Building Trust 11 November 2015

Proposed APEC Cybersecurity Framework gains momentum at TEL 52

By Noelle Francesca De GuzmanDirector, Policy and External Engagement

APEC’s forthcoming cybersecurity framework continues to take shape following the recent 52nd Telecommunications and Information Working Group meeting in Auckland, New Zealand, where another round of deliberations has brought forth a draft terms of reference that is currently under review by APEC economies.

Led by the Security and Prosperity Steering Group (SPSG), the proposal has matured conceptually since it was first brought forward at the 51st TEL meeting in May this year. Earlier discussions were kept broad and amorphous but by TEL 52, member economies were much more keen to move away from defining ‘cybersecurity’ to focusing on what can and should be achieved through the framework. Notably, participants agreed that it should accord with APEC’s objectives: facilitating cross-border trade, investment and economic growth.

There is some lingering skepticism on the necessity of a regional framework for cybersecurity, but on the whole, stakeholders at the session saw a role for APEC in promoting dialogue and coordination, addressing policy gaps, and in potentially providing a set of voluntary standards that can perhaps become building blocks for carrying out better cybersecurity mechanisms.

The current draft TOR reflects these sentiments. It seeks to develop a common language for cybersecurity measures, first by collecting existing practices in APEC economies, and putting the best ones into a repository for others to refer to. A similar approach is taken by the US National Institute of Standards and Technology (NIST) framework—an early resource for the SPSG. It also draws from the shared features of several domestic cybersecurity policies presented at the session—by the US, Malaysia, Chinese Taipei, the Philippines and New Zealand: It puts critical infrastructure protection as its first priority, along with partnerships with different sectors, information-sharing, and capacity building.

A decade ago, APEC came up with the Strategy for a Trusted, Secure and Sustainable Online Environment (TSSOE), which fundamentally treats cybsecurity as a means to encourage more people to access and use the Internet. The document, while still deemed highly relevant in today’s times, has thus far been underutilised, and is perceived to have had little influence on domestic cybersecurity agendas. The proposed framework does not abandon the TSSOE but builds upon its principles and focus areas: national strategy development, mutual assistance, and international collaboration, particularly in raising awareness among end-users, incident response and recovery, and research on security measures for new technologies.

The SPSG aims to have the APEC Cybersecurity Framework ready for approval by the 53rd TEL meeting in Peru next year. The bulk of the work will be done intercessionally, with member economies mapping out key aspects of their domestic frameworks onto the agreed reference structure, as well as contributing new work areas for consideration. Thus far, the working group is off to a good start. Underpinning its momentum is a recognition that forward-looking international policies, such as the OECD’s newly revised guidelines, are starting to take a risk-based approach to security amidst a constantly evolving threat landscape, moving away from building walls towards fostering confidence in an open and interconnected environment.

 

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related Posts

Building Trust 21 February 2020

NDSS 2020: The Best in Security Research – For the Good of the Internet

On 23 February, the 27th consecutive Network and Distributed System Security Symposium (NDSS) kicks off in San Diego, CA....

Building Trust 11 February 2020

Every Day Should Be Safer Internet Day

Safer Internet Day is an opportunity for people and organizations around the world to join forces in a series...

Building Trust 28 January 2020

This Data Privacy Day It’s the Little Things That Count

Today we’re celebrating Data Privacy Day, which is all about empowering people and organizations to respect privacy, safeguard data,...