There is no one-stop-shop for cyber security standards – ICC BASIS tells Internet governance forum

  • 4 December 2015
ICC Digital Economy

International Chamber of Commerce (ICC) Business Action to Support the Information Society (BASIS) urged stakeholders to recognize that cyber security standards must be globally accepted, industry led and recognized by the broadest community possible.

In a main session on cyber security and digital trust at the Internet governance forum (IGF) in Joa Pessoa Brazil, intense collaborative action was articulated as the way forward for cyber security success and discussion flagged building and maintaining trust between parties as crucial to ensuring cyber defense. “We need initiatives to bring people closer, mutual knowledge and convincing demonstrations of respect to people’s values and rights” said Paulo Sergio Carvalho who heads the Cyber Defense Center of Brazil.

Panelists highlighted the critical challenges in establishing resiliency and trust from different stakeholder perspectives and addressed how international multistakeholder cooperation can be enhanced to secure a sustainable and open cyberspace.

Noting the broad chapeau of issues cyber security encompasses ICC BASIS member Audrey Plonk of Intel emphasized that one single standard or small set of standards is both impossible and unreasonable to cover all of the issues at hand. “You have to look across the global standards organizations that are working on technologies, horizontally, and how they are incorporating security into the standardization process” she said.

David van Duren from the Global Forum on Cyber Expertise (GFCE) urged participants to acknowledge the evolution and rise of active actors in the online space – calling for a comprehensive approach that includes resilience, response, and recovery. “This broad approach should not only have a national dimension but a strong international dimension as well” he said.

We strongly believe that there is no one stakeholder that can solve and address this issue.

The challenge of building trust between the relevant multistakeholder parties was explored during the session and ICC BASIS members offered examples of how discussion on cyber security and trust could benefit greatly from increased input from the multistakeholder community.

ICC BASIS member Carolyn Nguyen of Microsoft noted examples of reactive and proactive multistakeholder processes which Microsoft has initiated and continues to implement today. “We strongly believe that there is no one stakeholder that can solve and address this issue” said Ms Nguyen. Responding to suggestions made that security can be ensured solely by design Ms Nguyen said: ” there has to be security throughout the entire life cycle, in addition to security by design there is also operational security and maintenance, it is important to keep that mind”.

The GFCE launched in April 2015 in The Hague and of which ICC is a founding member was noted as a progressive leap in multistakeholder collaboration on cyber security issues. This initiative gathers parties to collaborate and undertake cyber security capacity building on a worldwide scale.

Noting the success of the GFCE, Audrey Plonk of Intel suggested ways to boost multistakeholder participation in promoting international stability – encouraging participants to look at specific components such as incident response, national strategies, and public/private partnerships where there are a variety of examples of multistakeholder communities working together.  “I think that the challenge that’s worth discussing in this session and others going forward is how the multistakeholder community can encourage open processes around cyber security policymaking in different countries” She said.

The IGF main session on enhancing cyber security and building digital trust was co-facilitated by ICC BASIS and IGF multistakeholder advisory group (MAG) member Dominique Lanzanski of GSMA.

The recording and transcript can be found here.

A video recording of the session can be found here.

For more information about ICC’s work on cyber security and to view the ICC cyber security guide please click here.