Role of ITU in building confidence and trust in the use of ICTs

• ​In the digital age, trust is everything. Cybersecurity is crucial to ensure universal, trustworthy, and equitable access to online products and services – i.e., create a trustworthy cyberspace.
  
• While information and communication technology (ICT) use boosts productivity and artificial intelligence (AI) ramps up innovation, these key digital tools also generate risks. Cyberthreats give rise to ever-growing security challenges for both the public and private sectors in countries at all stages of development.
• Enhancing cybersecurity and protecting infrastructure have become essential to every nation's social and economic development. Cybersecurity-related incidents compromise the availability, integrity, and confidentiality of stored information as well as in transit, thereby disrupting the operations and functioning of critical infrastructure, both digitally and physically.
• Cyber-Risks therefore threaten the safety and security of citizens, businesses, economic sectors and whole countries. Indeed, leaders at the World Economic Forum have identified cybersecurity as the second most concerning global risk for the next decade.
• International cooperation is increasingly vital in strengthening cybersecurity, complementing legislation, policies, and strategies that must all be tailored to fit local context.
• Expanded ICT access, underpinned by security and trust, is recognized as essential to accelerate progress on all 17 UN Sustainable Development Goals (SDGs), and particularly for Goal 9: Build resilient infrastructure, promote inclusive and sustainable industrialization and foster innovation.​
  

• The number of Internet users is increasing rapidly worldwide, with 87% of people in developing countries, 19% in Least Developed Countries, and 51% of the global population using the Internet by 2019.
• This increased access to the Internet and digital technologies opens immense opportunities for social and economic development, but also brings an increased risk of cyber-incidents.
• Cyber-risks give rise to ever-growing cybersecurity challenges for the public and private sectors. Cybersecurity-related incidents compromise the availability, integrity, and confidentiality of data transiting on networks, and can disrupt the operations and functioning of critical infrastructure. They can also compromise the safety and security of people, businesses, economic sectors and even whole countries.
• Cyberthreats cross borders, making cybersecurity an international challenge. Countries need to work together to achieve a minimum appropriate level of security capacity, so weak links in their infrastructure, capacity and processes can be identified and strengthened.
• Developing countries, particularly least developed countries (LDCs), are often poorly positioned to address cybersecurity challenges, due to a lack of local capacity, resources, policy frameworks, research ecosystems, and political will. Looking to the future, these are also the countries where the largest numbers of new Internet users will originate over the next decade.
• Micro-, small-, and medium-sized Enterprises (MSMBs) are often less able to manage their cyber-risks, due to a lack of resources, capacity, and awareness, and their needs are often underserved by private sector cybersecurity providers.
  

• ​ITU serves as a key platform for global dialogue, helping its membership – including 193 Member States and about 900 Sector Members – find and maintain a consistent approach on cybersecurity issues. This includes facilitating agreement on cybersecurity-related international standards, helping countries define cybersecurity strategies, setting up computer incident response teams (CIRTs), protecting children online, building human capacity, and facilitating policy dialogue.
  
• ITU promotes and facilitates international and regional cooperation among governments, the private sector, industry associations and academia to help create a reliable, interoperable, and secure ICT environment. ITU's Global Cybersecurity Agenda (GCA) provides a framework for international cooperation to enhance confidence and security.
   

Frameworks and strategies ​

• ​The organization assists its Member States in developing and improving national cybersecurity frameworks and strategies. At the national level, cybersecurity is a shared responsibility requiring coordinated action by multiple government agencies, authorities, the private sector, and civil society for effective prevention, preparation, and response. The Guide to Developing a National Cybersecurity Strategy, developed through a collaborative process with other organizations, provides actionable guidance for countries to develop a national cybersecurity strategy that promotes a safe, secure, and resilient cyberspace.
• The Global Cybersecurity Index (GCI) continues to measure the cybersecurity commitment of ITU Member States. First launched in 2014, the GCI represents a multi-stakeholder initiative that helps countries identify areas for improvement in the field of cybersecurity while raising the overall awareness level of cybersecurity worldwide. It provides recommendations, based on countries' best practices, to create a safe space for Internet users in any given country.

Incident Response Capacity Development 

• To respond to fast-evolving threats, effective mechanisms and institutional structures are needed to address cyberthreats and incidents at the national level. ITU assists countries in establishing and enhancing National Computer Incident Response Teams (CIRTs) to meet these challenges.
• ITU conducts regular regional and national cyber-drills for capacity development and to strengthen technical cooperation, both among and within countries, to strengthen incident response and management capabilities. To date, ITU has conducted over 30 cyber-drills involving over 100 countries.

Standards and development 

ITU study groups provide a neutral, global platform for ITU members to develop international standards addressing security.

• ITU-T Study Group 17, with a mandate to “build confidence and security in the use of ICTs", leads on cybersecurity with an emphasis on standardization. The group develops global security architecture and frameworks, providing support on authentication and identity management, security aspects of communication applications, cybersecurity, the protection of personally identifiable information, and more. Security aspects are becoming increasingly important for intelligent transport systems, distributed ledger technologies (DLT) such as blockchain, and quantum information technologies.
• Cybersecurity matters within the development context fall under ITU-D Study Group 2: Question 3/2: “Securing information and communication networks: Best practices for developing a culture of cybersecurity".

Safeguarding children 

• ​In cooperation with diverse partners, ITU's Child Online Protection initiative provides guidance and helps build capacities in various countries through engagement involving policy-makers, parents, educators and children. In response to new challenges and rapid changes in the digital landscape, ITU's latest Guidelines on Child Online Protection (2020) include recommendations on how to develop a safe and empowering online environment for children and young people.
• Collaboration has helped to introduce Child Online Protection measures in new areas of intervention, such as sporting activities. With support from the National Cybersecurity Authority of Saudi Arabia, ITU has launched a global programme to implement the latest guidelines through two main workstreams: capacity building and policy support.
• A new ITU flagship initiative, the Women in Cyber Mentorship Programme, promotes a diverse and inclusive cybersecurity community. Through a combination of capacity development, the showcasing of role models, encouraging networking and knowledge-sharing, and mentoring future cybersecurity professionals, the programme aims to enhance the quality and diversity of skills for women in the field, as well as help reduce the global workforce shortage in cybersecurity.​