TUESDAY 07 OCTOBER 2008

08:00−09:00

Meeting Registration and Badging (Online pre-registration required)

09:00−10:15

Meeting Opening and Welcome

Welcoming Address: Representative from the State Agency for Information Technology and Communications (SAITC), Republic of Bulgaria

Opening Remarks: Representative from ENISA

Opening Remarks: Representative from ITU

10:15−10:30

Coffee/Tea Break

10:30−12:00

Session 1: Towards an integrated approach for Cybersecurity and Critical Information Infrastructure Protection

Session Description: The necessity of building confidence and security in the use of ICTs, promoting cybersecurity and protecting critical infrastructures at national levels is generally acknowledged. As national public and private actors bring their own perspective to the relevant importance of issues, in order to have a consistent approach, some countries have established cybersecurity/CIIP institutional structures while others have used a light-weight and non-institutional approach. This session will review, from a broad perspective, the different approaches and their often similar components in order to provide meeting participants with a broad overview of the issues and challenges involved. The session will also present an overview of the ITU work on Organizing National Cybersecurity/CIIP Efforts and the ITU National Cybersecurity/CIIP Self Assessment Toolkit. The toolkit is intended to assist national governments in examining their existing national policies, procedures, norms, institutions, and relationships in light of national needs to enhance cybersecurity and address critical information infrastructure protection.

12:00−13:30

Lunch

13:30−15:15

Session 2: Promoting a Culture of Cybersecurity

Session Description: In order to better understand the Management Framework for Organizing National Cybersecurity/CIIP Efforts and further explore how different countries are currently implementing the five pillars of the Framework, i.e. Promoting a Culture of Cybersecurity, Government ― Industry Collaboration, Legal Foundation and Enforcement, Incident Management Capabilities, and Developing a National Cybersecurity Strategy, sessions 2, 3, 4, 5, and 6 are dedicated to the specific pillars and related country case studies. Session 2 looks closer at the building blocks needed to successfully Promote a Culture of Cybersecurity.

15:15−15:30

Coffee/Tea Break

15:30−17:00

Session 3: Public ― Private Partnerships

Session Description: In order to better understand the Management Framework for Organizing National Cybersecurity/CIIP Efforts and further explore how different countries are currently implementing the five pillars of the Framework, i.e. Promoting a Culture of Cybersecurity, Government ― Industry Collaboration, Legal Foundation and Enforcement, Incident Management Capabilities, and Developing a National Cybersecurity Strategy, sessions 2, 3, 4, 5, and 6 are dedicated to the specific pillars and related country case studies. Session 3 looks closer at Government ― Industry Collaboration.

17:00−17:15

Daily Wrap-Up and Announcements

18:00−

Welcome Reception

WEDNESDAY 08 OCTOBER 2008

09:00−10:15

Session 4: Legal Foundation and Enforcement

Session Description: In order to better understand the Management Framework for Organizing National Cybersecurity/CIIP Efforts and further explore how different countries are currently implementing the five pillars of the Framework, i.e. Promoting a Culture of Cybersecurity, Government ― Industry Collaboration, Legal Foundation and Enforcement, Incident Management Capabilities, and Developing a National Cybersecurity Strategy, sessions 2, 3, 4, 5, and 6 are dedicated to the specific pillars and related country case studies. Session 4 looks closer at the need for Legal Foundation and Enforcement.

10:15−10:30

Coffee/Tea Break

10:30−12:00

Session 5: Organizational Structures and Incident Management Capabilities

Session Description: In order to better understand the Management Framework for Organizing National Cybersecurity/CIIP Efforts and further explore how different countries are currently implementing the five pillars of the Framework, i.e. Promoting a Culture of Cybersecurity, Government ― Industry Collaboration, Legal Foundation and Enforcement, Incident Management Capabilities, and Developing a National Cybersecurity Strategy, sessions 2, 3, 4, 5, and 6 are dedicated to the specific pillars and related country case studies. Session 5 looks closer at developing Incident Management Capabilities.

12:00−13:30

Lunch

13:30−15:00

Session 6: A National Cybersecurity Strategy

Session Description: Increasingly, electronic networks are being used for criminal purposes, or for objectives that can harm the integrity of critical infrastructure and create barriers for extending the benefits of ICTs. To address these threats and protect infrastructures, each country needs a comprehensive action plan that addresses technical, legal and policy issues, combined with regional and international cooperation. What issues should be considered in a national strategy for cybersecurity and critical information infrastructure protection? Which actors should be involved? Are there examples of frameworks that can be adopted? This session seeks to explore in more detail various approaches, best practices, and the key building blocks that could assist countries in establishing national strategies for cybersecurity and CIIP.

15:00−15:15

Coffee/Tea Break

15:15−17:00

Session 7: Review and Discussion: Organizing National Cybersecurity/CIIP Efforts

Session Description: Session 7 seeks to review and further discuss how to Organize National Cybersecurity/CIIP Efforts and related toolkit, identifying some of the main takeaways from the presentations on the Framework and the country case studies in preparation for the concluding meeting discussions.

17:00−17:15

Daily Wrap-Up and Announcements

THURSDAY 09 OCTOBER 2008

09:00−10:30

Session 8: Cybersecurity Forensics

Session Description: This session will give an overview of cybersecurity forensics, incident analysis, and best practices for engagement with law enforcement.

10:30−10:45

Coffee/Tea Break

10:45−12:30

Session 9: The Economics of Cybersecurity

Session Description: Security flaws are often due to perverse incentives rather than the lack of suitable technical protection mechanisms. Since individuals and companies do not bear the entire costs of cyber incidents, they do not tend to protect their system in the most efficient way. If they did support all the financial consequences, they would have stronger incentives to make their network more secure for the good of all interconnected networks. This session reviews current leading thinking and research on the economics of cybersecurity.

12:30−14:00

Lunch

14:00−15:30

Session 10: Regional and International Cooperation

Session Description: Regional and international cooperation is extremely important in fostering national efforts and in facilitating interactions and exchanges. The challenges posed by cyber attacks and cybercrime are global and far reaching, and can only be addressed through a coherent strategy within a framework of international cooperation, taking into account the roles of different stakeholders and existing initiatives. As moderator/facilitator for WSIS Action Line C5 dedicated to building confidence and security in the use of ICTs, ITU is discussing with key stakeholders on how to best respond in a coordinated manner, to the growing cybersecurity challenges. The ITU Global Cybersecurity Agenda (GCA) provides a platform for dialogue aimed at leveraging existing initiatives, working with recognized sources of expertise in a framework for international cooperation, to elaborate global strategies for enhancing confidence and security in the information society. This session will review the ongoing initiatives to further the discussions, in order to identify possible next steps and concrete actions to foster and promote international cooperation for enhanced cybersecurity.

15:30−15:45

Coffee/Tea Break

15:45−16:45

Session 11: Wrap-Up, Recommendations and the Way Forward

Session Description: The final session of the meeting reports some of the main findings from the event, and aims to elaborate recommendations for future activities in order to enhance cybersecurity and increase protection of critical information infrastructures in the region.

16:45−17:00

Meeting Closing

Closing remarks: Representative from the State Agency for Information Technology and Communications (SAITC), Republic of Bulgaria

Closing remarks: Representative from ENISA

Closing remarks: Representative from ITU