Developing Countries Start Work on National Cybersecurity Strategies
GENEVA -- Developing countries are starting to deal with cybersecurity, but business and government need new strategies to deal with cyberthreats, officials said Monday. They spoke at an ITU workshop on national frameworks for cybersecurity and protecting critical information and network protection.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Every country is fighting crime and looking at security of the public network, said Joseph Richardson, a consultant to the U.S. State Department. “The question is whether or not those activities are… geared to the new environment.” Some nations are only starting to consider cybersecurity strategies, said Sami Al Basheer, director of ITU’s Development Bureau. “Cybersecurity is a shared responsibility” among users, business and government, Richardson said.
Political buy-in at the highest levels is needed to coordinate distribution of responsibilities throughout the government, Richardson said. Cybersecurity requires laws against cyber crime, said Daniel Hurley, director of critical infrastructure protection at the NTIA. One country’s outlaw act may be legal in another. Legal instruments may not be in place, officials said.
Developing countries need to identify one another’s cybersecurity counterparts, for example Computer Emergency Readiness Teams (CERTs), which may not exist, officials said. Incident management capabilities include international communication watching for, warning of, responding to and recovering from cyberthreats, Hurley said.
Cross-border trust between people and institutions is critical for cybersecurity, Richardson said. Government can assemble the people and resources needed for the job, Richardson said. It’s crucial to identify lead agencies and leaders to enhance international cooperation, which is based on counterparts, Richardson said. Government-to-government discussions between CERTs means all must have government responsibilities, he said. There’s no way for a government to bring a government concern to a CERT at a university, he said.
“Industry has a key role to play,” said Jordana Siegel of the National Cyber Security Division of the U.S. Department of Homeland Security. Government-industry collaboration is also needed, because in many countries business owns and operates all or part of critical communications networks, Hurley said. Government and industry must derive value from collaboration, defining, understanding and communicating their roles and responsibilities to manage expectations, she said.
A “Framework for National Cybersecurity Efforts” floated by the U.S. in the ITU aims to help nations set priorities, Hurley said. A self-assessment tool being circulated to ITU member nations focuses on national strategies and frameworks at the management and policy level, Richardson said. The aim is to help nations gauge their readiness for organizing and managing a national effort to prevent, prepare for, protect against, respond to and recover from cybersecurity incidents, Richardson said.
National approaches to cybersecurity will be discussed starting Tuesday in an ITU-D study group meeting on telecom development strategies and policies. The last such meeting, in 2006, drew representatives of 53 nations, including 15 U.S. officials. A U.S. proposal suggests stronger ties between business and government, offering new text on identity management for cybersecurity, officials said.