Sabotaging smart grids, health care, and transport and communication systems sitting at the other end of the globe is an attractive target to get countries to their keens without involving military. We have witnessed the dress reharls of these attacks for some time.
Recently we have witnessed massive ransomware attacks like Petya /NotPetya and Wanncry hit more than 300 countries, impacted critical services like health care and countries like Ukraine were in a state of the national emergency.
We do not need the fortune teller to predict that cyber-attacks can create a war like situations. The Analyst like Forbes has already predicted that 2017 will be cyber warfare year.
The countries are coming together to think and define a strategy to combat these attacks and one of such an initiative launched by International Telecommunication Union (ITU) is Global Cyber Security Agenda (GCA), a framework for international cooperation aimed at enhancing confidence and security in the information society. Arising from GCA is the Global Cybersecurity Index (GCI), which aims to measure and assess the commitment of countries to this issue.
In this article, we will discuss what is GCA and how can it be used for GCI?
What is GCA?
As stated above GCA is the framework developed by the ITU to build the confidence among the ITU member countries to exchange cyber security information.
The GCA is based on five strategic pillars also known as work areas. These pillars are Legal measure, Technical & Procedural measures, Organizational structure, Capacity Building and International Cooperation.
Following GCA diagram depicts the areas covered by each of these pillars.
- Legal – As depicted in a diagram, the Legal aspect of the GCA will take care of Cybercrime laws, Regulatory requirements for cyber security compliance and providing the security awareness training.
- Organizational – This pillar provides the information about organizational strategy for cyber security, which agencies will be responsible for defining and monitoring the security controls requirements and also the cyber security metrics to measure and monitor security maturity.
- Technical – The technical requirements will provide inputs for how to handle the emergency situations created by cyber security incidents. This states about the requirements for National, CERT/CIRT/CSIRT. Definitions of security standards for organizations and professional who are responsible for designing and managing the security
- Capacity Building – Generating public awareness for cyber security, definitions of good practices for cyber security, professional training for increasing the number of cyber security professionals and threat intelligence and other security technologies research and development facilities, engorgement and recognition for the industries to follow the cyber security guidelines.
- Cooperation – How the country is encouraging bilateral, multilateral cooperation for the TUI member countries to identify and stop the cyber-attacks by either providing the details required for the investigation or enforcing the security controls to detect and stop attacks generated from the country and not supporting the cyber attackers.
What is GCI and How It is determined?
Global Cyber Security Index (GCI) was initially developed in 2013, it is perpetually engaged in update process to determine the relevant aspect of the security of ITU member states.
The purpose of the index is to measure the following elements:
- Type, level, and development of commitment to cyber security in countries over the course of time
- Progress in the commitment to cyber security of all countries from a global perspective
- Progress in the commitment to cyber security from a regional perspective
- Level of participation of countries in cyber security initiatives
The scope of the GCI’s mission is wide: it aims to act as a point of reference so that countries can identify areas of opportunity in the field of cyber security, and, at the same time, it can work as a kind of incentive for nation states to try and improve their Global Cybersecurity Index rating or assessment. This has the knock-on effect of increasing the country’s level of cybersecurity.
The GCI document is divided into five sections;
The first considers legislation and regulations on cyber security in the country in the question – for example, whether it has laws on unauthorized access, the misuse of information systems, and the interception of data.
The second group of questions looks at the availability of technical measures, which among other things includes the existence of a Computer Security Incident Response Team (CIRT, CSIRT or CERT) with a focus on different sectors within the country.
The third point includes aspects relating to organizational measures, such as having a national cyber security strategy, the existence of a national body or agency responsible for the issue, or the existence of metrics by which developments can be measured.
The fourth element evaluates capacity-building activities, primarily in respect of standardization. In other words, the adoption of cyber security standards and good practices, as well as investment in security-related R&D programs, and also awareness campaigns aimed at the general public.
The final element looks at the provision of measures for cooperation with other countries, such as bilateral, multinational, and international agreements. This factor is a crucial one when investigating crimes that go beyond borders and are committed using new technologies.