Cybersecurity: what’s the ITU got to do with it?



1. This is the definition provided by ITU-T recommendation X.1205

2. Jan-Frederik Kremer, 2014, “Cyberspace and International Relations: Theory, Prospects and Challenges”, p. 13

3. Prior to this, Internet-related resolutions (101, 102) were first passed in 1998, at the Minneapolis Plenipotentiary conference.

4.  For example, through Study Group 17, the ITU has produced the security standard X.509, which provides the basis for the public key infrastructure (PKI), used in the secure version of HTTP(S) (HyperText Transfer Protocol (Secure)). The study group has developed over 70 standards, including cybersecurity indicators.

5. Four out of the five regional internet registries have been ITU members for more than a decade and many of the largest technology companies in the world are ITU members.

6. ITU membership has been open to the academic community since 2014 (on a trial basis from 2010 to 2014). Click here for the current list of ITU members.

7. Civil society are able to request fee waivers. Examples of organizations considered by the ITU as civil society and which are ITU members are mentioned in an ITU presentation.

8. In areas where the ITU has not historically set initial standards, such as in internet protocol-related standards, the ITU’s development of standards or recommendations are carried out in cooperation with a wide range of other private and non-governmental actors, including the IETF, ISO and IECAs. As the Internet Society describes “the recommendations produced by the ITU-T are not specific to the Internet, but because a portion of Internet traffic is carried over telecommunication networks, ITU-T is a part of the greater ecosystem of internet standardisation”.

9. The Constitution and Convention currently in force are the Constitution and Convention of the International Telecommunication Union (Geneva, 1992) as amended by subsequent plenipotentiary conferences.

10. The proposal solicited concerted criticism from Indian civil society groups, including the Centre for Internet and Society, who outlined the dangers and implications of the draft legislation for privacy and freedom of expression, thereby raising awareness of the proposal among the public and wider civil society.

11. Danielle Kehl, New America Foundation, “Final Dispatch from Busan: Closing the books on the 2014 ITU Plenipoteniary Conference

12. Increased civil society participation has been particularly evident since WCIT-12 where there were over 30 organizations and individual CS reps in WCIT-12 including APC, CDT, GPD, KICTAnet, CTS/FGV, Internet Democracy Project, AccessNow.

13. The text of the compromise is available on WCITleaks, where restricted ITU documents are leaked and made publicly available.

14. CENTR Paper: A primer for ccTLDs on Internet governance and the ITU 

15. For example, the ITU has recently set up an “Internet of Things (IoT) Global Standards Initiative” to coordinate technical standardisation work around the development of the IoT. This will undoubtedly have implications for cybersecurity as the vast growth in the number of devices that are expected to be connected to the network and stored in the cloud will rely on building cost-effective solutions on open-source software. This will require not only interoperable and secure technical standards, but regulatory and policy frameworks that protect user security and privacy.