Press release: ITAC welcomes the OECD’s new approach to security

Internet Technical Advisory Committee welcomes the OECD’s new approach to security

1 October 2015 – New security guidelines from the Organisation for Economic Co-operation and Development (OECD) recognize the role that digital security risk management plays in protecting economic and social prosperity, and provide recommendations for best practices to be followed by governments, enterprises and individuals.

The Internet Technical Advisory Committee (ITAC) to the OECD, a worldwide coalition of Internet organisations, welcomes the OECD’s Recommendation on Digital Security Risk Management for Economic and Social Prosperity and encourages the adoption of its principles across the global Internet community.

Christine Runnegar, Director, Public Policy at the Internet Society said: “The OECD Recommendation represents a major shift in policy thinking about Internet security: It’s security adapted for a highly interconnected and interdependent global digital economy. Its principles resonate well with the Internet Society’s Collaborative Security approach.”

The principles included in the OECD’s Recommendation reflect a fundamental shift from earlier approaches to cybersecurity. For example, the Recommendation emphasizes that:

  • security is not an end in itself, but rather, a means to protect economic and social prosperity;
  • there is no absolute security – its about reducing risk to an acceptable level taking into account the expected economic and social benefits (e.g. commerce across borders) and the potential impact on others;
  • the importance of protecting human rights and fundamental values while implementing security;
  • the security of the digital economy depends on everyone.

Moreover, the recommendation calls for digital security risk management based on ethical conduct which respects and recognises the legitimate interests of others and society as a whole.

Nigel Hickson, Vice President of UN and IGO Engagement for ICANN welcomed the new security guidelines noting: ”ICANN was very pleased, along with other members of the Technical Community, to be involved in this important work the OECD has taken forward and which reflects the growing importance of the security of the Internet to the global digital economy”.

While security risk management is commonplace among security professionals, the OECD’s new digital security risk management approach provides guidance to leaders and decision makers on how to develop and implement digital security in an open digital environment for economic and social prosperity.

“As an organization that is dedicated to collaboration across borders and that is grounded in universal openness, the IEEE-SA is encouraged by OECD’s Recommendation on Digital Security Risk Management for Economic and Social Prosperity,” said Konstantinos Karachalios, Managing Director of the IEEE Standards Association. “The growing digital security challenges world citizens face today require a pragmatic approach that includes cooperation among all stakeholders to advance innovation and open markets in a secure and trusted framework. Further, it requires a standard for ethical conduct among all parties—from technology developer to end user, as well as the consideration of the ethical impact of ICTs. We applaud the Recommendation’s principles and the guidance it provides to the global Internet community.”

ITAC has been closely involved in the OECD’s work on this recommendation and its preceding work on national cybersecurity strategies[1], providing its unique Internet technical expertise. ITAC is very pleased with the outcome of this work and the new OECD security principles. They are the product of input from governments, civil society, business, the Internet technical community and other experts. As governments around the world develop and update their national cybersecurity strategies, these principles will provide useful guidance.

“OASIS is pleased to have contributed to this updated cybersecurity recommendation. Risk management usually is a cost center; globally shared guidelines and open standards can greatly reduce that cost by enabling secure, widely interoperable data exchanges and transactions,” said Laurent Liscia, CEO and Executive Director, OASIS.

The adoption of these new guidelines also mark the first step on the path to the 2016 OECD Ministerial Meeting on the Digital Economy in Cancún, Mexico.

“The new OECD security guidelines will gain high-level visibility at the June 2016 OECD Ministerial on the Digital Economy”, said Joni Brennan, Kantara Initiative Executive Director. “The OECD’s previous guidance successfully stood the test of time, and we are confident that the refreshed approach to digital risk and security management, too, will provide security guidance to leaders and innovators in the open digital market for the years ahead”.

About ITAC

The Internet Technical Advisory Committee (ITAC) to the OECD brings together the counsel and technical expertise of technically focused organizations, in a decentralized networked approach to policy formulation for the Internet economy. The ITAC contributes constructively to the OECD’s development of Internet-related policies. ITAC primarily contributes to the work of the OECD Committee on Digital Economy Policy (CDEP) its specific working parties such as the Working Party on Communications and Infrastructure Services Policy (CISP) and the Working Party on Security and Privacy in the Digital Economy (SPDE). With more than 25 member organizations from around the world, ITAC provides valuable expertise, input, and experience to OECD consideration of Internet issues, with the aim of promoting the positive role of the Internet for economic growth and social development. ITAC was created after the OECD Ministerial on The Future of the Internet Economy held in Seoul, Korea in June 2008, in recognition of the valuable and mutually beneficial cooperation with the Internet community.

 For further details

[1] Including, OECD Digital Economy Paper: Non-governmental Perspectives on a New Generation of National Cybersecurity Strategies