ITU Deputy Secretary-General

Opening Speech by

Houlin ZHAO ITU Deputy Secretary-General

UN/CEB/ICT-Network

InfoSec-Special Interest Group Symposium

13th and 14th September 2011

OHCHR, Palais Wilson, Geneva

Dear Participants, Good morning! As Deputy Secretary General of the ITU and co-organizer of this meeting, I would like to welcome you to the Palais Wilson in Geneva for this two-day symposium on information security which is jointly organized by OHCHR, UNICC and ITU. I would like to thank OHCHR for their generous offer to use the Palais Wilson meeting rooms and for their logistical support. I would also like to thank UNICC for their collaboration with ITU in organizing the event and for their role as financial co-sponsors. ITU has been actively pursuing cyber security initiatives. During the World Summit for Information Society Phase 2 in Tunisia in 2005, ITU was entrusted to be the facilitator for the WSIS Action Line 5 – “Building confidence and security in the use of information and communication technologies”. To implement this task, ITU launched the Global Cyber security Agenda (or GCA) in 2007. The GCA has fostered initiatives such as the Child Online Protection (or COP) Initiative and the International Multilateral Partnership Against Cyber-Threats (or IMPACT) to provide training and skills development, security assurance, research, and international cooperation programs to member states. ITU works with some 700 industry members in the Telecom and IT industry on a broad range of issues including network security, identity management, countering spam, cloud computing, IPv6, protection of critical infrastructure, and the convergence of mobile and fixed networks. ITU was pleased to host the ICT-Network meeting here in Geneva in 2009. In his opening address, Dr. Hamadoun Touré, the ITU Secretary General, emphasized both the importance of information security within UN agencies and the broader issue of a coordinated effort among the UN family towards cyber security and cybercrime. At this time, he proposed to the ICT-Network that ITU would be willing to lead this effort. 2

The UN Chief Executive Board, or CEB, in recognizing the growing importance of cyber security to the UN family of organizations, has instructed both the High Level Committee on Programs (or HLCP) and the High Level Committee on Management (or HLCM) to follow-up in their respective roles within the system. The Information Security Special Interest Group, or InfoSec-SIG, reports to the ICT Network, which is under the umbrella of the HLCM and is focused primarily on UN agency internal information security management issues. I understand that this group has been tasked with finding synergies among agencies for information security awareness, incident response, and policies and standards. I am pleased with the rich programme of this workshop. I encourage you to take this opportunity to share your experiences and observations on information security issues learnt from you daily work and to discuss the possible ways to improve the security of our system and our organizations. Among many topics, we will need to address policy, technological, and operational issues associated with the increased pressures for us to support a mobile and / or a remote work force using ever-expanding smart devices to access information that may reside in our data centers, or in the cloud far away in the sky. The questions already being raised are not easy ones to answer. Questions such as : How do we manage the mixed use of personal and corporate devices? What applications are allowed to reside on them? Can we patch them? How we protect privacy and how can we identify the participant? What is the legal status of a remote participant etc. will have to be addressed. Another fundamental challenge is : Is the 1946 United Nations Convention and the 1961 Vienna Convention on diplomatic immunities and privileges sufficient to protect the UN in the way we do business today? How do we adhere to these conventions and respond to the problem in today’s environment ? Dear Colleagues, Your responsibilities as Information Security Officers are indeed far-ranging. The executives of our organizations will rely on your recommendations for ICT-related issues, and in particular for system security issues. I look forward to receiving your deliberations.