The Paris Call Working Group 6 co-chaired by Cigref and Kaspersky, with expert support from GEODE, has delivered its analytical report introducing concrete tools to enhance ICT supply chain security. After 6 months of international multi-stakeholder discussions, it publishes this collective work for the 2021 Paris Peace Forum.
The Working Group 6 (WG6) was launched in March 2021 as part of the Paris Call for Trust and Security in Cyberspace and united more than 30 members representing different governments, industries, academia and civil society. The WG6 focused on the Information Communication Technology (ICT) supply chain security and the set of related frameworks, measures, and good practices.
Under co-chairman of Cigref, digital association of major French companies and public administrations, and Kaspersky, a leading cybersecurity company, with expert support from GEODE, a research center focusing on the geopolitics of the datasphere, the main goal was to close the knowledge and implementation gap by providing policy-makers and industry with concrete proposals for stronger ICT supply chain security. The WG6 based its work on existing principles and recommendations produced by the Organisation for Economic Co-operation and Development (OECD) in its report on “Enhancing the digital security of products” published in February 2021.
The report by WG6 creates a matrix with pragmatic actions areas for each stakeholders and illustrates steps which actors can do already now to create a positive security and economic impact throughout ICT supply chains. This matrix shows the needed contribution and action areas of all stakeholders, including regulatory bodies, international institutions, demand and supply actors. The report also provides a mapping of existing frameworks and identifies both good practices and policy gaps.
Among policy gaps and areas for further work, the WG6 stresses on ensuring harmonization across emerging national regulatory and industry approaches, creating incentives for stronger security in modern ICT products and services, and further enhancing ICT supply chain transparency by both public and private sector.
« In the context of an alarming increase in cyberattacks and particularly supply chain attacks, which could lead us to a kind of chaos, our working group on securing the digital supply chain coordinated by Cigref with Kaspersky and Géode was particularly rich and enlightening given the diversity of the players involved. After studying a large number of initiatives, we found that there is a great deal of fragmentation and a need to strengthen and bring to fruition existing approaches, particularly in terms of global security standards. The matrix on the areas of action also shows the roles and responsibilities that should make this space more secure, not only those of the States, but also and increasingly those of the major publishers and private actors providing digital services.
Arnaud Coustillière, Cigref representative for the Paris Call
“For us it has been a great journey working with Cigref, GEODE and a truly multistakeholder Paris Call community. We are proud to share with a wider public our results to bring concrete tools for building stronger ICT supply chain security across borders. We wanted to show that for emerging regulatory and industry approaches, it is important to ensure their harmonization and cooperate with each other to maximize our chances for greater security”.
Eugene Kaspersky, CEO of Kaspersky
The public report is available today on the Paris Call website.
About the Paris Call
The Paris Call for Trust and Security in Cyberspace, launched by President Macron in November 2018, promotes a multi-stakeholder approach to the regulation of cyberspace in collaboration with States, private sector entities and civil society organizations. The Paris Call is now the largest international, multi-stakeholder initiative on cybersecurity with 1 100 supporters from all regions of the world. Learn more at https://pariscall.international/en/.
About Cigref
Created in 1970, Cigref is a non-profit organisation representing the largest French companies and public administrations, exclusively users of digital solutions and services, which supports its members in their collective thinking on digital issues. Cigref’s 152 members represent 1700 billion in cumulative sales, 9 million employees supplied internally with IT solutions and services by more than 200,000 professionals. Our association works, for the benefit of its members, in favour of a sustainable, responsible and trustworthy digital environment. Learn more at www.cigref.fr.
About Kaspersky
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 250,000 corporate clients protect what matters most to them. Kaspersky has been one of the early signatories of the Paris Call for Trust and Security in Cyberspace and supported the second edition of the global Paris Peace Forum in 2019. Learn more at www.kaspersky.com
About GEODE
GEODE (Geopolitics of the Datasphere) is a research and training center at the University of Paris 8 dedicated to the study of the impact of digital transformation on the strategic environment. It has been selected for a “Center of Excellence for International Relations and Strategy” label by the French Ministry of the Army. Its scientific ambition is twofold. On the one hand, to use the resources of the datasphere for geopolitical analysis, i.e. to develop tools to collect, process, and exploit the large masses of data relating to the datasphere, and to propose the development of new methods for mapping physical spaces based on the fusion of spatialized and non-spatialized data. And on the other hand to study the datasphere as a geopolitical object in its own right. Learn more at https://geode.science/en/home-2/