The conference explored practical ways for business and governments to collaborate towards a “culture of security”. While the development of such a culture is the stated objective of the OECD’s Guidelines on Network and Information Security, issued last year, the conference acknowledged that business investment and innovation was the only way the objective could truly be met.
Discussions among high-level participants from all sectors of business and government – including intergovernmental organizations such as the OECD – pointed to the need for improved collaboration, communication and awareness for businesses large and small to play their part in the creation of a more secure and safe society. There was broad consensus that stimulating innovation and appropriate security practices through market incentives would be more successful and less costly to all stakeholders than to make specific technologies or practices compulsory through government regulation. The main change that attendees concurred would truly bring about a sustainable culture of security is for enterprises to move security away from their technical units to become a direct concern and responsibility for management. The question of how technology could be better used in securing life and property was explored.
A simple example of a possible invention where the technology industry could help travellers was proposed by the chair of the conference, Talal Abu-Ghazaleh. Since a terrorist tried in 2001 to blow up an airliner with explosive in his shoes, air travellers have to remove their shoes for examination before being allowed to fly. What is needed, he said, is a device that would check travellers’ shoes without them having to take them off. If the technology developers could not provide such an elementary device, what prospect is there for more advanced applications of technology?
In order to create a society where everyone can live up to their security responsibilities in this increasingly interconnected world, participants at the conference agreed special attention should be paid to providing ethical education to young people, who do not view security as seriously as older generations. In addition, practical assistance will be needed for developing and emerging economies to keep pace with the thinking in the US and Europe, and to avoid them becoming the proverbial weak link that determines the strength of the chain.
This ICC conference was likely the most authoritative gathering of high-level government and business ever held on security and technology. The experts came from North America, Europe, Africa, the Middle East, Asia and Australia. Attendees were unanimous that progress towards a safer world will be through cooperation between companies; and between business, government and other stakeholders. By pooling experience and resources they would collectively be a formidable challenge to terrorists and other criminals.
“However understandable the limits within which companies can share information with other companies or governments, and despite the good reasons for countries to be hesitant to share information of relevance to national security, this is no excuse for failing to invest in IT technology for the enhancement of protection of life and property,” said Mr Abu-Ghazaleh. “Our life is far too valuable to be left to reaction and remedial action. We need to be more proactive than the terrorists”
Hopefully, the experts believed that trust could be built; and, importantly, built on a global scale, just as crime syndicates and terrorists operate globally. Ideally, there should be further dialogue regarding “global governance” under the direction of a “global champion”, with the same sort of authority given to champions of the environment. The ICC conference provided no easy answers but it did point the way forward.