USCIB members made important contributions at the April 8 inaugural meeting in Paris of a special OECD Experts Group convened to consider possible revisions the OECD’s 2002 “Guidelines for the Security of Information Systems and Networks.” They said the principles set forth in the 2002 guidelines remain relevant, but should be updated and supplemented to reflect the complexity of today’s world, the broader range of actors involved, and increased need for coordination and cooperation.
The group, led by Joe Alhadeff, vice president and chief privacy officer with Oracle (who serves as vice chair of USCIB’s ICT Policy Committee as well as chair of BIAC’s Technology Committee), included representatives from AT&T, Centre for Information Policy Leadership,Cisco, DLA Piper, Intel, Juniper Networks, and Verizon, supported by Barbara Wanner, USCIB’s vice president for ICT policy.
In particular, USCIB members urged that a number of concepts be incorporated into any update of the OECD Guidelines. These include the following:
- Information security policies should be developed on a global, voluntary, consensus basis.
- Government policies should be “technology neutral,” focusing on the desired process or security-related outcome, and avoid dictating or mandating any specific technology solution or product
- In order to enable continued innovation, policy makers should not unnecessarily restrict the cross-border flow of technologies.
- In light of industry’s fundamental role in the digital economy, public-private partnerships should be a key feature of national policy as well as ongoing information security discussions at the international level.
- Fostering a trusted, global, and interconnected digital economy requires participation by all countries in a global dialogue aimed at harmonizing policy approaches to security.
The meeting also addressed the importance of establishing a risk-based approach to security as a centerpiece of the OECD Guidelines. In addition, while the language should be “high-level” in scope, participants agreed that the guidelines also should include sufficient information enabling policy makers to inform those at the operational level how to implement the concepts.
The Experts Group will continue its work for the better part of 2013, using online capabilities to facilitate dialogue as well as meeting on the sidelines of other OECD or international gatherings. The group will present its final report of recommendations at the December 2013 meeting of the OECD’s Working Party on Information Security and Privacy.
USCIB’s CEO on Cybersecurity Podcast
Against the backdrop of rising concern over cyber-security, USCIB President and CEO Peter M. Robinson took part in a recent video chat looking at what policy makers and business executives need to know to address the threat.
Organized by Lumension, a leading provider of endpoint management and security, the chat addressed personal privacy, espionage, cyber-warfare, and existing or planned regulation in the U.S. and elsewhere. Robinson discussed some of the main international efforts to address cyber-security and related issues, and the broad principles at stake.
Other participants included Pat Clawson, Lumension’s chairman and CEO, Richard M. George, senior advisor for cyber-security at the Johns Hopkins University Applied Physics Laboratory, and Richard Stiennon, founder and analyst with IT Harvest.
You can access a podcast of the video chat by clicking here.
Staff contact: Barbara Wanner