IGF 2018 WS #438
Enhancing Global Cyber Supply Chain Trust

Organizer 1: Yudong Yang, Microsoft
Organizer 2: Jong Hyuk Ro, Microsoft

Speaker 1: samantha Ravich, Civil Society, Western European and Others Group (WEOG)
Speaker 2: Sihan QING, Civil Society, Asia-Pacific Group
Speaker 3: Jing De Jong-Chen, Private Sector, Western European and Others Group (WEOG)
Speaker 4: Carolin Weisser, Civil Society, Western European and Others Group (WEOG)

Moderator

Jing De Jong-Chen (Female; WEOG)

Online Moderator

Alex Yudong Yang (Male; APG)

Rapporteur

Jong Hyuk Ro (Male; APG)

Format

Panel - 90 Min

Interventions

Each speaker’s views/perspectives/expertise are critical to achieving the purpose of this workshop, which is to share with the audience a comprehensive experience of independent and collective effort in addressing the challenges surrounding cyber supply chain trust via presentations and Q&As. Therefore, all speakers will be given equal opportunity to speak.

Diversity

The organizers of the workshop planned to highlight the global nature of cyber supply chain relationship by staging representatives of various stakeholders from both mass-manufacturing industry side (China, etc.) and market side (the US and EU/UK). Ethnic diversity and gender diversity has been considered in speaker choices. Efforts will be made to introduce new and/or different perspectives in discussions. 

The session will take a form of panel in which speakers will share experience and lessons learned in building the trust mechanism in countries with different political, economic, trade, industrial and technology interests and concerns. Between one-third (1/3) and one-half (1/2) of the time will be allotted to audience and online participants for comments and Q&As. Moderator will invite and encourage as much participation from the audience as allowable and orchestrate the use of 90 minutes appropriately.

The workshop report will provide references for the examples discussed during the session. 

Speakers :
Dr. Samantha Ravich (Confirmed), CSIF (Center on Sanctions and Illicit Finance) Board of Advisor, Senior Advisor, Foundation for Defense of Democracies (Female; WEOG; Civil Society)
Expertise: Leveraging Blockchain technology to protect supply chain integrity
Professor Sihan QING (Provisionally confirmed): Member, China Security Standard Committee (TC260) (Male; APG; Technical Community)
Expertise: China’s national standard on cyber supply chain risk management
Ms. Jing De Jong-Chen (Confirmed; Onsite Moderator), General Manager, Global Technology Advancement Group, Microsoft Corp (Female; WEOG); Private Sector)
Expertise: Considerations and Recommendations to increase trust
Ms. Carolin Weisser (Confirmed), Content Portal Manager, Global Cyber Security Capacity Centre, Oxford Martin School, University of Oxford (Female; WEOG; Technical Community)
Expertise: EU/UK approach to cyber supply chain risk management: Policies and Lesson Learned
(TBD), Officer, International Chamber of Commerce (TBC; WEOG; Private Sector)
Expertise: Trade Policy and Global Supply Chain Management: challenges and opportunities for collaboration
Agenda:
Length of session: 90 minutes

Moderator (TBD) will open the workshop by illustrate the purpose of this workshop and brief introduction of the speakers. (5 mins)
Moderator will engage with panel speakers in an interactive discussion in two (2) rounds of questions that will draw out the respective experience of each expert in establishing and implementing policies focusing on cyber supply chain trust building (40-55 mins)

Topics:
a)Risk Management: Best practices and experiences in applying methodologies like risk assessment, vulnerability management, etc.
b)Security, Control and privacy
c)Strategy: Cybersecurity framework
d)Technologies: Edge & cloud computing, blockchain, quantum computing, and AI
e)Laws and regulations
f)Global trust-mechanism building

Participants will be invited to join the discussion with comments and questions (30-45 mins)
Moderator will summarize the discussions and close the session (5 mins)

Seating: Speakers will be seated at the front of the room and participants will be seated in a class room style. Microphones will be provided to the audience during Q&A.

Media: PowerPoint slides will be projected to help audience grasp the key messages and takeaways.

Preparation: Organizers of the workshop will set up conference call(s) for all speakers in advance of the workshop to provide opportunity to meet with each other and prepare for the workshop.

Moderator: The moderator will give every participant, including online participants, equal opportunity to intervene during Q&A in close cooperation with the Online Moderator, who will encourage and facilitate participation by online participants.

Building and maintaining cyber supply chain trust is becoming a critical issue of increasing significance for global information society governance, linking up the main stakeholders like consumer, government and industry. A shared sense of trust in Global Cyber Supply Chains is a prerequisite for nurturing a healthy Internet economy and technology development. The increasing dependence on ICT products and services and the globalization of production and provision call for building such a trust mechanism.

Firstly, ICT products and services are central to interpersonal communications, business development and operations, and government services, to name but a few key areas of dependence. Moreover, as national-level digitization efforts proliferate and cutting-edge technologies, including AI, edge & cloud computing, blockchain, big data analytics, IoT (Internet of Things) & CPS (Cyber-Physical Systems), and quantum computing, introduce new capabilities to governments, the consumers, and businesses, this dependence on ICT products and services is likely to increase in the years to come. Secondly, cyber supply chains are global in nature, being a fruit of cooperation among a globally distributed, interconnected set of organizations, people, processes, products, and services.

Trust is fundamental to a harmonized cyberspace as it is a prerequisite for the adoption of cutting-edge technologies to protect global cyber supply chain from a rising tide of cyberattacks, in which the cyber supply chain is normally considered as the weakest link. Those attacks are perpetrated both by nation states and independent cyber-criminal actors. Governments, in turn, often seek to bolster supply chain security by simply prohibiting the import of technology components and services from the target countries, rather than developing a long-term, internationally-accepted approach to supply chain security assurance. As a result, we stand at a crossroads. The nations of the world can work together to create a harmonized global supply chain trust mechanism, or they can continue to act unilaterally, undermining international cyberspace governance and technology development. Hence, the cyber supply chain trust between major manufacture countries and market regions becomes more and more critical.

Recently, the trade tensions are rising between the U.S. and its major trading partners as the American government adopts new, impact-driven policies. Considering that the US and China are major suppliers of ICT goods and services to each other and to the world, it is challenging for the consuming parties of these goods and services to come up with effective solutions to address the growing distrust without accelerating the already obvious trend of nationalistic approaches towards creating countermeasures.

Even though global supply chain is already haunted by domestic policies of both countries, their technology competition in the global arena leads to orgies of distrust between the two giants. Multinational organizations (including corporations) based in both countries, for their part, continue to contest for talents, market access and profits across geographic borders. In consequence, the state of global commerce based on the free flow of goods and services may be altered or disrupted by a dis-trusted supply chain. Growing divides in political and economic ideology stemming from national orientation may ultimately destroy the confidence in technology. Even though the U.S vis-à-vis China case is an obsolete example, it is a global and strategic issue which, eventually, may cause chaos in cyberspace.

This workshop is organized to address these issues by offering a forum for exchanging different views towards trust-building in global cyber supply chains. It looks at the policy responses of the U.S. and China, the world’s two largest economies, and concludes by proposing a set of principles and best practices that may be adopted to support policymakers and industry stakeholders as they consider how best to move forward in addressing supply chain security-related concerns.

This process will be reinforced with audience participation in the form of comments and Q&As. The participants are expected to take away the insights and lessons learned, which would contribute to addressing their own challenges and, eventually, promoting international cooperation for Internet governance. 

In the previous workshop (IGF 2017 WS 15), the panel of speakers representing government agencies, academia, and industry shared the lessons learned from multistakeholder cooperation on emergency response for the benefit of the participants in implementing their own cybersecurity policies. This workshop builds on the previous workshop to address an imminent, broader and more complex issue of enhancing global cyber supply chain trust involving national security as well as trade aspects of cybersecurity.

Online Participation

Online Moderator will be designated to guide online participants make comments and raise questions prior to and during the workshop, especially during the Q&A. Moderator will be instructed to communicate frequently with Online Moderator to ensure online participation.