Cybersecurity is clearly an issue for national security. 3 organizations have created a joined set of recommendations for governments.
- represents the digital technology industry in Europe
- Japan Electronics and Information Technology Industries Association
- Information Technology Industry Council
The recommendations are:
- Develop cyber security policies in a transparent manner and with relevant stakeholder input.
- Enable risk management and innovation.
- Develop and implement cyber security policies in partnership with the private sector.
- Encourage the development and use of globally recognized, industry-led, voluntary consensus
security standards, best practices, assurance programs, and conformity assessment schemes.
- Ensure the use of globally standardised tests and certification.
- Ensure that cyber security requirements are technology-neutral.
- Ensure that cyber security requirements allow for procurement of technologies regardless of
the country of origin or the nationality of the technology vendor.
- Ensure that any cyber security requirements avoid forced transfer or review of intellectual
property (IP), such as source code.
- Limit any prescriptive requirements to areas of the economy that are highly sensitive, such as
government intelligence and military networks.
- Strengthen institutions, and develop contingency plans and cyber security strategies.
- Focus on criminals and their threats.
- Focus on education and awareness.
This is good news for information security industry, ie. to address cybersecurity with a mature approach. It encourages to use standards and best practises. The issue is difficult. But also there are tools and methods to address this. The solution is not only to create one security unit for this, but to involve stakeholders, which we have many, in the process. Information security professionals are needed to guide and educate stakeholders into a mature approach.
The information is also available at EurActiv.