Global Cybersecurity Agenda

Overview
On May 17, 2007, the International Telecommunication Union launched the Global Cybersecurity Agenda (GCA), to provide a framework within which the international response to the growing challenges to cybersecurity can be coordinated and addressed. The Global Cybersecurity Agenda represents an initiative by the ITU to develop a comprehensive framework for international cooperation.

The ITU Secretary-General benefitted from the advice of an expert panel, the High-Level Experts Group, representing expertise in policy making, government, academia and the private sector. This advisory group met for the first time in Geneva, on October 5, 2007, to develop strategies to combat cybercrime and promote cybersecurity. It formulated proposals to the ITU Secretary-General, which are consolidated in a Global Strategic Report.

Five pillars of the ITU Global Cybersecurity Agenda
The GCA is built upon five strategic pillars :

Legal measures
This work area focuses on key legal challenges and how best to coordinate legislation. It will develop guidance as to how criminal activities committed through computer networks can best be dealt with through legislation in an internationally compatible manner. This work area will develop model cybercrime legislation that is interoperable with existing national and regional legislative measures and consider how best to deal with loopholes in current legal frameworks that allow criminals to operate between countries with impunity.

Technical and procedural measures
This work area will focus on the key technical challenges arising to cybersecurity. Cyberthreats are constantly being developed to exploit technical vulnerabilities in Information Communication Technology (ICT) services and applications to gain unauthorized access to information and communications systems. Security vendors and software manufacturers work continuously to identify, resolve and reinforce weaknesses in their products. This work area focuses on technical and procedural measures for addressing vulnerabilities in software products, including accreditation schemes, protocols and standards.

Organizational structures
Countries’ ability to monitor, prevent and deal with cyberattacks depends in large part on the watch, warning and response systems and capacity that they have established. This work area will focus on optimal response strategies and the institutions that can help countries in dealing with prevention, detection, response to and crisis management of cyberattacks, including the protection of countries’ critical information infrastructure systems. This work area should develop a generic framework for functional organizational structures that can help countries deal with cyberthreats and the misuse of ICTs for malicious purposes.

Capacity-building
This work area focuses on elaborating strategies for concrete capacity-building mechanisms that can be adopted to raise awareness, transfer know-how and boost cybersecurity on the national policy agenda. User awareness, technical capacity and information exchange are some of the key factors in building cybersecurity from the grassroots upwards. This work area will consider the effective measures, awareness campaigns, training initiatives that can be undertaken to build human, technical and institutional capacity and awareness of the issues key to preserving cybersecurity.

International cooperation
This work area will develop proposals on a framework for a multi-stakeholder strategy for international cooperation, dialogue and coordination in dealing with cyberthreat]s. The [[Information Society is borderless, which means that the response mechanisms dealing with cyberthreats must be as borderless as cybercriminals’ activities. Cooperation is vital at different levels and through different means &mdash; from the monitoring of funds and transfers of the proceeds of criminal activities to cooperation in dealing with international crime syndicates and paedophilic rings.

Setting achievable goals
The Global Cybersecurity Agenda is made up of seven main strategic goals :


 * Elaboration of strategies for the development of a model cybercrime legislation that is globally applicable and interoperable with existing national and regional legislative measures.


 * Elaboration of global strategies for the creation of appropriate national and regional organizational structures and policies on cybercrime.


 * Development of a strategy for the establishment of globally accepted minimum security criteria and accreditation schemes for hardware and software applications and systems.


 * Development of strategies for the creation of a global framework for watch, warning and incident response to ensure cross-border coordination between new and existing initiatives.


 * Development of global strategies for the creation and endorsement of a generic and universal digital identity system and the necessary organizational structures to ensure the recognition of digital credentials across geographical boundaries.


 * Development of a global strategy to facilitate human and institutional capacity building to enhance knowledge and know-how across sectors and in all the above-mentioned areas.


 * Proposals on a framework for a global multi-stakeholder strategy for international cooperation, dialogue and coordination in all the above-mentioned areas.