IGF 2019 WS #195 IT security in the global supply chain

Organizer 1: Private Sector, Intergovernmental Organization
Organizer 2: Private Sector, Eastern European Group

Speaker 1: Eva Schulz-Kamm , Private Sector, Western European and Others Group (WEOG)
Speaker 2: Paula Iwaniuk, Private Sector, Eastern European Group
Speaker 3: Sergio Lomban, Technical Community, Western European and Others Group (WEOG)

Policy Question(s): 

- How can industry, governments and other stakeholders work together to make sure that the digitalization of the global economy is trustworthy, safe and secure?
- What are the baseline requirements for cybersecurity that all business players along the global supply and value chains should fulfill to make the digital economy secure for future growth?
- What legal regulations are already in place but potentially need to be enforced and what new legal regulations should be created to address upcoming threats?
- What role should different stakeholders play in cybersecurity capacity building approaches?

Relevance to Theme: The workshop directly addresses one of the main themes of IGF 2019: Security, Safety, Stability, Resilience. It aims to bring IGF participants closer to identifying the need of collaboration for a more secure digital world.

(A) Relevance of Charter of Trust

Charter of Trust is a joint initiative of the Munich Security Conference and 15 multinational companies (AES, Airbus, Allianz, ATOS, CISCO, Daimler, Dell, Deutsche Telekom, IBM, Mitsubishi Heavy Industries, NXP, SGS, Siemens, Total, TÜV Süd) that operate across various business sectors and are committed to improving cybersecurity in the global economy.
These companies are united in the firm believe that cybersecurity is a necessary condition for the success of the digital economy. Digitalization and cybersecurity must evolve hand in hand; users need to trust that their digital technologies are safe and secure.
To achieve this objective, Charter of Trust has set out 10 principles for cybersecurity. The Munich Security Conference and member companies engage with business partners, regulators, think tanks and academia to define these principles and work on a swift implementation in daily business operations.
Therefore, we believe Charter of Trust can contribute to an aspirational yet pragmatic debate about cybersecurity at the IGF.

(B) Relevance of workshop topic

Cybersecurity is only as strong as the weakest link in a given system. Therefore, the Charter of Trust Principle 2 sets out the aspiration to ensure that global supply chains meet cybersecurity standards. Companies – and if necessary – governments must establish risk-based rules that ensure adequate protection across all IoT layers with clearly defined and mandatory requirements. Ensure confidentiality, authenticity, integrity, and availability by setting baseline standards. In the workshop we will discuss questions, such as
- Identity and access management: Connected devices must have secure identities and safeguarding measures that only allow authorized users and devices to use them.
- Encryption: Connected devices must ensure confidentiality for data storage and transmission purposes, wherever appropriate.
- Continuous protection: Companies must offer updates, upgrades, and patches throughout a reasonable lifecycle for their products, systems, and services via a secure update mechanism.

The workshop will cover the responsibility of companies and address the need of collaboration on a global scale with further industry partners, governments and as well with civil society. It will also be based on concrete examples of companies from Charter of Trust, and how they overcome security and safety crises.

Relevance to Internet Governance: The digital world is changing everything. Today, billions of devices are connected through the Internet of Things. While this creates great opportunities, it also harbours great risks – ranging from data breaches to serious risks to life and limb where the digitalisation creates complex cyber-physical systems.
To make the digital world more secure, the member organisations of Charter of Trust have joined their forces. Taking the spirit of the Paris Peace Call, which Charter of Trust offically supports, the workshop would focus on how cyber and IT security can be enhanced globally.

Format: 

Break-out Group Discussions - Flexible Seating - 90 Min

Description: (A) The issue:
Due to the architecture of the internet infrastructure, national or regional regulatory solutions are of a limited effect, so global cooperation is needed. The Charter of Trust is the beginning of a unique initiative by leading global companies, taking their responsibility on Trust and Cybersecurity.
IT and cybersecurity are topics of intense discussion on a global scale. At the same time, dialogue often raises questions about the options for action of state actors. The complexity of the development of the Budapest Convention shows how challenging global developments are. The Paris Peace Call, in turn, shows the political intent for greater security.

(B) Discussions:
The session should deal primarily with entrepreneurial responsibility in reinforcing cybersecurity standards. The topic will also be expanded to how this cannot be done without the support of governments and public bodies to enforce minimum requirements along supply chains, for example. In the session, we aim to shed light on the complexity of global discussions and define common action corridors e.g.in the context of standardization, certification and possibly regulatory frameworks. The EU framework (Cyber act) could be used as an example.

(C) Agenda:
Although discussion and participants contributions will ultimately drive the agenda, the following will be used to guide conversation:

- The session will start with the introduction of invited speakers and a short ice-breaker presentation by the moderator, to set the scene and map out the journey the conversation will take (10 minutes)
- Speakers will then take the floor in turn to present the above-mentioned topics, each followed by input from the audience (60 minutes).
- At the end of the session the moderator, with the help of the rapporteur will summarize the discussion and ask the speakers and audience to comment on the session’s key takeaways (20 mins).

Expected Outcomes: The workshop will bring together leaders from global business organisations as well as regulators and think tanks / academia. It will discuss how the various stakeholder groups could collaborate to enhance cybersecurity alongside the supply chain based on global baseline requirements. The workshop would explore how the private and public sector can work together towards a global framework (of commitments) for cybersecurity.

Discussion Facilitation: 

The list below provides examples of the way discussion will be facilitated amongst speakers, audience members, and online participants and ensure the session format is used to its optimum:
Seating: Participants will sit in a circle or semi-circle (room permitting), with seats in the middle for the speakers. An empty chair will be placed next to the speakers. Audience members will be invited to occupy the empty seat at selected times of the discussion, to provide further or new perspectives or challenge the speakers. This will facilitate discussion by creating an enabling and comfortable atmosphere where all speakers and participants are given an equal footing in the discussion. The moderator will have a prominent seating position and may walk around the room to engage participants.
Preparation: Several preparation calls will be organised for all speakers, moderators and co-organisers in advance of the workshop so that everyone has a chance to meet, share views and prepare for the session.
Given the varied background of discussants and audience members, organisers will advertise the session and introduce questions to animate discussion on social media in the run up to the workshop. This will introduce the subject, encourage conversation and create links to other dialogues on the topic taking place in other forums to create awareness and help prepare in-person and remote participants for the workshop.
The moderator will have questions prepared in advance to encourage interaction among invited experts and between participants, if conversation were to stall. Potential Q&A’s will also be prepared in advance to that every speaker is prepared to respond to any comment
Moderator: The moderator will be an expert and well-informed on the topic and experienced in animating multi-stakeholder discussions. Charter of Trust Secretariat has a long-standing experience of organising events with moderators and panellists. It will suggest a list of potential moderators well in advance and help brief him/her before the event.
During the discussion, questions will be incorporated to encourage responses from participants and everyone will be given equal weight and equal opportunity to intervene. Walk-in participants will be encouraged to participate in the discussion by the moderator who will seek contributions from participants in person and remotely.
The remote moderator will play an important role in sharing the ideas of remote speakers/participants and will encourage their interventions through video.
Reporting: Following the discussion, participants will be encouraged to share their key takeaways from the session through online tools and social media. This will help ensure diverse perspectives raised during the discussion are included in the reporting.

Online Participation: 

Ahead of the session, the remote moderator will be involved throughout the workshop planning and organization process to advise on where remote participation will need to be facilitated.
During the session, the online platform will be used to animate the discussion and ensure participants in the room and online will have an equal opportunity to engage. The online moderator will occupy the empty seat on behalf of online participants at any given time they wish to join the conversation.
The moderator will frequently communicate with the online moderator throughout the session to ensure remote participants’ views/questions are reflected.
The moderator and speakers will be encouraged to follow the online participation tool throughout the workshop themselves, so that issues brought forward by participants in the chat can be carried throughout discussion. Participants in the room will also be encouraged to use their mobile devices to connect and interact with remote participants.
Social media will also be used to generate wider discussion and create momentum for online participation as the workshop is unfolding. Charter of Trust has wide experience in using social media during events and coordinating between member companies.
Co-organizers will ensure that the workshop is promoted in advance to the wider community to give remote participants the opportunity to prepare questions and interventions in advance and to generate interest in the workshop.
Organizers will also explore the possibility of connecting with remote hubs around the globe and organize remote interventions from participants.

Proposed Additional Tools: Organizers will explore the use of audio-visual material (i.e. videos, PowerPoint slides, images, infographics) throughout the workshop to animate the session and aid those whose native language may not be English.

SDGs: 

GOAL 4: Quality Education
GOAL 8: Decent Work and Economic Growth
GOAL 9: Industry, Innovation and Infrastructure
GOAL 17: Partnerships for the Goals