Paris Call Working Group 6: Kaspersky, Cigref, GEODE and multi-stakeholder community bring concrete tools for stronger ICT supply chain security
November 2021 by Kaspersky
The Paris Call Working Group 6, co-chaired by Kaspersky and Cigref, with expert support from GEODE, has delivered its analytical report introducing concrete tools to enhance ICT supply chain security. After six months of international multi-stakeholder discussions, it publishes this collective work for the 2021 Paris Peace Forum.
The Working Group 6 (WG6) was launched in March 2021 as part of the Paris Call for Trust and Security in Cyberspace and united more than 30 members representing different governments, industries, academia, and civil society. The WG6 focused on the Information Communication Technology (ICT) supply chain security and the set of related frameworks, measures, and good practices for the security of ICT products and services.
Kaspersky and Cigref, the digital association of major French companies and public administrations, with expert support from GEODE, a research center focusing on the geopolitics of the datasphere, joined forces to close the knowledge and implementation gap by providing policy-makers and industry with concrete proposals for stronger ICT supply chain security. The WG6 based its work on existing principles and recommendations produced by the Organisation for Economic Co-operation and Development (OECD) in its report on “Enhancing the digital security of products” published in February 2021.
The report by WG6 creates a matrix with pragmatic actions areas and illustrates steps which actors can do now to create positive security and economic impacts throughout ICT supply chains. This matrix shows the needed contribution and action areas of all stakeholders, including regulatory bodies, international institutions, as well as demand and supply actors. The report also provides mapping of existing frameworks and identifies both good practices and policy gaps. Among policy gaps and areas for further work, the WG6 stresses on ensuring harmonisation across emerging national regulatory and industry approaches, creating incentives for stronger security in modern ICT products and services, and further enhancing ICT supply chain transparency by both public and private sector.
Eugene Kaspersky, CEO of Kaspersky, added: “We are pleased to finally share the results of our joint efforts with Paris Call supporters and beyond. As a global tech-company, our mission is to inspire our community to build a safer digital world in a sustainable and most effective way, and to help them be better informed regarding the tools they can use to enhance their cybersecurity resilience.”
Arnaud Coustillière, Cigref representative for the Paris Call said: "In the context of an alarming increase in cyberattacks and particularly supply chain attacks, which could lead us to a kind of chaos, our working group on securing the digital supply chain coordinated by Cigref with Kaspersky and Géode was particularly rich and enlightening given the diversity of the players involved. After studying a large number of initiatives, we found that there is a great deal of fragmentation and a need to strengthen and bring to fruition existing approaches, particularly in terms of global security standards. The matrix on the areas of action also shows the roles and responsibilities that should make this space more secure, not only those of the States, but also and increasingly those of the major publishers and private actors providing digital services. The report is publicly available and can be accessed here.
About the Paris Call
The Paris Call for Trust and Security in Cyberspace, launched by President Macron in November 2018, promotes a multi-stakeholder approach to the regulation of cyberspace in collaboration with States, private sector entities and civil society organisations. The Paris Call is now the largest international, multi-stakeholder initiative on cybersecurity with 1 100 supporters from all regions of the world. Learn more at https://pariscall.international/en/.
Kaspersky is a global cybersecurity company founded in 1997. Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky technologies and we help 250,000 corporate clients protect what matters most to them. Kaspersky has been one of the early signatories of the Paris Call for Trust and Security in Cyberspace and supported the second edition of the global Paris Peace Forum in 2019.
Created in 1970, Cigref is a non-profit organisation representing the largest French companies and public administrations, exclusively users of digital solutions and services, which supports its members in their collective thinking on digital issues. Cigref’s 152 members represent 1700 billion in cumulative sales, 9 million employees supplied internally with IT solutions and services by more than 200,000 professionals. Our association works, for the benefit of its members, in favour of a sustainable, responsible and trustworthy digital environment. Learn more at www.cigref.fr.
GEODE (Geopolitics of the Datasphere) is a research and training center at the University of Paris 8 dedicated to the study of the impact of digital transformation on the strategic environment. It has been selected for a “Center of Excellence for International Relations and Strategy” label by the French Ministry of the Army. Its scientific ambition is twofold. On the one hand, to use the resources of the datasphere for geopolitical analysis, i.e. to develop tools to collect, process, and exploit the large masses of data relating to the datasphere, and to propose the development of new methods for mapping physical spaces based on the fusion of spatialised and non-spatialised data. And on the other hand to study the datasphere as a geopolitical object in its own right. https://geode.science/en/home-2/