The Paris Call Working Group 6, co-chaired by Kaspersky and Cigref, with expert support from GEODE, has delivered its analytical report introducing concrete tools to enhance ICT supply chain security. After six months of international multi-stakeholder discussions, it publishes this collective work for the 2021 Paris Peace Forum.
The Working Group 6 (WG6) was launched in March 2021 as part of the Paris Call for Trust and Security in Cyberspace and united more than 30 members representing different governments, industries, academia, and civil society. The WG6 focused on the Information Communication Technology (ICT) supply chain security and the set of related frameworks, measures, and good practices for the security of ICT products and services.
Kaspersky, a leading cybersecurity company, and Cigref, the digital association of major French companies and public administrations, with expert support from GEODE, a research center focusing on the geopolitics of the datasphere, joined forces to close the knowledge and implementation gap by providing policy-makers and industry with concrete proposals for stronger ICT supply chain security. The WG6 based its work on existing principles and recommendations produced by the Organisation for Economic Co-operation and Development (OECD) in its report on “Enhancing the digital security of products” published in February 2021.
The report by WG6 creates a matrix with pragmatic actions areas and illustrates steps which actors can do now to create positive security and economic impacts throughout ICT supply chains. This matrix shows the needed contribution and action areas of all stakeholders, including regulatory bodies, international institutions, as well as demand and supply actors. The report also provides mapping of existing frameworks and identifies both good practices and policy gaps.
Among policy gaps and areas for further work, the WG6 stresses on ensuring harmonization across emerging national regulatory and industry approaches, creating incentives for stronger security in modern ICT products and services, and further enhancing ICT supply chain transparency by both public and private sector.
Eugene Kaspersky, CEO of Kaspersky, added: “We are pleased to finally share the results of our joint efforts with Paris Call supporters and beyond. As a global tech-company, our mission is to inspire our community to build a safer digital world in a sustainable and most effective way, and to help them be better informed regarding the tools they can use to enhance their cybersecurity resilience.”
Arnaud Coustillière, Cigref representative for the Paris Call said: “In the context of an alarming increase in cyberattacks and particularly supply chain attacks, which could lead us to a kind of chaos, our working group on securing the digital supply chain coordinated by Cigref with Kaspersky and Géode was particularly rich and enlightening given the diversity of the players involved. After studying a large number of initiatives, we found that there is a great deal of fragmentation and a need to strengthen and bring to fruition existing approaches, particularly in terms of global security standards. The matrix on the areas of action also shows the roles and responsibilities that should make this space more secure, not only those of the States, but also and increasingly those of the major publishers and private actors providing digital services.
COMMENTS