Mobilize ICT Against Major Cyber Threats
The evolving landscape of cyber threats poses global and ecosystem-wide economic security challenges, and in some instances may constitute a significant danger to human health and safety.
In the most severe scenarios, these challenges will exceed the individual response capabilities of any single company or industry, necessitating efficient coordination among ICT enablers and other relevant stakeholders to respond to high-level threats. CSDE’s members have demonstrated exemplary leadership in the struggle against cyber threats by developing and improving methodologies to share threat information with relevant actors. Public and private sector partners have welcomed such advances, which form the basis of important working relationships throughout the world premised on shared security goals.
However, as of yet, there is no globally accepted operational framework to support rapid mobilization of critical private sector assets that may need to be leveraged to effectively respond and/or recover in the event of a major cyber emergency. Such emergencies may include threats to critical infrastructure, widespread internet and communications ecosystem disruption, or some other mitigatable crisis that rises to the level of national or international significance.
CSDE will adopt an operational framework for mobilization of the ICT sector designed to mitigate particularly grave and widespread cyber-threats:
Action 1. The CSDE will identify categories of cyber threats that in exceptionally grave or widespread circumstances may require the mobilization of the ICT sector.
Action 2. The CSDE will identify assets and capabilities that stakeholders may provide to mitigate each category of threat.
Action 3. The CSDE will adopt an operational framework that defines (1) relevant factors that CSDE members will weigh when deciding whether to mobilize assets and capabilities and (2) flexible response mechanisms that enable private and public stakeholders to coordinate efficiently.
In the event of a catastrophic cyber incident, a unified operational framework for mobilization of the ICT sector is essential to coordinate flexible response mechanisms and distribute responsibilities among stakeholders with clearly defined leadership roles.
The goal is to convene the appropriate set of stakeholders who are best positioned to take the immediate steps necessary to mitigate severe harms caused by distributed attacks.
This framework would streamline industry and government actions in the event of major cyber emergencies, so that precious time is not lost on non-essential, low-priority activities.