International and Regional Cyber Security Initiatives

1
International and Regional Cyber Security
Initiatives

• Michele G. Markoff
• Coordinator
• International Critical Infrastructure Protection
• U.S. Department of State

2
THE CHALLENGE

• Potential consequences of attacks on national and
  global critical information infrastructures not
  well understood
• Disruption of key allied infrastructures can have
  tangible security consequences for the U.S.

3
THE FORECAST

• As reliance on information networks increases,
  and attacks tools become more sophisticated,
  potential for devastating damage to critical
  infrastructures increases
• Physical attacks will become more frequent and
  potentially more disruptive

4
US GOALS/STRATEGY

• GOAL
• Shape the international environment to reduce
  the risk to critical US and global information
  infrastructures on which the US and its allies
  depend.
• STRATEGY
• Pursue cross-sector bilateral and multilateral
  cooperation that has tangible benefits to US
  national security.

5
ACT NATIONALLY, COOPERATE INTERNATIONALLY

• All nations need to take systematic domestic
  and international steps to enhance the security
  of their networked critical information
  infrastructures

6
THE CASE FOR INTERNATIONAL COOPERATION

• Going it alone wont work Were only as secure
  as the least secure among us
• Cascading international failures can have
  national security consequences Need to address
  direct and indirect foreign interdependencies
• As more nations cross the digital divide,
  threat more unpredictable

7
MULTIFACETED COLLABORATION

• Modernize legal frameworks, enhance law
  enforcement capabilities, transborder cooperation
• Establish a national Point of Contact
• Establish 24/7 warning and incident response
  capability
• Inculcate Culture of cybersecurity education
  and awareness aimed at prevention/security
• Understanding that government may lead, but
  public-private partnership essential

8
US INVOLVEMENT IN REGIONAL INITIATIVES

• G-8
• UN General Assembly Resolutions
• Asia Pacific Economic Cooperation Forum (APEC)
• Organization of Economic Cooperation and
  Development (OECD)
• Organization of American States (OAS)
• UN/ITU World Summit for the Information Society)

9
G-8 INITIATIVES

• HIGH TECH CRIME GROUP work is basis for current
  initiatives in COE, UNGA, APEC, OAS, WSIS
• 1997 - Cyber Crime principles
• 2003 - CIP principles

10
UNGA RESOLUTIONS

• 55/63 and 56/121
• Combating the Criminal Misuse of Information
  Technology
• 57/239
• Creation of a Global Culture of Cybersecurity
• UNGA 58 US will present resolution based on
  2003 G-8 Principles Protecting Critical
  Information Infrastructures

11
OECD NETWORK SECURITY GUIDELINES

• 2002 Update of longstanding network security
  guidelines
• - Details how all levels of civil society should
  implement security in a manner appropriate to
  their roles
• Provides basis for 2002 UNGA Resolution
• Currently working on implementation guidelines

12
ORGANIZATION OF AMERICAN STATES (OAS)

• JUNE 2003 - OAS General Assembly Resolution 1939,
  Development of an Inter-American Strategy to
  Combat Threats to Cybersecurity
• Builds on work of 3 OAS committees telecom,
  counter-terrorism and legal
• Directs the development of a cybersecurity
  strategy for OAS member states
• July 2003 Cybersecurity Conference in Buenos
  Aires began discussion of strategy

13
APEC TEL CYBERSECURITY STRATEGY

• Developed by APEC Telecommunications and
  Information Working Group (TEL)
• APEC strategy first to commit to concrete steps
  for regional cybersecurity cooperation
• Builds on principles outlined in UNGA Res 55/63)
  and OECD (Network Security Guidelines)
• Approved at APEC Ministerial, October 2002

14
APEC TEL CYBERSECURITY STRATEGY 2

• Comprehensive and modernized legal frameworks
• Cyber incident information-sharing (APCERT) and
  law enforcement cooperation
• Development of IT security and technical
  guidelines
• Strengthening regional public awareness of
  cybersecurity
• Increased training and education opportunities
• Examination of wireless security issues

15
UN/ITU WSIS

• World Summit on the Information Society (WSIS)
  agenda December 10-12 Geneva
• - US has introduced language on cyber security,
  leverages OECD Guidelines and new G-8 principles
  on cybersecurity
• - Many unhelpful proposals being submitted
• - Working to ensure final declaration provides a
  general guide for the international community
  oppose new conventions other than COE

16
CONCLUSION

• No nation will be secure until every nation
  takes systematic steps to enhance the security of
  its critical networked information systems and
  inculcate a culture of cybersecurity in its
  citizens
• All nations need to cooperate internationally,
  sharing information, experiences and expertise in
  prevention of cyber attacks, and in prosecution
  of perpetrators if prevention fails.

17
CONTACT INFORMATION

• Michele Markoff
• Coordinator for International Critical
  Infrastructure Protection
• US Department of State
• (202) 736-4020
• email MarkoffMG_at_T.State.gov