The World Economic Forum has published a lengthy cyber-security report in the run up to Davos 2018 that seeks to establish a baseline of common language – encouraging various international actors to come into discussion from a place of mutual understanding.
Created in partnership with the Boston Consulting Group, the WEF describes the report as a “tool to facilitate capacity-building, policies and processes necessary to support collaboration, safeguard cyberspace, and strengthen cyber-resilience”.
The World Economic Forum, which was founded in 1971 by Klaus Schwab and takes place every January, seeks to bring world leaders, ‘decision-makers’, academics, and private industry together to discuss the issues of the day. This year’s theme is “Creating a Shared Future in a Fractured World”.
Speaking with Techworld, the WEF’s global leadership fellow and project lead for IT Daniel Dobrygowski said the point of the report is to encourage cooperation in cyber security, between states and between the public and private sectors.
“For me the overarching takeaway of a lot of the work we do here is that cooperation is key in this space – there aren’t a lot of analogies to other security situations where you have both public and private actors in spaces that are generally controlled by the private sector,” Dobrygowski said. “That’s why cooperation is absolutely key.”
“A lot of the disagreements or issues we run into on a day-to-day basis I think stem from a lack of common language or a lack of clarity around what we’re all talking about, when we talk about security or resilience in this space. Having that common language is absolutely vital to have any productive, actionable future conversations.”
One of the problems is that nations will have their own political values and policy norms for how they view cyber security and in how public-private relationships are established.
Russia, for example, has been accused of being behind ‘state-sanctioned’ cyber attacks – where hacking groups are allowed to, if not encouraged to, launch attacks on businesses and other countries. But attribution is difficult.
“When we think about attribution one issue is that there are companies and national governments that can do attribution very well,” Dobrygowski said. “But the issue that comes up over and over is: there aren’t any rules of the world that everyone’s agreed on. How to do attribution, what are the qualities of it? Then what do you do with it once you’ve attributed a particular attack to some place or some group?
“So the first step is very much getting together and understanding what the capabilities are to attribution, and also what they’re not. Second, starting to develop those rules of the road. This report is very much focused on the intra-state activities: how do governments relate to companies and organisations within the jurisdictions?”
There has been some movement in this area – the Tallinn Manual for example, and various resolutions raised at the United Nations.
The Forum has traditionally been a neutral platform for discussion between world leaders, where historic agreements have occasionally been brokered. And that’s the purpose of raising cyber security at this level, says Dobrygowski.
Sadik Shaikh | Cyber Suraksha Abhiyan, Ethical Hacking Training Institute, CEHv9,CHFI,ECSAv9,CAST,ENSA, CCNA, CCNA SECURITY,MCITP,RHCE,CHECKPOINT, ASA FIREWALL,VMWARE,CLOUD,ANDROID,IPHONE,NETWORKING HARDWARE,TRAINING INSTITUTE IN PUNE, Certified Ethical Hacking,Center For Advanced Security Training in India, ceh v9 course in Pune-India, ceh certification in pune-India, ceh v9 training in Pune-India, Ethical Hacking Course in Pune-India