« 数千万ユーロをマネーロンダリングしたと言われるQQAAZZネットワークに属していると思われる逮捕者が20名になりました | Main | World Economic Forum ビジネス環境を巡る地域リスクレポート2020 (サイバー攻撃も上位に入っています。。。) »

2020.10.16

World Economic Forumからサイバーセキュリティの報告書(Cyber Information Sharing: Building Collective Security)が出ていましたね。。。

こんにちは、丸山満彦です。

世界経済フォーラム(World Economic Forum)からサイバーセキュリティの報告書(Cyber Information Sharing: Building Collective Security)が10月6日に出ていましたね。。。

サイバーセキュリティに関する情報共有についての報告書ですね。一個人、一企業で対応するのではなく、情報共有を進め協力して対応していくことが重要ですよね。より連携を進めるためには、機械学習やプライバシー強化技術等を活用が重要となってくるという話ですね。。。

最後に、組織のリーダ、サイバーセキュリティ業界のリーダ、政策と産業界のリーダ、研究開発関係者向けに推奨事項を挙げていますね。。。

昔、なくなった山口先生がおっしゃっていましたが、自助、共助、公助ですね。。。私も同感です。特に個人的には共助が進むように何かしら力添えができればと思っています。。。

 

● World Economic Forum
・2020.10.06 Cyber Information Sharing: Building Collective Security

Cybersecurity is one of the most systemically important issues facing the world today. Cyber information sharing is critical to helping better collective security in the digital ecosystem in which society increasingly relies. Cyber information sharing, however, faces multiple barriers. New technology, among other interventions, promises to overcome these barriers. Action is required to make sure that information sharing can continue to be an enabler of the strategic driver of the global cybersecurity community; the need to move from individual resilience to collective resilience.

・[PDF] Cyber Information Sharing: Building Collective Security - INSIGHT REPORT - OCTOBER 2020

目次

1 Executive Summary

2 Cyber information sharing: what is it and why does it matter?
 2.1 Cyber information sharing as a platform for collective resilience
 2.2 Cyber information sharing as a platform for collective action

3 Why does this matter now?

4 Seven barriers that need to be overcome

5 Information sharing 2.0: how next‑generation technology can help
 5.1 AI and ML
 5.2 Privacy Enhancing Technologies
 5.3 Encrypted computation
 5.4 Differential privacy

6 CDA case study: using PET to drive collective action in the cybercrime ecosystem
6.1 The pilot: secure and confidential querying
6.2 Results

CONCORDIA: an ecosystem for collaboration

Recommendations

Contributors

Endnotes


 


Exective Summary

Cybersecurity is one of the most systemically important issues facing the world today. In little over a decade, cybersecurity has been transformed from a primarily technical domain centred on securing networks and technology to a major strategic topic of global importance. Cybersecurity is a pillar of a digitally resilient society. It is essential for assuring the integrity of the interconnected business and social processes that sit on top of modern societies’ complex digital ecosystems. Its growing importance as an issue has been tracked by the World Economic Forum Global Risk report and now the potential impact of cyberattacks is consistently ranked as one of the biggest risks facing the global economy today.1

Since its relatively recent emergence the cybersecurity ecosystem has faced several challenges as it has worked to mature the isolated cybersecurity activities of actors throughout society into a cohesive ecosystem, which allows itself to be accountable to all parts of society. It has had to overcome these shared challenges in a fluid environment. The COVID‑19 pandemic has led to rapid digital transformation in many workforces and sectors, further increasing the dependency of our global economy on digital infrastructure. This has exacerbated cybersecurity challenges that existed before, but also demonstrated to all stakeholders the need and incentive to address some of our most important shared challenges.

Intelligence sharing between stakeholders is a defining feature of the cybersecurity community and one of its most important shared challenges. No stakeholder alone can sustainably identify and address all the cyber threats of the fast‑changing digital landscape. Trusted, secure and scalable cyber information sharing needs to be a foundational platform on which all participants of the digital ecosystem can rely.

Information sharing enables enterprises to defend themselves, enhance resilience and conduct collaborative investigations to detect and deter threat actors. It enables building trust. Barriers, however, remain in the ecosystem, including issues such as gaps in jurisdictional collaboration, in addition to cross‑sector collaboration, lacking access to skills, strategy and resources, and concerns over trust and privacy. These barriers need to be addressed to promote greater resilience.

New technology, among other interventions, promises to overcome these barriers. Artificial intelligence (AI) and machine learning (ML) technologies are enhancing the effectiveness and value of sharing data, and privacy‑enhancing technologies are enabling the sharing of information while protecting privacy and security. Combined, these technologies can dramatically expand, automate and improve organizations’ ability to protect themselves from cyberthreats.

Ultimately information sharing is an enabler of the strategic driver of the global cybersecurity community; the need to move from individual resilience to collective resilience.

The World Economic Forum’s Global Future Council on the Future of Cybersecurity, during its 2019‑2020 term, focused on the nature of these barriers and challenges in the security community as well as possible new solutions.

This document reflects the insights generated by this group among Council Members in addition to the Centre for Cybersecurity’s extended community, including the World Economic Forum’s Technology Pioneers.


Recomendations

To address the barriers of better information sharing, the community puts forward the following recommendations. These are aimed at specific parts of the security ecosystem that can help address the barriers outlined in the report and help expediate some of the solutions identified.

Enterprise leadership

  • Organizational leadership needs to treat cyber information sharing as a strategic capability and governed at a more senior level outside operational teams. With more senior governance and oversight, leadership can better build and resource information‑sharing capabilities. This covers the investment in internal operational capabilities and technical platforms as well the necessary internal processes to engage external entities at a more systematic level. Leadership can significantly aid this process by providing assurance in a fragmented legal and policy landscape, including with appropriate oversight, potentially sharing what could be classified as sensitive and proprietary information.

Cybersecurity leadership

  • Investigative authorities and information‑sharing bodies should be exploring the potential applications for PETs in their operational partnerships and processes. More assessment work is required to identify new pilots to assess and applicability for cybersecurity and cybercrime use cases, especially in being able to facilitate more effective joint investigations. Regulators and government bodies, especially those with oversight of cybersecurity investigations and sharing bodies, need to issue guidance to entities on the applications, use and deployment of PET technology to accelerate their adoption.

  • Information‑sharing communities need to promote the use and potential of existing no‑cost and open‑source tools, contribute resources to the ongoing development and maintenance of those tools and actively participate in open‑source software communities. Trusted and scalable cyber information sharing requires shared, flexible, trusted, widespread and low‑cost technology underpinning it. The most effective way to rapidly develop cyber information sharing is to collectively advance the quality, flexibility and security of existing freely available technology.

  • Work is required to make information‑sharing frameworks and technical standards interoperable between jurisdictions and sectors. New models and enriched information‑sharing frameworks will also need to be developed to deliver situational awareness in the face of increasingly complex technology environments. These need to be effective across national boundaries as well as throughout supply chains. Information‑sharing initiatives should ensure that their data formats are open, easily available and widely shared to encourage interoperability and cross‑sector collaboration. Having open formats allows for easy sharing of threat information between jurisdictions and sectors.


Policy and industry leadership

  • Sector‑specific guidance and frameworks should be created that map pre‑existing privacy and rights‑based principals, responsibilities, harms and remedies to the creation and management of cross‑sector information‑sharing efforts. By providing clear guidelines for ethical and responsible information sharing, existing communities will be able to rapidly innovate without being held back by uncertainty about possible harm.

  • Legal and compliance meta‑information‑sharing efforts should be conducted to provide clarity about these concerns. This reduces the obstacles that stand in the way of information sharing. Ongoing active and public sharing of legal interpretation and compliance best‑practices related to information sharing should be undertaken by existing sharing communities. This will reduce the initial resources required for organizations to evaluate the risk/rewards of taking on cyber information‑sharing efforts as well as the ongoing resources required for information‑sharing communities to ensure they maintain compliance in a fragmented and ever‑shifting legal and policy landscape.

  • More work is required to examine and promote effective incentives, positive and negative, for participation in the information‑sharing ecosystem. The promotion of market and regulatory incentives to address the gaps, such as enhanced regulation, standards and especially the insurance market, might be required to promote and scale up information sharing through the cybersecurity ecosystem.

Research and operational community

  • More research and deployments are needed to make AI and ML more operationally accessible as a defensive and information‑sharing capability. More deployments will enable the community to start focusing on new threat intelligence frameworks and AI‑based models. New sharing capabilities should be promoted that are able to share unstructured or loosely structured data, which can be fed into AI and ML pipelines.

|

« 数千万ユーロをマネーロンダリングしたと言われるQQAAZZネットワークに属していると思われる逮捕者が20名になりました | Main | World Economic Forum ビジネス環境を巡る地域リスクレポート2020 (サイバー攻撃も上位に入っています。。。) »

Comments

Post a comment



(Not displayed with comment.)




« 数千万ユーロをマネーロンダリングしたと言われるQQAAZZネットワークに属していると思われる逮捕者が20名になりました | Main | World Economic Forum ビジネス環境を巡る地域リスクレポート2020 (サイバー攻撃も上位に入っています。。。) »