Workshop on Digital Security and Resilience in Critical Infrastructure and Essential Services:
Digital Security in Energy, Transport, Finance, Government, and SMEs

‌  15-16 February 2018  OECD, Paris

    >>  Download the full agenda (pdf). Presentations are available below.

    >>  Speaker bios (pdf)

    >>  Following the event, a document will be developed including key messages from the workshop discussions, an issues paper, and the workshop proceedings.

About the event

This workshop discussed the effects of growing digital transformation on the resilience of critical infrastructures and essential services which rely increasingly on cross-border digital infrastructures. It explored cross-sector dependencies and avenues for co-ordination among stakeholders within countries as well as across borders.
 

It also looked at how an integrated whole-of-government approach to digital transformation of the economy and society can best help address the protection of critical infrastructures and essential services against digital security risk.


In particular, issues and challenges discussed included:

  • To what extent is digital transformation changing the protection of critical information infrastructures and the management of digital security risk? How is the risk evolving along the value chain, including beyond/across sectors? Are "hybrid threats" as well as threats against confidentiality and privacy becoming increasingly challenging in relation to the protection of critical infrastructures and essential services against digital security risks? What is the role of individuals?
     
  • To what extent are cross-border and cross-sector interdependencies addressed? How can stakeholders take into account globally distributed digital infrastructures (e.g. Cloud computing) as well as potential systemic risk from widespread vulnerabilities (e.g. Meltdown and Spectre)?
     
  • What are good policy practices to encourage digital security risk management by all organisations, including SMEs? What is the right balance between mandatory and voluntary policy measures to protect critical infrastructures and essential services? What should be the respective roles of digital security agencies, public safety departments and sectoral regulators? Are SMEs a weak link in essential services' value chains?
     
  • How can governments foster trust with and among private operators to enable information sharing on threats, vulnerabilities and incidents? How can they encourage information sharing between operators competing in the same sector? How can SMEs be included in trust frameworks?

  

The workshop brought together experts from several policy communities focusing on digital security, energy, finance, transports, national risk management and SMEs in a collaborative discussion, cutting across silos of expertise, with a view to identifying common high-level policy messages for the OECD Going Digital project.
  

Due to space constraints at the event venue, participation was by invitation only. The workshop proceedings will be published online at a later date. For further information please contact us

 

See also

Presentations

Session 2. Digital security risks to energy infrastructure

Standards: Key for digital security of critical infrastructure. Richard Schomberg, IEC Ambassador for Smart Energy, International Electrotechnical Commission

Blockchain and digital security in energy. Dr. Ana Trbovich, Co-founder, GridSingularity; Foundation Council Member, Energy Web Foundation (EWF)

Starting from the basics: cybersecurity awareness campaigns in the electricity and energy sector. Stefano Bracco, EU Agency for the Cooperation of Energy Regulators (ACER)

 

Session 3. Digital security risks to transport infrastructure: Automated vehicles

Digital security risks to transport infrastructure: Automated vehicles. Eva Molnar, former Director of the Transport Division of the United Nations Economic Commission for Europe (UNECE)

Cybersecurity threats in connected and automated vehicles. Gereon Meyer, VDI/VDE Innovation + Technik GmbH

Future-proof security: Automated vehicles - the good, the bad and the ugly. Sebastian Rohr, CEO, accessec GmbH

Digital security risks to transport infrastructure: Automated vehicles. Henrik Kiertzner, Principal Consultant Cybersecurity, SAS Institute

Enhancing automotive cybersecurity in Europe. Dimitra Liveri, Network and Information Security Expert, European Union Agency for Network and Information Security (ENISA)

 

Session 4. Digital security risks to government and public services

CIIP (critical information infrastructure protection) in Korea. Chaetae Im, Senior Researcher, Korea Internet & Security Agency / Korea Internet Security Center (KISC)

EE-ISAC information sharing in a network of trust. Johan Rambi, Corporate Privacy & Security advisor, Alliander

 

Session 5. Whole-of-government approaches to digital security in critical infrastructure and essential services

Supply/value chains as PPP, blockchains (security & resilience). George Sharkov, Director of ESI Center Eastern Europe; Representative of the European Digital SME Alliance 

Critical infrastructure partnership overview. Christopher Boyer, Assistant Vice-President of Global Public Policy, AT&T Services, Inc.