At the start of the 21st century, modern societies have a growing dependency on information and communication technologies (ICTs) that are globally interconnected. This interconnectivity creates interdependencies and risks that must be managed at national, regional and international levels. At the national level, each nation should consider organizing itself to take coordinated action related to the prevention of, preparation for, response to, and recovery from cyber incidents. Such action require coordination and cooperation among national participants, including, those in government, business, and other organizations, as well as individual users, who develop, own, provide, manage, service and use information systems and networks. The formulation and implementation by all nations of a national framework for cybersecurity and critical information infrastructure protection (CIIP) represents a first step in addressing the challenges arising from globally interconnected ICT infrastructures.
This meeting, one in a series of regional events organized by ITU-D, was held in response to ITU Plenipotentiary Resolution 130: Strengthening the role of ITU in building confidence and security in the use of information and communication technologies (Antalya, 2006) and the 2006 World Telecommunication Development Conference Doha Action Plan establishing ITU-D Study Group Question 22/1: Securing information and communication networks: Best practices for developing a culture of cybersecurity. As part of this activity, ITU-D is developing a Report on Best Practices for a National Approach to Cybersecurity which outlines a Framework for Organizing a National Approach to Cybersecurity identifying five key elements of a national effort, including: 1) Developing a national cybersecurity strategy; 2) Establishing national government-industry collaboration; 3) Creating a national incident management capability; 4) Deterring cybercrime; and 5) Promoting a national culture of cybersecurity.
The Framework aims to identify the major cybersecurity actors in a country, their roles and means of coordination, interaction, and cooperation. These actors include agencies and institutions that:
- Lead government interagency efforts on cybersecurity and provide operational guidance;
- Interact with the private sector with regards to cybersecurity whether for cybercrime, incident management, or technical and policy development;
- Develop and enforce laws related to cybersecurity;
- Coordinate action related to the prevention of, preparation for, response to, and recovery from cyber incidents; and,
- Promote a national culture of cybersecurity, including awareness-raising for individuals, small businesses and other users.
This event aimed to bring together government representatives, industry actors, and other stakeholder groups in countries from the Asia-Pacific region to discuss, share information, and collaborate on the elaboration and implementation of national policy, regulatory and enforcement frameworks for cybersecurity and CIIP. It aimed to benefit information and communication policy makers from ministries and government departments; institutions and departments dealing with cybersecurity policies, legislation and enforcement; and representatives from operators, manufacturers, service providers, industry and consumer associations involved in promoting a culture of cybersecurity.
The meeting also considered initiatives at the regional and international level to increase cooperation and coordination amongst different stakeholders. In addition, the meeting will address, through separate sessions, some of the unique cybersecurity related challenges faced by Small Island Developing States including the Pacific Island countries. This is in line with WTDC Resolution 17 (Doha, 2006), which includes the Asia-Pacific Regional Initiative on “Unique Telecommunication / ICT Needs of the Small Island Developing States and Pacific Island Countries.”
Meeting participation was open to ITU Member States, Sector Members, Associates, and other interested stakeholders, including representatives from regional and international organizations. ITU provided one full fellowship for each delegation duly authorized by their respective ITU Administration in the least developed countries (LDCs) in the Asia-Pacific region, for participating in this meeting.
Please note that the first day of the event, 15 July 2008, was dedicated to an ITU Tariff Group for Asia and Oceania (TAS) Seminar on the Economics of Cybersecurity. Please contact cybmail (at) itu.int with any general queries you may have related to this event.