By David Burg. Improving cybersecurity practices is a top national priority for Japan. To better understand the evolving cybersecurity environment and the issues they are grappling with, the Government of Japan, the World Economic Forum, PwC and Palo Alto Networks brought together government, academic, private sector, and other experts to tackle some of the hardest cyber challenges we face. The event was orchestrated by PwC Cybersecurity Advisor, William Saito.
Over 450 attended the Cyber3 Conference, in Okinawa, November 6 and 7, 2015. The event was designed to foster multi-stakeholder engagement in practical policymaking and discussion about pressing views related to cybersecurity and its implications. The attendees were fortunate to hear from an array of cybersecurity experts, current and former government officials, and also from Japan’s Prime Minister Shinzō Abe,
Rather than separate attendees into their stakeholder groups, the conference brought together different stakeholders to work on three core tracks: Cyber Connection; Cybersecurity; and Cybercrime. The conference has published its first report of the meetings, and I wanted to summarize that report for you here given the importance of the issues and the breadth of stakeholders that attended.
The first track – Cyber Connection – was about the Internet of Things (IoT). In particular, discussions focused on the need to (1) identify and educate stakeholders about IoT’s risks and benefits, (2) develop a resilient architecture for the IoT, and (3) govern the IoT in a manner that positively addresses privacy, human rights, and other moral concerns without over-regulating it.
The second track – Cybersecurity – centered on three topics. First, we discussed the extent to which the cyber realm has become another theater for warfare among nation states, and ways stakeholders could begin addressing this development. For example, how can nation states agree to “rules of the road” that limit the damage adversaries inflict on each other? And, how can stakeholders work together to improve attribution capabilities so that nations can actually know attack origins?
The second topic we discussed in this track was security at upcoming Olympics. Walking us through the London security team’s multifaceted approach, the speakers explained that team’s challenges and novel efforts. For example, in addition to installing the expected firewalls, IDS, and anti-virus defenses, the team used big data analysis to sample traffic and identify intrusions. Perhaps most impressive was the close coordination between the cyber team and other security teams, such as the police and physical venue security.
Another novel approach was partnering with the security services of participating countries, which both increased the collective resources and created common cause between the U.K. and non-host nations. Indeed, one clear step the cyber teams should take at future games is creating an on-site center where different governments and stakeholders can share threat intel.
The third part of the Cybersecurity track was a discussion of cyber regulation. As I discussed in one of my blogs, the global legal regimes are materially changing as nations seek to bring their rules in line with their values. Two underlying premises at this session were the need to regulate in a manner that didn’t stifle important innovation, and the hope that countries will be able to develop common solutions and collaboration mechanisms. In addition, speakers addressed the contribution the private sector can make in helping foster that collaboration.
The final track (track three) on Cybercrime tackled four issues. First, we discussed the need for international frameworks to address cybercrime. Early adoption of multi-stakeholder dialogue is critical here. Second, we talked through the challenges we confront because technology can develop faster than policymaking. Third, we explained the need for information-sharing – both between private sector entities and between the public and private sectors. Lastly, we discussed emerging security and privacy challenges and how we can address them.
I recommend reading the full first report. Hopefully, this summary gives you an insight into the conference’s discussions, and I look forward to writing more on these topics in the future. If there’s one major take-away from Okinawa, it’s that the full range of stakeholders must maintain an active dialogue if we’re going to adequately address our global cyber challenges.