We are signing for Cybersecurity
The digital world is changing everything. It’s improving our lives and economies;
at the same time, the risk of exposure to cyberattacks is growing dramatically.
That’s why we are joining forces and have established the Charter of Trust.
Our principles
1 Ownership of cyber and IT security | Anchor the responsibility for cybersecurity at the highest
governmental and business levels by designating specific ministries and CISOs. Establish clear measures
and targets as well as the right mindset throughout organizations – “It is everyone’s task.”
2 Responsibility throughout the digital supply chain | Companies – and if necessary – governments
must establish risk-based rules that ensure adequate protection across all IoT layers with clearly defined and
mandatory requirements. Ensure confidentiality, authenticity, integrity, and availability by setting baseline
standards, such as
· Identity and access management: Connected devices must have secure identities and safeguarding
measures that only allow authorized users and devices to use them.
· Encryption: Connected devices must ensure confidentiality for data storage and transmission purposes
wherever appropriate.
· Continuous protection: Companies must offer updates, upgrades, and patches throughout a reasonable
lifecycle for their products, systems, and services via a secure update mechanism.
3 Security by default | Adopt the highest appropriate level of security and data protection and ensure
that it is preconfigured into the design of products, functionalities, processes, technologies, operations,
architectures, and business models.
4 User-centricity | Serve as a trusted partner throughout a reasonable lifecycle, providing products,
systems, and services as well as guidance based on the customer’s cybersecurity needs, impacts, and risks.
5 Innovation and co-creation | Combine domain know-how and deepen a joint understanding between
firms and policymakers of cybersecurity requirements and rules in order to continuously innovate and adapt
cybersecurity measures to new threats; drive and encourage i.a. contractual Public Private Partnerships.
6 Education | Include dedicated cybersecurity courses in school curricula – as degree courses in
universities, professional education, and trainings – in order to lead the transformation of skills and job
profiles needed for the future.
7 Certification for critical infrastructure and solutions | Companies – and if necessary – governments
establish mandatory independent third-party certifications (based on futureproof definitions, where life
and limb is at risk in particular) for critical infrastructure as well as critical IoT solutions.
8 Transparency and response | Participate in an industrial cybersecurity network in order to share new
insights, information on incidents et al.; report incidents beyond today’s practice which is focusing on
critical infrastructure.
9 Regulatory framework | Promote multilateral collaborations in regulation and standardization to set a
level playing field matching the global reach of the WTO; inclusion of rules for cybersecurity into Free Trade
Agreements (FTAs).
10 Joint initiatives | Drive joint initiatives, including all relevant stakeholders, in order to implement the
above principles in the various parts of the digital world without undue delay.
www.charter-of-trust.com
/www.charter-of-trust.com