ITU Group at Work on Model Cybersecurity Bill
GENEVA -- A model cybercrime law that works globally and fits with existing national and regional mandates is a top goal, ITU’s High Level Experts Group on Cyber-security said Friday. The group was meeting to work on tasks assigned it at the World Summit on the Information Society (WID Jan 16 p1), officials said. The group is ITU’s first key step on cybersecurity, said Hamadoun Toure, Secretary General of the ITU, at a press briefing Friday.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
Attacks such as those recently in Estonia could strike anywhere, said Stein Schjolberg, chief judge of Norway’s Moss Tingrett Court. Many countries outlaw terrorist use of the Internet, said Schjolberg, the ITU group chairman. But all regional frameworks are flawed because they're regional, said Toure. Cybersecurity needs a global approach, he said.
The group will draft a model cyber-crime law, Schjolberg said. Its first report will be ready in May so Toure can make recommendations to ITU Council in September.
The group will seek comfort levels in five areas that involve cybersecurity, Toure said. His goal is to have by 2009 a cybersecurity framework, trained national cybersecurity agencies and means of collaborating to fight cyber-threats without duplication, he said. The group set up five sub-groups -- legal measures, organizational structures, technical and procedural measures, capacity building and international cooperation -- said Schjolberg, whose field is cybercrime legislation. Concerns over loopholes in legal frameworks are grouped in the legal area, said Alex Ntoko, head of ITU’s Corporate Strategy Division. Schjolberg will head the legal measures working group, Toure said. “What we want to come up with is global strategies, a roadmap,” Ntoko said. “Something that everybody would see and understand and be able to apply.”
A Moroccan expert will head work on the organizational framework. Intel will lead the technical group with an Estonian official. The United Nations Training and Research Institute will head capacity building. APEC (Asia-Pacific Economic Cooperation) official will lead the group’s work on international cooperation. Names of group leaders weren’t available at press time.
The Convention on Cybercrime will be a guideline for the work in proposing model cybercrime legislation, Schjolberg said. The U.S. signed the Convention on Cybercrime in 2001, the Department of Justice website said. The convention dates to the late 1990s; since then spam, phishing, pharming, botnets, and identity theft have emerged, Schjolberg said. “The convention is not a dynamic convention.”
The group is focusing on the broader topic of cybersecurity, not just cybercrime, said Tony Rutkowski, VeriSign vice president, regulatory affairs and standards. A breadth of legal tools exists for achieving cybersecurity, he said. But cybersecurity also covers critical infrastructure protection, at the heart of ITU’s work since its founding, Rutkowski said. Industry fears that the Secretary General is seeking an international treaty. That might be a wrong conclusion, an industry official said.
The group’s roughly 50 participants come from government, academia, regional groups, civil society and business, said Toure. Representatives from Interpol, Intel, Cisco, VeriSign, Brazil, the U.S. government and others attended.