The World Economic Forum (WEF) is set to launch its new Global Centre for Cybersecurity (GCC) in March. It’s an effort to provide resources and guidance to WEF members and other partners on ever-pressing issues of global cybersecurity.
After the WEF announcement at its January forum, Department of Homeland Security (DHS) Secretary Kristjen Nielsen said the department was committed to work with the center.
“DHS is taking an increasingly active role in protecting the American people from the range [of] cybersecurity threats, whether state or nonstate based,” noted a DHS press statement. “Recognizing that an organization’s risk doesn’t end at the network’s edge, among other efforts, DHS is prioritizing expanded information sharing with the private sector.”
Global Centre Focus
The GCC will operate with five focus areas—current WEF cybersecurity initiatives; a resource repository of cybersecurity tools; an education/training effort for public and private sectors; a recommendation apparatus for regulatory frameworks; and a “scenario planning” component.
Daniel Dobrygowski, head of governance and policy at the GCC, spoke to Homeland411 about the scope and direction the Geneva-based center will embrace when it officially launches next month.
“The way we got to these five [focus areas] was to sort of validate it with partners that we’ve worked with over the last six or seven years, specifically on the cybersecurity topic,” Dobrygowski said. These partners include WEF member companies, in addition to participating international and government organizations, as well as universities in the United States, Europe, and Asia.
Among the current projects is WEF’s Cyber Resilience initiative, which began with a partnership beginning in 2011, Dobrygowski said. The initiative was designed to raise awareness among CEOs and business leaders about cyber security strategies.
“That developed into a body of work that we did in 2017 where we developed the first of their kind board tools for cyber resilience,” he said. This was 2017’s Cyber Resilience: Playbook for Public-Private Collaboration, a “dialog tool” of more than a dozen policy areas requiring greater public/private sector cooperation and transparency. Dobrygowski also said they continue building a cybercrime component to ensure information sharing between the public and private sector.
When it comes to the resource repository, he noted that one of the goals is a “library of cyber knowledge” that includes tools developed through WEF.
“The idea there is to be a platform for members of the cybersecurity center to come together and get most up to date, best knowledge on the topic, again, from a neutral party,” Dobrygowski said. “We’re not selling anything, nor do we have a particular policy angle that we’re advocating for, other than the fact that security in this space is a public good.”
GCC education and training efforts, he added, would be an attempt to help governments—as well as those in a chief information security officer (CISO) role—to understand responsibilities in the cybersecurity arena and its importance in overall government and business culture. Dobrygowski said it’s still taking shape but is designed to “create opportunities for governments who either don’t have a national digital or national cyber strategy to meet up with representative governments who do have one and get a better sense of how that would work.”
This is particularly important in countries where Internet connectivity is in its earlier stages and access for citizens is limited. “It’s a good time to get all their cybersecurity practices as good as they can,” Dobrygowski said.
Regarding regulatory frameworks, GCC will look at it from a “best practices” standpoint, he added.
“This fourth body of work … will do research on what are effective policies, what policies actually increase security, and how do they impact other values that they might have,” Dobrygowski said. “And then [it would] make recommendations for governments and for the private sector to work together to develop further policies that suit their context—suit their particular values that they’re trying to uphold.”
The scenario planning component will put it all together. Dobrygowski referenced corporate-level scenario planning, where information technology professionals might try to develop scenarios to “break” the company and gather company leadership to address such a scenario.
“Our idea is to kind of look at that—look at those scenarios five, ten, or more years down the road where they have a systemic impact … to get the people who need to work together—in order to avoid or mitigate the worst kind of cyber threats—in the room thinking these things through,” he said. What are the specific scenarios around, for example, [a] ‘smart city’ in five-to-ten years?”
Join the Discussion
As WEF is a membership organization, WEF members will have the opportunity to be part of the GCC.
“We’re looking at companies who are leaders in this space,” Dobrygowski said. “They’re not necessarily just what you expect—sort of technology and cybersecurity companies—but companies throughout the variety of industries that get the topic, understand the implications, [and are] doing cybersecurity right.”
Dobrygowski added, however, that WEF is “policy neutral” and governments are welcome contributors to this work, even though they’re not necessarily WEF members.
The issue is also more than technical; it’s about leadership, he said. And as a global organization, this means leadership that crosses a number of varying jurisdictions around the world—full of different ideas and sometimes conflicting values.
“We’ve developed ways to … surface those values that may be in conflict,” Dobrygowski said. “Our effort is to bring all of those people together, who are already thinking the same way, that we need to have some norm entrepreneurship and get them all sitting at the same table talking about this topic in a way that’s actionable, and in a way that’s productive.”
© 2018 Homeland411
Click here to subscribe to the Homeland411 weekly newsletter.