UN Telecom Union Chief Zhao Calls for Global Cybercrime Rules

Bloomberg Law: Privacy & Data Security brings you single-source access to the expertise of Bloomberg Law’s privacy and data security editorial team, contributing practitioners,...

By Bryce Baschuk

May 28 — The leader of the United Nation's telecommunications agency May 28 endorsed a new effort aimed at defining international cybercrimes with the goal of reducing cyberattacks.

Houlin Zhao, the secretary general of the International Telecommunications Union, said during a speech in Geneva that he would like to initiate formal consultations with technical experts and government stakeholders to consider ways to stem the growth of cybercrimes.

“We talk about cybercrime, but if you don't have a cyber agreement on these kind of crime definitions then you cannot bring any people to justice,” he said. “Therefore, we need some framework,” he said.

Although Zhao's comments won't directly impact the ITU's mandate, they could lend support to recent efforts to expand the organization's authority over Internet content matters related to cybersecurity. In October 2014, Zhao said the ITU should develop new principles to govern the way its members employ telecommunications surveillance techniques.

The ITU May 28 also made public its 2015 Global Cybersecurity Index (GCI) report, which ranked the U.S. as having the strongest cybersecurity protection regime in the world. The annual list of the nations with the strongest cybersecurity is a joint effort of the ITU and the research arm of Allied Business Intelligence Inc.

No ‘Real Progress.’

Zhao said ITU members are asking for concrete international solutions to stem the growth of cyberattacks.

“People are frustrated,” Zhao said. “Today we have talk, everywhere talk, but we don't have real progress.”

Although international costs are difficult to quantify, each year the theft of trade secrets for commercial profit costs U.S. businesses billions of dollars through lost profits, damages and closed markets.

“The cost of cybercrime and the growing threat of increasingly sophisticated cyberattacks perpetrated by highly resourceful and competent threat agents continue to plague the development” of safe information and communications technologies around the world, Tim Archdeacon, chief executive officer of ABI, a New York-based market research company, said in the report.

Ranking Countries' Cybersecurity 

The CGI report ranks each nation's level of cybersecurity development by measuring the sophistication of its legal, technical, organizational, capacity building and cooperation regarding cybersecurity.

After the U.S., Canada came in as having the second strongest cybersecurity, according to the report. Australia, Malaysia, and Oman tied for third place. Nine countries tied for last place in the rankings, including North Korea.

“Unfortunately, cybersecurity is not yet at the core of many national and industrial technology strategies,” Brahima Sanou, director of the ITU's Telecommunication Development Bureau, said in the report.

“Countries need to be aware of their current capability level in cybersecurity and at the same time identify areas where cybersecurity needs to be enhanced,” Sanou said.

U.S. Cybersecurity Profile 

The report cited a long list of federal cybersecurity statutes in support of its conclusion that the U.S. has the strongest cybersecurity in the world, including laws that protect the privacy of information, such as the Privacy Act, 5 U.S.C. § 552a, and the Freedom of Information Act, 5 U.S.C. § 552.

The U.S. has also employed a series of technical measures aimed at implementing cybersecurity standards, technical response teams, and certification, the report said.

In addition, the U.S. has deployed organizational measures aimed at bolstering its cybersecurity infrastructure, such as its recognition of the International Strategy for Cyberspace, appointment of a Cybersecurity Coordinator and a issuance of road maps for cybersecurity governance, the report said.

The U.S. benefits from a host of cybersecurity capacity building programs including the Department of Defense's Defense Industrial Base Cybersecurity Information Assurance Program and the National Institute of Standards and Technology's cybersecurity framework, among others, the report said.

Finally, the U.S. has established a series of inter-agency, interstate, and international cooperation efforts to facilitate sharing cybersecurity assets across its borders, the report said.

To contact the reporter on this story: Bryce Baschuk in Geneva at correspondents@bna.com

To contact the editor responsible for this story: Donald G. Aplin at daplin@bna.com

The 528-page “Global Cybersecurity Index & Cyberwellness Profiles Report 2015” is available at http://www.itu.int/dms_pub/itu-d/opb/str/D-STR-SECU-2015-PDF-E.pdf.