ITU's Global Cybersecurity Index: A Benchmark for National Cybersecurity Development

The International Telecommunication Union's (ITU) Global Cybersecurity Index (GCI) plays an instrumental role in gauging the cybersecurity capabilities of countries across the globe. Since its inception in 2014, the GCI has been revised biennially to reflect the dynamic nature of cybersecurity needs and advancements. This article delves into the structure and methodology of the GCI, the anticipated developments in the forthcoming GCIv5, and the substantial impact it had on India's standing in global cybersecurity. Global Cybersecurity Index(GCI) is a product of International Telecommunication Union(ITU) which ranks countries in their cybersecurity proficiency. The first GCI was published in 2014, since then ITU has revised it every 2 years with latest edition(GCIv4) published in 2020. US topped the list with UK and Saudi Arabia close second, India ranked 10th overall, where 150 among 196 countries submitted responses to the questionnaire.

Anticipation is building for the forthcoming GCIv5, set to be unveiled in the coming year. The ITU is currently reaching out to countries, soliciting their appointment of focal points for streamlined communication. The data collection phase will span several months, with additional time needed for assessment, collaboration, and validation of the data.

GCI ranks Countries on their performance on 5 Pillars of cyber security commitments based on ITU’s Global Cybersecurity Agenda(GCA) namely Legal, Technical, Organizational, Capacity Development and Cooperation. The GCI aims at leaving no country behind regarding its cybersecurity development, using the following objectives to measure:

• The type, level and evolution over time of cybersecurity commitment in countries and relative to other countries;
• Progress in cybersecurity commitment of all countries from a global perspective;
• Progress in cybersecurity commitment from a regional perspective;
• The cybersecurity commitment divide (i.e. the difference between countries in terms of their level of engagement in cybersecurity initiatives).

The GCIv4 evaluation utilized 20 indicators, defined by 82 questions, selected based on their relevance to the GCA pillars, the primary GCI objectives, data availability and quality, and the potential for cross-verification through secondary data.

The upcoming GCIv5 is expected to leverage a more granular approach, featuring 20 Indicators, 64 Sub-Indicators, and 28 Micro-Indicators, derived from 83 questions. The revision of the GCI questionnaire is an outcome of feedback from member states and an Expert Group, ensuring the continuous refinement of the process.

To minimize subjective evaluation and bias, the GCIv5's computational methodology utilizes ternary responses (yes, partial, no). The responses, provided by the GCI focal points of member states, are meticulously analyzed, scored, and ranked according to the weight assigned to each question.

Following are Indicators by each pillar

1. Legal: Cybercrime Law, Cybersecurity Regulations
2. Technical Measures: National CERT/CIRT/CSIRT or SOC, Sectoral CERT/CIRT/CSIRT or SOCs and National Framework for implementation of cybersecurity standards.
3. Organizational Measures: National Cybersecurity Strategy, Responsible agency, Cybersecurity Metrics and Child Online Protection Strategies and initiatives.
4. Capacity Development Measures: Public cybersecurity awareness campaigns Training for cybersecurity professionals Cybersecurity educational programs as part of national academic curricula Cybersecurity Research and Development (R&D) programs National cybersecurity Industry and Government incentive mechanisms.
5. Cooperation Measures: Bilateral cybersecurity agreements, Multilateral cybersecurity agreements with other countries, Mutual Legal Assistance Treaties (MLATs) related to Cybersecurity and Public-Private Partnerships(PPPs).

Ultimately, the GCI serves not only as a measure of a country's current cybersecurity readiness but also as a roadmap for future advancements. The upcoming GCIv5, with its refined indicators and meticulous methodology, is expected to provide even more precise insights. The GCI's influence is palpable in the example of India, which has used its high ranking to attract investment and elevate its cybersecurity industry. As nations worldwide gear up for the next evaluation, the GCIv5 is poised to continue its pivotal role in guiding countries towards stronger and more effective cybersecurity commitments, thereby contributing to a safer and more secure digital world.

References:

• https://www.itu.int/
• https://www.itu.int/en/ITU-D/Cybersecurity/Pages/global-cybersecurity-index.aspx

?

#InternationalTelecommunicationUnions #ITU #GlobalCybersecurityIndex #gci #cybersecuritypolicy #airegulations