JIU and DMSPC co-host event on Cybersecurity

JIU and DMSPC co-host event on Cybersecurity

 

The event centered on the JIU report on  “Cybersecurity in the United Nations system organizations” JIU/REP/2021/3 (unjiu.org)

The Joint Inspection Unit (JIU) together with the United Nations Secretariat organized an event to discuss the findings of the JIU report on cybersecurity with United Nations system organizations. The event took place on the 4th of November and was chaired by JIU Inspector Jorge Flores Callejas, Chair of the JIU. Remarks were also given by the Under-Secretary-General for Management Strategy, Policy and Compliance Ms. Catherine Pollard who said:

“The increased interconnectedness and interdependence of systems and data calls for an approach that recognizes cybersecurity risks as a cross-cutting and collective issue that cannot be addressed in isolation.

The event was attended by Member States delegates, UN Secretariat officials, the Director of the United Nations International Computing Center (UNICC) and by representatives and heads of IT and cybersecurity in the United Nations system organizations.

The Director of the United Nations Department of Operational Support (DOS) in the United Nations Secretariat welcomed the JIU report and mentioned that cybersecurity has been recognized and stated as a priority by the UN Secretariat that has been implementing cybersecurity programmes to improve the United Nations Secretariat overall cybersecurity posture and resilience against related threats.

Mr. Bernardo Mariano Jr. Chief Information Technology Officer (CITO), Assistant Secretary-General, Office of Information and Communications Technology at United Nations and Ms. Tima Soni, Chief Information Security Officer (UNICC and UNFPA), in a questions and answers session, agreed on the importance of cooperation and collaboration among all United Nations system organizations on cybersecurity.

The Inspectors informed Member States that the best way to support United Nations organizations in building cyber-resilient frameworks is by:

  • allocating adequate time to discuss the reports prepared by the organizations,
  • pro-actively requesting complementary information where needed, guided by the analysis presented by the JIU in its report, and
  • taking the concerns raised by the organizations seriously with a view to providing them with the resources they need to protect the data they hold as well as their ability to deliver on their mandates.

Among the recommendations in the JIU report, the Inspectors ask:

  • Executive heads of the United Nations system to examine the cybersecurity frameworks in their organization and present a report to their legislative and governing bodies covering the elements contributing to improved cyber-resilience as suggested by JIU.
  • The Director of UNICC to establish a fund enabling proactive research and development activities, as well as a more direct means for Member States to support the provision of shared solutions and system-wide cybersecurity services; followed by a recommendation to the General Assembly of the United Nations to take note of the creation of the trust fund and invite Member States wishing to reinforce the cybersecurity posture of the United Nations system to contribute to it.
  • The Secretary-General to present a report to the General Assembly exploring further opportunities to draw upon the convergence between physical security and cybersecurity to ensure a more holistic protection of United Nations personnel and assets.

Most participating organizations agree that the responsibility for cybersecurity cannot rest with ICT departments alone, and have recognized that administrative as well as substantive departments have a role to play. In light of the recent trend observed in many organizations towards decentralization and delegation of authority to mid-level managers, mainstreaming of cybersecurity considerations into the policies governing the work of respective departments and their practices would contribute to ensuring more direct organization-wide ownership and accountability by spelling out related responsibilities where they would be more readily consulted by each stakeholder in their respective role. One encouraging practice encountered across several participating organizations was the availability of role-based cybersecurity training opportunities and awareness raising measures, which should be further expanded to equip all stakeholders optimally for their respective contribution to organizational cyber-resilience.

Access a summary of the report: https://www.unjiu.org/sites/www.unjiu.org/files/jiu_rep_2021_3_review_highlights_0.pdf