, “Critical Infrastructure Protection Issues in Australia”
|
|
12:00−12:20
|
Ministerial Address: Senator Stephen Conroy, Minister for Broadband, Communications and the Digital Economy (DBCDE), Australia
|
|
12:20−13:30
|
Lunch
|
|
13:30−15:15
|
Session 2: Management Framework for Organizing National Cybersecurity/CIIP Efforts: Promoting a Culture of Cybersecurity
|
|
|
Session Description: In order to better understand the Management Framework for Organizing National Cybersecurity/CIIP Efforts and further explore how different countries are currently implementing the five pillars of the Framework, i.e. Promoting a Culture of Cybersecurity, Government ― Industry Collaboration, Legal Foundation and Enforcement, Incident Management Capabilities, and Developing a National Cybersecurity Strategy, sessions 2, 3, 4, 5, and 6 are dedicated to the specific pillars and related country case studies. Session 2 looks closer at the building blocks needed to successfully Promote a Culture of Cybersecurity.
Session Moderator: Richard Beach, Senior NetSafe Consultant, NetSafe - The Internet Safety Group, New Zealand
Presentation: Christine Sund, Cybersecurity Coordinator, ICT Applications and Cybersecurity Division, ITU Telecommunication Development Bureau (BDT), “Promoting a Culture of Cybersecurity Fundamentals”
Presentation: Kathryn Kerr, Manager, Analysis and Assessments, AusCERT, Australia, “AusCERT Home Users Computer Security Survey”
Presentation: Philip Victor, Head, Training and Outreach, CyberSecurity Malaysia, Malaysia “Case Study ― Promoting a Culture of Cybersecurity”
Presentation: Richard Beach, Senior NetSafe Consultant, NetSafe - The Internet Safety Group, New Zealand, “Case Study ― Promoting a Culture of Cybersecurity”
Discussion: Using the ITU National Cybersecurity/CIIP Self-Assessment Toolkit: Promoting a Culture of Cybersecurity
|
|
15:15−15:30
|
Coffee/Tea Break
|
|
15:30−17:00
|
Session 3: Management Framework for Organizing National Cybersecurity/CIIP Efforts and Country Case Studies: Government―Industry Collaboration
|
|
|
Session Description: In order to better understand the Management Framework for Organizing National Cybersecurity/CIIP Efforts and further explore how different countries are currently implementing the five pillars of the Framework, i.e. Promoting a Culture of Cybersecurity, Government ― Industry Collaboration, Legal Foundation and Enforcement, Incident Management Capabilities, and Developing a National Cybersecurity Strategy, sessions 2, 3, 4, 5, and 6 are dedicated to the specific pillars and related country case studies. Session 3 looks closer at Government ― Industry Collaboration.
Session Moderator: Tua'imalo Asamu Ah Sam, Chief Executive Officer, Ministry of Communications and Information Technology, Independent State of Samoa (TBC)
Presentation: Shamsul Jafni Shafie, Director, Security, Trust and Governance Department, Malaysian Communications and Multimedia Commission (MCMC), Malaysia “Country Case Study ― Government―Industry Collaboration”
Presentation: Julie Inman Grant, Regional Director, Internet Safety and Security, Microsoft Asia Pacific, “Case Study ― Government―Industry Collaboration”
Presentation: Steve Stroud, Director, Attorney-General’s Department, Australia, “Country Case Study ― Government―Industry Collaboration”
Discussion: Using the ITU National Cybersecurity/CIIP Self-Assessment Toolkit: Government―Industry Collaboration
|
|
17:00−17:15
|
Daily Wrap-Up and Announcements
|
|
18:00−
|
Welcome Reception
|
|
THURSDAY 17 JULY 2008
|
|
09:00−10:30
|
Session 4: Management Framework for Organizing National Cybersecurity/CIIP Efforts and Country Case Studies: Legal Foundation and Enforcement
|
|
|
Session Description: In order to better understand the Management Framework for Organizing National Cybersecurity/CIIP Efforts and further explore how different countries are currently implementing the five pillars of the Framework, i.e. Promoting a Culture of Cybersecurity, Government ― Industry Collaboration, Legal Foundation and Enforcement, Incident Management Capabilities, and Developing a National Cybersecurity Strategy, sessions 2, 3, 4, 5, and 6 are dedicated to the specific pillars and related country case studies. Session 4 looks closer at the need for Legal Foundation and Enforcement.
Session Moderator: Adrian McCullagh, Professor, Telecommunications & Secure E-Business Law, Information Security Institute, Queensland University of Technology, Australia
Presentation: Marco Gercke, Lecturer, University of Cologne, Germany, “Legal Foundation and Enforcement Fundamentals”
Presentation: Anthony Angelo, Professor, Victoria University of Wellington, New Zealand, “Overview of Cyber-Legislation in the Pacific Islands”
Presentation: Adrian McCullagh, Professor, Telecommunications & Secure E-Business Law, Information Security Institute, Queensland University of Technology, Australia, “Country Case Studies and Overview ― Legal Foundation and Enforcement”
Discussion: Using the ITU National Cybersecurity/CIIP Self-Assessment Toolkit: Legal Foundation and Enforcement
|
|
10:30−10:45
|
Coffee/Tea Break
|
|
10:45−12:00
|
Session 5: Management Framework for Organizing National Cybersecurity/CIIP Efforts and Country Case Studies: Incident Management Capabilities
|
|
|
Session Description: In order to better understand the Management Framework for Organizing National Cybersecurity/CIIP Efforts and further explore how different countries are currently implementing the five pillars of the Framework, i.e. Promoting a Culture of Cybersecurity, Government ― Industry Collaboration, Legal Foundation and Enforcement, Incident Management Capabilities, and Developing a National Cybersecurity Strategy, sessions 2, 3, 4, 5, and 6 are dedicated to the specific pillars and related country case studies. Session 5 looks closer at developing Incident Management Capabilities.
Session Moderator: Michael Lewis, Deputy Director, Q-CERT, Qatar
Presentation: Michael Lewis, Deputy Director, Q-CERT, Qatar, “ITU Incident Management Capabilities Pillar Fundamentals and Qatar Country Case Study”
Presentation: Kitisak Jirawannakool, Computer System Officer, ThaiCERT, National Electronics and Computer Technology Center (NECTEC), Thailand, “Country Case Study ― Incident Management Capabilities”
Presentation: Vu Quoc Khanh, Director General, VNCERT, Viet Nam, “Country Case Study ― Incident Management Capabilities”
Presentation: Graham Ingram, General Manager, AusCERT, Australia, “Country Case Study ― Incident Management Capabilities”
Discussion: Using the ITU National Cybersecurity/CIIP Self-Assessment Toolkit: Incident Management Capabilities
|
|
12:00−13:30
|
Lunch
|
|
13:30−15:00
|
Session 6: Management Framework for Organizing National Cybersecurity/CIIP Efforts and Country Case Studies: Developing a National Cybersecurity Strategy
|
|
|
Session Description: Increasingly, electronic networks are being used for criminal purposes, or for objectives that can harm the integrity of critical infrastructure and create barriers for extending the benefits of ICTs. To address these threats and protect infrastructures, each country needs a comprehensive action plan that addresses technical, legal and policy issues, combined with regional and international cooperation. What issues should be considered in a national strategy for cybersecurity and critical information infrastructure protection? Which actors should be involved? Are there examples of frameworks that can be adopted? This session seeks to explore in more detail various approaches, best practices, and the key building blocks that could assist countries in establishing national strategies for cybersecurity and CIIP.
Session Moderator: Jason Ashurst, Director, ITU and Treaties Section, International Branch, Department of Broadband, Communications and the Digital Economy (DBCDE), Australia
Presentation: Joseph Richardson, Consultant, United States of America, “A National Cybersecurity Strategy – Fundamentals”
Presentation: Michael Lewis, Deputy Director, Q-CERT, Qatar, Q-CERT, Qatar “Country Case Study ― A National Cybersecurity Strategy”
Presentation: Richard Hipa, Managing Director, Niue Post & Telecommunications, Niue Island, “Country Case Study ― Cybersecurity Related Initiatives in Pacific Island Countries”
Presentation: Phillip Toye, Senior Advisor, Ministry of Economic Development, New Zealand, “New Zealand’s Digital Strategy”
Presentation: Sabeena Oberoi, Assistant Secretary, Department of Broadband, Communications and the Digital Economy (DBCDE), Government of Australia, “Australia’s Cybersecurity Strategy”
Discussion: Using the ITU National Cybersecurity/CIIP Self-Assessment Toolkit: Developing a National Cybersecurity Strategy
|
|
15:00−15:15
|
Coffee/Tea Break
|
|
15:15−17:00
|
Session 7: Review and Discussion: Management Framework for Organizing National Cybersecurity/CIIP Efforts
|
|
|
Session Description: Session 7 seeks to review and further discuss the Management Framework for Organizing National Cybersecurity/CIIP Efforts and related toolkit, identifying some of the main takeaways from the presentations on the Framework and the country case studies in preparation for the concluding meeting discussions.
Session Moderator: TBD
Panelist: TBD
Panelist: TBD
Panelist: TBD
Panelist: TBD
Panelist: TBD
|
|
17:00−17:155
|
Daily Wrap-Up and Announcements
|
|
|
|
|
FRIDAY 18 JULY 2008
|
|
08:30−10:00
|
Session 8: Cybersecurity and Small Island Developing States (SIDS)
|
|
|
Session Description: SIDS and Pacific Island countries are faced with unique challenges posed by their small size and remoteness. This session will review some of the ongoing initiatives in the Pacific and would deliberate on the possible cooperation model.
Session Moderator: Ivan Fong, Vice-President, Pacific Islands Telecommunications Association (PITA)
Presentation: Daniel Wells, Assistant Director, Department of Broadband, Communications and the Digital Economy (DBCDE), Australia, “Cybersecurity related Initiatives in the Pacific: The Anti-Spam Legislation Project, etc.)
Presentation: Franck Martin, ICT Specialist, The Pacific Islands Applied Geoscience Commission (SOPAC), and Chairman, The Pacific Islands Chapter of the Internet Society, Fiji
Presentation: Stuart Davies, Chief Executive and Managing Director, Telecom Cook Islands Ltd and Representative for Asia-Pacific Telecommunity (APT), “Telecom Fraud and Number Hijacking”
|
|
10:00−10:155
|
Coffee/Tea Break
|
|
10:15−11:15
|
Session 9: Cybersecurity and Small Island Developing States (SIDS) (Continued)
|
|
|
Session Description: SIDS and Pacific Island countries are faced with unique challenges posed by their small size and remoteness. This session will review some of the ongoing initiatives in the Pacific and would deliberate on the possible cooperation model.
Session Moderator: Stuart Davies, Chief Executive and Managing Director, Telecom Cook Islands Ltd and Representative for Asia-Pacific Telecommunity (APT)
Presentation: Glennys Vora, Information Systems and Services Unit (ISSU), Department of Finance, Republic of Vanuatu, “Country Case Study ― Cybersecurity related Initiatives in Pacific Island Countries”
Presentation: Tua'imalo Asamu Ah Sam, Chief Executive Officer, Ministry of Communications and Information Technology, Independent State of Samoa, “Country Case Study ― Cybersecurity related Initiatives in Pacific Island Countries”
Presentation: Igam M. Moaniba, Republic of Kiribati “Country Case Study ― Cybersecurity Related Initiatives in Pacific Island Countries”
|
|
11:15−12:30
|
Session 10: Regional and International Cooperation
|
|
|
Session Description: Regional and international cooperation is extremely important in fostering national efforts and in facilitating interactions and exchanges. The challenges posed by cyber attacks and cybercrime are global and far reaching, and can only be addressed through a coherent strategy within a framework of international cooperation, taking into account the roles of different stakeholders and existing initiatives. As moderator/facilitator for WSIS Action Line C5 dedicated to building confidence and security in the use of ICTs, ITU is discussing with key stakeholders on how to best respond in a coordinated manner, to the growing cybersecurity challenges. For instance, the ITU Global Cybersecurity Agenda (GCA) provides a platform for dialogue aimed at leveraging existing initiatives, working with recognized sources of expertise in a framework for international cooperation, to elaborate global strategies for enhancing confidence and security in the information society. This session will review the ongoing initiatives to inform meeting participants and to further the discussions, in order to identify possible next steps and concrete actions to foster and promote international cooperation for enhanced cybersecurity.
Session Moderator: Eun-Ju Kim, Head, ITU Regional Office for Asia and Pacific
Panelist: Keith Besgrove, First Assistant Secretary, Department of Broadband, Communications and the Digital Economy (DBCDE), Australia, and Chair, OECD Working Party on Information Security and Privacy (WPISP)
Panelist: Jinhyun Cho, Senior Researcher, Korea Internet Security Center (KrCERT/CC), Korea Information Security Agency (KISA), and Convener, APECTEL Security and Prosperity Steering Group (SPSG), and Representative, ITU Cybersecurity Agenda, High Level Expert Group
Panelist: Stuart Davies, Chief Executive and Managing Director, Telecom Cook Islands Ltd and Representative for Asia Pacific Telecommunity (APT)
|
|
12:30−13:00
|
Session 11: Wrap-Up, Recommendations and the Way Forward
|
|
|
Session Description: The final session of the meeting reports some of the main findings from the event, and aims to elaborate recommendations for future activities in order to enhance cybersecurity and increase protection of critical information infrastructures in the region.
Session Moderator: Eun-Ju Kim, Head, ITU Regional Office for Asia and Pacific
|
|
13:00−13:15
|
Meeting Closing
|
|
|
Closing remarks: Keith Besgrove, First Assistant Secretary, Department of Broadband, Communications and the Digital Economy (DBCDE), Australia
Closing Remarks: Eun-Ju Kim, Head, ITU Regional Office for Asia and Pacific
|
|
13:15−14:30
|
Lunch
|
|
|
|
|
14:30−17:00
|
The Pacific Islands Meeting (For delegates from Pacific Island countries)
|
|
|
|
|
|
Return to the main Regional Cybersecurity Forum page
|
|
|
