ITU-D Question 22 Building Blocks for Organizing National Cybersecurity Efforts

1. ITU-D Question 22Building Blocks for Organizing National Cybersecurity Efforts James Ennis, Department of State, USA ITU-D Question 22/1 Rapporteur

2. Five Organizing Elements • Developing & Obtaining Agreement on a National Cybersecurity Strategy • Establishing National Government – Industry Collaboration • Deterring Cybercrime • Creating National Incident Management Capabilities: Watch, Warning, Response, & Recovery • Promoting a National Culture of Cybersecurity

3. Developing & Obtaining Agreement on a National Cybersecurity Strategy • Create awareness at the national policy level • cybersecurity issues, national action, & international cooperation • Develop a national strategy to enhance cybersecurity • reduce risks & effects of disruptions • Participate in international efforts to promote national prevention of incidents: • preparation, response, recovery.

4. Establishing National Government – Industry Collaboration • Develop public-private collaborative relationships to manage risk and protect cyberspace • Articulate the value proposition • Identify roles and responsibilities • Develop mutual trust • Provide mechanism for developing consensus between a variety of perspectives, equities, & knowledge

5. Deterring Cybercrime • Enact & enforce a comprehensive set of laws relating to cybersecurity & cybercrime • Establish and modernize supporting criminal law, procedures, and policies • Regional initiatives, mutual assistance • Establish or identify national cybercrime investigative units • Understanding of cybercrime legal issues among prosecutors, judges, & legislators

6. Creating National Incident Management Capabilities • Develop coordinated national cybersecurity response system • Prevention, detection, deterrence, response, & recovery • Establish a government focal point • Bring together all elements of government, operators, & equipment vendors • Participate in information sharing mechanisms • Watch, warning, response • Develop, test, exercise response plans & protocols

7. Promoting a National Culture of Cybersecurity • Promote cybersecurity within Government, as well as private sector, civil society, & individuals • Security of e-Government • Multi-disciplinary, multi-stakeholder approach • Education • Regional & international cooperation

8. New Work for Question 22 • Expand on the Best Practices Report dealing with national strategy; public/private partnerships; national incident management capability; culture; & protection against spam malware & other cyberthreats. • Develop course materials for analysis of national strategies and planning hands-on training programs. • Develop country case studies. • Develop a framework to be pursued and implemented under BDT Programme 2 for increasing awareness by developing countries regarding cybersecurity.

9. UNGA Res 64-211Creation of a global culture of cybersecurity Member States to use a voluntary self-assessment tool to highlight areas for further action in CII protection • Taking stock of cybersecurity needs and strategies • Stakeholder roles & responsibilities • Policy processes & participation • Public-private cooperation • Incident management & recovery • Legal frameworks • Developing a global culture of cybersecurity