• Cybersecurity requires sustained international collaboration.
  • Effective, outcome-focused regulation will develop a higher common baseline for cybersecurity globally.
  • The World Economic Forum has launched the Pathways to a Cyber-Resilient Aviation Sector report, which offers a common language to encourage collective initiatives to increase cyber-resilience across aviation.

As technology grows more intrinsic to everyday life, from the citizen through to the operations of critical national infrastructure, the importance of cybersecurity is becoming increasingly recognized all around the world.

While industry sectors operate in different contexts, many of the most prominent online challenges are not unique to a single country. When it comes to tackling these global cyberthreats, working with international partners can have benefits for resilience.

By coordinating regulatory approaches so that common high standards of cybersecurity practice can be applied across industries and borders, national authorities can help secure international supply chains and create a safer digital world for citizens globally.

Rising cybersecurity threat

The coronavirus pandemic has posed new challenges around the world, including in cyberspace. While technology has enabled many organizations to continue operating remotely, it has also brought new challenges associated with securing devices and data. Cybercriminals are taking advantage of our common fears in scam messages, which are designed to trick users into sharing sensitive information or downloading malware.

Ransomware attacks have become increasingly common in recent years, with attackers now shifting their model of attack to include threatening the confidentiality of data as well as disrupting its availability. Victims need to consider the threat of their sensitive data being exposed to the world, and the risks of reputational damage. Ransomware is often a visible symptom of a more serious network intrusion, so it is vital that the right security protections are implemented to reduce the chance of a compromise in the first place.

Another challenge is posed by how interconnected cyber-physical systems are, from the smart appliances used in our homes to industrial control systems. Working out how safety requirements for this technology can be integrated with security needs is vital for assessing how cyberattacks might have physical, real-world outcomes.

International collaboration and effective regulation

When it comes to defending ourselves from common cyberthreats, taking an international, multistakeholder approach helps countries and sectors benefit from and build on each other’s successes. Cybersecurity is a team sport that is most effectively addressed together, and global collaboration and information-sharing are vital for our communal defence from criminal activity.

Good cybersecurity principles in one country or industry are often very applicable in another, and effective, joined-up regulation can play a vital role in improving global standards. Establishing a higher common baseline of cybersecurity practices across industries is vital for preventing threat actors with low sophistication. And rather than international organizations facing multiple regulatory approaches and standards, coordination can harmonize and improve performance standards across Critical National Infrastructure (CNI) sectors.

The Cyber Assessment Framework (CAF) developed by the UK’s National Cyber Security Centre (NCSC) – a part of GCHQ – is a positive example of what national authorities can do to spearhead flexible regulatory approaches to cybersecurity.

The framework does not offer a rigid checklist of cybersecurity controls, but instead offers a set of cybersecurity and resilience principles that are applicable to a range of organizations across multiple sectors. The CAF has been designed to align with a number of internationally recognized cybersecurity frameworks (such as the NIST Cybersecurity Framework), and to enable assessments to draw on evidence of compliance from a range of established cybersecurity standards.

The UK’s Civil Aviation Authority (CAA), engaging closely with the aviation sector, incorporated the use of the Cyber Assessment Framework for Aviation into its regulatory oversight regime for cybersecurity in 2019. Importantly for the CAA, the CAF for Aviation is outcome-based, scalable and can be applied to various technologies (IT and OT) and organizational implementations to support safe and secure outcomes. This removes duplication for the regulated entity and the regulator, and provides a consistent view of the cybersecurity risk across the sector.

By ensuring that organizations adopt sufficient measures to mitigate some of the most common threats they face, the CAF for Aviation will help them become harder targets for adversaries.

What is the World Economic Forum doing on cybersecurity

The World Economic Forum's Centre for Cybersecurity is leading the global response to address systemic cybersecurity challenges and improve digital trust. We are an independent and impartial global platform committed to fostering international dialogues and collaboration on cybersecurity in the public and private sectors. We bridge the gap between cybersecurity experts and decision makers at the highest levels to reinforce the importance of cybersecurity as a key strategic priority.

Our community has three key priorities:

Strengthening Global Cooperation - to increase global cooperation between public and private stakeholders to foster a collective response to cybercrime and address key security challenges posed by barriers to cooperation.

Understanding Future Networks and Technology - to identify cybersecurity challenges and opportunities posed by new technologies, and accelerate forward-looking solutions.

Building Cyber Resilience - to develop and amplify scalable solutions to accelerate the adoption of best practices and increase cyber resilience.

Initiatives include building a partnership to address the global cyber enforcement gap through improving the efficiency and effectiveness of public-private collaboration in cybercrime investigations; equipping business decision makers and cybersecurity leaders with the tools necessary to govern cyber risks, protect business assets and investments from the impact of cyber-attacks; and enhancing cyber resilience across key industry sectors such as electricity, aviation and oil & gas. We also promote mission aligned initiatives championed by our partner organizations.

The Forum is also a signatory of the Paris Call for Trust and Security in Cyberspace which aims to ensure digital peace and security which encourages signatories to protect individuals and infrastructure, to protect intellectual property, to cooperate in defense, and refrain from doing harm.

For more information, please contact us.

The UK input, alongside other global industry and aviation specialists, into the WEF Aviation Report has been essential to highlight key systemic cyber-risks in order to prioritize and define pathways to anticipate and mitigate the impact from future digital shocks.