New proposals published by the UN’s International Telecommunication Union could help harmonise global cybersecurity legislation, with the body’s chief Dr Hamadoun Touré insisting it is vital that countries cooperate in a coordinated fight against cyber threats, cybercrime and other misuses of IT.
In an exclusive interview with CBR, Secretary General Touré said the level of international cooperation being demonstrated through the ITU showed how it is possible to formulate a response to cyber terrorism which is truly global.
To date the ITU’s initiatives had drawn inputs and support from 104 legal, technical and regulatory experts from all over the world, he explained. The latest proposals on cybersecurity legislation had been drafted by an expert group commissioned by the ITU and led by the American Bar Association’s Privacy and Computer Crime Committee.
Touré maintained that the opening last month of new world headquarters and a global response facility of the International Multilateral Partnership Against Cyber Threats (IMPACT) was evidence of another demonstrable and practical step that showed coordinated responses were being made to combat cyber terrorism.
The new anti-cyber-terrorism centre will allow its 191 member countries access to IMPACT’s early warning system, which centralises intelligence about threats and channels it to governments around the world.
Fashioned after the renowned Centers for Disease Control in Atlanta, IMPACT is a non-profit, organisation intended to provide expertise, facilities, training, real-time information and an emergency response, to assist member-governments. It is also a way of sharing intelligence and resources.
Based in Cyberjaya, Malaysia and funded by the Prime Minister of Malaysia, IMPACT has been set up as a real-time early-warning threat and global response unit, Touré said. The intention is also to use the centre as a training station on cyber terrorism for law enforcement agencies from around the world.
Touré said that the recent terrorist attacks in Mumbai, India clearly demonstrated that terrorists are organised, and sometimes were better organised than the law enforcement agencies are. There is a need to better understand how criminals and terrorists use IT to organise and execute attacks, and IMPACT will help in this regard.
The World Telecommunication and Information Society Day on 17 May, which this year used as its theme “Protecting children in cyberspace,” had also helped focus attentions on the implications of cybercrime and its social outcomes. It is said that three in four children using the Internet are willing currently to share personal information about themselves and their family.
Touré acknowledged that current legislation drafted to fight cybercrime was far from being ‘a perfect toolkit’ and that efforts are needed at the local level to address the many differences that exist, before a global harmonised response can be made to cyber terrorism and cyber crime.
The new ITU Toolkit for Cybercrime Legislation addresses the first of several strategic goals of the ITU Global Cybersecurity Agenda. It aims to provide countries with sample legislative language and reference material that can assist in the establishment of harmonised cybercrime laws and procedural rules.
According to Touré, differences in customs, differences in social preferences, and differences in attitudes towards privacy are all seen as challenges. He said there are some real differences in definition in Europe particularly about identity and personal privacy, and suggests a need for the acceptance of certain practices and processes that could help contain crime in the cyber world, just as they have long been accepted in the physical world.
In the physical world, a crime becomes a crime at the place it is perpetrated. In the virtual world, it is location-independent.
Accordingly, much effort is going into agreeing standard methods and IP address pointers that will help trace back a criminal activity to its physical origins. It is important that these standard approaches do not get caught up in the nuances and differences in local legislation covering the last mile, he said.
In collaboration with partners such as the United Nations and Interpol, IMPACT intends to contribute towards the formulation of new policies while working towards the harmonisation of national laws to tackle a variety of issues relating to cyber threats. The objective is for IMPACT to bridge a gap between domestic and international, public and private threats so that ultimately the creation, access, use and sharing of information can be done in a safe and free manner.
The ITU believes many governments and international private sector organisations seriously underestimate the threat of cyber terrorism, but that the rapid growth and pervasiveness of IT networks means that opportunists can exploit online vulnerabilities and attack critical infrastructure.
The threats are real. The sustained attack on Estonia in 2007 highlighted the real dangers of cyber terrorism and demonstrated that the more wired a country is, the more vulnerable it becomes. More recently, Canadian researchers at the Munk Center for International Studies at Toronto University reported the existence of a huge ‘GhostNet’ phishing network that successfully infiltrated at least 1,295 computers in government offices of 103 countries.
The line from the ITU is that unless governments and business leaders recognise the dangers and begin to work together to combat cyber crime and cyber terrorists, then the consequences could be catastrophic.
Large enterprises are to some degree better placed to protect themselves, but the ITU reckons 85% of businesses are vulnerable.
It sees one of its mandates as getting SMBs better organised to protect themselves against cybercriminals, with a view that internet criminals always will look to target the weakest link. It is busy developing the necessary protocols, a compendium of security tools and a roadmap for their deployment, along with some pragmatic vulnerability self-assessment procedures. These will build on the work of the Global Response Unit and the intelligence that is being shared with it by the likes of the International Telecommunication Union, UN, Interpol and companies such as Symantec, Kaspersky Labs and F-Secure.