By Daniel Bogler
Member companies in the Charter of Trust believe their joint effort against cybercrime has become even more relevant during the ongoing pandemic.
ShutterstockThe most successful methods of fighting increasingly complex and ever-changing cybercrime hinge on trust: trust throughout the supply chain; trust between companies, even competitors; and trust between government and industry.
That was the central message – along with insights on creating that trust – from expert panelists and speakers at the Charter of Trust’s recent virtual Tokyo Roadshow 2020.
Founded in 2018 by Siemens in Germany, the Charter of Trust (CoT) is a coalition of leading global companies that have joined forces to advance cybersecurity. The group now includes a range of European companies, as well as IBM, Cisco and Dell from the U.S., and NTT and Mitsubishi Heavy Industries (MHI) of Japan.
CoT members believe the group’s work is becoming even more vital. “COVID-19 has separated our physical economies, but in the digital world we are connected more,” said Eisaku Ito, MHI’s Chief Technology Officer. “We feel that digital transformation is moving faster than before. Under these circumstances, activities to build trust in the cybersecurity world are very important.”
Here are five important takeaways from the CoT’s Tokyo event:
1. Trust is the foundation.
If trust is so central, how do you create it to begin with? The first step is establishing shared principles. The CoT has 10, covering everything from who bears responsibility for ensuring digital security to educating the next generation of cyber experts.
To be meaningful, a common understanding, however, must go deeper. For example, it must include detailed rules about which components can be used in specific products and emerging technologies. After all, “not only technologies, but people and processes and organizations – the implication of these elements becomes much more important,” said by Shinichi Yokohama, the Chief Information Security Officer of NTT.
The CoT provides a forum for opening channels to suppliers, customers, even rivals, and setting up joint exercises to practice fighting cybercrime attacks.
An important rule of thumb is trust but verify, especially given rising protectionism and political tensions globally. The best way forward is to step up communication: open channels to suppliers, customers, even rivals; set up joint exercises to practice fighting cybercrime attacks; and, above all, keep talking to build understanding.
The CoT certainly provides a forum to do so. “That’s why we called it the Charter of Trust,” explained Julian Meyrick, Vice President of Security Strategy Risk & Compliance at IBM.
2. Public-private cooperation establishes the framework.
Cooperation is essential to cover all aspects of cybersecurity, whether it is strategy, incident management, critical infrastructure protection or a longer-term focus on the culture and skills the IT sector needs. As Benjamin Ang, a Senior Research Fellow from RSIS/NTU in Singapore said, this is where the CoT can play a very important role given its ability to bring together governments, the private sector and academia in a public-private partnership.
The Tokyo Roadshow did indeed hear about the latest initiatives from the Japanese government to ensure cybersecurity. Toshikazu Okuya, Director of the Cybersecurity Division at Japan’s Ministry of Economy, Trade and Industry (METI) shared its Cyber/Physical Security Framework, designed to guard against the risks that come with increasing digitalization, such as the growth of the Internet of Things (IoT).
Atsushi Umino, Director of the Office of the Director-General for Cybersecurity at the Ministry of Internal Affairs and Communications (MIC) showcased new Telework Security Guidelines and practical templates that his office has crafted in response to the huge spike in homeworking. As RSIS/NTU’s Ang pointed out, however, there are a plethora of national, regional and local standards operating across the world right now. Harmonizing these will be a considerable challenge.
3. Information sharing leads to real-world impact.
Sharing information on cyber threats is the test that will determine if all the principles established by organizations such as the CoT will actually make a difference in the real world. If companies are willing to share data, then threats and new attacks will become quickly visible, their spread from industry to industry can be prevented or slowed and best practices in combatting them can be easily shared.
Japan’s MIC, for example, worked with national internet service providers (ISPs) last year to alert users to new IoT devices infected with malware. They found over 150 a day during 2019. Setting up so-called ISACs, non-profit organizations that gather information on cyber threats and share them between the private and public sectors, is another solution. In a positive sign that a global response is emerging, Japan and the U.S. have begun collaborating between the ISACs in their respective countries.
4. A secure supply chain requires standards.
Ensuring a robust (digital) supply chain is vital, particularly at a time when COVID-19 is disrupting logistics around the world. Government regulations can only get you so far in this area and it is therefore vital that each company works with its suppliers to ensure they meet the standards it has adopted.
The CoT was set up to be cross-sector by design, representing the supply chain from chip manufacturers to industrial users, and onwards via digital infrastructure and service providers to end users and certification providers. Ensuring responsibility throughout the digital supply chain is a CoT principle and the more it can build trust between the various players, the easier this will become.
5. Supporting SMEs addresses a big gap.
A chain is only as strong as its weakest link, and often that link is a small or medium-sized enterprise (SME) – making sophisticated, often technologically advanced products, but without the resources to protect itself adequately from cybercrime. Their bigger customers can share best practices and advice, but when it comes to recruiting personnel with the requisite skills or buying more modern equipment, some level of public support is often required.
In Japan, METI launched a pilot project last year that brings together insurance companies, security vendors and local chambers of commerce to support SMEs on a regional basis.
