ASIA PACIFIC TELECOMMUNITY SPAM INITIATIVES

1
ASIA PACIFIC TELECOMMUNITY - SPAM INITIATIVES
DEVELOPMENTS 12th ASTAP FORUM, 12 15 MARCH
2007

• by
• RON BOX
• APT STANDARDIZATION OFFICER
• ASIA-PACIFIC TELECOMMUNITY

2
Impact of spam on APT members

• Spam cybersecurity is everyones business
• The same problems that others face, except
• diversity of APT Members particularly
• Developing Island based countries have less
  local expertise resources available to counter
  spam
• High volume spam over limited bandwidth acts as a
  denial of service attack isolating countries
  from the rest of the world

3
Related Threats

• Spam acts as a vehicle for related threats
• Viruses
• Spyware
• Trojans/BotNets
• These threats attack networks from within a
  country

• Responding to technical attacks require
  additional expertise and expense
• Social attacks, such as phishing, also require
  education
• All damage the social value of the internet

4
Key difficulties

• Spam, in combination with cybersecurity threats,
  is a multifaceted and evolving problem
• It can be difficult for a country to identify
  what policies and actions are available to them,
  and what will work best
• The cross-jurisdictional nature of most spam
  means that any individual country, acting alone,
  has little chance of success
• Collaboration is essential requires ongoing
  effort threats are constantly changing

5
APT work so far

• Strong focus on members sharing expertise
  experience
• August 2003 - Network Security Management
  Positive Use of the Internet seminar
• September 2004 - CERT Best Practices workshop
• August 2005 - Symposium on Network Security
  spam
• October 2005 APT/PITA meeting on Spam
  Security
• April 2006 APT/APEC Tel Cooperation
• June 2006 - Symposium on Network Security
• June 2006 11th ASTAP Forum (Incl. E Gs IS,
  NGN, RLG)
• Some outcomes of 11th ASTAP Forum implemented
• Specific network security spam link on APT
  website
• Links to other bodies (incl. ITU TELECOM 2006
  Spam Workshop, ITU Spam website
  http//www.itu.int/osg/spu/newslog/default.aspx
  new Stop Spam Alliance www.stopspamalliance.org)

6
APT work so far

• Strong desire to draw on our knowledge the
  material developed by thought leaders from
  other forums
• Encouraging ongoing regional international
  networking, partnerships information exchange
• Recognition of combating the issue as a key
  area of APT 2006 - 08 Strategic Plan
• Considering development of APT Guidelines on
  Regional Cooperation towards increased network
  security combating spam

7
APT work so far

• APT is investigating
• Developing routine information exchange
  mechanisms on anti-spam techniques technologies
  between Countries, Regulators, ISPs, Domain
  registrars, groups, bodies technology vendors
• Ways to build on other bodies recommendations
  actions (OECD, APEC Tel, ITU, Stop spam alliance)
• Supporting existing initiatives eg Stop spam
  alliance, OECD Toolkit, ITU Cybersecurity gateway
  website link
• Developing education material including
  assisting development of a Model of Legislative
  arrangements, check lists, issues to consider
• Reviewing the OECD Toolkit identifying elements
  useful to APT Members needs, identifying
  material created by APT Members that could
  contribute to the OECD Toolkit

8
Outcomes of APT Spam and Security Studies

• A worldwide problem requiring local initiatives
  that fit into a global response
• Consider using adopting existing models eg
  the APEC Strategy to Ensure Trusted, Secure and
  Sustainable Online Environments or other like
  strategies.
• Consider using the OECD Anti-spam Toolkit.

9
Outcomes continued

• ISPs have a key role to play. Encourage ISPs in
  the region to establish a mechanism for their
  customers to report spam and for other ISPs to
  notify them of spam coming from their domain.
• Develop linkages with organisations responsible
  for receiving, reviewing, and responding to
  computer security incident reports and activity.
• Look to increase and merge initiatives efforts
  on network security spam in the Pacific region.
• Recognition that collaborative working is
  essential.
• APT Members developed a proposal for increased
  cooperation on Spam Cybersecurity WTDC-2006.
  Accepted at WTDC now has been developed in to 2
  new Resolutions at PP-06.

10
Anti-spam Legislation

• Development of model legislation led by
  affiliated organisation, PITA, as part of a
  broader e-commerce legislation drive eg
• Step 1 develop model legislation in Tonga
• Step 2 the Cook Islands
• Step 3 the broader region
• Examine existing arrangements, eg, Aust Korea
  agreement for suitability for other economies
• Working towards a common policy and regulatory
  approach against spam

11
Opportunities for further consideration

• 12th ASTAP Forum, Thailand, 12 15 March
• APT/ITU/PITA Workshop on Principles of Cyber
  legislation for Pacific Island Countries New
  Zealand, 28 - 30th March 2007.
• APT Operators Forum, 25 -27 April, Macau, China
• APT Policy Regulatory Forum, 16 19 May,
  Malaysia
• Telecom ICT Policy Regulation mtg for the
  Pacific, New Zealand, 14 16 August
• APT Study Groups meeting 18 -20 September, Nepal
• 13th ASTAP Forum, Thailand, 1 3 October

12
Conclusion

• Spam is a problem that requires economies to
  think globally and act locally
• A vital role for the APT, its Work Programs
  like forums is to
• work cooperatively
• facilitate the exchange of information between
  members
• to advocate common responses
• to convey the experience and input of other
  regions and bodies to members

13
Conclusion

• Threats evolve. In addressing the current threat,
  we should build the capacity to address future
  threats.
• An ever increasing reliance on electronic working
  for business leisure means we have to continue
  the momentum to actively seek ways to combat spam
• Our work is just starting

14
Conclusion Some thoughts

• What is ASTAPs role in developing network
  security spam solutions?
• Can ASTAP play a bigger role than its current
  involvement through its E Gs?
• If so, what?
• Need for ASTAP to produce User friendly
  technical solutions
• Your thoughts are welcomed