GEODE - Kaspersky - CIGREF
• Arnaud Coustillière (private sector, Western European Group) • Clara Morlière, Cigref (private sector, Western European Group) • Anastasiya Kazakova, Kaspersky (private sector, Eastern European Group) • Aude Géry, GEODE (civil society, Western European Group) • Andreas Kuehn, ORF America (civil society, North American Group)
Anastasiya Kazakova, Kaspersky (private sector, Eastern European Group)
Aude Géry, GEODE (civil society, Western European Group)
Clara Morlière, Cigref (private sector, Western European Group)
Andreas Kuehn, ORF America (civil society, Western European Group)
Jonas Grätz, Deputy Head, State Secretariat, STS, Policy Planning, Federal Department of Foreign Affairs to share the perspective from the Geneva Dialogue (government, Western European Group)
May-Ann Lim, Executive Director, Asia Cloud Computing Association
Katerina N. Megas, Program Manager, Cybersecurity for Internet Security, NIST
Clara Morlière, Cigref
Anastasiya Kazakova, Kaspersky
The proposed session consists of:
I. Presentation of the multi-stakeholder collective work within WG6 on key initiatives for ICT supply chain security, and preliminary analysis and recommendations [30 min]; and II. Panel discussion with a broader multi-stakeholder community to identify further implementation challenges and incentives as well as roles and responsibilities each stakeholder group has in ensuring ICT supply chain security [60 min].
We also reached out to the French Ambassador for Digital Affairs, Henri Verdier, for opening remarks.
Recent cyber incidents, including the SolarWinds and Exchange Server hacks, remind us about the importance of secure ICT supply chains to operate critical digital infrastructure and services in a trusted manner. The global COVID-19 pandemic has also emphasized the importance of trusted digital services build upon global supplier networks that all rely on ICT. Despite significant efforts to shore up supply chain security through discussions in international forums, new supply chain security frameworks and standards driven by governments and industry, implementing the right measures effectively along supply chains in transnational organizations as well as small and medium-sized enterprises remains challenging. This 0day session will provide a platform to discuss practical ways to advance ICT supply chain security, with two desired outcomes in mind: 1. To close the ‘knowledge gap’ by discussing and sharing the preliminary findings of the Working Group 6 (WG6) of the Paris Call for Trust and Security in Cyberspace on ICT supply chain security, and using the 0day session’s discussion as further input to the Paris Call process. The discussion will be based on the WG6’s comprehensive mapping of key supply chain security initiatives and analysis; and 2. To close the ‘implementation’ and ‘accountability gaps’ by discussing with representatives of different stakeholder groups – including governments, the ICT industry, and civil society – and of regions – including Europe, North and South America, Africa, and Asia-Pacific – factors leading to success and failure in the implementation of these initiatives, as well as roles and responsibilities of different stakeholder groups in achieving ICT supply chain security.
Relying on the experience of continuous work within WG6 of the Paris Call and the 2020 UN IGF Workshop on Assurance and Transparency in ICT Supply Chain Security, the session aims to deepen the discussion on practical tools and knowledge regarding ICT supply chain security, and to share it with the global internet governance community.
The session will address IGF 2021 emerging and cross-cutting issue areas on: (i) inclusive internet governance ecosystems and digital cooperation, as we will cover questions relating to governance and cooperation for achieving ICT supply chain security as a prerequisite to cyberstability (what tools, mechanisms, measures and steps, including on capacity building, are needed for different stakeholder groups to strengthen ICT supply chain security? How can a multi-stakeholder community, including states, the private sector, technical experts and civil society as well as considering different levels of capacities and cybersecurity maturity, build effective cooperation and achieve collective results for ICT supply chain security?)
(ii) Trust, security, and stability, as we will cover questions relating to cybersecurity practices and mechanisms (what initiatives on ICT supply chain security already exist? What leads to success and failure in their implementation?) as well as on accountability of different stakeholder groups (states, private sector and civil society) in contributing to greater ICT supply chain security as a prerequisite to cyberstability.
The interactive session has two parts: (i) short presentations of the work and findings accomplished within the 2021 work within the WG6 of the Paris Call, and (ii) an open panel discussion facilitated by a moderator and key experts with allocated space for interventions and reflections by other attendees.
A separate remote moderator will be responsible for facilitating remote interventions via the chat.
Organizers will also use online polls (e.g., menti.com) to encourage frequent interaction with all attendees.