The global financial crisis is not the only thing worrying the world’s elite as they convene in this snowy alpine resort for the World Economic Forum. Cyber security is high on the agenda of both government and executives at some of the world’s biggest companies. With good reason. A former CIA director recently observed that we are building our future on the Internet, an asset that we have not yet learned to protect.
The level of connectivity is increasing exponentially and presents substantial opportunities for business, government and individuals. The bad news is in addition to being more dependent on our digital assets we are more interdependent on each other and the chain is only as strong as its weakest link.
Tools and rules need to be developed to prevent a cyber meltdown. And the World Economic Forum wants to play a key role in forging them. On Friday January 27 the Forum will announce an initiative called the Partnership for Cyber Resilience, a set of shared principles signed by chief executives of some of the world’s biggest companies and governments which recognizes the need for joint action on cyber security.
The IT division of the World Economic Forum began collecting signatures this week and convened a private meeting on the topic at the Central Sport hotel in Davos Thursday morning . The early morning breakfast gathering attracted C-suite executives from some of the world’s biggest technology companies, as well as key government officials from Europe and Japan.
The goal is for the forum to also bring in utilities and companies from the health and other sectors, says Alan Marcus, senior director, head of IT and telecom industries at the World Economic Forum. “Today with the Occupy movement there is anti-business sentiment,” says Marcus. “This is a chance for business to take actions that can be seen as positive steps.”
The meeting kicked off with the screening of a short film that some in the audience would readily describe as a horror movie. The film told the story of a multinational that was brought to its knees by the introduction of malware into its system by an unsuspecting employee.
As dramatic as this film and some other scenarios discussed over coffee were, participants were reminded that the plot lines of Hollywood movies sometimes do come true. Just as Wall Street’s masters of the universe thought they had derivatives under control, so too could cyber breaches – spin out of control and spread globally.
While the Japanese government feels it is more secure to store data in the cloud so that it can be retrieved in the event of a tsunami breaches – like high profile cases involving Sony and Dropbox in the past year- are raising questions about whether companies can be trusted with consumers’ data.
Governments, such as the European Commission, are trying to figure out ways to ensure that companies act responsibly. But, companies are worried that the legislation may be misguided and be out of date before it goes into effect.
“We want to help close the gap and help forge public-private partnerships,” says Marcus.
So just what are companies and governments signing up to when they sign their names to the Forum’s document? For the moment it is a core set of principles. But the idea is that these principles could develop into something more concrete, such as a good housekeeping seal of approval for both companies and governments operating in cyberspace. What might that look like? Under one scenario being discussed any entity – whether it be government or business – that deals with personal or corporate data would commit to regularly upgrading the security of their technology and agree to audits, in order to ensure that they have taken every reasonable measure to protect not just their own business but suppliers and consumers. Suppliers would also be required to undergo cyber security audits.
The big five accounting firms might even provide this service as a new line of business. Just as corporations know they must comply with Sarbanes Oxley, their compliance with cyber security should be discussed at the board level and detailed in annual company reports.
“What we need is not a NATO but a WHO that would oversee the health of the Internet,” says Brian Behlendorf , a well-known figure in the open source software movement who now serves as a technology adviser to the World Economic Forum.
Still to be decided if what happens if a company does everything that it is supposed to and there is still a data breach. Should they be exonerated from the kind of large financial fines that European Commission Vice President Viviane Reding is proposing?, And will consumers who entrust their data to sites that don’t have the seal of approval do so at their own risk? Clearly this issue will remain on the world's and the World Economic Forum's agenda for some time.