Philip Victor, Director of Policy & Interna"onal Coopera"on at the Interna"onal Mul"lateral Partnership Against Cyber Threats (IMPACT)
We work in and depend on a networked world. The internet is highly complex and this dynamic and sophis"cated threat environment places cyber-security beyond the reach of any single en"ty. Organisa"ons must collaborate with governments as well as industry
players to address cyber-security challenges, especially when it comes to cri"cal infrastructure.
Studies and white papers have proven over the years that many government and private industry organisa"ons have made considerable investments in public-private partnerships.
Now it is up to ITU-IMPACT to explain that more can be done to expand these public-private partnerships within the countries’ Na"onal Infrastructure Protec"on Plans.
Expansion can vary from risk and incident management to informa"on sharing and privacy
policies, interna"onal coopera"on, capacity building, research, and awareness programmes.
Risk management: Government and industry could u"lise exis"ng interna"onal standards and work through consensus-building bodies such as ITU-IMPACT to develop and strengthen interna"onal standards for cyber-security. Government and industry need to
recognise that their risk management perspec"ves stem from different roles and responsibili"es.
SECURITY & DEFENCE AGENDA
As Director of Policy & Interna"onal Coopera"on at the Interna"onal Mul"lateral Partnership Against Cyber Threats (IMPACT), Philip Victor oversees the development of IMPACT’s rela"onships between partners in the industry, interna"onal
organisa"ons, academia and governments. He is also responsible for the Centre for Training & Skills Development,
designing and delivering training courses to cyber-security professionals and prac""oners worldwide.
Prior to joining IMPACT, Victor led training and outreach courses for a na"onal cyber-security agency. He headed na"onal cyber-security programmes focused on increasing awareness for all internet users. Victor also spearheaded na"onal capacity-building programmes and successfully reduced the ra"o of
cyber-security professionals to internet users. Through these ini"a"ves, he also increased the number of cyber-security professionals in Cri"cal Na"onal Informa"on Infrastructure Protec"on-related organisa"ons.
He has over 19 years in the field of Informa"on Technology and 10 years in cyber-security related industries.
Public-private coopera!on in cyber-security
OP-ED
26
Incident management: Governments could fully establish industry’s seat in the integrated response centre and begin evalua"on processes to ensure growth and visibility of the private sector. Industry could ensure a long-term plan to fill the watch centre seats, and par"cipants could report lessons learned from collabora"ve exercises as soon as possible so that improvement measures are undertaken in a "mely manner.
Informa!on sharing and privacy policies: Government and industry could clearly ar"culate informa"on needs and effec"vely promote informa"on sharing to address those needs;
informa"on sharing for cyber-security purposes should be transparent and should comply with fair principles of prac"ce. Government could therefore consider how it can share more classified and sensi"ve informa"on, par"cularly the pieces of informa"on that would help the private sector defend its systems. Interna"onal coopera"on enables government to create a plaGorm, on which the various stakeholders such as interna"onal organisa"ons or industries could come together and collaborate, thereby reinforcing the knowledge and tools that will ensure a safer, more secure cyberspace.
This plaGorm could also contribute to the formula"on of new policies and the harmonisa"on of na"onal laws around a variety of issues rela"ng to cyber-threats, including cybercrimes. The public-private partnership should be used to create an authen"c na"onal cyber-security research and development plan with priori"sed, na"onal-level objec"ves and a detailed road map that specifies the respec"ve roles of each partner. The implementa"on road map could be regularly reviewed and adjusted accordingly at a pre-determined "me by the stakeholders involved.
The cyber-security vulnerabili"es in cri"cal infrastructure pose risks to na"onal security, public safety and economic prosperity. It is essen"al to coordinate na"onal ini"a"ves focused on cyber-security awareness, educa"on, training, and professional development.
Countries should be encouraged to spread and share cyber-security competence throughout the na"ons and build an agile and highly skilled workforce capable of responding to a dynamic and rapidly developing array of threats. The public-private partnership could incorporate policies and relevant programmes to enhance cyber-security public awareness and educa"on, which would increase the number of science and technology students gradua"ng each year and in turn, boost the number of cyber-professionals available to both government and business.
ITU-IMPACT’s global partnership now embraces over 200 industry, academia and interna"onal organisa"ons coming together to enhance the global community’s capability
and capacity to combat cyber-threats. As the cyber-security execu"ng arm of ITU, IMPACT is entrusted with the task of providing cyber-security support and services to ITU’s member states and other organisa"ons within the UN system.
With 144 countries now part of the ITU-IMPACT coali"on, ITU-IMPACT is one of the largest cyber-security organisa"ons in the world and has been an important plaGorm bridging public and private sectors within its partner countries in handling cyber-security ma#ers.
With the increasing complexi"es of cyber-a#acks and the con"nuously evolving threat
landscape, it is impera"ve that any endeavour towards mi"ga"ng those risks be con"nuously supported.
SECURITY & DEFENCE AGENDA
Where cyber-security is heading
27
ITU-IMPACT enacts private-public partnership in carrying out ini"a"ves and ac"vi"es in various areas of cyber-security – assis"ng partner countries including the least developed and developing countries to have affordable access to state-of-the-art cyber-defence strategies and programmes such as capacity building programmes, CIRT (Computer Incident Response Team) readiness assessments, CIRT implementa"on, vulnerability assessments, deployment of scholarships, cyber drills, academic partnerships – with purposely designed goals: to improve awareness, enhance workforce structures, and ensure workforce development in cyber-security. We at ITU-IMPACT are always open to work with global counterparts who share our vision of enhancing formal cyber-security programmes.
Through shared ideas and concepts these partnerships will s"mulate the development of innova"ve new cyber-security programmes.
SECURITY & DEFENCE AGENDA
Public-private coopera!on in cyber-security
28
Original Photo Source: WordPress.com