Arab region presses for heightened cyber-Security

Details: Category: Revenue & Billing; 29 March 2008; 8756 views

The ITU Regional Cyber-Security Forum recently ended with the adoption of the Doha Declaration on Cyber-Security. Recognising that cyber-security has global implications that need regional and international efforts as well as close collaboration between governments and industry, the Forum urges each country in the region to develop capabilities using a new ITU Cyber-Security Framework...

Over 80 representatives from 18 countries in the Arab region as well as key regional organisations including the League of Arab States, Gulf Cooperation Council, and United Nations Economic and Social Commission for Western Asia, participated in the Forum. Participants came to recognise that the ITU Cyber-Security Framework "offers a useful guide for raising awareness and initiating and/or reviewing national action as it helps to ensure consistency and compatibility of action among nations." In addition, the Forum recommends that the Framework and related resources and toolkits be finalised as soon as possible and made available in the six ITU working languages.

"Global interconnectivity creates new interdependencies and risks that need to be managed at national, regional and international levels," says Sami Al Basheer Al Morshid, Director of ITU's Telecommunication Development Bureau. "The formulation and implementation by all nations of a national framework for cyber-security and critical information infrastructure protection represents a significant first step in addressing the challenges arising from globally interconnected ICT infrastructures."

Elements of the ITU Framework that are designed to constitute a comprehensive national approach to cyber-security include:

developing a national strategy for cyber-security;
establishing government-industry collaboration;
deterring cyber-crime;
creating national incident management capabilities; and
promoting a culture of cyber-security.

A related resource, the ITU National Cyber-Security Self-Assessment Toolkit, was also examined in Doha. The toolkit is designed to assist national governments review and understand existing national approaches, develop a best practices baseline, identify areas for attention, and prioritise national efforts to address cyber-security. Participants encouraged each country in the region to use the toolkit to assess their progress at the national level.

During the event, the role of governments in leading national cyber-security efforts was discussed as well as the critical role of the private sector and other groups in developing policy and law aimed at the implementation and operation of a national cyber-security strategy.

The Forum stressed the importance of reviewing national cyber-crime legislation to address threats in cyberspace. Participants were informed that the Convention on Cyber-Crime (Budapest, 2001) offers an internationally developed basis for examining existing national cyber-crime law and for determining what new substantive, procedural and mutual assistance provisions are needed in national cyber-crime law. The Forum called for a national focal point for cyber-incident management to strengthen watch, warning, investigation, response and recovery. Such a national focal point, typically through the establishment of a national computer security incident response team (CSIRT), would foster collaboration within government, between governments and the private sector, and with international partners. Discussions were also held on the necessity of promoting a national culture of cyber-security to ensure that all users, owners and operators of information systems and networks know their responsibilities with regard to security and develop appropriate tools to combat cyber attacks.

Referring to the recent damage to undersea optical cables said to have been caused by an adrift ship anchor, according to the operator FLAG (see Developing Telecoms' report New FLAG Internet cable on way for Mediterranean), Sami Al Basheer Al Morshid said that experience is the hardest teacher. "Whatever the cause, whether intentional or not, whether cyber-crime or a mundane accident, the lesson we take away is that every nation needs to organise itself to take coordinated action related to the prevention of, preparation for, response to, and recovery from cyber incidents."