The COVID-19 pandemic has put the spotlight on the benefits that information and communication technologies (ICTs) can bring. But the technologies only bring those benefits to people with meaningful access. This means not just reliable Internet connectivity, but a cyberspace that is secure and trusted.
A strong cybersecurity ecosystem must be in place to protect against attacks, whether on state institutions, companies or individual web users.
In a world where nearly everything now depends on technology, the Global Cybersecurity Agenda (GCA) promises to provide a robust framework to help build confidence and security in ICT use.
The International Telecommunication Union (ITU), the United Nations specialized agency for ICTs, has organized a series of consultations on the GCA with governments, industry and other stakeholders.
At ITU’s second open consultation on draft guidelines for utilization of the GCA, held online on 1 March, participants discussed how best to use the GCA framework amid an ever-evolving ICT landscape.
What is the GCA?
Back in 2005, the United Nations World Summit on the Information Society (WSIS) entrusted ITU with “building confidence and security” in ICT use (WSIS Action Line 5). As a result, ITU developed the GCA framework in 2007 and has remained committed to those confidence-building efforts ever since.
The GCA lays out an essential framework for international cooperation on cybersecurity. It is designed to encourage collaboration and build on existing initiatives.
The five strategic pillars of the GCA include: legal measures, technical and procedural measures, organizational structures, capacity building, and international cooperation. The framework is applicable at global, regional, and national levels.
An update for the Decade of Action
The GCA framework continues to guide ITU’s engagement on cybersecurity as we enter the Decade of Action to achieve the UN Sustainable Development Goals (SDGs).
At the Plenipotentiary Conference, ITU’s highest-level meeting, in 2018, Member States resolved to continue following the GCA framework to guide efforts to ensure safe and trusted use of technology by everyone, everywhere.
Recent years have seen the number, severity, and diversity of cyber threats and attacks grow significantly, with serious knock-on effects for an increasingly digital world. While much of the world slowed down during COVID-19, cyberattacks increased, a recent INTERPOL report shows. All users – state and non-state actors alike – must continually update their measures to keep pace with the rapid evolution of technology.
ITU’s role in strengthening cybersecurity
As the UN agency for ICTs, ITU is well-placed to facilitate meaningful global dialogue on cybersecurity-related issues. Its diverse membership includes government representatives and industry leaders, as well as cybersecurity specialists and academic experts.
Especially key is ITU’s role in closing the gap between countries in terms of awareness and their capacity to implement cybersecurity strategies and programmes.
This involves helping the organization’s 193 Member States to define their cybersecurity priorities, fortify the associated infrastructure by developing and implementing international security standards, and set up computer incident response teams (CIRTs) and computer emergency response teams (CERTs).
To build the necessary human capacity and foster hands-on digital skills for such teams, ITU has conducted around 30 CyberDrill exercises, involving more than 100 countries around the globe.
ITU also produces the Global Cybersecurity Index (GCI), which measures the commitment of countries to cybersecurity. The index, launched in 2013, serves as an invaluable tool in awareness building.
Facilitating action and knowledge exchange
ITU’s Study Group 17 has published over 200 standards focused on security. New standards are in the works for a variety of emerging technologies, such as financial technology (FinTech), the Internet of Things (IoT, including industrial internet security), intelligent transportation systems, distributed ledger technology, quantum key distribution, anti-spam machine learning, 5G mobile services, edge computing, protection of personally identifiable information, and multi-party computing, along with guidelines on the organization, operation and automation of defence against cyberattacks.
Various multi-stakeholder initiatives, including one for Child Online Protection, are also happening under the GCA framework.
ITU convenes dedicated groups to discuss emerging technologies in areas such as artificial intelligence (AI) in the context of health, the environment and autonomous and assisted driving; quantum information technology for networks, and others.
Security and trust form an integral component of all these discussions.
Going forward, ITU aims to continue leveraging the GCA framework to boost exchanges of knowledge and experience and to facilitate multi-stakeholder action on cybersecurity worldwide.
Learn more about ITU’s cybersecurity activities here.