CSISAC Took Part in the OECD Workshop on Digital Security and Resilience in Critical Infrastructure and Essential Services

February 23, 2018

The CSISAC has been invited by the OECD CDEP to take part in the OECD Workshop on Digital Security and Resilience in Critical Infrastructure and Essential Services. Lucy Purdon from CSISAC member Privacy International attendeded in the meeting in behalf of the CSISAC.

The CSISAC notes the unprecedented risks faced by citizens and consumers in developing countries, due to data intensive initiatives lacking adequate security and privacy/ data protection frameworks. Cashless payment systems, biometrics, or credit scoring exemplify some of the ongoing potential risks of exclusion. The OECD privacy, security and cryptography guidelines provide useful directions to follow.

Fintech, energy and transport infrastructures, together with public services, present the biggest challenges. Market structures should allow governmental management of risk, including consistent reporting on data breaches and vulnerability disclosures. The lack of a common categorisation of critical infrastructures makes it difficult to address the issues of security and resilience. The CSISAC strongly encourages the reinforcement of the ongoing work at the OECD on the measurement and analysis of the digital economy, continuing the previous work on measuring critical infrastructures.

The CSISAC strongly disagrees with the notion of implementing resilience by enabling backdoors in systems, specially where it regards to breaking cryptography. This counterproductive approach bounces back when systems are compromised. It is not possible to entirely prevent data breaches, security failures or cyber-attacks. Instead of introducing vulnerabilities, resilience can be better built by enacting consistent and timely privacy, data protection and security frameworks; from technologies providing privacy and security by design, and by continuous stakeholder involvement. The CSISAC will continue fostering effective resilience in line with the Civil Society Goals, and the OECD many instruments, notably the Cryptography Guidelines, the Privacy Recommendation, and the Security Guidelines.