Paris Call Working group 6: Cigref, Kaspersky, GEODE and multistakeholder community bring concrete tools for stronger ICT supply chain security

12 novembre 2021 | ACTUALITÉS, Cigref in english, Communiqués

The Paris Call Working Group 6 co-chaired by Cigref and Kaspersky, with expert support from GEODE, has delivered its analytical report introducing concrete tools to enhance ICT supply chain security. After 6 months of international multi-stakeholder discussions, it publishes this collective work for the 2021 Paris Peace Forum.

The Working Group 6 (WG6) was launched in March 2021 as part of the Paris Call for Trust and Security in Cyberspace and united more than 30 members representing different governments, industries, academia and civil society. The WG6 focused on the Information Communication Technology (ICT) supply chain security and the set of related frameworks, measures, and good practices.

Under co-chairman of Cigref, digital association of major French companies and public administrations, and Kaspersky, a leading cybersecurity company, with expert support from GEODE, a research center focusing on the geopolitics of the datasphere, the main goal was to close the knowledge and implementation gap by providing policy-makers and industry with concrete proposals for stronger ICT supply chain security. The WG6 based its work on existing principles and recommendations produced by the Organisation for Economic Co-operation and Development (OECD) in its report on “Enhancing the digital security of products” published in February 2021.

The report by WG6 creates a matrix with pragmatic actions areas for each stakeholders and illustrates steps which actors can do already now to create a positive security and economic impact throughout ICT supply chains. This matrix shows the needed contribution and action areas of all stakeholders, including regulatory bodies, international institutions, demand and supply actors. The report also provides a mapping of existing frameworks and identifies both good practices and policy gaps.

Among policy gaps and areas for further work, the WG6 stresses on ensuring harmonization across emerging national regulatory and industry approaches, creating incentives for stronger security in modern ICT products and services, and further enhancing ICT supply chain transparency by both public and private sector.

« In the context of an alarming increase in cyberattacks and particularly supply chain attacks, which could lead us to a kind of chaos, our working group on securing the digital supply chain coordinated by Cigref with Kaspersky and Géode was particularly rich and enlightening given the diversity of the players involved. After studying a large number of initiatives, we found that there is a great deal of fragmentation and a need to strengthen and bring to fruition existing approaches, particularly in terms of global security standards. The matrix on the areas of action also shows the roles and responsibilities that should make this space more secure, not only those of the States, but also and increasingly those of the major publishers and private actors providing digital services.

Arnaud Coustillière, Cigref representative for the Paris Call

“For us it has been a great journey working with Cigref, GEODE and a truly multistakeholder Paris Call community. We are proud to share with a wider public our results to bring concrete tools for building stronger ICT supply chain security across borders. We wanted to show that for emerging regulatory and industry approaches, it is important to ensure their harmonization and cooperate with each other to maximize our chances for greater security”.

Eugene Kaspersky, CEO of Kaspersky

The public report is available today on the Paris Call website.


About the Paris Call

The Paris Call for Trust and Security in Cyberspace, launched by President Macron in November 2018, promotes a multi-stakeholder approach to the regulation of cyberspace in collaboration with States, private sector entities and civil society organizations. The Paris Call is now the largest international, multi-stakeholder initiative on cybersecurity with 1 100 supporters from all regions of the world. Learn more at https://pariscall.international/en/.

About Cigref

Created in 1970, Cigref is a non-profit organisation representing the largest French companies and public administrations, exclusively users of digital solutions and services, which supports its members in their collective thinking on digital issues. Cigref’s 152 members represent 1700 billion in cumulative sales, 9 million employees supplied internally with IT solutions and services by more than 200,000 professionals. Our association works, for the benefit of its members, in favour of a sustainable, responsible and trustworthy digital environment. Learn more at www.cigref.fr.

About Kaspersky

Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 250,000 corporate clients protect what matters most to them. Kaspersky has been one of the early signatories of the Paris Call for Trust and Security in Cyberspace and supported the second edition of the global Paris Peace Forum in 2019. Learn more at www.kaspersky.com

About GEODE

GEODE (Geopolitics of the Datasphere) is a research and training center at the University of Paris 8 dedicated to the study of the impact of digital transformation on the strategic environment. It has been selected for a “Center of Excellence for International Relations and Strategy” label by the French Ministry of the Army. Its scientific ambition is twofold. On the one hand, to use the resources of the datasphere for geopolitical analysis, i.e. to develop tools to collect, process, and exploit the large masses of data relating to the datasphere, and to propose the development of new methods for mapping physical spaces based on the fusion of spatialized and non-spatialized data. And on the other hand to study the datasphere as a geopolitical object in its own right. Learn more at https://geode.science/en/home-2/ 

Critères de décisions RSE à intégrer dans les projets IT : l’outil d’évaluation disponible !

Peut-on encore, en 2023, lancer un projet SI sans se préoccuper de sa contribution à la RSE et de son impact Numérique Responsable ? Quelles sont les bonnes questions à se poser pour justement, engager un tel projet en toute connaissance de cause ? Et d’ailleurs,...

Réagir à une cyberattaque massive : Gérer les conséquences d’une crise d’origine cyber

Le risque cyber est aujourd’hui considéré comme le risque le plus élevé par la plupart des organisations et entreprises. Le travail d'intelligence collective présenté dans ce rapport a donc pour objectif de mettre à disposition des lecteurs des éléments très concrets...

Élaborer et mettre en place la stratégie data : Gouvernance et Architecture Data & Analytics

Le Cigref publie, sous forme de rapport, le résultat des travaux de son groupe de travail sur le thème « Gouvernance et architecture data », co-piloté par Alice Guéhennec, Chief Digital & Information Officer du groupe SAUR et à Patrick Mahu, architecte...

Mise en application du Digital Market Act

Le Digital Market Act ou DMA, réglementation européenne sur laquelle le Cigref s’est beaucoup impliqué au cours de ces dernières années, entre en application à compter d’aujourd’hui, mardi 2 mai 2023. Télécharger le communiqué de presse Maintenant que le DMA...

Cloud Migration Strategies: a structural challenge for companies

Cigref publishes a report on the results of the work of its working group on "cloud migration strategies", co-chaired by Jean-Christophe Lalanne, EVP IT at Air France KLM, and Stéphane Rousseau, CIO at Eiffage. This updated version of the first version of the Cloud...