版權說明:本文檔由用戶提供并上傳,收益歸屬內容提供方,若內容存在侵權,請進行舉報或認領
文檔簡介
SystemsofCyberResilience:ElectricityInitiative
Responsetothe
WhiteHouse’sRequest
onHarmonizing
CybersecurityRegulations
WHITEPAPER
OCTOBER2023
Images:GettyImages
Contents
Executivesummary
3
1AbouttheSystemsofCyberResilience:ElectricityInitiative
4
2TheGlobalRegulationsWorkingGroup
5
3TheWhiteHouserequestforinformationoncybersecurityregulatory6
harmonization
3.1Conflictinginternationalcybersecurityrequirements
7
3.2Sectortoprioritizeforregulatoryharmonization
8
3.3Internationaldialoguesonharmonization
9
3.4Ongoinginternationalinitiatives
10
3.5Regulatoryreciprocityexamples
11
Conclusion
12
Contributors
13
Annex1:Relatedpublications
15
Endnotes
16
Disclaimer
Thisdocumentispublishedbythe
WorldEconomicForumasacontribution
toaproject,insightareaorinteraction.
Thefindings,interpretationsand
conclusionsexpressedhereinarearesult
ofacollaborativeprocessfacilitatedand
endorsedbytheWorldEconomicForum
butwhoseresultsdonotnecessarily
representtheviewsoftheWorldEconomic
Forum,northeentiretyofitsMembers,
Partnersorotherstakeholders.
?2023WorldEconomicForum.Allrights
reserved.Nopartofthispublicationmay
bereproducedortransmittedinanyform
orbyanymeans,includingphotocopying
andrecording,orbyanyinformation
storageandretrievalsystem.
ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations2
October2023
ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations
Executivesummary
On19July2023,theWhiteHouseOfficeofthe
NationalCyberDirector(ONCD)oftheUnitedStates(US)issuedarequestforinformation(RFI)1about
harmonizingcybersecurityregulationsgloballyand
ensuringregulatoryreciprocitybetweencountries.
ThisRFIisanextensionofthegoalsoutlinedintheUSNationalCybersecurityStrategy,2whichaimstosynchronizenotjustregulationsandguidelinesbutalsotheevaluationandinspectionprocessesfor
regulatedentities.Itmarksprogressononeofthe69initiativesunveiledinJulyaspartoftheUSNationalCybersecurityStrategyImplementationPlan.
InSeptember2022,theWorldEconomicForum
SystemsofCyberResilience:ElectricityInitiative
(SCRE)community3hadidentifiedglobalregulatoryinteroperabilityasoneofitskeyfocusareas,
andhadsetuptheGlobalRegulationsWorkingGrouptofacilitateinteroperabilityofglobalcyberregulationsintheelectricitysector.
Thisworkinggrouptacklesthechallengesof
complex,industryandsectoragnostic,fragmented,inconsistent,andsometimesconflictingregulations.
Thesesiloedregulationslackandprevent
interoperability,resultinginincreasedcostsandinefficienciesaslimitedresourcesaredivertedtoaddresscompliancechallengesinsteadof
directlyaddressingsectorialandorganizationalcybersecurityposture.
GivenSCRE’suniqueglobalvantageandexpertiseaswellasitsongoingworkonthistopic,the
communityhascometogethertoproducethis
whitepapertoanswerquestionsintheinternationalsection(Section9)oftheRFI.Thissectionaddressescybersecurityrequirementconflicts,prioritysectorsandregions,internationaldialogues,ongoing
internationalinitiativesandregulatoryreciprocity.
TheSCREcommunitywelcomesandsupportsONCD’sregulatoryharmonizationeffort.Its
recommendationsfortheONCDareasfollows:
–ContinueONCD’songoingeffortstoincrease
globalregulatoryinteroperability,increasesecurityandreducecosts.
–Prioritizesecurityovercompliancebyadoptingarisk-basedapproach.
–Engageprivate,publicandcivilsociety
stakeholdersfromtheearlieststagesofthepolicyandregulatoryprocesses.
–Leverageexistinginternationaltechnical
standardsestablishedbynon-government
bodiessuchastheInternationalOrganizationforStandardization(ISO)andtheInternationalElectrotechnicalCommission(IEC).
–Participateininternationaldialoguesandinternationalinitiativesoncybersecurity.
ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations3
1
AbouttheSystems
ofCyberResilience:
ElectricityInitiative
Since2018,theWorldEconomicForum’sSystemsofCyberResilience:ElectricityInitiative(SCRE)hasbroughttogethergloballeadersfrommorethan
60electricityutilities,energyservicescompanies,
regulatorsandotherrelevantorganizations,to
collaborateanddevelopaclearandcoherentglobalcybersecurityvisionfortheelectricityecosystem.
SCREistheonlyglobal,electricity-industry
specific,multistakeholderpublic-private
partnershipwherecybersecurityleaders
collaborateandimproveecosystem-widecyberresilienceintheelectricitysector.
Thisinitiativeprovidesaforumforglobalelectriccompaniesand
premierindustrypartnerstotaketheleadindrivingincreasedmaturityandcapabilitytoaddresscyberthreatsallnationsarefacing.
TomWilson,SeniorVice-PresidentandChiefInformationSecurityOfficer,SouthernCompany,USA
ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations4
2
TheGlobalRegulations
WorkingGroup
RegulatoryinteroperabilityisoneofthekeyfocusareasoftheSCREanditsGlobalRegulations
WorkingGroup.
Theworkinggroupaddressesthecomplexities
ofregulatorychallengesthatspanacrossthe
electricitysector,characterizedbyfragmentation,
inconsistencyandoccasionalconflicts.These
regulatoryhurdleshindertheachievementof
globalinteroperability,leadingtoheightenedcosts,inefficienciesandmissedopportunitiesasresourcesareredirectedtotackleregulatoryissuesrather
thanenhancingsector-specificandorganizationalcybersecuritypostures.Thekeyinsightsofthe
workinggrouphavebeen:
1.Theevolutionofthecyberthreatlandscapehasledtoanincreaseincybersecurity
regulationsglobally.
2.Globalregulationsarefragmentedand,in
somecases,conflicting,whichincreasescostsandinefficienciesandimpactscybersecurity
throughtheopportunitycostsofdivertinglimitedresources.
3.Organizationshavehadtotakehard,risk-basedapproachesrangingfrommanagingregulatorycomplexitiestoexitingcertainmarkets.
4.Regulationsneedtoprioritizesecurityover
compliancebyadoptingarisk-basedapproach.
Theworkinggrouphastakenthefollowingpositionsonthekeyglobalregulatorythemesidentified:
1.Complianceandenforcement:Global
commitmenttoprioritizesecurityovercompliance.
2.Dataprotectionandprivacy:Global
commitmenttosupportdataprotection
andprivacyregulationssuchastheGeneralDataProtectionRegulation(GDPR)ofthe
EuropeanUnion(EU).
3.Informationsharing:Globalcommitmenttocreateanduseacommoninformation-sharingprotocolandtaxonomyworldwide,andto
supporttherespectiveelectricityinformationsharingandanalysiscentres(ISACs).
4.Incidentresponseandreporting:
Globalcommitmenttoadoptacommon
andefficientinternationalincidentreportingtaxonomyandrequirements.
5.Cybersecurityhygieneinternalpoliciesandprocedures:Globalcommitmenttoestablishbasiccyberhygieneprinciplesspecifictotheelectricitysector.
6.Penetrationtesting:Globalcommitmentto
regularinternalpenetrationtestingwhichincludesoperationaltechnology(OT)penetrationtesting.
7.Vulnerabilitydisclosureandmanagement:Globalcommitmenttosectorialdisclosureofvulnerabilityamongclosedgroupsofsector-specific,pre-authorizedentities.
8.Riskassessmentandmanagement:Globalcommitmenttoapplyingriskassessment
methodologyconsistentlyacrossbothinformationtechnologyandoperationaltechnologyenvironments.
9.Third-partyriskmanagement:Global
commitmentthateveryorganizationinthe
supplychainmustconsiderandberesponsibleforthecybersecurityofitsscopeofwork.
10.Adoptionofexistinginternationalstandardsversuscreationofunique,national(or
regional)standards:Globalcommitmentto
adoptionofexistinginternationalstandardsthatarematuresuchasISO27001andIEC62443.
Theworkinggroupwillfurtherelaboratethese
positionsandisscheduledtopublisha“FacilitatingGlobalInteroperabilityofCyberRegulationinthe
ElectricitySector”paperon15November2023.
ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations5
3
TheWhiteHouse
requestforinformationoncybersecurity
regulatoryharmonization
On19July2023,theWhiteHouseOfficeofthe
NationalCyberDirector(ONCD)announceda
requestforinformation(RFI)oncybersecurity
regulatoryharmonizationandregulatoryreciprocity.TheRFIbuildsonthecommitmentsmadeinthe
WhiteHouseNationalCybersecurityStrategyto
“harmonizenotonlyregulationsandrules,butalsoassessmentsandauditsofregulatedentities.”
TheRFIadvancesoneofthe69initiativesthat
theUnitedStatesNationalCybersecurityStrategyImplementationPlanannouncedinJuly.
GiventheSCRE’suniqueglobalperspectiveandproficiencyinthisfield,thecommunityhasshareditscollectiveknowledgeinthiswhitepaper.Theaimistoprovidepreciseresponsestoinquiries
intheinternationalsection(Section9)oftheRFIstatedbelow:
9.International–ManyregulatedentitieswithintheUnitedStatesoperateinternationally.InarecentreportfromthePresident’sNationalSecurity
TelecommunicationsAdvisoryCouncil(NSTAC),theNSTACnotedthatforeigngovernmentshavebeenimplementingregulatoryregimeswith“overlapping,redundantorinconsistentrequirements…”
FactSheet:OfficeoftheNationalCyberDirectorRequestsPublicCommentonHarmonizingCybersecurityRegulations–RequestforInformationonCyberRegulatoryHarmonization
A.Identifyspecificinstancesinwhich
USfederalcybersecurityrequirementsconflictwithforeigngovernment
cybersecurityrequirements.
B.Aretherespecificcountriesorsectorsthatshouldbeprioritizedinconsideringharmonizingcybersecurityrequirementsinternationally?
C.Whichinternationaldialoguesareengagedinworkonharmonizingoraligning
cybersecurityrequirements?Whichwouldbethemostpromisingvenuestopursuesuchalignment?
D.Pleaseidentifyanyongoinginitiativesbyinternationalstandardsorganizations,
tradegroupsornon-governmental
organizationsthatareengagedin
internationalcybersecuritystandardizationactivitiesrelevanttoregulatorypurposes.Describethenatureofthoseactivities.
Pleaseidentifyanyexamplesofregulatoryreciprocitywithinaforeigncountry.
E.Pleaseidentifyanyexamplesof
regulatoryreciprocitybetweenforeigncountriesorbetweenaforeigncountryandtheUnitedStates.
ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations6
3.1
A.Conflictinginternationalcybersecurityrequirements
IdentifyspecificinstancesinwhichUSfederalcybersecurityrequirementsconflictwithforeigngovernmentcybersecurityrequirements.
Governmentagenciesworldwidethatcreate
cybersecurityrequirementsforindustry,including
thoseoftheUS,frequentlyadoptdistinct
approachestoaddressidenticalorsimilarsetsofcybersecuritychallengesduetotheabsenceofaglobalconsensus.Thisleadstocomplex,industryandsectoragnostic,fragmented,inconsistentandsometimesconflictingregulations,whichlackandpreventmutualinteroperability.
Theevolutionofthecybersecuritythreatlandscape
andregulators’reflexiveresponsetotighten
regulationsexacerbatestheproblem.Organizationsareforcedtodivertlimitedresourcestoaddress
regulatorycompliancechallengesinsteadoffocusingontheircybersecurityposture.Inadditiontoalackofconsensusoncyberrequirements,alackof
consensusexistsonwhoorwhatisinthescopeoftheseregulations(e.g.varyingcriticalinfrastructuresectordesignations,differentregulationsbringingvarioussystemsintoscope,etc.)
Today’sdigitaleconomytranscendsnational
boundaries,requiringrobustandunifiedinternationalcybersecuritystandardstoensurethatmultinationalcompaniesarebestequippedtorespondtonew
threatsbymaliciousactorsastheyarise.
Assuch,businessesaroundtheworldlookto
standardssetbynon-governmentbodiessuchastheInternationalOrganizationforStandardization
(ISO)andtheInternationalElectrotechnical
Commission(IEC)forguidanceonabroadrangeofcybersecurityissuesandasbenchmarksforglobalbestpractices.Whendifferentregulatorsusewidelyrecognizedinternationaltechnicalstandards–suchastheISO/IEC27000seriesofinformationsecuritycontrolsandtheIEC62443seriesofindustrial
controlsystemcontrols—toinformtheirpolicies,
itnotonlysetsahighstandardofsecurityfor
companiestoadheretobutalsolowerscostsand
assuresinteroperabilitywithotherregulatoryregimes.
Conversely,whendifferentregulatorsandpolicy-makersusetheirownlocalstandardsandlawsasareferenceforestablishingcybersecurity
requirements,itcontributestothegrowing
fragmentationoftheglobaldigitalpolicylandscape,inturnundulyraisingcompliancecostsformulti-
jurisdictionalcompaniesanddivertingresourcesfromsoundcyber-riskmanagementactivities.
Thecurrentsiloedapproachtocybersecurity
regulationhasnotledtoamoresecureglobal
digitaleconomy.ItiswellknownfromthePrisoner’sDilemmaproblemingametheorythatstakeholdercooperationoncybersecurityregulationswill
increasesecurityoftheglobaldigitaleconomy.
However,theinherentchallengehasalwaysbeen:whowillmovefirst?Itisimperativetoresolveandmakeprogressonthiscooperationissue.
Examplesofdivergingcybersecurityregulations
canbefoundinnationalcybersecuritylabelling
programmessuchasthoseoftheUS,EUand
Singapore.Asmoreandmoreproductsreleasedinthemarketrequireinternetconnectivity,the
surfaceareaofcyberriskstoconsumershas
increasedtremendously.Toaddressthisconcern,severalgovernmentshaveannouncedplansto
developtheirowncybersecuritylabellingschemes.Forexample,Singapore’sCyberSecurityAgencyfirstlauncheditsCybersecurityLabellingScheme(CLS)4in2020tosetsecurityratinglevelsthat
buyersofsmartdevicescouldusetomake
informedchoices.InSeptember2022,theEU
proposeditsCyberResilienceAct5toestablish
commonsecuritystandardsforproductswith
digitalelementsconnectedtoadeviceornetworkinEUmember-states.Andlastly,inJune2023,theBidenadministrationannouncedanewUSCyber
TrustMark6programmetobeledbytheFederal
CommunicationsCommissionwithverysimilar
elementstotheSingaporeanandEuropeanmodels.
Thesethreecyberlabellinginitiativessharethe
commongoalofprovidingassurancetoconsumersthattheproductstheypurchaseareequipped
withadequatesafeguardstoprotectthemfrom
cyberharms,buttheyhavedifferentscopesand
specificrequirements.Recognizingsectoraland
jurisdictionalnuancesinthethreatlandscape,
themostsensibleapproachindevelopingthese
nationalcybersecuritylabelsistobasethemin
internationalconsensus-basedtechnicalstandardssoastoensuremaximuminteroperability.
TheSCREcommunitywelcomesandsupports
theregulatoryharmonizationeffortbytheONCD
andrecommendsthattheycontinuetheirefforts
towardsglobalregulatoryharmonizationtoincreaseinteroperability,enhancesecurityandreducecosts.
ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations7
3.2B.Sectortoprioritizeforregulatoryharmonization
Aretherespecificcountriesorsectorsthatshouldbeprioritizedinconsideringharmonizingcybersecurityrequirementsinternationally?
Asrenewableenergygrows,theseassumptionsmustberevisited.Likewise,differingcybersecurityreportingrequirementsapplytoUSnaturalgas
infrastructureandUSelectricityinfrastructure
—yetthesesystemsareintrinsicallylinked,withnaturalgasprovidingthesinglelargestsourceofenergytotheelectricitysector.
Furtherchangeisalreadyunderwayinthe
electricitysector.AIoffersnewcapabilitiesthat
willbeappealingtoattackersandessentialto
defenders.AIenablescybersecuritymonitoring
thatcandetectandrespondtoattackswith
machine-likespeeds,butitremainsunclearhow
regulatoryregimeswillembraceorconstrainAIininfrastructure.GenerativeAIislikelytobeabusedbyattackersseekingtocraftmoreeffectiveattacks—potentiallyproducingmorebelievablephishingattacks,bypassingmalwaresignaturedetection
orloweringtheskillrequiredtotranslatemaliciousintentintoaction.
TheEUhasbyfarbeenthemostactivein
proposingandadvancinglegislationand
regulationsforemergingtechnologiesand,as
such,hasbecomeade-factostandardsetterfordigitalpolicy,asillustratedbythewidespread
adoptionofdataprotectionlawsmodelledafter
theGDPR.TheUSshoulduseeveryavenue
ofdialogueandcooperationtoencourageand
supporttheEUtoalignitspoliciesmorecloselytowidelyrecognizedtechnicalstandardsbasedoninternationalconsensus(whilealsoensuringthatUSdomesticpoliciesaregroundedininternationalconsensus-basedtechnicalstandards).
Forexample,thenewlyproposedCyberResilienceActoftheEUmadenoreferencetointernational
standards.Onthecontrary,theEUmandated
theEuropeanstandardsorganizationstodevelopEuropeanharmonizedstandardstodemonstratecompliancewiththeCyberResilienceAct.This
regionalizationofcybersecuritystandardsdefiestheconsensusontheneedforinternational
standardsandintensifiestheburdenonglobal
companiesbyforcingthemtoconformtomultipleassessmentsindifferentmarkets.Inresponse,theUSshouldworkthroughbilateralandmultilateralforatoencourageEuropeanalignmentwith
internationalstandardstosafeguardtheglobalcompetitivenessofindustriesandprotecttheattractivenessoftheEuropeanmarket.
TheUS,EUandotherjurisdictionscanwork
towardsmutualrecognitionofcybersecurity
requirements.Nuancesindifferentjurisdictionsunderstandablycreatedifferentpriorities
forpolicy-makerstomanageandlegislate.
Nevertheless,localnuanceneednotrendertwo
Sector:Electricity
Cybersecurityhasbecomeincreasinglyimportant
intheelectricitysector.Severalconvergingtrends
contributetoanescalatingriskenvironment:
digitized,networkeddevicesnowpermeate
energyinfrastructure;attacksoninfrastructure
haveescalated;theenergytransitionisshifting
thesectorawayfromthehistoricbusinessmodels
thatregulationstakeforgranted;aninternetof
things(IoT)composedofnetworkedconsumerand
industrialdevicesbridgesphysicalanddigitalrealms;
andartificialintelligence(AI)offersnewandpowerful
capabilitiestodefendersaswellasattackers.
Electricalinfrastructureiscriticalinfrastructure.
TheSCRE
community
highlightsthe
electricitysectorasasector
toprioritize
forachieving
interoperabilityofcybersecurityrequirements
internationally.
Withoutreliableelectricitygeneration,transmission
anddistribution,otherpartsoftheeconomy
cannotfunction.
Digitizationhasmadeelectricalinfrastructure
moreefficientwhileloweringitscarbonintensity.
Renewableenergytechnologiescannotfunction
withoutdigitalmanagementtosmoothenvariable
inputs.Manyfuturetechnologies,business
modelsandelementsofpublicinfrastructure
relyondigitizedequipment,includingelectric
vehicles,distributedgenerationandsmartcities.
Atthesametime,networked,digitalequipment
isrelativelynew.Cybersecuritypracticesacross
theindustryarenotuniformlymature.The
interconnectednatureoftheUSelectricgrid
meansthattheconsequencesofasuccessful
cyberattackononepartofthegridcould
propagateacrosstheentirephysicalinfrastructure.
Attacksagainsttheelectricitysectorcontinue
toescalate.Federalagencieshaverepeatedly
identifiedpersistent,sophisticatedthreatsthat
havepenetratedelectricitysectororganizations,
sometimeswithoutthoseorganizationsbecoming
awarethattheyhavebeencompromised.Some
oftheseattackshavebeenattributedtogroups
withnation-statebacking.InAugust2023,
theInternationalEnergyAgencyreportedthat
cyberattacksonutilitieshadmorethandoubled
from2020to2022.7Surveysofcybersecurity
professionalslikewiseshowincreasedconcern
aboutcyberattackstargetingindustrialcontrol
systems–suchasthoseoperatingtheelectricity
infrastructureincountriesincludingtheUS.8
Governmentagenciesthatcreatecybersecurity
requirementsforindustryintheUSandelsewhere
havenotkeptpacewithchangesintheenergy
sector.Forexample,federalregulationsintheUS
electricitysectorfocusonbulkdistribution.This
wasappropriateinanerawhenlarge,centralized
generationwasthedominantbusinessmodel.
ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations8
setsofcybersecurityrequirementsincompatible.Cybersecuritystandardsshouldbeinteroperableacrossjurisdictions,withabaselineleveloftrust.Astheinternetknowsnoborders,jurisdiction-
specificcybersecuritystandardswithoutcross-borderinteroperabilityandmutualrecognitionarecounterintuitiveandcounterproductive.
3.3C.Internationaldialoguesonharmonization
Whichinternationaldialoguesareengagedinworkonharmonizingoraligningcybersecurityrequirements?Whichwouldbethemostpromisingvenuesto
pursuesuchalignment?
issues,includingthoseofregionalandinternationalsignificance.Theplatformenabledtheexchangeofinformationoncyberthreatsanddeliberationsoncyberdefenceandsecuritycollaboration.Itplayedapivotalroleindeepeningbilateralcooperation.
Thetwosidesagreedtoamplifydomestic
cybersecuritymeasuresthroughacomprehensivewhole-of-governmentapproach,underliningthecriticalityofJapan-UScollaborationincombatingcyberthreats.
TheEU-USCyberDialogue9
TheEU-USCyberDialogueisanencouraging
forum,butitisunclearhoweffectiveorsuccessful
ithasbeen.Between2014and2022,theEUand
theUShaveheldeightcyberdialoguestoaddress
andcoordinateoncybersecurityissues,foster
internationalcollaborationandmutualunderstanding,
andmakecybersecuritypracticesmoreconsistent
acrossthetwojurisdictions.Thematurityofthis
dialoguemakesitapromisingvenueforpromoting
greateralignmentoncybersecuritypolicy,though
itscurrenttrackrecorddoesn’tshowmuchvisible
TheSCRE
community
encourages
policy-makers
andregulators
toparticipate
ininternationaldialogueson
cybersecurity
toimprovethe
cross-border
interoperabilityofregulations,
whichcan
enhancesecurityandlowercosts.
France-UnitedKingdomCyberDialogue11
FranceandtheUnitedKingdomheldtheir
fourthcyberdialogueinParison11May2023.Bothcountriesreiteratedtheircommitment
progress.Bothjurisdictionsshouldtakeadvantage
ofthisplatformtofindcommongroundtoreachtheir
cybersecurityobjectivesandbasetheirrespective
policyagendasoninternationalstandardssuchas
theISO/IEC27000andIEC62443series.
tocollaborateinthefieldofcyberspaceto
promotesecurityandstabilityinaninclusive,
US-JapanCyberDialogue10
On1May2023,Tokyoplayedhosttothe8th
Japan-USCyberDialogue,asignificantevent
aimedataligninginternationalcyberpoliciesand
strengtheningcybersecuritymeasuresbetweenthetwocountries.Variousministriesandagenciestookpart,focusingonextensivediscussionsonbilateraloperationalcybersecuritycooperation,domestic
cyberpolicies,andJapan-UScooperationoncyber
non-fragmentedandsecurecyberspace.Theydiscussedtheiranalysisofthethreatandsharedthelatestdevelopmentsintheirrespective
cybersecuritypolicies.Thetwocountriesalso
talkedabouttheirprioritiesforongoingdiscussionsinvariousmultilateralforaanddiscussedthe
implementationofajointinitiativetoaddress
thethreatfromcommercialcyberproliferation.
Additionally,theydiscussedthestrengtheningofbilateralcoordinationinresponsetocyberthreats.
ResponsetotheWhiteHouse’sRequestonHarmonizingCybersecurityRegulations9
3.4D.Ongoinginternationalinitiatives
Pleaseidentifyanyongoinginitiativesbyinternationalstandardsorganizations,trade
groupsornon-governmentalorganizationsthatareengagedininternationalcybersecuritystandardizationactivitiesrelevanttoregulatorypurposes.Describethenatureofthose
activities.Pleaseidentifyanyexamplesofregulatoryreciprocitywithinaforeigncountry.
oftenincludeprotocolsandframeworksthat
enhancecybersecuritymeasures,suchas
encryption,authenticationandnetworksecurity.
Regulatorybodiesandorganizationsoftenrefer
toIETFstandardswhenformulatingcybersecurityregulations,astheyarewidelyrecognizedand
trustedintheindustry.IETFalsocollaborateswithotherorganizationsandstakeholderstoaddress
cybersecuritychallengesanddevelopsolutionstoensureasecureandresilientinternetinfrastructure.
InternationalOrganizationforStandardization
(ISO)andInternationalElectrotechnical
Commission(IEC)
TheISOandIECaretheworld’sleadingstandard-
settingbodies.WhiletheISOoverseesstandards
developmentacrossawidevarietyofindustries,the
IECspecializesinstandardizingsectorsrelatedto
electrical,electronicandrelatedtechnologies.Each
hasawell-establishedtrackrecordfordefining
industrynormsandbenchmarksthatareusedby
companiesaroundtheworld.
ConnectivityStandardsAlliance(CSA)17
TheISO/IEC27000serie
溫馨提示
- 1. 本站所有資源如無特殊說明,都需要本地電腦安裝OFFICE2007和PDF閱讀器。圖紙軟件為CAD,CAXA,PROE,UG,SolidWorks等.壓縮文件請下載最新的WinRAR軟件解壓。
- 2. 本站的文檔不包含任何第三方提供的附件圖紙等,如果需要附件,請聯(lián)系上傳者。文件的所有權益歸上傳用戶所有。
- 3. 本站RAR壓縮包中若帶圖紙,網(wǎng)頁內容里面會有圖紙預覽,若沒有圖紙預覽就沒有圖紙。
- 4. 未經(jīng)權益所有人同意不得將文件中的內容挪作商業(yè)或盈利用途。
- 5. 人人文庫網(wǎng)僅提供信息存儲空間,僅對用戶上傳內容的表現(xiàn)方式做保護處理,對用戶上傳分享的文檔內容本身不做任何修改或編輯,并不能對任何下載內容負責。
- 6. 下載文件中如有侵權或不適當內容,請與我們聯(lián)系,我們立即糾正。
- 7. 本站不保證下載資源的準確性、安全性和完整性, 同時也不承擔用戶因使用這些下載資源對自己和他人造成任何形式的傷害或損失。
最新文檔
- 2024-2030年全球與中國建筑玻璃膜消費規(guī)模預測及發(fā)展現(xiàn)狀調研報告
- 2024-2030年全球與中國加熱手柄行業(yè)深度調研及市場營銷創(chuàng)新咨詢研究報告
- 2024-2030年信息化行業(yè)并購重組機會及投融資戰(zhàn)略研究咨詢報告
- 2024出租鉆機設備合同
- 2024-2030年低熔點復合纖維行業(yè)市場現(xiàn)狀供需分析及投資評估規(guī)劃分析研究報告
- 2024-2030年企業(yè)NAS行業(yè)市場現(xiàn)狀供需分析及投資評估規(guī)劃分析研究報告
- 2024-2030年產(chǎn)業(yè)投資基金產(chǎn)業(yè)發(fā)展分析及發(fā)展趨勢與投資前景預測報告
- 2024-2030年二氧化碳監(jiān)測設備行業(yè)市場現(xiàn)狀供需分析及投資評估規(guī)劃分析研究報告
- 2024-2030年中國龍井茶行業(yè)盈利態(tài)勢及營銷趨勢預測報告
- 2024-2030年中國黑木耳提取物行業(yè)市場發(fā)展趨勢與前景展望戰(zhàn)略分析報告
- 【項目方案】源網(wǎng)荷儲一體化綠色供電園區(qū)項目規(guī)劃報告
- 2024年北京市第一次普通高中學業(yè)水平合格性考試物理試題(含答案解析)
- 醫(yī)學檢驗試題庫(Medical eamination questions bank)
- 宣傳片基本報價單三篇
- 《奇妙的溶解》幼兒園大班科學課件
- DB32T4004-2021水質 17種全氟化合物的測定 高效液相色譜串聯(lián)質譜法
- 2024年廣東河源市消防救援支隊政府專職消防員招聘筆試參考題庫附帶答案詳解
- Economics經(jīng)濟學常用詞匯
- 2024年4月自考00158資產(chǎn)評估答案及評分參考
- 3心包萬物(課件)-山東友誼出版社《中華優(yōu)秀傳統(tǒng)文化》六年級
- (正式版)JCT 2771-2024 水泥生產(chǎn)企業(yè)節(jié)能技術指南
評論
0/150
提交評論