Cybersecurity awareness month wraps up this week in Europe and the U.S., and it’s the perfect time to reiterate that digital transformation will only succeed if people and organizations can rely on the security of data and connected systems. Digitization and cybersecurity must progress in close association.
Security providers are responsible not only for innovating and implementing solutions, but also for building digital trust. Earlier this year, we saw the start of an initiative with great potential to make our digital world more secure and increase trust. This Charter of Trust brings together companies and players from a variety of industries to work with governments to “establish a reliable basis upon which confidence in a networked, digital world can take root and grow.”
There are currently 17 organizations in the Charter of Trust, including IBM. Last February, we signed on to 10 key principles that cover areas such as security by default, education and security responsibility in the digital supply chain. But signing the Charter was merely the start of a collaborative process to improve security. Since then, the partners have broken down the various principles into concrete recommendations and requirements that companies and governments can put in place to improve security.
How the Charter of Trust Is Tackling Security in the Digital Supply Chain
Take, for example, security in the digital supply chain. The digital supply chain for any one service often involves a broad spectrum of players, from component suppliers for industrial products to subprocessors in a cloud service. For critical applications, nine out of 10 players in the supply chain have likely already implemented advanced cybersecurity practices. However, these may differ according to the product or service, leading to increased complexity and risk.
A second tier of suppliers, categorized as lower-risk, are unlikely to be subjected to the same requirements as high-risk suppliers, but still pose a risk to overall security. If any one player falls short in any element of security, the entire supply chain is put at risk. It is the weakest link in the chain that defines its overall strength.
To tackle this challenge, we are working together with other Charter of Trust partners to put security requirements in place for all players in the supply chain across all sectors. Similar work is ongoing across the other nine principles, where we’re identifying pragmatic actions that will establish a baseline for security in the Internet of Things (IoT) environment.
Why Governments and Organizations Must Come Together to Build Digital Trust
The key to the Charter’s success is collaboration. A single company or entity cannot hedge the all-encompassing impact of digitization and cybersecurity and create a greater sense of trust for users on its own; it has to be the result of close collaboration at all levels. In our interconnected world, where we expect that tens of thousands of devices will connect to the internet every second, trust cannot be siloed within borders, sectors or companies. We need coordinated strategies to put in place criteria for security in the IoT environment.
At the heart of the Charter is a desire to “combine domain knowhow and deepen a joint understanding between firms and policymakers of cybersecurity requirements and rules in order to continuously innovate and adapt cybersecurity measures to new threats.” The private-public collaboration will improve the sharing of domain-specific threat information and stimulate common interoperable standards — for example, how threats are categorized in terms of criticality and what syntax is used to describe them. That’s why we continue to invite governments of the world to engage with the Charter of Trust as it develops.
For IBM, being active in the Charter of Trust means we can tangibly contribute recommendations for the security that we know is key to digital transformation, and help drive a collaborative effort to build trust. In the coming months, the Charter of Trust is going on the road to engage with more governments and bring new companies on board, including stops in Washington, D.C., Brussels, Munich, Rome, Tokyo and elsewhere. We look forward to welcoming new and committed partners to the Charter.
If you would like to be a part of this significant initiative, take a look online or attend one of our upcoming global events. As businesses, we must not hold back on building trust.
Vice President, IBM Security, Europe