IGF 2023 WS #245 Trust and Transparency as a Benchmark for Internet Security

    Subtheme

    Data Governance & Trust
    Big Data Architecture, Usage and Governance
    Cross-border Data Flows and Trust
    Data Privacy and Protection

    Organizer 1: Heng Lee, Kaspersky
    Organizer 2: Genie Gan, 🔒
    Organizer 3: alharbi thamer, Kaspersky
    Organizer 4: Jochen Michels, 🔒Kaspersky

    Speaker 1: CRAIG JONES, Government, Intergovernmental Organization
    Speaker 2: Abdoulaye S Doucoure, Intergovernmental Organization, African Group
    Speaker 3: Dennis-Kenji Kipker, Technical Community, Western European and Others Group (WEOG)
    Speaker 4: Deemah Alyahya, Intergovernmental Organization, Intergovernmental Organization

    Moderator

    Genie Gan, Private Sector, Asia-Pacific Group

    Online Moderator

    Heng Lee, Private Sector, Asia-Pacific Group

    Rapporteur

    alharbi thamer, Private Sector, Western European and Others Group (WEOG)

    Format

    Panel - 90 Min

    Policy Question(s)

    How can transparency help in building capacity in cybersecurity?
    What are technical challenges faced by both public and private sector to adopt transparency?
    When do we consider transparency as strength not as weakness?
    Is there a need for government to issue legislation to force companies to adopt transparency in cybersecurity?
    How can public and private sectors work jointly alongside regulators to improve cyber capacity building?

    What will participants gain from attending this session? Participants and attendees will learn about:

    The challenges of transparency in cybersecurity
    How transparency can become a competitive advantage
    The role of transparency in promoting trust
    The role of governments in improving transparency
    How transparency can help organizations against cyber-attacks

    Description:

    With digital transformation comes increased incidences of cyberattacks, and being transparent about cybersecurity risks and vulnerabilities will help ensure that the world finds the best possible solutions to crowdsource and attract the best solutions to counter them.

    Having to be transparent about the threats faced by one’s own organization, and shortcomings in information sharing practices, may seem daunting. However, given the multiplicity and magnitude of threats that organizations face today, transparency makes a critical difference. Collaborations between regulators and players in both the public and private sectors can help regulators to put in place a set of regulations to encourage the right mitigative measures against cybersecurity risks, and timely reporting of cybersecurity incidents. In the US, the Cyber Incident Reporting for Critical Infrastructure Act (CIRCIA) puts in place guidelines for all critical infrastructure companies including food and agriculture, and financial services to report cybersecurity incidents like ransomware attacks. In Europe, the EU’s draft Cyber Resilience Act introduces elements of increased transparency, with requirements for manufacturers of hardware and software products to actively report exploited vulnerabilities and incidents throughout the lifecycle of the product. These signal a cultural shift where transparency is a sign of strength, rather than an exposé that will not be looked upon favourably.

    The belief in transparency has been slowly, but steadily gaining momentum. A report by PWC on Transparency in the Digital Age laid out seven principles for better cybersecurity reporting for companies, of which the first principle encouraged companies to invest time in explicitly detailing the inherent risk they have identified and the potential impacts of the breach, not just to themselves but also to other organizations which might be vulnerable to the same risks. This illustrates a possible future where cybersecurity reporting is underpinned by transparency, rather than by compliance.

    Expected Outcomes

    The expected outcomes of the session are to propose ideas that highlight the importance of transparency, and to establish transparency as a means to increase organizations’ cyber resilience. Kaspersky's researchers have previously written a white paper on our signature Global Transparency Initiative (GTI) as a framework for increasing trust in cyberspace (see: https://media.kaspersky.com/en/research-paper-global-transparency-initi…). This session will help to enhance and update ways in which transparency manifests through practice, for an updated version of the paper.

    Hybrid Format: We propose to have a hybrid session, with a physical panel discussion on stage, as well as one of our speakers dialling in remotely. Our facilitator is experienced in moderating such sessions (see such an event for example: https://www.kaspersky.com/about/policy-blog/general-cybersecurity/apac-…) and we will have an online moderator and rapporteur to ensure interaction and engagement.

    The Flow of Event is proposed as follows:
    Opening by Moderator
    Introduction of Distinguished Speakers
    Short Opening Remarks by each Distinguished Speaker
    Open Question and Answer Session
    Rapid Fire Closing (short concluding remarks by each Distinguished Speaker)

    Tools: Zoom or Microsoft Teams, with Kahoot or Menti for quiz engagement.