WEF-回應(yīng)白宮關(guān)于統(tǒng)一網(wǎng)絡(luò)安全法規(guī)的請(qǐng)求_第1頁(yè)
WEF-回應(yīng)白宮關(guān)于統(tǒng)一網(wǎng)絡(luò)安全法規(guī)的請(qǐng)求_第2頁(yè)
WEF-回應(yīng)白宮關(guān)于統(tǒng)一網(wǎng)絡(luò)安全法規(guī)的請(qǐng)求_第3頁(yè)
WEF-回應(yīng)白宮關(guān)于統(tǒng)一網(wǎng)絡(luò)安全法規(guī)的請(qǐng)求_第4頁(yè)
WEF-回應(yīng)白宮關(guān)于統(tǒng)一網(wǎng)絡(luò)安全法規(guī)的請(qǐng)求_第5頁(yè)
已閱讀5頁(yè),還剩28頁(yè)未讀, 繼續(xù)免費(fèi)閱讀

下載本文檔

版權(quán)說(shuō)明:本文檔由用戶提供并上傳,收益歸屬內(nèi)容提供方,若內(nèi)容存在侵權(quán),請(qǐng)進(jìn)行舉報(bào)或認(rèn)領(lǐng)

文檔簡(jiǎn)介

SystemsofCyberResilience:ElectricityInitiative

Responsetothe

WhiteHouse’sRequest

onHarmonizing

CybersecurityRegulations

WHITEPAPER

OCTOBER2023

Images:GettyImages

Contents

Executivesummary

3

1AbouttheSystemsofCyberResilience:ElectricityInitiative

4

2TheGlobalRegulationsWorkingGroup

5

3TheWhiteHouserequestforinformationoncybersecurityregulatory6

harmonization

3.1Conflictinginternationalcybersecurityrequirements

7

3.2Sectortoprioritizeforregulatoryharmonization

8

3.3Internationaldialoguesonharmonization

9

3.4Ongoinginternationalinitiatives

10

3.5Regulatoryreciprocityexamples

11

Conclusion

12

Contributors

13

Annex1:Relatedpublications

15

Endnotes

16

Disclaimer

Thisdocumentispublishedbythe

WorldEconomicForumasacontribution

toaproject,insightareaorinteraction.

Thefindings,interpretationsand

conclusionsexpressedhereinarearesult

ofacollaborativeprocessfacilitatedand

endorsedbytheWorldEconomicForum

butwhoseresultsdonotnecessarily

representtheviewsoftheWorldEconomic

Forum,northeentiretyofitsMembers,

Partnersorotherstakeholders.

?2023WorldEconomicForum.Allrights

reserved.Nopartofthispublicationmay

bereproducedortransmittedinanyform

orbyanymeans,includingphotocopying

andrecording,orbyanyinformation

storageandretrievalsystem.

ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations2

October2023

ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations

Executivesummary

On19July2023,theWhiteHouseOfficeofthe

NationalCyberDirector(ONCD)oftheUnitedStates(US)issuedarequestforinformation(RFI)1about

harmonizingcybersecurityregulationsgloballyand

ensuringregulatoryreciprocitybetweencountries.

ThisRFIisanextensionofthegoalsoutlinedintheUSNationalCybersecurityStrategy,2whichaimstosynchronizenotjustregulationsandguidelinesbutalsotheevaluationandinspectionprocessesfor

regulatedentities.Itmarksprogressononeofthe69initiativesunveiledinJulyaspartoftheUSNationalCybersecurityStrategyImplementationPlan.

InSeptember2022,theWorldEconomicForum

SystemsofCyberResilience:ElectricityInitiative

(SCRE)community3hadidentifiedglobalregulatoryinteroperabilityasoneofitskeyfocusareas,

andhadsetuptheGlobalRegulationsWorkingGrouptofacilitateinteroperabilityofglobalcyberregulationsintheelectricitysector.

Thisworkinggrouptacklesthechallengesof

complex,industryandsectoragnostic,fragmented,inconsistent,andsometimesconflictingregulations.

Thesesiloedregulationslackandprevent

interoperability,resultinginincreasedcostsandinefficienciesaslimitedresourcesaredivertedtoaddresscompliancechallengesinsteadof

directlyaddressingsectorialandorganizationalcybersecurityposture.

GivenSCRE’suniqueglobalvantageandexpertiseaswellasitsongoingworkonthistopic,the

communityhascometogethertoproducethis

whitepapertoanswerquestionsintheinternationalsection(Section9)oftheRFI.Thissectionaddressescybersecurityrequirementconflicts,prioritysectorsandregions,internationaldialogues,ongoing

internationalinitiativesandregulatoryreciprocity.

TheSCREcommunitywelcomesandsupportsONCD’sregulatoryharmonizationeffort.Its

recommendationsfortheONCDareasfollows:

–ContinueONCD’songoingeffortstoincrease

globalregulatoryinteroperability,increasesecurityandreducecosts.

–Prioritizesecurityovercompliancebyadoptingarisk-basedapproach.

–Engageprivate,publicandcivilsociety

stakeholdersfromtheearlieststagesofthepolicyandregulatoryprocesses.

–Leverageexistinginternationaltechnical

standardsestablishedbynon-government

bodiessuchastheInternationalOrganizationforStandardization(ISO)andtheInternationalElectrotechnicalCommission(IEC).

–Participateininternationaldialoguesandinternationalinitiativesoncybersecurity.

ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations3

1

AbouttheSystems

ofCyberResilience:

ElectricityInitiative

Since2018,theWorldEconomicForum’sSystemsofCyberResilience:ElectricityInitiative(SCRE)hasbroughttogethergloballeadersfrommorethan

60electricityutilities,energyservicescompanies,

regulatorsandotherrelevantorganizations,to

collaborateanddevelopaclearandcoherentglobalcybersecurityvisionfortheelectricityecosystem.

SCREistheonlyglobal,electricity-industry

specific,multistakeholderpublic-private

partnershipwherecybersecurityleaders

collaborateandimproveecosystem-widecyberresilienceintheelectricitysector.

Thisinitiativeprovidesaforumforglobalelectriccompaniesand

premierindustrypartnerstotaketheleadindrivingincreasedmaturityandcapabilitytoaddresscyberthreatsallnationsarefacing.

TomWilson,SeniorVice-PresidentandChiefInformationSecurityOfficer,SouthernCompany,USA

ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations4

2

TheGlobalRegulations

WorkingGroup

RegulatoryinteroperabilityisoneofthekeyfocusareasoftheSCREanditsGlobalRegulations

WorkingGroup.

Theworkinggroupaddressesthecomplexities

ofregulatorychallengesthatspanacrossthe

electricitysector,characterizedbyfragmentation,

inconsistencyandoccasionalconflicts.These

regulatoryhurdleshindertheachievementof

globalinteroperability,leadingtoheightenedcosts,inefficienciesandmissedopportunitiesasresourcesareredirectedtotackleregulatoryissuesrather

thanenhancingsector-specificandorganizationalcybersecuritypostures.Thekeyinsightsofthe

workinggrouphavebeen:

1.Theevolutionofthecyberthreatlandscapehasledtoanincreaseincybersecurity

regulationsglobally.

2.Globalregulationsarefragmentedand,in

somecases,conflicting,whichincreasescostsandinefficienciesandimpactscybersecurity

throughtheopportunitycostsofdivertinglimitedresources.

3.Organizationshavehadtotakehard,risk-basedapproachesrangingfrommanagingregulatorycomplexitiestoexitingcertainmarkets.

4.Regulationsneedtoprioritizesecurityover

compliancebyadoptingarisk-basedapproach.

Theworkinggrouphastakenthefollowingpositionsonthekeyglobalregulatorythemesidentified:

1.Complianceandenforcement:Global

commitmenttoprioritizesecurityovercompliance.

2.Dataprotectionandprivacy:Global

commitmenttosupportdataprotection

andprivacyregulationssuchastheGeneralDataProtectionRegulation(GDPR)ofthe

EuropeanUnion(EU).

3.Informationsharing:Globalcommitmenttocreateanduseacommoninformation-sharingprotocolandtaxonomyworldwide,andto

supporttherespectiveelectricityinformationsharingandanalysiscentres(ISACs).

4.Incidentresponseandreporting:

Globalcommitmenttoadoptacommon

andefficientinternationalincidentreportingtaxonomyandrequirements.

5.Cybersecurityhygieneinternalpoliciesandprocedures:Globalcommitmenttoestablishbasiccyberhygieneprinciplesspecifictotheelectricitysector.

6.Penetrationtesting:Globalcommitmentto

regularinternalpenetrationtestingwhichincludesoperationaltechnology(OT)penetrationtesting.

7.Vulnerabilitydisclosureandmanagement:Globalcommitmenttosectorialdisclosureofvulnerabilityamongclosedgroupsofsector-specific,pre-authorizedentities.

8.Riskassessmentandmanagement:Globalcommitmenttoapplyingriskassessment

methodologyconsistentlyacrossbothinformationtechnologyandoperationaltechnologyenvironments.

9.Third-partyriskmanagement:Global

commitmentthateveryorganizationinthe

supplychainmustconsiderandberesponsibleforthecybersecurityofitsscopeofwork.

10.Adoptionofexistinginternationalstandardsversuscreationofunique,national(or

regional)standards:Globalcommitmentto

adoptionofexistinginternationalstandardsthatarematuresuchasISO27001andIEC62443.

Theworkinggroupwillfurtherelaboratethese

positionsandisscheduledtopublisha“FacilitatingGlobalInteroperabilityofCyberRegulationinthe

ElectricitySector”paperon15November2023.

ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations5

3

TheWhiteHouse

requestforinformationoncybersecurity

regulatoryharmonization

On19July2023,theWhiteHouseOfficeofthe

NationalCyberDirector(ONCD)announceda

requestforinformation(RFI)oncybersecurity

regulatoryharmonizationandregulatoryreciprocity.TheRFIbuildsonthecommitmentsmadeinthe

WhiteHouseNationalCybersecurityStrategyto

“harmonizenotonlyregulationsandrules,butalsoassessmentsandauditsofregulatedentities.”

TheRFIadvancesoneofthe69initiativesthat

theUnitedStatesNationalCybersecurityStrategyImplementationPlanannouncedinJuly.

GiventheSCRE’suniqueglobalperspectiveandproficiencyinthisfield,thecommunityhasshareditscollectiveknowledgeinthiswhitepaper.Theaimistoprovidepreciseresponsestoinquiries

intheinternationalsection(Section9)oftheRFIstatedbelow:

9.International–ManyregulatedentitieswithintheUnitedStatesoperateinternationally.InarecentreportfromthePresident’sNationalSecurity

TelecommunicationsAdvisoryCouncil(NSTAC),theNSTACnotedthatforeigngovernmentshavebeenimplementingregulatoryregimeswith“overlapping,redundantorinconsistentrequirements…”

FactSheet:OfficeoftheNationalCyberDirectorRequestsPublicCommentonHarmonizingCybersecurityRegulations–RequestforInformationonCyberRegulatoryHarmonization

A.Identifyspecificinstancesinwhich

USfederalcybersecurityrequirementsconflictwithforeigngovernment

cybersecurityrequirements.

B.Aretherespecificcountriesorsectorsthatshouldbeprioritizedinconsideringharmonizingcybersecurityrequirementsinternationally?

C.Whichinternationaldialoguesareengagedinworkonharmonizingoraligning

cybersecurityrequirements?Whichwouldbethemostpromisingvenuestopursuesuchalignment?

D.Pleaseidentifyanyongoinginitiativesbyinternationalstandardsorganizations,

tradegroupsornon-governmental

organizationsthatareengagedin

internationalcybersecuritystandardizationactivitiesrelevanttoregulatorypurposes.Describethenatureofthoseactivities.

Pleaseidentifyanyexamplesofregulatoryreciprocitywithinaforeigncountry.

E.Pleaseidentifyanyexamplesof

regulatoryreciprocitybetweenforeigncountriesorbetweenaforeigncountryandtheUnitedStates.

ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations6

3.1

A.Conflictinginternationalcybersecurityrequirements

IdentifyspecificinstancesinwhichUSfederalcybersecurityrequirementsconflictwithforeigngovernmentcybersecurityrequirements.

Governmentagenciesworldwidethatcreate

cybersecurityrequirementsforindustry,including

thoseoftheUS,frequentlyadoptdistinct

approachestoaddressidenticalorsimilarsetsofcybersecuritychallengesduetotheabsenceofaglobalconsensus.Thisleadstocomplex,industryandsectoragnostic,fragmented,inconsistentandsometimesconflictingregulations,whichlackandpreventmutualinteroperability.

Theevolutionofthecybersecuritythreatlandscape

andregulators’reflexiveresponsetotighten

regulationsexacerbatestheproblem.Organizationsareforcedtodivertlimitedresourcestoaddress

regulatorycompliancechallengesinsteadoffocusingontheircybersecurityposture.Inadditiontoalackofconsensusoncyberrequirements,alackof

consensusexistsonwhoorwhatisinthescopeoftheseregulations(e.g.varyingcriticalinfrastructuresectordesignations,differentregulationsbringingvarioussystemsintoscope,etc.)

Today’sdigitaleconomytranscendsnational

boundaries,requiringrobustandunifiedinternationalcybersecuritystandardstoensurethatmultinationalcompaniesarebestequippedtorespondtonew

threatsbymaliciousactorsastheyarise.

Assuch,businessesaroundtheworldlookto

standardssetbynon-governmentbodiessuchastheInternationalOrganizationforStandardization

(ISO)andtheInternationalElectrotechnical

Commission(IEC)forguidanceonabroadrangeofcybersecurityissuesandasbenchmarksforglobalbestpractices.Whendifferentregulatorsusewidelyrecognizedinternationaltechnicalstandards–suchastheISO/IEC27000seriesofinformationsecuritycontrolsandtheIEC62443seriesofindustrial

controlsystemcontrols—toinformtheirpolicies,

itnotonlysetsahighstandardofsecurityfor

companiestoadheretobutalsolowerscostsand

assuresinteroperabilitywithotherregulatoryregimes.

Conversely,whendifferentregulatorsandpolicy-makersusetheirownlocalstandardsandlawsasareferenceforestablishingcybersecurity

requirements,itcontributestothegrowing

fragmentationoftheglobaldigitalpolicylandscape,inturnundulyraisingcompliancecostsformulti-

jurisdictionalcompaniesanddivertingresourcesfromsoundcyber-riskmanagementactivities.

Thecurrentsiloedapproachtocybersecurity

regulationhasnotledtoamoresecureglobal

digitaleconomy.ItiswellknownfromthePrisoner’sDilemmaproblemingametheorythatstakeholdercooperationoncybersecurityregulationswill

increasesecurityoftheglobaldigitaleconomy.

However,theinherentchallengehasalwaysbeen:whowillmovefirst?Itisimperativetoresolveandmakeprogressonthiscooperationissue.

Examplesofdivergingcybersecurityregulations

canbefoundinnationalcybersecuritylabelling

programmessuchasthoseoftheUS,EUand

Singapore.Asmoreandmoreproductsreleasedinthemarketrequireinternetconnectivity,the

surfaceareaofcyberriskstoconsumershas

increasedtremendously.Toaddressthisconcern,severalgovernmentshaveannouncedplansto

developtheirowncybersecuritylabellingschemes.Forexample,Singapore’sCyberSecurityAgencyfirstlauncheditsCybersecurityLabellingScheme(CLS)4in2020tosetsecurityratinglevelsthat

buyersofsmartdevicescouldusetomake

informedchoices.InSeptember2022,theEU

proposeditsCyberResilienceAct5toestablish

commonsecuritystandardsforproductswith

digitalelementsconnectedtoadeviceornetworkinEUmember-states.Andlastly,inJune2023,theBidenadministrationannouncedanewUSCyber

TrustMark6programmetobeledbytheFederal

CommunicationsCommissionwithverysimilar

elementstotheSingaporeanandEuropeanmodels.

Thesethreecyberlabellinginitiativessharethe

commongoalofprovidingassurancetoconsumersthattheproductstheypurchaseareequipped

withadequatesafeguardstoprotectthemfrom

cyberharms,buttheyhavedifferentscopesand

specificrequirements.Recognizingsectoraland

jurisdictionalnuancesinthethreatlandscape,

themostsensibleapproachindevelopingthese

nationalcybersecuritylabelsistobasethemin

internationalconsensus-basedtechnicalstandardssoastoensuremaximuminteroperability.

TheSCREcommunitywelcomesandsupports

theregulatoryharmonizationeffortbytheONCD

andrecommendsthattheycontinuetheirefforts

towardsglobalregulatoryharmonizationtoincreaseinteroperability,enhancesecurityandreducecosts.

ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations7

3.2B.Sectortoprioritizeforregulatoryharmonization

Aretherespecificcountriesorsectorsthatshouldbeprioritizedinconsideringharmonizingcybersecurityrequirementsinternationally?

Asrenewableenergygrows,theseassumptionsmustberevisited.Likewise,differingcybersecurityreportingrequirementsapplytoUSnaturalgas

infrastructureandUSelectricityinfrastructure

—yetthesesystemsareintrinsicallylinked,withnaturalgasprovidingthesinglelargestsourceofenergytotheelectricitysector.

Furtherchangeisalreadyunderwayinthe

electricitysector.AIoffersnewcapabilitiesthat

willbeappealingtoattackersandessentialto

defenders.AIenablescybersecuritymonitoring

thatcandetectandrespondtoattackswith

machine-likespeeds,butitremainsunclearhow

regulatoryregimeswillembraceorconstrainAIininfrastructure.GenerativeAIislikelytobeabusedbyattackersseekingtocraftmoreeffectiveattacks—potentiallyproducingmorebelievablephishingattacks,bypassingmalwaresignaturedetection

orloweringtheskillrequiredtotranslatemaliciousintentintoaction.

TheEUhasbyfarbeenthemostactivein

proposingandadvancinglegislationand

regulationsforemergingtechnologiesand,as

such,hasbecomeade-factostandardsetterfordigitalpolicy,asillustratedbythewidespread

adoptionofdataprotectionlawsmodelledafter

theGDPR.TheUSshoulduseeveryavenue

ofdialogueandcooperationtoencourageand

supporttheEUtoalignitspoliciesmorecloselytowidelyrecognizedtechnicalstandardsbasedoninternationalconsensus(whilealsoensuringthatUSdomesticpoliciesaregroundedininternationalconsensus-basedtechnicalstandards).

Forexample,thenewlyproposedCyberResilienceActoftheEUmadenoreferencetointernational

standards.Onthecontrary,theEUmandated

theEuropeanstandardsorganizationstodevelopEuropeanharmonizedstandardstodemonstratecompliancewiththeCyberResilienceAct.This

regionalizationofcybersecuritystandardsdefiestheconsensusontheneedforinternational

standardsandintensifiestheburdenonglobal

companiesbyforcingthemtoconformtomultipleassessmentsindifferentmarkets.Inresponse,theUSshouldworkthroughbilateralandmultilateralforatoencourageEuropeanalignmentwith

internationalstandardstosafeguardtheglobalcompetitivenessofindustriesandprotecttheattractivenessoftheEuropeanmarket.

TheUS,EUandotherjurisdictionscanwork

towardsmutualrecognitionofcybersecurity

requirements.Nuancesindifferentjurisdictionsunderstandablycreatedifferentpriorities

forpolicy-makerstomanageandlegislate.

Nevertheless,localnuanceneednotrendertwo

Sector:Electricity

Cybersecurityhasbecomeincreasinglyimportant

intheelectricitysector.Severalconvergingtrends

contributetoanescalatingriskenvironment:

digitized,networkeddevicesnowpermeate

energyinfrastructure;attacksoninfrastructure

haveescalated;theenergytransitionisshifting

thesectorawayfromthehistoricbusinessmodels

thatregulationstakeforgranted;aninternetof

things(IoT)composedofnetworkedconsumerand

industrialdevicesbridgesphysicalanddigitalrealms;

andartificialintelligence(AI)offersnewandpowerful

capabilitiestodefendersaswellasattackers.

Electricalinfrastructureiscriticalinfrastructure.

TheSCRE

community

highlightsthe

electricitysectorasasector

toprioritize

forachieving

interoperabilityofcybersecurityrequirements

internationally.

Withoutreliableelectricitygeneration,transmission

anddistribution,otherpartsoftheeconomy

cannotfunction.

Digitizationhasmadeelectricalinfrastructure

moreefficientwhileloweringitscarbonintensity.

Renewableenergytechnologiescannotfunction

withoutdigitalmanagementtosmoothenvariable

inputs.Manyfuturetechnologies,business

modelsandelementsofpublicinfrastructure

relyondigitizedequipment,includingelectric

vehicles,distributedgenerationandsmartcities.

Atthesametime,networked,digitalequipment

isrelativelynew.Cybersecuritypracticesacross

theindustryarenotuniformlymature.The

interconnectednatureoftheUSelectricgrid

meansthattheconsequencesofasuccessful

cyberattackononepartofthegridcould

propagateacrosstheentirephysicalinfrastructure.

Attacksagainsttheelectricitysectorcontinue

toescalate.Federalagencieshaverepeatedly

identifiedpersistent,sophisticatedthreatsthat

havepenetratedelectricitysectororganizations,

sometimeswithoutthoseorganizationsbecoming

awarethattheyhavebeencompromised.Some

oftheseattackshavebeenattributedtogroups

withnation-statebacking.InAugust2023,

theInternationalEnergyAgencyreportedthat

cyberattacksonutilitieshadmorethandoubled

from2020to2022.7Surveysofcybersecurity

professionalslikewiseshowincreasedconcern

aboutcyberattackstargetingindustrialcontrol

systems–suchasthoseoperatingtheelectricity

infrastructureincountriesincludingtheUS.8

Governmentagenciesthatcreatecybersecurity

requirementsforindustryintheUSandelsewhere

havenotkeptpacewithchangesintheenergy

sector.Forexample,federalregulationsintheUS

electricitysectorfocusonbulkdistribution.This

wasappropriateinanerawhenlarge,centralized

generationwasthedominantbusinessmodel.

ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations8

setsofcybersecurityrequirementsincompatible.Cybersecuritystandardsshouldbeinteroperableacrossjurisdictions,withabaselineleveloftrust.Astheinternetknowsnoborders,jurisdiction-

specificcybersecuritystandardswithoutcross-borderinteroperabilityandmutualrecognitionarecounterintuitiveandcounterproductive.

3.3C.Internationaldialoguesonharmonization

Whichinternationaldialoguesareengagedinworkonharmonizingoraligningcybersecurityrequirements?Whichwouldbethemostpromisingvenuesto

pursuesuchalignment?

issues,includingthoseofregionalandinternationalsignificance.Theplatformenabledtheexchangeofinformationoncyberthreatsanddeliberationsoncyberdefenceandsecuritycollaboration.Itplayedapivotalroleindeepeningbilateralcooperation.

Thetwosidesagreedtoamplifydomestic

cybersecuritymeasuresthroughacomprehensivewhole-of-governmentapproach,underliningthecriticalityofJapan-UScollaborationincombatingcyberthreats.

TheEU-USCyberDialogue9

TheEU-USCyberDialogueisanencouraging

forum,butitisunclearhoweffectiveorsuccessful

ithasbeen.Between2014and2022,theEUand

theUShaveheldeightcyberdialoguestoaddress

andcoordinateoncybersecurityissues,foster

internationalcollaborationandmutualunderstanding,

andmakecybersecuritypracticesmoreconsistent

acrossthetwojurisdictions.Thematurityofthis

dialoguemakesitapromisingvenueforpromoting

greateralignmentoncybersecuritypolicy,though

itscurrenttrackrecorddoesn’tshowmuchvisible

TheSCRE

community

encourages

policy-makers

andregulators

toparticipate

ininternationaldialogueson

cybersecurity

toimprovethe

cross-border

interoperabilityofregulations,

whichcan

enhancesecurityandlowercosts.

France-UnitedKingdomCyberDialogue11

FranceandtheUnitedKingdomheldtheir

fourthcyberdialogueinParison11May2023.Bothcountriesreiteratedtheircommitment

progress.Bothjurisdictionsshouldtakeadvantage

ofthisplatformtofindcommongroundtoreachtheir

cybersecurityobjectivesandbasetheirrespective

policyagendasoninternationalstandardssuchas

theISO/IEC27000andIEC62443series.

tocollaborateinthefieldofcyberspaceto

promotesecurityandstabilityinaninclusive,

US-JapanCyberDialogue10

On1May2023,Tokyoplayedhosttothe8th

Japan-USCyberDialogue,asignificantevent

aimedataligninginternationalcyberpoliciesand

strengtheningcybersecuritymeasuresbetweenthetwocountries.Variousministriesandagenciestookpart,focusingonextensivediscussionsonbilateraloperationalcybersecuritycooperation,domestic

cyberpolicies,andJapan-UScooperationoncyber

non-fragmentedandsecurecyberspace.Theydiscussedtheiranalysisofthethreatandsharedthelatestdevelopmentsintheirrespective

cybersecuritypolicies.Thetwocountriesalso

talkedabouttheirprioritiesforongoingdiscussionsinvariousmultilateralforaanddiscussedthe

implementationofajointinitiativetoaddress

thethreatfromcommercialcyberproliferation.

Additionally,theydiscussedthestrengtheningofbilateralcoordinationinresponsetocyberthreats.

ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations9

3.4D.Ongoinginternationalinitiatives

Pleaseidentifyanyongoinginitiativesbyinternationalstandardsorganizations,trade

groupsornon-governmentalorganizationsthatareengagedininternationalcybersecuritystandardizationactivitiesrelevanttoregulatorypurposes.Describethenatureofthose

activities.Pleaseidentifyanyexamplesofregulatoryreciprocitywithinaforeigncountry.

oftenincludeprotocolsandframeworksthat

enhancecybersecuritymeasures,suchas

encryption,authenticationandnetworksecurity.

Regulatorybodiesandorganizationsoftenrefer

toIETFstandardswhenformulatingcybersecurityregulations,astheyarewidelyrecognizedand

trustedintheindustry.IETFalsocollaborateswithotherorganizationsandstakeholderstoaddress

cybersecuritychallengesanddevelopsolutionstoensureasecureandresilientinternetinfrastructure.

InternationalOrganizationforStandardization

(ISO)andInternationalElectrotechnical

Commission(IEC)

TheISOandIECaretheworld’sleadingstandard-

settingbodies.WhiletheISOoverseesstandards

developmentacrossawidevarietyofindustries,the

IECspecializesinstandardizingsectorsrelatedto

electrical,electronicandrelatedtechnologies.Each

hasawell-establishedtrackrecordfordefining

industrynormsandbenchmarksthatareusedby

companiesaroundtheworld.

ConnectivityStandardsAlliance(CSA)17

TheISO/IEC27000serie

溫馨提示

  • 1. 本站所有資源如無(wú)特殊說(shuō)明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請(qǐng)下載最新的WinRAR軟件解壓。
  • 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請(qǐng)聯(lián)系上傳者。文件的所有權(quán)益歸上傳用戶所有。
  • 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁(yè)內(nèi)容里面會(huì)有圖紙預(yù)覽,若沒(méi)有圖紙預(yù)覽就沒(méi)有圖紙。
  • 4. 未經(jīng)權(quán)益所有人同意不得將文件中的內(nèi)容挪作商業(yè)或盈利用途。
  • 5. 人人文庫(kù)網(wǎng)僅提供信息存儲(chǔ)空間,僅對(duì)用戶上傳內(nèi)容的表現(xiàn)方式做保護(hù)處理,對(duì)用戶上傳分享的文檔內(nèi)容本身不做任何修改或編輯,并不能對(duì)任何下載內(nèi)容負(fù)責(zé)。
  • 6. 下載文件中如有侵權(quán)或不適當(dāng)內(nèi)容,請(qǐng)與我們聯(lián)系,我們立即糾正。
  • 7. 本站不保證下載資源的準(zhǔn)確性、安全性和完整性, 同時(shí)也不承擔(dān)用戶因使用這些下載資源對(duì)自己和他人造成任何形式的傷害或損失。

最新文檔

評(píng)論

0/150

提交評(píng)論