Global standards and International cooperation are essential to reinforcing cybersecurity frameworks, but industry and consumers awareness are also key.
Developing comprehensive policies on cybersecurity (including for Industrial Control Systems) is a continuous priority of public authorities in Japan, the U.S. and the EU.
The Policy and Standards session took place on October 28, 2021, as part of the JP-US-EU ICS Cybersecurity week hosted by the Ministry of Economy, Trade and Industry (METI) of Japan. The session was moderated by the European Commission (DG CONNECT) with the participation of experts from the EU(ETSI), Japan (NICT) and the US (NIST). This session followed a US-JP-EU workshop on this topic held on March 11, 2021, and the EU-JP workshop on IoT Security organized by InDiCo on June 1, 2021.
Each presented the cybersecurity approach and frameworks which have been put in place or are under development in their respective regions.
In particular, the EU presented its report on the EU coordinated risk assessment on cybersecurity in the Fifth Generation (5G) networks and ETSI its extensive family of standards in the Security domain. NIST presented its programs towards industry and consumers targeting IoT Cybersecurity and Computer Security.
Everyone in attendance recognized the development of global standards as an essential part of a solid and efficient policy on cybersecurity, and International cooperation. The sharing of best practices is considered as critical in reinforcing these cybersecurity frameworks.
Common areas of interest were found, which triggered discussion and exchanges, on:
- Risk-assessment-based methodology
- Security-by-design approach
- Preferred (re)use of existing international standards
- Voluntary adoption of cybersecurity framework
- Acknowledgement that cybersecurity approaches cannot fully disconnect the consumer and industrial spaces
Further exchanges of views took place among the panelists and with the audience about the adequate programs to raise awareness among consumers, such as the National Initiative for Cybersecurity Education (NICE) promoted by NIST in the US. It was also discussed how to incentivize good behaviours within the industry.
This seminar contributed to further the sharing of resources and frameworks to foster alignment between the community of experts working on cybersecurity standardization (and particularly on IoT and ICS security) and related certification schemes in the US, Japan and the EU.
We expect this exchange of knowledge and good practices to continue at the next edition of the event in the fall 2022.