KEY ISSUES FOR DIGITAL TRANSFORMATION IN THE G20

Recommendations

Info

Country Australia Canada Italy Saudi Arabia South Africa Public-private initiatives Co-design of voluntary guidelines on good digital security practice (“Australian Internet Security Initiative”). Joint public-private awareness initiatives and education campaigns. Streamlining of digital security governance and structures to improve interaction between the private and public sectors. Relocation of the Australian Cyber Security Centre to enable the government and the private sector to work more effectively together. Sharing of real-time public-private digital threat information through joint sharing centres. Information on risks and impacts of cyber incidents is shared between governments and the private sector. Information sharing on attacks and incidents, and on risks and vulnerabilities assessment. Creation of joint working groups. Periodic national exercises involving relevant public stakeholders and private-sector operators. Regular exchange of best practices and lessons learned between private and public stakeholders to facilitate reciprocal understanding and foster joint training of personnel. Establishment of national Computer Emergency Response Team as a co-operative PPP. Information-sharing capabilities through “government-private partnerships”. Establishment of a combined effort of representatives from public sector organisations with mission responsibilities for infrastructure and the owners/operators of those infrastructures. Establishment of a public-private trusted forum. Encouragement of private sector to address common security interests, collaborate with government, and foster co-operation among interdependent industries to create a common understanding of the threats and vulnerabilities. South Korea Establishing a joint response system and team of private, public and military sectors. Turkey United Kingdom United States European Union Decision-making mechanisms for the security of critical infrastructures. Co-ordination of public and private co-operative R&D for national technologies in digital security. Establishment of a “Cyber-security Information Sharing Partnership” to exchange cyber threat information in real time, increasing situational awareness and reducing the impact on business. Publicly funded accelerator to nurture UK digital security start-ups. Establishment of a public-private R&D partnership to allow industry and government to work together to develop and deploy technical solutions for high-priority cybersecurity challenges and share results with the broader community. Adoption of the 2015 Cybersecurity Act to simplify digital threat information sharing by private companies with each other and the Government. Creation of the Critical Infrastructure Cyber Community C³ Voluntary Program, a PPP to help align critical infrastructure owners and operators adopt the National Institute of Standards and Technology’s Cybersecurity Framework. Creation of the European Public-Private Partnership for Resilience (EP3R) to co-ordinate public and private actors in critical information infrastructure protection. Establishment of a PPP (EUR 1.8 billion investment by 2020) to foster co-operation on earlystage research, align the demand and supply sectors for cybersecurity products and services, and develop common building blocks. Effective international co-operation is essential for improving current digital security risk policies. This is due to the global nature of the Internet, global adoption and spread of digital technologies, as well as transnational
conduct of cybercrimes and digital security attacks. Global interconnectedness creates interdependencies between stakeholders and calls for their co-operation on digital security risk management. Almost all national digital security strategies call for improved international co-operation. With many countries now having set up a national co-ordination agency or mechanism, there is an opportunity for them to extend it as “an international contact point to facilitate co-operation on cybersecurity at policy and operational levels” (OECD, 2012b). Indeed, the Security Risk Recommendation calls for governments to strengthen international co-operation and mutual assistance notably by: Participating in relevant regional and international fora, and establishing bilateral and multilateral relationships to share experience and best practices; and promoting an approach to national digital security risk management that does not increase the risk to other countries, Providing, on a voluntary basis as appropriate, assistance and support to other countries, and establishing national points of contacts for addressing cross-border requests related to digital security risk management issues in a timely manner, and Working to improve responses to domestic and cross-border threats, including through CSIRTs cooperation, co-ordinated exercises and other tools for collaboration. There are numerous international and regional fora and organisations through which various aspects of digital risk management might be pursued. Among them, the OECD has been a key forum for bringing together member countries and other <strong>G20</strong> economies and organisations to discuss and co-operate around policy issues such as the protection of critical information infrastructures, privacy, cryptography policy, and electronic authentication. As efforts to foster capacity building in less developed countries are increasing, co-operation between digital security and development oriented international and regional fora could become necessary. One example is the international partnership initiated by the ITU with a set of other international and regional organisations (European Union Agency for Network and Information Security (ENISA), OECD, Organisation of American States, World Bank, United Nations Conference on Trade and Development (UNCTAD), Commonwealth Telecommunications Organisation (CTO), and Commonwealth Cybercrime Initiative (CCI) to bring together in a single guide existing guidance and recommendations from these organisations in order to help developing countries in the adoption of their national cybersecurity strategy. Digital security and the protection of personal data (“data protection”) 7 are closely related: digital security incidents create privacy issues when they affect the confidentiality or integrity of data directly or indirectly related to individuals (i.e. “personal data”). Several international instruments, including the OECD Recommendation of the Council concerning Guidelines Governing the Protection of Privacy and Transborder Flows of Personal Data (“Privacy Guidelines”) (OECD, 2013d) include a “Security Safeguards” principle 8 and digital security risk management can help implement this principle. Different stakeholders will be subject to different types and intensity of risks from digital security incidents affecting personal data, often called “data breaches” or “personal data breaches”. For instance, when personal data is publicly disclosed following a data breach or falls into the hands of unauthorised persons, individuals face privacy breaches that can lead to financial fraud and other physical, material and moral damage. Public and private organisations may, on the other hand, face direct financial loss, reputational damage and loss of customer trust. They may also risk lawsuits and fines from data protection authorities for breaching legal privacy frameworks. From a digital security risk management perspective, personal data breaches can be viewed as a particular type of digital security incident where two parties are exposed to the risk but one (the organisation) is in
Page 1 and 2:
KEY ISSUES FOR DIGITAL TRANSFORMATI
Page 3 and 4:
Key Issues for Digital Transformati
Page 5 and 6:
Figures Figure 1. Fixed broadband s
Page 7 and 8:
As the cost of data collection, sto
Page 9 and 10:
Open, voluntary standards, grounded
Page 11 and 12:
Digitalisation is changing the worl
Page 14 and 15:
It is useful to start with a brief
Page 16 and 17:
In the past, there has also been un
Page 18 and 19:
Having established a positive relat
Page 20 and 21:
However, despite the rapid spread o
Page 22 and 23:
160 % 140 120 100 80 60 40 20 0 Not
Page 24 and 25:
% 100 90 80 70 60 50 40 30 20 10 0
Page 26 and 27:
show that large firms have much gre
Page 28 and 29:
% 2011-14 2006-09 60 EUIPO USPTO 50
Page 30 and 31:
component may include repatriated i
Page 32 and 33:
computers will rather increase). At
Page 34:
The risk related to cybercrime and
Page 37 and 38:
% 100 Gap 1st and 3rd quartiles Ave
Page 39 and 40:
Research has shown that the availab
Page 41 and 42:
5 4.5 4 3.5 3 2.5 2 1.5 1 0.5 0 Not
Page 43 and 44:
Recent research points to a set of
Page 45 and 46:
knowledge sharing by upholding the
Page 47 and 48:
skilled labour. Thus, trapping reso
Page 49 and 50: wireless access, the two technologi
Page 51 and 52: network infrastructure sometimes ha
Page 53 and 54: separation of infrastructure and se
Page 55 and 56: other network on the Internet (CIDR
Page 57 and 58: Certain policies promote good use o
Page 59 and 60: Francisco Project”, for example,
Page 61 and 62: Encourage the deployment of more fi
Page 63 and 64: In telecommunications, both fixed a
Page 65 and 66: sufficiently compelling for operato
Page 67 and 68: However, data provides additional c
Page 69 and 70: deductions on investments in seed a
Page 71 and 72: early-stage investment can affect i
Page 73 and 74: The development of standards and st
Page 75 and 76: A positive example of co-operation
Page 77 and 78: As actors navigate the IoT space, t
Page 79 and 80: The private-sector-led standards pa
Page 81 and 82: Co-operation among standardisation
Page 83 and 84: Fixed-line communications, wireless
Page 85 and 86: the ICT sector tends to outpace reg
Page 87 and 88: Digitalisation is associated with f
Page 89 and 90: end user (European Commission, 2016
Page 91 and 92: The Internet model of traffic excha
Page 93 and 94: G20 economies could develop strateg
Page 95 and 96: technologies, and in particular the
Page 97 and 98: in the United States where criminal
Page 99: about digital security risk and how
Page 103 and 104: The G8 Deauville Declaration outlin
Page 105 and 106: To ensure that everyone can engage
Page 107 and 108: ICT specialists have been among the
Page 109 and 110: Initiatives to promote consumer edu
Page 111 and 112: All Welding Processing Handling Dis
Page 113 and 114: economies and societies need to per
Page 115 and 116: The development of strategies that
Page 117 and 118: The use of digital technologies is
Page 119 and 120: These adoption gaps between large f
Page 121 and 122: Figure 44 (Panel B) illustrates a s
Page 123 and 124: Frontier firms Laggards Frontier fi
Page 125 and 126: Despite the steady increase busines
Page 127 and 128: YouTube to watch media content; Ube
Page 129 and 130: Platforms are often criticised for
Page 131 and 132: The potential and pitfalls of digit
Page 133 and 134: Cross-border commerce has long gene
Page 135 and 136: Digitalisation is changing the worl
Page 137 and 138: Digital technologies have a huge re
Page 139 and 140: One approach is to accept the fact
Page 141 and 142: and income opportunities. Becoming
Page 143 and 144: South Korea has opened numerous “
Page 146 and 147: The ongoing digitalisation of our e
Page 148 and 149: Developing tools for assessing the
Page 150 and 151:
data across borders, transportation
Page 152 and 153:
BCG (2012), ”The Internet Economy
Page 154 and 155:
Deloitte (2015), “Connected Healt
Page 156 and 157:
Karachalios, K. and K. McCabe (2016
Page 158 and 159:
OECD (2016m), “The Internet of Th
Page 160 and 161:
OECD (2012d), Connected Minds: Tech
Page 162 and 163:
The Economist Intelligence Unit (20
Page 164 and 165:
1. Chapter 2 discusses policies for
show all

KEY ISSUES FOR DIGITAL TRANSFORMATION IN THE G20

Create successful ePaper yourself

Delete template?

Save as template?