Cybersecurity threats are transnational by definition and, as such, can only be effectively countered through cooperative mechanisms. The G7 can provide a critical boost by promoting the development and implementation of multilateral regulatory frameworks.
In an era of unprecedented technological advances, digital transformation is revealing its enormous potential, but also posing new challenges. In essence, it represents a catalyst for innovation, driving advances that improve productivity and foster economic growth. Harnessing its transformative power thus promises to unlock new opportunities, solve complex challenges, and ultimately shape a more inclusive and sustainable future for humanity.
Advertising
However, rapid technological progress has ushered in a new era of interconnection and interdependence, in which nations increasingly rely on digital systems and networks to power their economies and safeguard their national security. In this sense, the intersection of technological advances and the amplification of geopolitical tensions has highlighted the multiple threats that countries face. Cyberattacks, in particular, have become more sophisticated, transcending national borders and making collaboration and alliances between nations necessary to protect against such threats.
These challenges have led international actors – both public and private – to intensify their efforts to protect their data and digital assets. Nations are devising and implementing various risk management strategies. Data demonstrates that the most effective and resilient cybersecurity policies and approaches are those that are tailored to specific security risks and requirements. Organizations must adopt the most appropriate cybersecurity measures for the challenges they face, based on a careful risk assessment. This requires the adoption of internationally recognized cybersecurity frameworks and standards that are relevant across sectors to reinforce coherence and continuity between interconnected sectors along global supply chains.
A primary objective of this new multilateral cooperation must be the adoption of interoperable policy frameworks that promote international harmonization in cybersecurity. The G7 can provide a critical boost to this cooperation by encouraging the development and implementation of consensus-based regulatory frameworks and risk management best practices. A commitment to these cyber risk management approaches can advance economic and cyber security in the digital ecosystem.
Previous G7 initiatives
Recognizing the ever-changing landscape of global cyber threats, the G7 has sought to adopt measures to address these challenges, with particular attention to the financial sector.
In 2015, the G7 Cyber Expert Group (G7 CEG) was created as a multi-year working group responsible for coordinating cybersecurity policy and strategy among G7 member countries. The G7 CEG also serves as a channel to share information, establish a common understanding of the threat landscape, and facilitate incident response through the application of risk mitigation measures. To do this, the CEG of the G7 organize annual incident response exercises and quadrennial cross-border cyber drills. Also prepare reports on specific cybersecurity issues relevant to the financial sector.
In October 2016, were published the G7 Cybersecurity Fundamental Elements for the Financial Sector (G7FE). The objective was to improve the resilience of the financial system by providing a set of cybersecurity practices and helping private and public entities develop and implement cybersecurity policies and operational frameworks. During the German G7 presidency, the G7 CEG elaborated two other reports that established fundamental elements for risk management. The G7 Fundamental Elements of Ransomware Resilience for the Financial Sector contains specific recommendations for financial market players, focused on how they can address the growing threat of ransomware attacks. ransomware (a type of malware that prevents access to devices and the data stored on them, usually by encrypting the files).
Additionally, the G7 Fundamental Elements for Third Party Cyber Risk Management in the Financial Sector address the new cybersecurity risks derived from the growing use of service providers by financial institutions. Private and public entities in the financial sector have increasingly turned to third-party relationships to support their business operations, leading to a notable increase in the use of ICT providers in recent years. However, reliance on third parties must be accompanied by robust third-party risk management to address ICT supply chain risks for individual companies. Systemic cyber risks to the financial sector may need to be addressed with a broader and more holistic approach involving stakeholders from all sectors of society, from governments, supervisors, financial and technology companies. During Japan’s Presidency in 2023, the Ministerial Declaration of the G7 Digital and Technology Ministers’ Meeting, held before the Hiroshima Summit, addressed several important digital security issues beyond the financial sector. These included the need for international cooperation to provide secure and resilient digital infrastructures to developing and emerging economies, given their increasing dependence on digital technology.
The Institutional Partnership Agreement (IAP) was approved by the G7 governments at Hiroshima 2023. The IAP is an international mechanism to operationalize the Trusted Free Flow of Data (DFFT) and represents an advance in the cross-border circulation of data. Given that today’s global digital economy is fueled by data, the integration of both privacy and security measures for personal and sensitive data is essential to safeguard it against possible cyberattacks. Otherwise, they could become vulnerable targets for exploitation for other purposes.
By bringing together governments and stakeholders, the IAP aims to guarantee “principled, solution-oriented, evidence-based, multilateral and cross-sectoral cooperation.” The IAP is based in the OECD and consists of a Secretariat, located within the OECD, and project-based Working Groups, bringing together government officials, stakeholders and experts.
In addition to the G7 initiatives, although comparatively limited in scope compared to them, some actions in the context of the G20 are also worth mentioning. For example, the G20, under the leadership of India, adopted non-binding High Level Principles aimed at strengthening security, resilience and trust in the digital economy to support businesses.
The United Nations is another important global player. The UN Security Council met on April 4, 2024, specifically to address issues related to cybersecurity. Hosted by the Republic of Korea and co-sponsored by Japan and the United States, the session delved into the topic of “Evolving Cyber Threat Landscape and its Implications for Maintaining International Peace and Security.” The discussion highlighted the narrowing gap between low-intensity, economically motivated cybercrimes and large-scale disruptive cyberattacks, underlining the urgent need for further action.
Looking to the future
There are three areas where the G7 can do more to address cybersecurity issues. Firstly, it can intensify its support for current attempts to harmonize cybersecurity strategies among its Member States with a view to broader agreements in broader multilateral bodies such as the G20 and the UN. Secondly, it should support efforts to establish common criteria for assessing the trustworthiness of digital service providers that facilitate the cross-border flow of data. Third, in pursuing this goal, it should promote broader and more systematic engagement of key stakeholders, including key industry players as well as other cybersecurity, data protection and privacy experts.
The G7 should therefore consider undertaking new initiatives aimed at reaching a common understanding of what constitutes digital trust, with the aim of establishing a multilateral framework based on shared criteria of trustworthiness. This framework would address cybersecurity, privacy and national security concerns, while providing governments with a common basis for assessing the trustworthiness of companies providing digital services and infrastructure such as cloud computing.
To this end, the G7 could ask the DFFT Group to form a workstream that focuses on the technical work needed to develop a multilateral framework on reliability. It should call for the creation of a working subgroup of experts within the DFFT with the task of drawing up possible criteria for assessing the reliability of digital service providers. The G7 should also create a group ad hoc of the G7 at ministerial level to evaluate these criteria with a view to moving forward and adopting a specific multilateral framework.
The G7 should also provide a forum to discuss and undertake initiatives to foster cooperation between national bodies responsible for developing cybersecurity strategies. All G7 members have created cybersecurity organizations to address cyber threats. Harmonizing their strategies would go a long way to addressing transnational cyberattacks. The G7 can act as a key promoter of closer cooperation between national cybersecurity agencies through activities such as joint assessment of risks associated with new technologies, sharing best practices and coordinating standardization efforts.
Article translated from English from the website of the Affari International Institute.
Activity subsidized by the Ministry of Foreign and Global Affairs.
Add Comment