Last week the World Economic Forum launched an initiative to help protect the digital environment by improving global resilience to major cyber risks.
The “Partnership for Cyber Resilience” is a set of shared principles, signed and endorsed by Chief Executives of companies which recognize the interdependence of all organizations in combating cyber risks in a hyperconnected world.
Cyber resilience, it says, “is defined as the ability of systems and organizations to withstand cyber events, measured by the combination of mean time to failure and mean time to recovery.”
The PCR Initiative’s steering board are:
- Ian Livingston, CEO, BT Group;
- Bill McCracken, CEO, CA Technologies;
- Michael Chertoff, former secretary of Homeland Security and now Managing Principal, Chertoff Group – a risk management and security consulting company;
- Robert Wainwright, Director, Europol (European Police);
- Natarajan Chandrasekaran, CEO & MD, Tata Consultancy Services
Here is a link to the press launch of this new initiative – http://www.weforum.org/videos/partnership-cyber-resilience-annual-meeting-2012
I recommend that you watch the first 5 minutes where Alan Marcus outlines this critical protection issue and commitment required from CEOs to cyber security.
“This initiative is essentially an attempt to immunize the Internet. The more stakeholders endorse and implement the principles the higher the chances to safeguard the digital environment.”
I recommend that you read the short 15 page PCR Principles and Guidelines document which includes a C-Suite Checklist on page 11.
In today’s Observer there is an article in which the Cabinet Office warns that the London Olympics could crash the internet. Fears of an internet meltdown during the London Games may lead to web access being rationed for British businesses
Additionally, BBC News Technology reported this week that Israel, Finland and Sweden are seen as leading the way in “cyber-readiness“, according to a major new security report. The McAfee-backed cyberdefence survey deemed China, Brazil and Mexico as being among the least able to defend themselves against emerging attacks.
ITIL 2011 Edition Service Design define resilience as – “The ability of an IT service or other configuration item to resist failure or to recover in a timely manner following a failure. For example, an armoured cable will resist failure when put under stress.”
Page 167 – The requirements for resilience in the IT infrastructure should always be considered at the time of service design. However, for many services, the resilience of the service is only considered after it is in live operational use. Incorporating resilience into service design is much more effective and efficient than trying to add it at a later date, once a service has become operational.
Business Continuity Resilience Services
The evolution of business resiliency management – A proactive guide to helping you strengthen your business resiliency management program
So you should now be aware of the new “Partnership for Cyber Resilience” initiative which will engender support among industry leaders to a common set of guidelines and principles. It is of interest that 3 of the 5 members of the Steering Board are CEOs of global Technology firms – BT, CA and TCS. The requirements that they have helped shape will need to be addressed by Global and National Service Providers.
In essence, the key question an internal / external service provider should ask is how “cyber-ready” are we to “protect and serve” the Business?