International developing nations and set preparations for the 2005

International Telecommunication Union (ITU)United Arab Emirates’ position on Managing Security in Global Telecommunications Introduction Telecommunication and its advancement have indisputably had a substantial impact on the lifestyle of many generations. From the use of the telegraph, invented in 1837, to the latest of technology such as the use of the Internet of Things, these telecommunications have simplified communication between two individuals or objects either over a short distance or long distance.1 However, with the invention of these telecommunications comes with the need to protect them from security breaches which has become drastically more prominent in the last decade. Especially for military purposes, countries would try to intercept telegraph messages or hack into radio frequencies to obtain information on their adversaries.2 Today, with the economic and political world growing more dependent on the internet and digital technology, hackers have more of an incentive to break into a company or government’s databases. Once hackers get into these databases, they can cause collateral damage to the prosperity of a company, access the personal information of millions of people, or leak classified government information to the public.3 Recognizing the magnitude of this issue, the United Nations has gotten involved in attempting to reduce the amount of cyber attacks worldwide through five main resolutions.4 In resolution 55/63, the General Assembly (GA) states that nations must make sure that they are not in any way creating a safe haven for individuals or groups committing cyber crime through legal systems, general public awareness, and protection of privacy. It also states that it will keep “Crime Prevention and criminal justice” on its agenda for the fifty-sixth session and encouraged all member nations to use the measures stated in their fight against cyber crime.5 In resolution 56/121, the GA encouraged nations to cooperate with the Commission on Crime Prevention and Criminal Justice (CCPCJ) to create legislation that meet international standards. It also referred back to resolution 55/63 and introduced pending work by the CCPCJ on preventing crime using high technology and urging nations to follow.6 Resolution 57/239 starts to move towards a different aspect of cyber-security: developing a global culture. It makes an effort to encourage international organizations to work together in creating a global culture of cyber-security. Additionally, it introduced the need to facilitate the growth of Information and Communication Technology (ICT) in developing nations and set preparations for the 2005 World Summit on Information Technology.7 The fourth resolution, 58/199, the GA stresses having organized and developed strategies for cyber-security as well as assisting other member states of the UN in protecting critical infrastructure. Adding to the previous resolution, 58/199 also states the need for the development of technology in developing countries to “close the digital divide.” 8 The final resolution is 64/211, which puts a final layer of recommendation on top of the other four resolutions. This one completely develops the “Voluntary self assessment tool for national efforts to protect information infrastructures” and encourages member states to adopt these practices. This assessment tool includes eighteen steps from recognizing the role that ICT plays in a nation and creating a cyber response team to developing a global culture of cyber-security.9 The UN has also got involved through different ways including the establishment of four Groups of Governmental Experts (GGE) to conduct studies on the potential and existing threats on cyber-space and how those threats can be dissolved. The final GGE finished its work in 2015, after looking into promoting state security regarding the use of ICT.10 The Economic and Social Council (ECOSOC), recently increased their involvement in the cybercrime area by holding a special event on “Cyber-security and development” in 2011. This was done along with Department of Economic and Social Affairs (DESA) and in the event, speakers discussed several topics including the inability of developing nations to protect themselves from cyber-attacks, protecting children online, and raising awareness at the international policy level.11 The UN Congress on Crime Prevention and Criminal Justice (UNCPCJ) plays a vital role in setting an international standard for cyber-security every five years. The 2010 UNCPCJ established a report by the UN Office on Drugs and Crime (UNODC) which studied the international responses to cyber-crime. The UN Institute for Disarmament Research (UNIDIR) and the UN Interregional Crime and Justice Research Institute (UNICRI) also created their own reports on the topic of terrorists using the Internet for operations and attacks.10 Finally, the leading UN organ in the cyberspace area is the International Telecommunications Union which has had a significant impact on cyber-security worldwide with its actions.13 Following the World Summit on the Information Society (WSIS) in 2005, the ITU launched the Global Cyber-security Agenda (GCA) which is a forum that is intended to encourage international cooperation in facilitating security and confidence in the global cyber society. To work along with the GCA, a group of over 100 cyber-security experts were formed through the High-Level Experts Group (HLEG). In addressing threat response, the GCA is assisted by the International Multilateral Partnership against Cyber Threats (IMPACT), which in being the largest international public-private cyber-security alliance, specializes in early warning signs and providing collaboration platforms. Following the WSIS, this partnership launched the Internet Governance Forum which was later updated at the World Conference on International Telecommunications (WCIT) in 2012.12   The United Arab Emirates’ History with Managing Security in Global TelecommunicationsIn 2017, the United Arab Emirates (UAE) ranks number three regionally and is in the global top 40 for nations with the highest ICT development. The country’s high rank comes as a result of over ninety-four percent of the population having access to the internet and ninety-one percent of the population owning a computer to use at home. With millions of people using the internet, the UAE has also taken measures against cybercrime and developed a cyber-security strategy.14 The country experienced two major attacks in 2017: The Petya virus that attacked banks, ministries and media outlets, as well as the WannaCry virus that attacked over 150 countries. Following those attacks, UAE conducted important cyber-security upgrades to thirty-five federal bodies through the Telecommunications Regulatory Authority (TRA) in an attempt to protect the government from further hacks.15 UAE is also conducting conferences on cyber-safety more often and as a result, the cyber-security field continues to grow. The Dubai Electronic Security Centre (DESC) has hosted several sessions to develop national strategies to combat attacks on the government. The country also has the most millennials educated toward a career in cyber-space than any other country in the region. An international Cyber Academy was launched at the Khalifa University by Raytheon in an initiative to increase access to education in this field and develop talent in cyber-space.16 There’s no doubt that the UAE, with its high tech cities, has become a target for hackers, as there was a five-hundred percent increase in cyber attacks from the last five years and in 2016, five percent of the world’s cyber attacks targeted the United Arab Emirates. Therefore in May of 2016, the UAE unveiled a major cyber-security strategy running through 2021, setting itself up with the capabilities to fend off cyber attacks.17 The country’s cyber-security legislation is one of the best in the world and is extremely effective in dissuading hacking in the country. This legislation also serves as a solid base for the country to build their strategy around. Also the country is extremely developed in terms of technology adoption in which corporations in the UAE strive to have the latest and safest technology at their disposal.18 The Computer Emergency Response Team (aeCERT) created by the TRA is a crucial asset to the country’s cyber-security because the team masters the aspects of: awareness, education, monitoring, response, and security services.19 The action taken by the TRA paid off significantly since in the first half of 2017, the UAE was able to fend off 561 cyber attacks of which 284 were attacks on the government and government websites. The other 277 were attacks on private corporations and their websites. With the goal after building sustainable smart cities, the UAE has taken a major step in doing so by establishing a successful cyber-security strategy. 20Current Situation Regarding Managing Security in Global TelecommunicationsThe situation regarding Managing Security in Global Telecommunications has been getting more critical as time goes on. In 2016, there was an average of 4000 cyber attacks each day according to the FBI. During that year, in a span of eight months, cyber attacks increased from being one in every two minutes to one every forty seconds in a report by Kasperksy. A study that was conducted by Dr. Zinaida Benenson at the Friedrich-Alexander University (FAU) showed the vulnerability of individual to a phishing type attack compared to what was expected. Although many know the dangers of being redirected to unknown links, seventy-eight percent, a large amount of people actually clicked on the link. In the first group forty-five percent clicked on the link, and in the second group twenty-five percent clicked. However, the danger of phishing attacks in revealed in that most of those people didn’t even know they clicked on the link. In the first group, twenty percent and in the second group, sixteen percent of the individuals actually knew that they clicked on the link and reported doing so. The response of companies that fall victim to cyber attacks is alarming. Only thirty-one percent on victims are actually making changes while fifty-two percent aren’t making any changes. The remaining seventeen percent remain undecided.  Additionally, in regards to budget changes for cyber attack victims, forty-five percent of companies kept the budget the same, seven percent decrease the budget, thirty-eight percent increased the budget, and the final ten percent was undecided.21 The global cost for cyber-crime totals at one hundred billion dollars and is expected to hit one trillion by 2021.23 While it may seem that only larger companies are the targets, forty-three percent of cyber attacks target small companies. This puts these smaller companies at a great risk because it is estimated that in 2020, the approximate cost of each cyber attack will be 150 million, a cost that many small companies cannot afford. The Internet of Things (IoT) is the future of technology but poses a major threat because with connected devices, it is easier for hackers to gain access to many more devices. By 2020, an estimated fifty to two hundred billion devices will be connected through the IoT. Despite all of this, cyber-security jobs continue to stay unfilled, with the total amount of unfilled cyber-security jobs predicted to triple by 2021.23 When surveyed, only thirty-eight percent of organizations internationally are prepared to deal with a cyber attack.22     Proposed Actions and Solutions for Managing Security in Global TelecommunicationsIf a government is equipped with sustainable infrastructure as well as financial and technical capabilities to fight against a cyber attack, there are three main steps of a successful defense system: Prevention, Incident Management, and Consequence management. This ideal three step defense strategy was developed by experts at National Academies Press (NAP) based on the successful cyber-security strategy used by the United States Department of Defense and should be the basis for nations to develop their own cyber-security strategies. In the first step, prevention, a cyber-system should have been made to stop cyber-attacks. However, security was not a major consideration for older cyber-systems and if it was, the security was based on the threats existing when the system was built. Since then, technology has gotten more advanced developing the need for patches and software updates to keep systems protected from the sophisticated cyber-attacks of today’s age.24 This calls for the need for an effective solution of training students to be hackers in an effort to identify and patch holes that cyber-criminals use. Students, from a fairly young age, need to be taught how to hack because they can develop the computer skills and mindset for finding any way that a criminal could hack into a cyber-system. There lacks the talents and computer skills necessary to protect from a cyber attack in eighty percent of organizations. These students can be taught hacking skills through widespread education programs such as those at Carnegie Mellon University (CMU) where over fifty courses are available. Education programs should also be expanded to grade school to successfully develop that killer “hacker mentality” that can provide priceless insight into the hacking world.25 Another aspect in the prevention of cyber attacks is the creation of strong legislation banning cyber-crime. This solution however, is reliant on individual countries taking the initiative to develop domestic laws which has successfully been done before with the GPS hacking incident in the maritime industry.  When over twenty ships were affected by GPS spoofing, the US Maritime Administration pushed for legislation banning the crime and successfully got passed the Cyber-security Act of 2015 and the Intelligence Authorization Act of 2017 both of which specifically referenced maritime cyber-security.26 People are less likely to commit actions that are justified as a crime especially if the penalty is set very severe. The final aspect of prevention is the use of interception which is a way of stopping an attack that is about to reach its target. Interception requires high levels of intelligence and an early warning in order to send a “counter-strike.” In the second step, Incident Management is in generally easier to oversee than the previous prevention step. The initial part of incident management is a way of identifying and indicating that an attack has occurred so that the right action can be taken. However, this part is very challenging due to fake positive signs being expressed as a distraction while the significant damage of the attack is being done.24 A national based early detection system would be very effective in protecting businesses in the particular country. A very effective example of this is the National Cyber-security protection System (NCPS) which provides the services of intrusion detection as well as information sharing.27 A nationwide system for communities to be able to manage cyber-attacks and potential cyber-attacks is also very important. The National Incident Management System (NIMS) does exactly this and can serve as a basis for other countries to develop their own intrusion detection services.28 Another solution would be partially shutting down the actual cyber-system to mitigate the damage that a cyber attack could cause. Since protecting and preserving information is the primary goal for incident management during a cyber attack, backup is a crucial part of being able to access data that could possibly be wiped out during an attack.24 This can be done through physical objects such as USB drives, tapes, and cartridges but can also be done through software and backup services. Cloud is one example; however, the safety of a cloud backup sometimes is not reliably safe.29 Therefore, an example of an effective data backup service would be the Cyber Integrity product by PAS which guarantees a quick recovery from a potential cyber attack.30 The third and final step, Consequence Management, which can be further broken down into two sections: Recovery and response. This stage mainly focuses on the justice aspect of a cyber attack in which identifying and prosecuting cyber criminals is the goal. However, the most important part of Consequence Management is learning from the mistakes that caused the cyber attack in the first place and make changes that would prevent another cyber attack. This can be done through specialized assessment committees with a designated protocol to be able to create a report for the company to develop its cyber-security platforms on. This assessment committee must be able to address the following criteria: tracing attack origin, assess retaliation, and rating damage done. Now that terrorists are increasingly using cyber attacks to damage their adversaries’ fighting power, it is necessary to be able to stop future cyber attacks in their track.24 With so many cyber-security jobs still unfilled, it is important to attract as many people to this field including women. Therefore, the development of education programs to encourage more women to move into STEM fields is crucial in filling the unfilled jobs in this sector. A couple organizations that have successfully been doing this are the Association for Women in Science (AWIS) which has trained over twenty thousand women in STEM and the national Girls Collaborative Project (NGCP) which starts girls off at an early age in STEM and develops them into strong assets in the sector.31 Conclusion    The United Arab Emirates, especially with its desire to have the latest and safest technology, strongly support the strict and effective management of security in global telecommunications in order to prevent the worldwide expense of one trillion dollars caused by cyber attacks by the year 2021. The UAE strongly supports aiding the UN organizations, particularly ITU, UNCPCJ, UNODC, and ECOSOC which all have taken strong stances against cyber attacks. Being a leading country in terms of adopting ICT technology, the UAE supports an effective three step solution consisting of: Prevention, Incident Management, and Consequence Management which all have smaller and more specific solutions within them including the training of women, developing hackers as a cyber-security strategy, and using intrusion detection technology. Finally, the United Arab Emirates strongly encourages other countries to join the movement towards ensuring security in their cyber-space to protect their future.   Bibliography for Managing Security in Global Telecommunications “The impact of the Internet of Things (IoT).” Information Age, 24 July 2017, Zetter, “How Attackers Can Use Radio Signals and Mobile Phones to Steal Protected Data,” Wired, last modified 3 November 2014, accessed 16 July 2017, Shin, Laura. “Hackers Are Hijacking Phone Numbers And Breaking Into Email, Bank Accounts: How To Protect Yourself.” Forbes, Forbes Magazine, 17 July 2017,”UN Resolutions.” ITU,”UN Resolution 55/63.” ITU,”UN Resolution 56/121.” ITU,”UN Resolution 57/239.” ITU,”UN Resolution 58/199.” ITU,”United Nations Official Document.” United Nations, United Nations,”UN.” CCDCOE, 1 Sept. 2015,”Cybersecurity: A global issue demanding a global approach | UN DESA Department of Economic and Social Affairs.” United Nations, United Nations,”ITU.” CCDCOE, 8 Jan. 2015,”ITU Cybersecurity Activities.” ITU, | 2017 Global ICT Development Index,, Staff. “UAE upgrades cyber security across 35 federal bodies.” GulfNews, Gulfnews, 12 Aug. 2017,”Cybersecurity in the UAE.” BarakaBits, 13 Feb. 2017, Zaatari, Staff Reporter; Sarvy Geranpayeh, Staff Reporter. “5% of global cyber attacks targeted UAE last year.” GulfNews, Gulfnews, 15 May 2017,, Arif. “Why UAE is well-Positioned to fend off cyber-Attacks.” Khaleej Times – Dubai News, UAE News, Gulf, News, Latest news, Abu Dhabi News, Arab news, Sharjah News, Gulf News, Dubai Business News, UAE Business News, Dubai Sports, Live Dubai Weather, Jobs in Dubai, UAE Classifieds, Gold Rates, Forex, Oman News, Qatar News, Bahrain News, World Muslim Prayer Timings, Dubai Labour News, 5 Jan. 2018, “What the UAE is doing to tackle cybersecurity threats.” ITU News, 22 Nov. 2017,”UAE foils 561 cyber-Attacks in first half of 2017.” Khaleej Times – Dubai News, UAE News, Gulf, News, Latest news, Abu Dhabi News, Arab news, Sharjah News, Gulf News, Dubai Business News, UAE Business News, Dubai Sports, Live Dubai Weather, Jobs in Dubai, UAE Classifieds, Gold Rates, Forex, Oman News, Qatar News, Bahrain News, World Muslim Prayer Timings, Dubai Labour News, 18 Oct. 2017,, Brianna. “6 Must-Know Cybersecurity Statistics for 2017 | Barkly Blog.” Barkly Endpoint Security Blog,, Devon. “11 Alarming Cyber Security Facts and Stats | Cybint.” Cybint Solutions – A BARBRI Company, Devon Milkovich, 17 Nov. 2017,, Steve. “Top 5 cybersecurity facts, figures and statistics for 2017.” CSO Online, CSO, 19 Oct. 2017,”Read “Science and Technology to Counter Terrorism: Proceedings of an Indo-U.S. Workshop” at NAP.Edu.” National Academies Press: OpenBook,, David Brumley opinion. “To win the cybersecurity war, we need to teach kids how to hack.” TheHill, 13 Apr. 2017,”Legislative Efforts in the Wake of Maritime Cyberattacks.” The Maritime Executive,”National Cybersecurity Protection System (NCPS).” Department of Homeland Security, 25 Mar. 2016,”National Incident Management System.” National Incident Management System | FEMA.Gov,”IT Disaster Recovery Plan.” IT Disaster Recovery Plan | Ready.Gov,”Backup & Recovery.” Cyber Integrity,’Brien, Liam. “8 organizations that support women in STEM » MobyLives.” Melville House Books,