imageWith the annual Black Hat (Vegas) conference providing extra focus on cybersecurity this week, but also eclipsing most other news, I want to call attention to the EastWest Institute publication of their report on the Second Worldwide Cybersecurity Summit: Mobilizing for International Action.

The EWI summit, held in London at the beginning of June, attracted more than 450 government, industry and technical leaders from 43 countries to craft new cybersecurity solutions.

CSOs, CIOs, IT professionals, academics, and international policy-makers working to maintain a healthy Internet and guarding resources against cyber threats may went to take a look at the wide range of topics covered in the the EWI summit report. Fortunately, the report is readable from the web, with a solid table of contents and lots of quotes and graphics to help you navigate through the information and find areas of special interest.

EWI held their first Cybersecurity Summit in 2010, and EWI’s cybersecurity initiative has gained participation from the United States, Chinese, Russian and Indian governments, along with other members of the Cyber40 (an informal grouping of the world’s most digitally-advanced nations), academic leaders, and industry professionals.

“The largest roadblock to cyber solutions is a lack of trust,” says John Mroz, EWI President. “EWI’s trademark for three decades has been bringing the people who need to work together into the same room to craft solutions to particular issues of common concern. Nowhere is this needed more than in the cybersecurity arena.”

To highlight how participant’s see the cybersecurity challenge, the report shares (flip to page 7) some interesting survey data from the 2010 and 2011 summits:image

  • 84% think that the cybersecurity risk we face today is higher than one year ago
  • 61% doubt that their country could defend against a sophisticated Cyber attack
  • 54% doubt their <business, organization, agency> could defend against a sophisticated Cyber attack
  • 70% believe that international policy and regulations lag far behind technology advances
  • 81% agree that bold steps are needed immediately to address lack of trust in ICT development and supply chain integrity

That last point, which I sometimes refer to as “Trusted Supply Chain” issues, was also one of the key areas of focus for Microsoft participation at the summit and in the recent post by Eric T. Werner, Global Cyber Supply Chain Management a Principal Security Strategist with the Trustworthy Computing group here at Microsoft.

The 50-page report includes information from the keynote presentation on Supply Chain Risk Management delivered by Scott Charney, Corporate Vice President, Trustworthy Computing, including his observation that: “The Internet is different in the sense that you don’t have to put assets at risk to engage in espionage. Spies can sit in their home country and exfiltrate terabytes of data quickly.”