版权说明:本文档由用户提供并上传,收益归属内容提供方,若内容存在侵权,请进行举报或认领
文档简介
SystemsofCyberResilience:ElectricityInitiative
Responsetothe
WhiteHouse’sRequest
onHarmonizing
CybersecurityRegulations
WHITEPAPER
OCTOBER2023
Images:GettyImages
Contents
Executivesummary
3
1AbouttheSystemsofCyberResilience:ElectricityInitiative
4
2TheGlobalRegulationsWorkingGroup
5
3TheWhiteHouserequestforinformationoncybersecurityregulatory6
harmonization
3.1Conflictinginternationalcybersecurityrequirements
7
3.2Sectortoprioritizeforregulatoryharmonization
8
3.3Internationaldialoguesonharmonization
9
3.4Ongoinginternationalinitiatives
10
3.5Regulatoryreciprocityexamples
11
Conclusion
12
Contributors
13
Annex1:Relatedpublications
15
Endnotes
16
Disclaimer
Thisdocumentispublishedbythe
WorldEconomicForumasacontribution
toaproject,insightareaorinteraction.
Thefindings,interpretationsand
conclusionsexpressedhereinarearesult
ofacollaborativeprocessfacilitatedand
endorsedbytheWorldEconomicForum
butwhoseresultsdonotnecessarily
representtheviewsoftheWorldEconomic
Forum,northeentiretyofitsMembers,
Partnersorotherstakeholders.
©2023WorldEconomicForum.Allrights
reserved.Nopartofthispublicationmay
bereproducedortransmittedinanyform
orbyanymeans,includingphotocopying
andrecording,orbyanyinformation
storageandretrievalsystem.
ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations2
October2023
ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations
Executivesummary
On19July2023,theWhiteHouseOfficeofthe
NationalCyberDirector(ONCD)oftheUnitedStates(US)issuedarequestforinformation(RFI)1about
harmonizingcybersecurityregulationsgloballyand
ensuringregulatoryreciprocitybetweencountries.
ThisRFIisanextensionofthegoalsoutlinedintheUSNationalCybersecurityStrategy,2whichaimstosynchronizenotjustregulationsandguidelinesbutalsotheevaluationandinspectionprocessesfor
regulatedentities.Itmarksprogressononeofthe69initiativesunveiledinJulyaspartoftheUSNationalCybersecurityStrategyImplementationPlan.
InSeptember2022,theWorldEconomicForum
SystemsofCyberResilience:ElectricityInitiative
(SCRE)community3hadidentifiedglobalregulatoryinteroperabilityasoneofitskeyfocusareas,
andhadsetuptheGlobalRegulationsWorkingGrouptofacilitateinteroperabilityofglobalcyberregulationsintheelectricitysector.
Thisworkinggrouptacklesthechallengesof
complex,industryandsectoragnostic,fragmented,inconsistent,andsometimesconflictingregulations.
Thesesiloedregulationslackandprevent
interoperability,resultinginincreasedcostsandinefficienciesaslimitedresourcesaredivertedtoaddresscompliancechallengesinsteadof
directlyaddressingsectorialandorganizationalcybersecurityposture.
GivenSCRE’suniqueglobalvantageandexpertiseaswellasitsongoingworkonthistopic,the
communityhascometogethertoproducethis
whitepapertoanswerquestionsintheinternationalsection(Section9)oftheRFI.Thissectionaddressescybersecurityrequirementconflicts,prioritysectorsandregions,internationaldialogues,ongoing
internationalinitiativesandregulatoryreciprocity.
TheSCREcommunitywelcomesandsupportsONCD’sregulatoryharmonizationeffort.Its
recommendationsfortheONCDareasfollows:
–ContinueONCD’songoingeffortstoincrease
globalregulatoryinteroperability,increasesecurityandreducecosts.
–Prioritizesecurityovercompliancebyadoptingarisk-basedapproach.
–Engageprivate,publicandcivilsociety
stakeholdersfromtheearlieststagesofthepolicyandregulatoryprocesses.
–Leverageexistinginternationaltechnical
standardsestablishedbynon-government
bodiessuchastheInternationalOrganizationforStandardization(ISO)andtheInternationalElectrotechnicalCommission(IEC).
–Participateininternationaldialoguesandinternationalinitiativesoncybersecurity.
ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations3
1
AbouttheSystems
ofCyberResilience:
ElectricityInitiative
Since2018,theWorldEconomicForum’sSystemsofCyberResilience:ElectricityInitiative(SCRE)hasbroughttogethergloballeadersfrommorethan
60electricityutilities,energyservicescompanies,
regulatorsandotherrelevantorganizations,to
collaborateanddevelopaclearandcoherentglobalcybersecurityvisionfortheelectricityecosystem.
SCREistheonlyglobal,electricity-industry
specific,multistakeholderpublic-private
partnershipwherecybersecurityleaders
collaborateandimproveecosystem-widecyberresilienceintheelectricitysector.
Thisinitiativeprovidesaforumforglobalelectriccompaniesand
premierindustrypartnerstotaketheleadindrivingincreasedmaturityandcapabilitytoaddresscyberthreatsallnationsarefacing.
TomWilson,SeniorVice-PresidentandChiefInformationSecurityOfficer,SouthernCompany,USA
ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations4
2
TheGlobalRegulations
WorkingGroup
RegulatoryinteroperabilityisoneofthekeyfocusareasoftheSCREanditsGlobalRegulations
WorkingGroup.
Theworkinggroupaddressesthecomplexities
ofregulatorychallengesthatspanacrossthe
electricitysector,characterizedbyfragmentation,
inconsistencyandoccasionalconflicts.These
regulatoryhurdleshindertheachievementof
globalinteroperability,leadingtoheightenedcosts,inefficienciesandmissedopportunitiesasresourcesareredirectedtotackleregulatoryissuesrather
thanenhancingsector-specificandorganizationalcybersecuritypostures.Thekeyinsightsofthe
workinggrouphavebeen:
1.Theevolutionofthecyberthreatlandscapehasledtoanincreaseincybersecurity
regulationsglobally.
2.Globalregulationsarefragmentedand,in
somecases,conflicting,whichincreasescostsandinefficienciesandimpactscybersecurity
throughtheopportunitycostsofdivertinglimitedresources.
3.Organizationshavehadtotakehard,risk-basedapproachesrangingfrommanagingregulatorycomplexitiestoexitingcertainmarkets.
4.Regulationsneedtoprioritizesecurityover
compliancebyadoptingarisk-basedapproach.
Theworkinggrouphastakenthefollowingpositionsonthekeyglobalregulatorythemesidentified:
1.Complianceandenforcement:Global
commitmenttoprioritizesecurityovercompliance.
2.Dataprotectionandprivacy:Global
commitmenttosupportdataprotection
andprivacyregulationssuchastheGeneralDataProtectionRegulation(GDPR)ofthe
EuropeanUnion(EU).
3.Informationsharing:Globalcommitmenttocreateanduseacommoninformation-sharingprotocolandtaxonomyworldwide,andto
supporttherespectiveelectricityinformationsharingandanalysiscentres(ISACs).
4.Incidentresponseandreporting:
Globalcommitmenttoadoptacommon
andefficientinternationalincidentreportingtaxonomyandrequirements.
5.Cybersecurityhygieneinternalpoliciesandprocedures:Globalcommitmenttoestablishbasiccyberhygieneprinciplesspecifictotheelectricitysector.
6.Penetrationtesting:Globalcommitmentto
regularinternalpenetrationtestingwhichincludesoperationaltechnology(OT)penetrationtesting.
7.Vulnerabilitydisclosureandmanagement:Globalcommitmenttosectorialdisclosureofvulnerabilityamongclosedgroupsofsector-specific,pre-authorizedentities.
8.Riskassessmentandmanagement:Globalcommitmenttoapplyingriskassessment
methodologyconsistentlyacrossbothinformationtechnologyandoperationaltechnologyenvironments.
9.Third-partyriskmanagement:Global
commitmentthateveryorganizationinthe
supplychainmustconsiderandberesponsibleforthecybersecurityofitsscopeofwork.
10.Adoptionofexistinginternationalstandardsversuscreationofunique,national(or
regional)standards:Globalcommitmentto
adoptionofexistinginternationalstandardsthatarematuresuchasISO27001andIEC62443.
Theworkinggroupwillfurtherelaboratethese
positionsandisscheduledtopublisha“FacilitatingGlobalInteroperabilityofCyberRegulationinthe
ElectricitySector”paperon15November2023.
ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations5
3
TheWhiteHouse
requestforinformationoncybersecurity
regulatoryharmonization
On19July2023,theWhiteHouseOfficeofthe
NationalCyberDirector(ONCD)announceda
requestforinformation(RFI)oncybersecurity
regulatoryharmonizationandregulatoryreciprocity.TheRFIbuildsonthecommitmentsmadeinthe
WhiteHouseNationalCybersecurityStrategyto
“harmonizenotonlyregulationsandrules,butalsoassessmentsandauditsofregulatedentities.”
TheRFIadvancesoneofthe69initiativesthat
theUnitedStatesNationalCybersecurityStrategyImplementationPlanannouncedinJuly.
GiventheSCRE’suniqueglobalperspectiveandproficiencyinthisfield,thecommunityhasshareditscollectiveknowledgeinthiswhitepaper.Theaimistoprovidepreciseresponsestoinquiries
intheinternationalsection(Section9)oftheRFIstatedbelow:
9.International–ManyregulatedentitieswithintheUnitedStatesoperateinternationally.InarecentreportfromthePresident’sNationalSecurity
TelecommunicationsAdvisoryCouncil(NSTAC),theNSTACnotedthatforeigngovernmentshavebeenimplementingregulatoryregimeswith“overlapping,redundantorinconsistentrequirements…”
FactSheet:OfficeoftheNationalCyberDirectorRequestsPublicCommentonHarmonizingCybersecurityRegulations–RequestforInformationonCyberRegulatoryHarmonization
A.Identifyspecificinstancesinwhich
USfederalcybersecurityrequirementsconflictwithforeigngovernment
cybersecurityrequirements.
B.Aretherespecificcountriesorsectorsthatshouldbeprioritizedinconsideringharmonizingcybersecurityrequirementsinternationally?
C.Whichinternationaldialoguesareengagedinworkonharmonizingoraligning
cybersecurityrequirements?Whichwouldbethemostpromisingvenuestopursuesuchalignment?
D.Pleaseidentifyanyongoinginitiativesbyinternationalstandardsorganizations,
tradegroupsornon-governmental
organizationsthatareengagedin
internationalcybersecuritystandardizationactivitiesrelevanttoregulatorypurposes.Describethenatureofthoseactivities.
Pleaseidentifyanyexamplesofregulatoryreciprocitywithinaforeigncountry.
E.Pleaseidentifyanyexamplesof
regulatoryreciprocitybetweenforeigncountriesorbetweenaforeigncountryandtheUnitedStates.
ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations6
3.1
A.Conflictinginternationalcybersecurityrequirements
IdentifyspecificinstancesinwhichUSfederalcybersecurityrequirementsconflictwithforeigngovernmentcybersecurityrequirements.
Governmentagenciesworldwidethatcreate
cybersecurityrequirementsforindustry,including
thoseoftheUS,frequentlyadoptdistinct
approachestoaddressidenticalorsimilarsetsofcybersecuritychallengesduetotheabsenceofaglobalconsensus.Thisleadstocomplex,industryandsectoragnostic,fragmented,inconsistentandsometimesconflictingregulations,whichlackandpreventmutualinteroperability.
Theevolutionofthecybersecuritythreatlandscape
andregulators’reflexiveresponsetotighten
regulationsexacerbatestheproblem.Organizationsareforcedtodivertlimitedresourcestoaddress
regulatorycompliancechallengesinsteadoffocusingontheircybersecurityposture.Inadditiontoalackofconsensusoncyberrequirements,alackof
consensusexistsonwhoorwhatisinthescopeoftheseregulations(e.g.varyingcriticalinfrastructuresectordesignations,differentregulationsbringingvarioussystemsintoscope,etc.)
Today’sdigitaleconomytranscendsnational
boundaries,requiringrobustandunifiedinternationalcybersecuritystandardstoensurethatmultinationalcompaniesarebestequippedtorespondtonew
threatsbymaliciousactorsastheyarise.
Assuch,businessesaroundtheworldlookto
standardssetbynon-governmentbodiessuchastheInternationalOrganizationforStandardization
(ISO)andtheInternationalElectrotechnical
Commission(IEC)forguidanceonabroadrangeofcybersecurityissuesandasbenchmarksforglobalbestpractices.Whendifferentregulatorsusewidelyrecognizedinternationaltechnicalstandards–suchastheISO/IEC27000seriesofinformationsecuritycontrolsandtheIEC62443seriesofindustrial
controlsystemcontrols—toinformtheirpolicies,
itnotonlysetsahighstandardofsecurityfor
companiestoadheretobutalsolowerscostsand
assuresinteroperabilitywithotherregulatoryregimes.
Conversely,whendifferentregulatorsandpolicy-makersusetheirownlocalstandardsandlawsasareferenceforestablishingcybersecurity
requirements,itcontributestothegrowing
fragmentationoftheglobaldigitalpolicylandscape,inturnundulyraisingcompliancecostsformulti-
jurisdictionalcompaniesanddivertingresourcesfromsoundcyber-riskmanagementactivities.
Thecurrentsiloedapproachtocybersecurity
regulationhasnotledtoamoresecureglobal
digitaleconomy.ItiswellknownfromthePrisoner’sDilemmaproblemingametheorythatstakeholdercooperationoncybersecurityregulationswill
increasesecurityoftheglobaldigitaleconomy.
However,theinherentchallengehasalwaysbeen:whowillmovefirst?Itisimperativetoresolveandmakeprogressonthiscooperationissue.
Examplesofdivergingcybersecurityregulations
canbefoundinnationalcybersecuritylabelling
programmessuchasthoseoftheUS,EUand
Singapore.Asmoreandmoreproductsreleasedinthemarketrequireinternetconnectivity,the
surfaceareaofcyberriskstoconsumershas
increasedtremendously.Toaddressthisconcern,severalgovernmentshaveannouncedplansto
developtheirowncybersecuritylabellingschemes.Forexample,Singapore’sCyberSecurityAgencyfirstlauncheditsCybersecurityLabellingScheme(CLS)4in2020tosetsecurityratinglevelsthat
buyersofsmartdevicescouldusetomake
informedchoices.InSeptember2022,theEU
proposeditsCyberResilienceAct5toestablish
commonsecuritystandardsforproductswith
digitalelementsconnectedtoadeviceornetworkinEUmember-states.Andlastly,inJune2023,theBidenadministrationannouncedanewUSCyber
TrustMark6programmetobeledbytheFederal
CommunicationsCommissionwithverysimilar
elementstotheSingaporeanandEuropeanmodels.
Thesethreecyberlabellinginitiativessharethe
commongoalofprovidingassurancetoconsumersthattheproductstheypurchaseareequipped
withadequatesafeguardstoprotectthemfrom
cyberharms,buttheyhavedifferentscopesand
specificrequirements.Recognizingsectoraland
jurisdictionalnuancesinthethreatlandscape,
themostsensibleapproachindevelopingthese
nationalcybersecuritylabelsistobasethemin
internationalconsensus-basedtechnicalstandardssoastoensuremaximuminteroperability.
TheSCREcommunitywelcomesandsupports
theregulatoryharmonizationeffortbytheONCD
andrecommendsthattheycontinuetheirefforts
towardsglobalregulatoryharmonizationtoincreaseinteroperability,enhancesecurityandreducecosts.
ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations7
3.2B.Sectortoprioritizeforregulatoryharmonization
Aretherespecificcountriesorsectorsthatshouldbeprioritizedinconsideringharmonizingcybersecurityrequirementsinternationally?
Asrenewableenergygrows,theseassumptionsmustberevisited.Likewise,differingcybersecurityreportingrequirementsapplytoUSnaturalgas
infrastructureandUSelectricityinfrastructure
—yetthesesystemsareintrinsicallylinked,withnaturalgasprovidingthesinglelargestsourceofenergytotheelectricitysector.
Furtherchangeisalreadyunderwayinthe
electricitysector.AIoffersnewcapabilitiesthat
willbeappealingtoattackersandessentialto
defenders.AIenablescybersecuritymonitoring
thatcandetectandrespondtoattackswith
machine-likespeeds,butitremainsunclearhow
regulatoryregimeswillembraceorconstrainAIininfrastructure.GenerativeAIislikelytobeabusedbyattackersseekingtocraftmoreeffectiveattacks—potentiallyproducingmorebelievablephishingattacks,bypassingmalwaresignaturedetection
orloweringtheskillrequiredtotranslatemaliciousintentintoaction.
TheEUhasbyfarbeenthemostactivein
proposingandadvancinglegislationand
regulationsforemergingtechnologiesand,as
such,hasbecomeade-factostandardsetterfordigitalpolicy,asillustratedbythewidespread
adoptionofdataprotectionlawsmodelledafter
theGDPR.TheUSshoulduseeveryavenue
ofdialogueandcooperationtoencourageand
supporttheEUtoalignitspoliciesmorecloselytowidelyrecognizedtechnicalstandardsbasedoninternationalconsensus(whilealsoensuringthatUSdomesticpoliciesaregroundedininternationalconsensus-basedtechnicalstandards).
Forexample,thenewlyproposedCyberResilienceActoftheEUmadenoreferencetointernational
standards.Onthecontrary,theEUmandated
theEuropeanstandardsorganizationstodevelopEuropeanharmonizedstandardstodemonstratecompliancewiththeCyberResilienceAct.This
regionalizationofcybersecuritystandardsdefiestheconsensusontheneedforinternational
standardsandintensifiestheburdenonglobal
companiesbyforcingthemtoconformtomultipleassessmentsindifferentmarkets.Inresponse,theUSshouldworkthroughbilateralandmultilateralforatoencourageEuropeanalignmentwith
internationalstandardstosafeguardtheglobalcompetitivenessofindustriesandprotecttheattractivenessoftheEuropeanmarket.
TheUS,EUandotherjurisdictionscanwork
towardsmutualrecognitionofcybersecurity
requirements.Nuancesindifferentjurisdictionsunderstandablycreatedifferentpriorities
forpolicy-makerstomanageandlegislate.
Nevertheless,localnuanceneednotrendertwo
Sector:Electricity
Cybersecurityhasbecomeincreasinglyimportant
intheelectricitysector.Severalconvergingtrends
contributetoanescalatingriskenvironment:
digitized,networkeddevicesnowpermeate
energyinfrastructure;attacksoninfrastructure
haveescalated;theenergytransitionisshifting
thesectorawayfromthehistoricbusinessmodels
thatregulationstakeforgranted;aninternetof
things(IoT)composedofnetworkedconsumerand
industrialdevicesbridgesphysicalanddigitalrealms;
andartificialintelligence(AI)offersnewandpowerful
capabilitiestodefendersaswellasattackers.
Electricalinfrastructureiscriticalinfrastructure.
TheSCRE
community
highlightsthe
electricitysectorasasector
toprioritize
forachieving
interoperabilityofcybersecurityrequirements
internationally.
Withoutreliableelectricitygeneration,transmission
anddistribution,otherpartsoftheeconomy
cannotfunction.
Digitizationhasmadeelectricalinfrastructure
moreefficientwhileloweringitscarbonintensity.
Renewableenergytechnologiescannotfunction
withoutdigitalmanagementtosmoothenvariable
inputs.Manyfuturetechnologies,business
modelsandelementsofpublicinfrastructure
relyondigitizedequipment,includingelectric
vehicles,distributedgenerationandsmartcities.
Atthesametime,networked,digitalequipment
isrelativelynew.Cybersecuritypracticesacross
theindustryarenotuniformlymature.The
interconnectednatureoftheUSelectricgrid
meansthattheconsequencesofasuccessful
cyberattackononepartofthegridcould
propagateacrosstheentirephysicalinfrastructure.
Attacksagainsttheelectricitysectorcontinue
toescalate.Federalagencieshaverepeatedly
identifiedpersistent,sophisticatedthreatsthat
havepenetratedelectricitysectororganizations,
sometimeswithoutthoseorganizationsbecoming
awarethattheyhavebeencompromised.Some
oftheseattackshavebeenattributedtogroups
withnation-statebacking.InAugust2023,
theInternationalEnergyAgencyreportedthat
cyberattacksonutilitieshadmorethandoubled
from2020to2022.7Surveysofcybersecurity
professionalslikewiseshowincreasedconcern
aboutcyberattackstargetingindustrialcontrol
systems–suchasthoseoperatingtheelectricity
infrastructureincountriesincludingtheUS.8
Governmentagenciesthatcreatecybersecurity
requirementsforindustryintheUSandelsewhere
havenotkeptpacewithchangesintheenergy
sector.Forexample,federalregulationsintheUS
electricitysectorfocusonbulkdistribution.This
wasappropriateinanerawhenlarge,centralized
generationwasthedominantbusinessmodel.
ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations8
setsofcybersecurityrequirementsincompatible.Cybersecuritystandardsshouldbeinteroperableacrossjurisdictions,withabaselineleveloftrust.Astheinternetknowsnoborders,jurisdiction-
specificcybersecuritystandardswithoutcross-borderinteroperabilityandmutualrecognitionarecounterintuitiveandcounterproductive.
3.3C.Internationaldialoguesonharmonization
Whichinternationaldialoguesareengagedinworkonharmonizingoraligningcybersecurityrequirements?Whichwouldbethemostpromisingvenuesto
pursuesuchalignment?
issues,includingthoseofregionalandinternationalsignificance.Theplatformenabledtheexchangeofinformationoncyberthreatsanddeliberationsoncyberdefenceandsecuritycollaboration.Itplayedapivotalroleindeepeningbilateralcooperation.
Thetwosidesagreedtoamplifydomestic
cybersecuritymeasuresthroughacomprehensivewhole-of-governmentapproach,underliningthecriticalityofJapan-UScollaborationincombatingcyberthreats.
TheEU-USCyberDialogue9
TheEU-USCyberDialogueisanencouraging
forum,butitisunclearhoweffectiveorsuccessful
ithasbeen.Between2014and2022,theEUand
theUShaveheldeightcyberdialoguestoaddress
andcoordinateoncybersecurityissues,foster
internationalcollaborationandmutualunderstanding,
andmakecybersecuritypracticesmoreconsistent
acrossthetwojurisdictions.Thematurityofthis
dialoguemakesitapromisingvenueforpromoting
greateralignmentoncybersecuritypolicy,though
itscurrenttrackrecorddoesn’tshowmuchvisible
TheSCRE
community
encourages
policy-makers
andregulators
toparticipate
ininternationaldialogueson
cybersecurity
toimprovethe
cross-border
interoperabilityofregulations,
whichcan
enhancesecurityandlowercosts.
France-UnitedKingdomCyberDialogue11
FranceandtheUnitedKingdomheldtheir
fourthcyberdialogueinParison11May2023.Bothcountriesreiteratedtheircommitment
progress.Bothjurisdictionsshouldtakeadvantage
ofthisplatformtofindcommongroundtoreachtheir
cybersecurityobjectivesandbasetheirrespective
policyagendasoninternationalstandardssuchas
theISO/IEC27000andIEC62443series.
tocollaborateinthefieldofcyberspaceto
promotesecurityandstabilityinaninclusive,
US-JapanCyberDialogue10
On1May2023,Tokyoplayedhosttothe8th
Japan-USCyberDialogue,asignificantevent
aimedataligninginternationalcyberpoliciesand
strengtheningcybersecuritymeasuresbetweenthetwocountries.Variousministriesandagenciestookpart,focusingonextensivediscussionsonbilateraloperationalcybersecuritycooperation,domestic
cyberpolicies,andJapan-UScooperationoncyber
non-fragmentedandsecurecyberspace.Theydiscussedtheiranalysisofthethreatandsharedthelatestdevelopmentsintheirrespective
cybersecuritypolicies.Thetwocountriesalso
talkedabouttheirprioritiesforongoingdiscussionsinvariousmultilateralforaanddiscussedthe
implementationofajointinitiativetoaddress
thethreatfromcommercialcyberproliferation.
Additionally,theydiscussedthestrengtheningofbilateralcoordinationinresponsetocyberthreats.
ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations9
3.4D.Ongoinginternationalinitiatives
Pleaseidentifyanyongoinginitiativesbyinternationalstandardsorganizations,trade
groupsornon-governmentalorganizationsthatareengagedininternationalcybersecuritystandardizationactivitiesrelevanttoregulatorypurposes.Describethenatureofthose
activities.Pleaseidentifyanyexamplesofregulatoryreciprocitywithinaforeigncountry.
oftenincludeprotocolsandframeworksthat
enhancecybersecuritymeasures,suchas
encryption,authenticationandnetworksecurity.
Regulatorybodiesandorganizationsoftenrefer
toIETFstandardswhenformulatingcybersecurityregulations,astheyarewidelyrecognizedand
trustedintheindustry.IETFalsocollaborateswithotherorganizationsandstakeholderstoaddress
cybersecuritychallengesanddevelopsolutionstoensureasecureandresilientinternetinfrastructure.
InternationalOrganizationforStandardization
(ISO)andInternationalElectrotechnical
Commission(IEC)
TheISOandIECaretheworld’sleadingstandard-
settingbodies.WhiletheISOoverseesstandards
developmentacrossawidevarietyofindustries,the
IECspecializesinstandardizingsectorsrelatedto
electrical,electronicandrelatedtechnologies.Each
hasawell-establishedtrackrecordfordefining
industrynormsandbenchmarksthatareusedby
companiesaroundtheworld.
ConnectivityStandardsAlliance(CSA)17
TheISO/IEC27000serie
温馨提示
- 1. 本站所有资源如无特殊说明,都需要本地电脑安装OFFICE2007和PDF阅读器。图纸软件为CAD,CAXA,PROE,UG,SolidWorks等.压缩文件请下载最新的WinRAR软件解压。
- 2. 本站的文档不包含任何第三方提供的附件图纸等,如果需要附件,请联系上传者。文件的所有权益归上传用户所有。
- 3. 本站RAR压缩包中若带图纸,网页内容里面会有图纸预览,若没有图纸预览就没有图纸。
- 4. 未经权益所有人同意不得将文件中的内容挪作商业或盈利用途。
- 5. 人人文库网仅提供信息存储空间,仅对用户上传内容的表现方式做保护处理,对用户上传分享的文档内容本身不做任何修改或编辑,并不能对任何下载内容负责。
- 6. 下载文件中如有侵权或不适当内容,请与我们联系,我们立即纠正。
- 7. 本站不保证下载资源的准确性、安全性和完整性, 同时也不承担用户因使用这些下载资源对自己和他人造成任何形式的伤害或损失。
最新文档
- 2025版房地产项目预售合同示范文本4篇
- 2025版台式一体机商场采购合同包含软件安装与培训服务3篇
- 2025年建筑材料堆放场地租赁与供应链管理合同3篇
- 二零二五版民营医院儿科医师及护士劳动合同4篇
- 二零二五年餐饮业短期服务员派遣合同3篇
- 2025年度高科技产品远期交易合同4篇
- 2025年度绿色建筑节能改造合同6篇
- 2025年度数据中心机房租赁与环保责任承诺合同3篇
- 二零二五年度智能门窗系统研发与安装一体化服务合同4篇
- 2025年环保型布草生产与销售一体化合同3篇
- 工业自动化生产线操作手册
- 房地产销售任务及激励制度
- 并购指南(如何发现好公司)
- DL-T-1642-2016环形混凝土电杆用脚扣
- 铜矿成矿作用与地质环境分析
- 30题纪检监察位岗位常见面试问题含HR问题考察点及参考回答
- 询价函模板(非常详尽)
- 《AI营销画布:数字化营销的落地与实战》
- 麻醉药品、精神药品、放射性药品、医疗用毒性药品及药品类易制毒化学品等特殊管理药品的使用与管理规章制度
- 乘务培训4有限时间水上迫降
- 2023年低年级写话教学评语方法(五篇)
评论
0/150
提交评论