Plenipotentiary Conference (PP-22)

Bucharest, 26 September – 14 October 2022

PLENARY MEETING Addendum 7 to

Document 44-E
3 June 2022
Original: English

Member States of the European Conference of Postal and Telecommunications

Administrations (CEPT)

ECP 7 - REVISION TO RESOLUTION 130:

STRENGTHENING THE ROLE OF ITU IN BUILDING CONFIDENCE AND SECURITY IN THE

USE OF INFORMATION AND COMMUNICATION TECHNOLOGIES

 www.itu.int/plenipotentiary/ 
 2
PP22/44(Add.7)-E

MOD EUR/44A7/1

RESOLUTION 130 (REV. DUBAI, 2018BUCHAREST, 2022)

Strengthening the role of ITU in building confidence and security in the use of
information and communication technologies
The Plenipotentiary Conference of the International Telecommunication Union (Dubai,
2018Bucharest, 2022),
recalling
a) United Nations General Assembly (UNGA) Resolution 68/198, on information and
communication technologies (ICTs) for development;
b) UNGA Resolution 71/199, on the right to privacy in the digital age;
c) UNGA Resolution 68/243, on developments in the field of information and
telecommunications in the context of international security;
d) UNGA Resolution 57/239, on the creation of a global culture of cybersecurity;
e) UNGA Resolution 64/211, on the creation of a global culture of cybersecurity and taking
stock of national efforts to protect critical information infrastructures;
f) the WSIS+10 statement on the implementation of outcomes of the World Summit on the
Information Society (WSIS) and vision for WSIS beyond 2015, which were adopted at the
ITU-coordinated WSIS+10 High-Level Event (Geneva, 2014), based on the Multistakeholder
Preparatory Platform (MPP) platform, together with other United Nations agencies and
inclusive of all WSIS stakeholders, were endorsed by the Plenipotentiary Conference (Busan,
2014) and were submitted to the UNGA overall review;
g) UNGA Resolution 70/125, on the outcome document of the UNGA high-level meeting on
the overall review of the implementation of the WSIS outcomes;
g) Resolution 70 (Rev. Bucharest, 2022) of the Plenipotentiary Conference, on
mainstreaming a gender perspective in ITU and promotion of gender equality and the
empowerment of women through telecommunications/information and communication
technologies;
h) Resolution 174 (Rev. Busan, 2014) of the Plenipotentiary Conference, on ITU's role with
regard to international public policy issues relating to the risk of illicit use of ICTs;
i) Resolution 179 (Rev. Dubai, 2018) of this conference, on ITU's role in child online
protection;
j) Resolution 181 (Rev. Guadalajara, 2010) of the Plenipotentiary Conference, on the
definitions and terminology relating to building confidence and security in the use of ICTs;
k) Resolution 196 (Rev. Dubai, 2018) of this conference, on protecting telecommunication
service users/consumers;
 3
PP22/44(Add.7)-E

l) Resolution 45 (Rev. Dubai, 2014) of the World Telecommunication Development

Conference (WTDC), on mechanisms for enhancing cooperation on cybersecurity, including
countering and combating spam;
ml) Resolution 140 (Rev. Dubai, 2018) of this conference, on ITU's role in implementing the
WSIS outcomes and in the overall UNGA review of their implementation;
m) the relevant outcomes of the three sectors of the Union and the relevant resolutions of
their respective conferences,
n) Resolution 58 (Rev. Dubai, 2012) of the World Telecommunication Standardization
Assembly (WTSA), on encouraging the creation of national computer incident response teams
(CIRTs), particularly for developing countries ;
1

o) Resolution 67 (Rev. Buenos Aires, 2017) of WTDC, on the role of the ITU
Telecommunication Development Sector (ITU-D) in child online protection;
p) Resolution 69 (Rev. Buenos Aires, 2017) of WTDC, on the creation of national CIRTs,
particularly for developing countries, and cooperation between them;
q) that ITU Council Resolution 1305, adopted at its 2009 session, identified the security,
safety, continuity, sustainability and robustness of the Internet as public policy issues that fall
within the scope of ITU,
considering
a) that telecommunications/ICTs have played an important and positive role in dealing with
the impact of the Covid-19 pandemic but that cyber risks have increased as more activities have
moved online;
b) that the increase in online working during the pandemic has made it even more
important for organisations to put in place effective network solutions and access controls,
secure remote management of devices and guidance for users;
c) that the ITU has played a valuable role during the pandemic providing a platform for ICT
regulators, policy makers and other stakeholders to share information and best practice, for
example through the ITU’s Global Network Resiliency Platform;
d) that the ITU-coordinated WSIS+10 High-Level Event reaffirmed the importance of building
confidence and security in the use of ICTs, as mentioned in relevant paragraphs of the WSIS+10
outcome documents (Geneva, 2014);
be) the crucial importance of information and communication infrastructures and their
applications to practically all forms of social and economic activity;
cf) the cybersecurity-related provisions of the Tunis Commitment and the Tunis Agenda for
the Information Society and the outcome document of the UNGA high-level meeting on the
overall review of the implementation of WSIS;
dg) that, with the application and development of ICTs, new threats from various sources
have emerged, that have had an impact on confidence and security in the use of ICTs by all
Member States, Sector Members and other stakeholders, including all users of ICTs, and on the
preservation of peace and economic and social development of all Member States, and that
threats to and vulnerabilities of infrastructures, networks and devices continue to give rise to

1
These include the least developed countries, small island developing states, landlocked
developing countries and countries with economies in transition.
 4
PP22/44(Add.7)-E

ever-growing security challenges across national borders for all countries, in particular
developing countries, while noting in this context the strengthening of ITU's role in building
confidence and security in the use of ICTs and the need to further enhance international
cooperation and capacity building and develop appropriate existing national, regional and
international mechanisms (for example agreements, best practices, memoranda of
understanding, etc.);
eh) that the ITU Secretary-General has been invited to support other global or regional
cybersecurity projects, as appropriate, and all countries, particularly developing countries, have
been invited to take part in their activities that are relevant to ITU;
fi) the ITU Global Cybersecurity Agenda (GCA), which encourages international cooperation
aimed at proposing strategies for solutions to enhance confidence and security in the use of
telecommunications/ICTs;
gj) that, in order to protect these infrastructures and address these challenges and threats,
coordinated national, regional and international action is required for prevention, preparation,
response and recovery from computer security incidents, on the part of government
authorities, at the national (including the creation of national CIRTs) and sub-national levels, the
private sector and citizens and users, in addition to international and regional cooperation and
coordination, and that ITU has a lead role to play within its mandate and competencies in this
field;
hk) that an iterative, risk-based approach to cybersecurity enables cybersecurity practices to
be developed and applied as needed to address constantly evolving threats and vulnerabilities,
and that security is a continuous and iterative process which must be built into the
development (for example by secure by design) and deployment of technologies and their
applications from the beginning and continue throughout their lifetime;
il) the need for continual evolution in new technologies to support the prevention of, early
detection of, and coordinated and timely response to, events or incidents compromising
computer security, or computer network security incidents that could compromise the
availability, integrity and confidentiality of critical infrastructures in ITU Member States, and for
strategies that will minimize the likelihood and impact of such incidents and mitigate the
growing risks and threats to which such platforms are exposed;
jm) that UNGA Resolution 70/125, on the outcome document of the UNGA high-level meeting
on the overall review of the implementation of the WSIS outcomes, recognized the challenges
that States, in particular developing countries, face in building confidence and security in the
use of ICTs and called for renewed focus on capacity building, education, knowledge-sharing
and regulatory practice, as well as promoting multistakeholder cooperation at all levels and
raising awareness among ICT users, particularly the poorest and most vulnerable;
kn) that the number and scale of cyberthreats and cyberattacks is growing, as is dependence
on the Internet and other networks that ICTs, which are essential for accessing services and
information;
l) that the ITU Telecommunication Standardization Sector (ITU-T) has adopted around
300 standards relating to building confidence and security in the use of ICTs;
m) the final report on ITU-D Question 3/2, on securing information and communication
networks: best practices for developing a culture of cybersecurity;
 5
PP22/44(Add.7)-E

no) that the nature of the cybersecurity standards landscape calls for cooperation between
ITU and other national, regional, global and sectoral organizations;
p) that this landscape can be complex and the ITU can play an important role in raising
awareness among Members of relevant work in other organisations, processes and initiatives
to promote confidence and security in the use of ICTs;
q) that the ITU can play an important role in raising awareness among other relevant
organisations, processes and initiatives of the particular challenges faced by developing
countries in building confidence and security in the use of ICTs;
or) that many developing countries are elaborating or implementing national cybersecurity
strategies;
s) that there is a need for the cybersecurity profession to have robust and effective
qualifications and clearer career pathways in order to encourage more people to join the
profession, ensure that training programmes are accessible and effective and support
employers to recruit the people with the right skills and experience;
t) that although progress has been made in some areas, many countries face challenges in
developing effective qualifications and career pathways and this is a significant barrier to
promoting confidence and security in ICTs;
pu) that cybersecurity has become a very important issue at the international level, and that
the role and involvement of the United Nations and its relevant specialized agencies such as ITU
in building confidence and security in the use of ICTs is therefore important;
qv) the different roles and responsibilities of all stakeholders in ensuring confidence and
security in the use of ICTs;
rw) that some small and medium enterprises (SMEs) face additional challenges in
implementing cybersecurity practices;
x) the need to raise awareness among the public of the cybersecurity risks they may face,
including in remote, rural and underserved communities and vulnerable groups;
y) the need to promote the basic steps which all members of the public should take to
protect themselves from cybersecurity risks, such as the use of strong passwords, two-factor
authentication and regular software updates,
recognizing
a) that cybersecurity is a fundamental element for securing telecommunication/ICT
infrastructures and an essential foundation for social and economic development;
b) that the development of ICTs has been and continues to be instrumental for the growth
and development of the global economy, including the digital economy, underpinned by
security and trust;
c) that telecommunications/ICTs enable the development of civil society and contribute to
higher levels of social benefit and inclusion, providing new channels among citizens, businesses
and Governments to share and augment knowledge, as well as participate in decisions that
affect their lives and work;
d) that WSIS affirmed the importance of building confidence and security in the use of ICTs
and the great importance of multistakeholder implementation at the international level, and
established Action Line C5 (Building confidence and security in the use of ICTs), with ITU
 6
PP22/44(Add.7)-E

identified in the Tunis Agenda as moderator/facilitator for the action line, and that this task has
been carried out by the Union in recent years, for example under the GCA;
d) that WTDC-17 adopted the Buenos Aires Action Plan and its Objective 2, in particular
Output 2.2, on building confidence and security in the use of ICTs, which identifies
cybersecurity as a priority activity of the Telecommunication Development Bureau (BDT) and
defines the main areas of work to be undertaken by BDT; WTDC-14 adopted Resolution 45
(Rev. Dubai, 2014), on mechanisms for enhancing cooperation on cybersecurity, including
countering and combating spam, calling on the Secretary-General to bring the resolution to the
attention of the next plenipotentiary conference for consideration and required action, and to
report the results of these main areas of work to the Council and to the Plenipotentiary
Conference in 2018, as appropriate; and WTDC-17 adopted Resolution 69 (Rev. Buenos Aires,
2017), on facilitating the creation of national CIRTs, particularly for developing countries, and
cooperation between them;
e) that the Buenos Aires Declaration adopted by WTDC-17 declares: "that building trust,
confidence and security in the use of telecommunications/ICTs as well as personal data
protection are priorities, with the need for international cooperation and coordination between
governments, relevant organizations, private companies and entities in building capacity and
exchanging best practices for the development of related public policies and legal, regulatory
and technical measures that address, inter alia, personal data protection, and that stakeholders
should work together to ensure the reliability and security of ICT networks and services";
f) that, to support the creation of national CIRTs in Member States where these are needed
and are currently absent, WTSA-16 adopted Resolution 58 (Rev. Dubai, 2012), on encouraging
the creation of national CIRTs, particularly for developing countries; and WTDC-17 adopted
Resolution 69 (Rev. Buenos Aires, 2017), on facilitating the creation of national CIRTs, including
CIRTs responsible for government-to-government cooperation, particularly for developing
countries, cooperation among them, and the importance of coordination among all relevant
organizations;
ge) § 15 of the Tunis Commitment, which states: "Recognizing the principles of universal and
non-discriminatory access to ICTs for all nations, the need to take into account the level of
social and economic development of each country, and respecting the development-oriented
aspects of the information society, we underscore that ICTs are effective tools to promote
peace, security and stability, to enhance democracy, social cohesion, good governance and
the rule of law, at national, regional and international levels. ICTs can be used to promote
economic growth and enterprise development. Infrastructure development, human capacity
building, information security and network security are critical to achieve these goals. We
further recognize the need to effectively confront challenges and threats resulting from use of
ICTs for purposes that are inconsistent with objectives of maintaining international stability
and security and may adversely affect the integrity of the infrastructure within States, to the
detriment of their security. It is necessary to prevent the abuse of information resources and
technologies for criminal and terrorist purposes, while respecting human rights", and that the
challenges created by this misuse of ICT resources have only continued to increase since WSIS;
h) that the ITU-coordinated WSIS+10 High-Level Event identified several challenges in the
implementation of the WSIS action lines that still remain and that will need to be addressed
beyond 2015;
if) that Member States, in particular developing countries, in the elaboration of appropriate
and workable legal measures relating to protection against cyberthreats at the national,
 7
PP22/44(Add.7)-E

regional and international levels, may require assistance from ITU in establishing technical and
procedural measures, aimed at securing national ICT infrastructures, on request from these
Member States, while noting that there are a number of regional and international initiatives
which may support these countries in elaborating such legal measures;
j) Opinion 4 (Lisbon, 2009) of the World Telecommunication/ICT Policy Forum, on
collaborative strategies for creating confidence and security in the use of ICTs;
k) the relevant outcomes of WTSA-16, notably:
i) Resolution 50 (Rev. Hammamet, 2016), on cybersecurity;
ii) Resolution 52 (Rev. Hammamet, 2016), on countering and combating spam;
lg) that secure and trusted networks will build confidence and encourage the exchange and
use of information and data;
mh) that the development of human skills and capacity building are key to enhancing the
protection of information networks;
ni) that many Member States face significant skills shortages in their cybersecurity workforce
and that this lack of trained cybersecurity professionals is a fundamental barrier to building
confidence and security in the use of ICTs;
j) that many Member States face a significant gender imbalance in their cybersecurity
workforce and this makes it more difficult to address skills shortages;
k) that Resolution 70 of the Plenipotentiary Conference recognizes that it is fundamental for
the ITU membership and partners to encourage girls to choose a career in the field of
telecommunications/ICT, encourages Member States and Sector Members to facilitate the
employment of women and men equally in the telecommunication/ICT field and invites
Member States and Sector Members to provide support so that women and girls can have
access to studies and careers in telecommunications/ICTs;
l) that it is important to encourage more people, particularly women and girls, to choose a
career in cybersecurity in order to address skills shortages;
m) that Member States make efforts to improve institutional environments;
on) that risk assessment and analysis provide a better understanding of the cybersecurity
risks that organizations face and how to mitigate them;
o) that it is important for Member States to encourage responsible reporting of ICT
vulnerabilities as well as the sharing of information on how to address vulnerabilities,
aware
a) that ITU and other international organizations, through a variety of activities, are
examining issues related to building confidence and security in the use of ICTs, including
stability and measures to combat spam, malware, etc. and to protect personal data and privacy;
b) that ITU-T Study Group 17, ITU-D Study Groups 1 and 2 and other relevant ITU study
groups continue to work on technical means for the security of information and communication
networks, in accordance with Resolutions 50 and 52 (Rev. Hammamet, 2016) and
Resolutions 45 (Rev. Dubai, 2014) and 69 (Rev. Buenos Aires, 2017);
c) that ITU has a number of fundamental role roles to play in building confidence and
security in the use of ICTs;
 8
PP22/44(Add.7)-E

d) that ITU-D Study Group 2 continues to carry out the studies called for in ITU-D
Question 3/2 (Securing information and communications networks: Best practices for
developing a culture of cybersecurity), which has been reflected in UNGA Resolution 64/211;
ec) that ITU is also assisting developing countries in building confidence and security in the
use of ICTs and supporting the establishment of CIRTs, including CIRTs responsible for
government-to-government cooperation, and the importance of coordination among all
relevant organizations;
f) that Council Resolution 1336, adopted at its 2011 session, established the Council
Working Group on international Internet-related public policy issues (CWG-Internet), whose
terms of reference are to identify, study and develop matters related to international Internet-
related public policy issues, including those issues identified in Council Resolution 1305 (2009),
such as security, safety, continuity, sustainability and robustness of the Internet;
g) that WTDC-17 adopted Resolution 80 (Rev. Buenos Aires, 2017), on establishing and
promoting trusted information frameworks in developing countries to facilitate and encourage
electronic exchanges of economic information between economic partners;
h) of Article 6, on security and robustness of networks, and Article 7, on unsolicited bulk
electronic communications, of the International Telecommunication Regulations adopted by
the World Conference on International Telecommunications (Dubai, 2012),
noting
a) that, as an intergovernmental organization with private-sector participation, ITU is well-
positioned to play an important role, together with other relevant international bodies and
organizations, in addressing threats and vulnerabilities, which affect efforts to build confidence
and security in the use of ICTs;
b) §§ 35 and 36 of the Geneva Declaration of Principles and § 39 of the Tunis Agenda, on
building confidence and security in the use of ICTs;
c) that although there are no universally agreed upon definitions of spam and other terms in
this sphere, spam was characterized by ITU-T Study Group 2, at its June 2006 session, as a term
commonly used to describe unsolicited electronic bulk communications over e-mail or mobile
messaging (SMS, MMS), usually with the objective of marketing commercial products or
services;
d) the Union's initiative on cooperation with the Forum for Incident Response and Security
Teams,
bearing in mind
the work of ITU established by Resolutions 50 and 52 (Rev. Hammamet, 2016), Resolution 58
(Rev. Dubai, 2012), Resolution 45 (Rev. Dubai, 2014) and Resolution 69 (Rev. Buenos Aires,
2017); Objective 2 of the Buenos Aires Action Plan; the relevant ITU-T questions on technical
aspects regarding the security of information and communication networks; and ITU-D
Question 3/2,
resolves
1 to congratulate the ITU on the Global Network Resiliency Platform and its work to provide
a platform for ICT regulators, policy makers and other stakeholders to share with one another
information and best practice on confidence and security in the use of ICTs to mitigate the
impact of the Covid-19 pandemic;
 9
PP22/44(Add.7)-E

2 to continue to give this work high priority within ITU, in accordance with its competences
and expertise, including promoting common understanding among governments and other
stakeholders of building confidence and security in the use of ICTs at national, regional and
international level;
23 to give high priority to the work of ITU described under bearing in mind above, in
accordance with its competencies and areas of expertise, and to continue to work closely, as
appropriate, with other relevant bodies/agencies within the United Nations and other relevant
international bodies, taking into account the specific mandates and areas of expertise of the
different agencies, while being mindful of the need to avoid duplicating work between
organizations and among the Bureaux or the General Secretariat;
34 that ITU shall focus resources and programmes on those national, regional and
international areas of cybersecurity within its core mandate and expertise, notably the
technical and development spheres, and not including areas related to Member States'
application of legal or policy principles related to national defence, national security, content
and cybercrime, which are within their sovereign rights, although this does not however
exclude ITU from carrying out its mandate to develop technical recommendations designed to
reduce vulnerabilities in the ICT infrastructure, nor from providing all the assistance that was
agreed upon at WTDC-17, including under Objective 2 and in activities under Question 3/2;
45 to promote a culture in which security is seen as a continuous and iterative process, built
into products from the beginning and continuing throughout their lifetime, and is accessible
and understandable for users;
6 to promote confidence and security in the use of ICTs in a way which enables the
development of civil society and supports higher levels of social benefit and inclusion;
57 to promote greater awareness among ITU members on the activities carried out within
ITU and other relevant entities involved in strengthening cybersecurity, including on capacity
building, and also to raise awareness among such entities of the particular challenges faced by
developing countries in building confidence and security in the use of ICTs;
8 to engage actively with other relevant organisations in order to raise their awareness of
the particular challenges faced by developing countries in building confidence and security in
the use of ICTs;
69 to contribute to further strengthening the trust and security framework, consistent with
ITU's role as lead facilitator of WSIS Action Line C5, taking into account Resolution 140
(Rev. Dubai, 2018);
710 to continue to maintain, in building upon the information base associated with the "ICT
Security Standards Roadmap" and ITU-D's efforts on cybersecurity, and with the assistance of
other relevant organizations, an inventory of national, regional and international initiatives and
activities to promote the development of common approaches in the field of cybersecurity;
11 to promote the growth and development of a diverse and skilled cybersecurity workforce
that is able to address and mitigate cyber risks, including through the development of effective
qualifications and professional career pathways;
812 to develop case studies on cybersecurity-related institutional arrangements, regulatory
approaches, awareness-raising programmes, skills and workforce development in cooperation
with the membership and relevant organizations;
 10
PP22/44(Add.7)-E

913 to consider the specific cybersecurity challenges faced by SMEs and incorporate those
considerations into ITU's activities in the area of building confidence and security in the use of
ICTs;
1014 to take into account the impact of the deployment of emerging technologies on
cybersecurity, including new technologies for securing networks, and incorporate this
consideration in ITU's ITUs activities in the area of building confidence and security in the use of
ICTs;
1115 to support the development of infrastructure which underpins the ongoing digital
transformation of the global economy by building confidence and security in the use of ICTs, in
particular in dealing with existing and future threats, within the mandate of ITU;
1216 to utilize the GCA framework in order to further guide the work of the Union on efforts to
build confidence and security in the use of ICTs,
instructs the Secretary-General and the Directors of the Bureaux
1 to continue to provide a platform for ICT regulators, policy makers and other stakeholders
to share with one another information and best practice on confidence and security in the use
of ICTs to mitigate the impact of the Covid-19 pandemic;
2 to continue to review:
i) the work done so far in the three Sectors, under the GCA and in other relevant
organizations and initiatives to address and strengthen protection against existing and
future threats in order to build confidence and security in the use of ICTs;
ii) the progress achieved in the implementation of this resolution, with ITU continuing to
play a lead facilitating role as the moderator/facilitator for Action Line C5, with the help of
the advisory groups, consistent with the ITU Constitution and the ITU Convention;
iii) the results of work done so far to support developing countries in particular to build
capacity and skills in cybersecurity in order to ensure that ITU is effectively focusing its
resources to address development challenges;
23 consistent with Resolution 45 (Rev. Dubai, 2014), to report to the Council on activities
within ITU and other relevant organizations and entities to enhance cooperation and
collaboration, regionally and globally, to strengthen building confidence and security in the use
of ICTs of Member States, in particular developing countries, taking into account any
information provided by Member States, including information on situations within their own
jurisdiction that could affect this cooperation;
34 consistent with Resolution 45 (Rev. Dubai, 2014), to report on memoranda of
understanding (MoU) between countries, as well as existing forms of cooperation, providing
analysis of their status, scope and how these cooperative mechanisms can be applied to
strengthen cybersecurity and combat cyberthreats, with a view to enabling Member States to
identify whether additional memoranda or mechanisms are required;
45 to raise awareness on the activities carried out within ITU and other relevant entities
involved in strengthening cybersecurity, including on capacity building, and of the particular
challenges faced by developing countries in building confidence and security in the use of ICTs,
consistent with resolves 57 and 8;
 11
PP22/44(Add.7)-E

56 to facilitate access to tools and resources, within the available budget, required for
enhancing confidence and security in the use of ICTs for all Member States, consistent with
WSIS provisions on universal and non-discriminatory access to ICTs for all nations;
67 to continue knowledge- and information- sharing of existing and future national, regional
and international cybersecurity-related initiatives worldwide through the ITU cybersecurity
webpage, and encourage all stakeholders to contribute to these activities, taking into account
existing portals;
78 to report annually to the Council on these activities and to make proposals as
appropriate;
89 to further enhance coordination between the study groups and programmes concerned,
instructs the Director of the Telecommunication Standardization Bureau
1 to intensify work within existing ITU-T study groups in order to:
i) address existing and future threats and vulnerabilities affecting efforts to build confidence
and security in the use of ICTs, taking into account new services and emerging
applications based on telecommunication/ICT networks, by developing reports or
recommendations, as appropriate, with the goal of implementing WTSA resolutions,
particularly Resolutions 50 and 52 (Rev. Hammamet, 2016) and Resolution 58 (Rev. Dubai,
2012), allowing work to begin before a question is approved;
ii) seek ways to enhance the exchange of technical information in these fields, promote the
adoption of protocols and standards that enhance security, and promote international
cooperation among appropriate entities;
iii) facilitate projects deriving from the outcomes of WTSA, in particular:
• Resolution 50 (Rev. Hammamet, 2016), on cybersecurity;
• Resolution 52 (Rev. Dubai, 2012), on countering and combating spam;
2 to consider within ITU-T the promotion of a culture in which security is seen as a
continuous and iterative process, and to make proposals to the Council as appropriate;
3 to continue collaboration with relevant organizations with a view to exchanging best
practices and disseminating information through, for example, joint workshops and training
sessions and joint coordination activity groups, and, by invitation, through written contributions
from relevant organizations,
instructs the Director of the Telecommunication Development Bureau
1 consistent with the results of WTDC-1722, and pursuant to Resolutions 45 (Rev. Dubai,
2014Kigali, 2022) and 69 (Rev. Buenos Aires, 2017Kigali, 2022), Resolution 80 (Buenos Aires,
2017) and Objective 2 of the Buenos Aires Action PlanITU-D Priority Inclusive and secure
telecommunications/ICTs for sustainable development of the Kigali Action Plan, to support
ongoing regional and global cybersecurity projects, and to encourage all countries to take part
in these activities;
2 upon request, to support ITU Member States in their efforts to build capacity, by
facilitating Member States' access to resources developed by other relevant international
organizations that are working on national legislation to combat cybercrime; supporting ITU
Member States' national and regional efforts to build capacity to protect against
cyberthreats/cybercrime, in collaboration with one another; consistent with the national
 12
PP22/44(Add.7)-E

legislation of Member States referred to above, assisting Member States, in particular

developing countries, in the elaboration of appropriate and workable legal measures relating to
protection against cyberthreats at national, regional and international levels; establishing
technical and procedural measures aimed at securing national ICT infrastructures, taking into
account the work of the relevant ITU-T study groups and, as appropriate, other relevant
organizations; establishing organizational structures, such as CIRTs, to identify, manage and
respond to cyberthreats, and cooperation mechanisms at the regional and international level;
3 to provide the necessary financial and administrative support for these projects within
existing resources, and to seek additional resources (in cash and in kind) for the
implementation of these projects through partnership agreements;
4 to ensure coordination of the work of these projects within the context of ITU's ITU’s
overall activities in its role as moderator/facilitator for WSIS Action Line C5, and to eliminate
any duplication regarding this important subject with the General Secretariat and ITU-T;
5 to coordinate the work of these projects with that of the ITU-D study groups on this topic,
and with the relevant programme activities and the General Secretariat;
6 to continue collaboration with relevant organizations with a view to exchanging best
practices and disseminating information through, for example, joint workshops and training
sessions;
7 to identify best practice for the development of qualifications and professional career
pathways in cybersecurity and raise awareness of these among ITU Members;
8 to support the work of ITU-T Study Group 17 and other ITU-T study groups by promoting
and facilitating the implementation of approved security-related ITU-T recommendations by
ITU Member States and Sector Members, especially from developing countries;
89 to support ITU Member States in the development of their national and/or regional
cybersecurity strategies toward building national capabilities for protecting against and dealing
with cyberthreats in accordance with the principles of international cooperation, consistent
with Objective 2 of the Buenos Aires Action Plan;
910 to support the membership in the development of human skills and capacity building to
enhance cybersecurity;
11 to support the membership to address cybersecurity skills shortages by encouraging
people to enter the cybersecurity profession and facilitating the employment of women and
men in the cybersecurity field;
12 to maintain, develop and promote a repository of best practice on measures that
facilitate and encourage people, particularly women and girls, to choose a career in
cybersecurity;
1013 to support the membership in the risk-assessment activities related to cybersecurity;
14 to support Member States to identify best practice on the responsible reporting of ICT
vulnerabilities;
1115 to report annually to the Council on these activities and make proposals as appropriate,
 13
PP22/44(Add.7)-E

further instructs the Director of the Telecommunication Standardization Bureau and the
Director of the Telecommunication Development Bureau, each within the scope of their
responsibilities
1 to implement relevant resolutions of both WTSA-16 and WTDC-17, including output 2.2
under Objective 2 of the Buenos Aires Action Plan, with particular focus on the needs of
developing countries as they undertake efforts to improve cybersecurity and build confidence
and security in the use of ICTs;
2 to identify and promote the availability of information on building confidence and
security in the use of ICTs, including the ICT infrastructure, for Member States, Sector Members
and relevant organizations;
3 without duplicating the work under ITU-D Question 3/2, to continue identifying best
practices related to Question 3/2, including establishing CIRTs, to review the reference guide
for the Member States and, where appropriate, to contribute to Question 3/2;
4 to cooperate with relevant organizations and other relevant international and national
experts, as appropriate, in order to identify best practices in building confidence and security in
the use of ICTs, including the establishment of CIRTs;
5 to take action with a view to new questions being examined by the study groups within
the Sectors on the establishment of confidence and security in the use of ICTs;
6 to identify and document practical steps to support developing countries in building
capacity and skills in cybersecurity, taking into account the specific challenges they face;
7 to take into account the challenges faced by all stakeholders, particularly in developing
countries, in building confidence and security in the use of ICTs and identifying steps that can
help to address them;
8 to support Member States to identify the basic steps that everyone should take to protect
themselves from cyber risks, such as the use of strong passwords, two factor authentication
and regular software updates, and to encourage and support ITU Members and other
stakeholders to promote these to the public;
9 to identify and document practical steps to strengthen security in the use of ICTs
internationally, including the concept that security is seen as a continuous and iterative
process, based on ‘secure by design’ approaches and other widely accepted practices,
guidelines and recommendations that Member States and other stakeholders can choose to
apply to improve their ability to combat cyberthreats and attacks, including a dynamic and
iterative risk-based approach that reflects the evolving nature of threats and vulnerabilities,
and to strengthen international cooperation in building confidence and security in the use of
ICTs, taking into account the GCA and within the available financial resources;
910 to support strategy, organization, awareness-raising, cooperation, evaluation and skills
development;
1011 to provide the necessary technical and financial support, within the constraints of existing
budgetary resources, in accordance with Resolution 58 (Rev. Dubai, 2012);
1112 to encourage the engagement of experts in the ITU's activities in the area of building
confidence and security in the use of ICT;
1213 to mobilize appropriate extrabudgetary resources, outside the regular budget of the
Union, for the implementation of this resolution, to help developing countries;
 14
PP22/44(Add.7)-E

1314 to support and assist developing countries in promoting and facilitating the
implementation of security-related ITU-T recommendations,
instructs the Secretary-General
pursuant to his initiative on this matter:
1 to report to the Council, taking into account the activities of the three Sectors, on the
implementation and effectiveness of the action plan to strengthen the role of ITU in building
confidence and security in the use of ICTs;
2 to cooperate with relevant international organizations, including through the adoption of
MoUs, subject to the approval of the Council in this regard, in accordance with Resolution 100
(Minneapolis, 1998) of the Plenipotentiary Conference,
requests the ITU Council
to include the report of the Secretary-General in the documents sent to Member States in
accordance with No. 81 of the Convention,
invites Member States
1 to consider joining appropriate competent international and regional initiatives for
enhancing national legislative frameworks relevant to the security of information and
communication networks;
2 to closely collaborate in strengthening regional and international cooperation, taking into
account Resolution 45 (Rev. Dubai, 2014), with a view to enhancing confidence and security in
the use of ICTs, in order to mitigate risks and threats;
3 to support ITU initiatives on cybersecurity, including the Global Cybersecurity Index (GCI)
and the Global Network Resiliency Platform, in order to promote government strategies and
the sharing of information on efforts across industries and sectors;
4 to inform the Secretary-General of relevant activities related to this resolution regarding
confidence and security in the use of ICTs;
5 to benefit from the resources, support and best practices of national, regional and
international cybersecurity-related initiatives worldwide through the ITU cybersecurity
webpage;
6 to collaborate with relevant organizations, through the exchange of best practices in
building confidence and security in the use of ICTs, including the development and
implementation of national CIRTs;
7 to continue to raise awareness through the dissemination of best practices and
policies that have been implemented in order to increase the ability to develop appropriate
policies to address the protection of users, so as to enhance trust in the use of
telecommunications/ICTs;
8 to promote confidence and security in the use of ICTs in a way which enables the
development of civil society and supports higher levels of social benefit and inclusion,
invites Member States, Sector Members and Associates
1 to contribute on this subject to the relevant ITU study groups and to any other activities
for which the Union is responsible;
 15
PP22/44(Add.7)-E

2 to contribute to building confidence and security in the use of ICTs at the national,
regional and international levels, by undertaking activities as outlined in the WSIS outcome
documents, the WSIS+10 statement on the implementation of WSIS outcomes and the WSIS+10
vision for WSIS beyond 2015, and the outcome document of the UNGA high-level meeting on
the overall review of the implementation of the WSIS outcomes, and to contribute to the
preparation and implementation of those activities;
3 to raise awareness among all stakeholders, including organizations and individual users,
of the importance of strengthening cybersecurity, including the implementation of basic
safeguards;
4 to promote the development of educational and training programmes to enhance user
awareness of risks in cyberspace and the steps that users can take to protect themselves;
5 to incorporate an iterative, risk-based approach towards addressing evolving threats and
vulnerabilities, and to promote a culture in which security is seen as a continuous and iterative
process which must be built into the development and deployment of technologies and their
applications from the beginning and continue throughout their lifetime, in their efforts to build
confidence and security in the use of ICTs;
6 to promote initiatives to encourage more people to enter the cybersecurity profession
and to provide training opportunities for them;
7 to provide support so that women and girls can have access to studies and careers in
cybersecurity;
8 to contribute to the ITU’s repository of best practice on measures that facilitate and
encourage more people, particularly women and girls, to choose a career in cybersecurity;
9 to collaborate, as appropriate, in order to address and prevent problems that undermine
confidence and security in the use of telecommunications/ICTs;
10 to identify and actively promote the basic steps that everyone should take to protect
themselves from cyber risks.

______________