ETDAofficialRegist, profile picture
Uploaded byETDAofficialRegist
331 views

APEC Framework for Securing the Digital Economy

The document outlines the APEC framework for securing the digital economy, emphasizing principles like awareness, responsibility, cooperation, and privacy to enhance digital security across member economies. It details strategies for digital security risk management, the development of economy strategies, fostering resilient critical information infrastructure, and strengthening cooperation among stakeholders. The aim is to promote innovation, economic integration, and trust in digital technologies while addressing cybersecurity challenges collaboratively.

Embed presentation

Download to read offline
1 Foreword.....................................................................................................................2 Preamble.....................................................................................................................3 Scope and Application...........................................................................................5 Principles.....................................................................................................................7 Awareness...............................................................................................................................7 Responsibility.......................................................................................................................7 Cooperation...........................................................................................................................8 Privacy.......................................................................................................................................8 Strategies....................................................................................................................9 I. Digital Security Risk Management.......................................................................9 II. Develop Economy Strategies....................................................................................11 III. Resilient Critical Information Infrastructure (CII)........................................12 IV. Strengthen Collaboration............................................................................................12 V. Digital User Empowerment.......................................................................................13 VI. Digital Security Technologies for Trust...............................................................14 VII. Personal Data Security...................................................................................................14 Acknowledgement..................................................................................................15 Contents Table of
2 FOREWORD Digital economy offers many possibilities for APEC member economies, including opportunities in electronic commerce and digital trade. The Internet and the digital economy enable greater economic integration, more innovation, as well as robust, sustainable, and inclusive economic growth for the Asia-Pacific region. To achieve these objectives, the 2016 APEC Leaders Declaration noted1 : We will collaborate to unleash the potential of the digital economy and strongly support an accessible, open, interoperable, reliable and secure ICT environment as an essential foundation for economic growth and prosperity. We will continue to promote policy and regulatory environment to ensure ICT security, data and privacy protection by developing interoperable and flexible frameworks. … and the 2017 APEC Ministerial Statement also noted2 : We welcome the implementation of the Telecommunications and Information Working Group (TEL) Strategic Action Plan 2016 - 2020. We support the continued development of information technology and communications, promoting a secure, resilient and trusted information and communications technologies (ICT) environment. We stress the importance of capacity building and the application of new technologies to promote innovative and inclusive growth. We commend TEL for its coordination with other fora to develop a safe and reliable information technology enviroment. Recognizing that APEC is an economic cooperation forum, the APEC Framework for Securing the Digital Economy (“the Framework”) provides non-binding principles and strategic recommendation to inform member economies as they develop policy and regulatory frameworks to secure their digital economies, and their digital futures. 1 https://www.apec.org/Meeting-Papers/Leaders-C 2 https://www.apec.org/Meeting-Papers/Annual-Ministerial-Meetings/2017/2017_amm
3 1) Preamble 1. The 10th Ministerial Meeting on Telecommunications and Information (APEC TELMIN10) endorsed the APEC TEL Strategic Action Plan 2016-2020 with 5 Priority Areas that include: Develop and support innovation; Promote a secure, resilient and trusted ICT environment; Promote regional economic integration; Enhance the digital economy and the Internet economy; and Strengthen cooperation. APEC member economies recognize the important role that digital security plays in protecting their economies and enabling socio-economic development. 2. To enable accelerated and sustained growth for the economy in the Asia-Pacific region, member economies should take steps to foster digital security in order for digital economy to support innovation3 . 3. Recalling that in 2002, APEC Leaders made specific commitments to establish legal and regulatory frameworks, including “the enactment of domestic cybersecurity laws, the development of domestic computer security incident response teams, and the promotion of international cooperation to strengthen cybersecurity and combat cybercrime.”4 Ministers also endorsed the APEC Cybersecurity Strategy, developed by the APEC Information Working Group, in 2002. The APEC Cybersecurity Strategy identified six areas: legal developments, information sharing and cooperation initiative, security and technical guidelines, public awareness, training and education, and wireless security to “serve as the basis of APEC’s efforts on cybercrime and critical infrastructure protection.”5 4. Also recalling in 2005, APEC Senior Officials endorsed the APEC Strategy to Ensure a Trusted and Sustainable Online Environment. The 2005 strategy encouraged APEC member economies to take actions in several areas, including security awareness for users, cohesive domestic strategies, cooperative efforts among economies, building partnerships among government, industry, academics and others, and ensuring that legal and policy frameworks address substantive, procedural, and mutual assistance arrangements. 5. Also recalling in 2013, the joint APEC-OECD Symposium on Security Risk Management in the Internet Economy6 to exchange views on policy issues and trends related to managing security risk for economic and social prosperity in the digital economy. 3 2016 APEC Leaders Declaration: “We recognize that innovation is a key driver of quality growth. In this regard, we encourage efforts to identify new growth engines, and will embrace the opportunities brought forth by sectors such as the Internet and Digital Economy.” 4 APEC Strategy to Ensure Trusted, Secure and Sustainable Online Environment 5 APEC Cybersecurity Strategy 6 http://www.oecd.org/officialdocuments/publicdisplaydocumentpdf/?cote=DSTI/ICCP/REG(2014)1&doclan guage=en
4 6. Having regard to the 2004 APEC Privacy Framework7 endorsed by APEC Leaders and updated in 20158 which aims to promote electronic commerce throughout the Asia-Pacific region and reaffirms the value of privacy to individuals and society. And, noting the security safeguards in the APEC Privacy Framework provide a foundation for the security of personal information. 7. Recalling that the APEC Internet and Digital Economy Roadmap which was endorsed in 2017 put “enhancing trust and security in the use of ICTs” into the key focus areas. It recommends that the public and private sectors, and other stakeholders, including academia, should work together to enhance trust and security in the use of ICTs, while taking advantage of the benefits of modern digital systems. 8. Recognizing that the underlying objective of this Framework is to foster economic and social prosperity within the region. 9. Building on past endorsements and commitments from the APEC Economic Leaders, the APEC Framework for Securing the Digital Economy provides agreed high-level principles and specific strategies to: enable greater economic integration in the region, promote innovation, and provide a solid foundation for a growing digital economy. Through the collaboration and collective effort of member economies and other participants in the digital economy, cybersecurity challenges can be effectively addressed. 10. Recognizing and building on the important work done by regional groupings in the Asia-Pacific region such as ASEAN, which among others include the ASEAN Cybersecurity Cooperation Strategy, which provides a roadmap to strengthen cybersecurity cooperation on cybersecurity incident response, Computer Emergency Response Team (CERT) policy and coordination, and cybersecurity capacity building; the ASEAN Regional Forum Inter-Sessional Meeting on Security of and in the Use of ICTs (ARF ISM-ICT) which focuses on the implementation of the 2015 ARF Work Plan on Security of and in the Use of ICTs; and the ASEAN Leaders’ Statement on Cybersecurity Cooperation, which tasks relevant Ministers from all ASEAN Member States to recommend feasible options to better coordinate ASEAN’s cybersecurity efforts among various platforms of the three pillars of ASEAN and to make progress on discussions relating to the adoption of practical, voluntary and non-binding norms of responsible State behaviour in cyberspace, taking reference from recommendations set out in the 2015 Report of the United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UNGGE). 7 https://www.apec.org/Publications/2005/12/APEC-Privacy-Framework 8 https://www.apec.org/Publications/2017/08/APEC-Privacy-Framework-(2015)
5 2) Scope and Application 11. The purpose of Part 2 of the APEC Framework for Securing the Digital Economy is to make clear the extent of the coverage of the Principles and Strategies. 12. For the purpose of this Framework: • Digital security refers to the availability, integrity and confidentiality of digital infrastructure, software, communications, and data that supports economic and social activities and services. • Digital security risk refers to the likelihood of detrimental effects on economic and social activities resulting from threats and vulnerabilities in the digital environment. It is not possible to create an entirely safe and secure digital environment conducive to prosperity and growth. There is always some level of digital security risk. However, risk can be reduced to an acceptable level considering the economic and social activity at stake and the context. Digital security risk has great economic and social significance: it includes loss of business reputation, money, innovation, opportunities, and privacy, as well as disruption of operations, and destruction of physical assets and physical harm to people. Since there will always be residual security risk that has to be accepted, it is important to also be prepared to mitigate the effect of incidents. For example, encrypting stored personal information could prevent its misuse in the event of a data breach. • Digital security risk management refers to actions taken by organizations, individuals or economies to address digital security risks while maximizing opportunities. Digital security depends not only on how well digital security risks are managed by an individual, organization or economy, but also on how well these actors manage the digital security risks they may pose to others, whether through their action, or inaction. 13. As the social, cultural, economic, and legal backgrounds of each member economy may differ, there should be flexibility in implementing these Principles and Strategies. A common principles-based approach and a mutual interest in the management of digital security risks among APEC members will strengthen the resilience of APEC digital economies and greatly facilitate electronic commerce and explore opportunities for digital trade within, and beyond, the region. 14. This Framework addresses digital security as it relates to economic and social prosperity. The Principles and Strategies in the Framework focus on those aspects of digital security that are most important for safeguarding the digital economies.
6 15. Exceptions to the Principles and Strategies in the Framework should be: a. in accordance with the law; and b. made known to the public. 16. The Principles and Strategies in the Framework should be interpreted as a whole, rather than individually. The Principles and Strategies work closely together as parts of a holistic approach to digital security. 17. While recognizing the importance of protecting the digital economy and strengthening user trust, the Framework is not intended to impede governmental activities authorized by law when taken to protect security, public safety, or other public policy. At the same time, economies take into consideration, as appropriate, the possible economic and social impact of these activities on the digital economy, individuals and organizations’ trust in digital technologies and the economic and social activities that rely on them, as well as the responsibilities and legitimate interests of individuals and organizations.
7 3) Principles 18. Member economies are encouraged to consider the following principles in developing policies to secure their digital economies: Awareness Awareness is the first step towards better digital security. 19. Participants in the digital economy should have a sufficient understanding of digital security risk. They should also understand how to minimize the digital security risk their actions or inactions can create to others. Also, they should be empowered to assess and manage the risk they face. Responsibility Digital security is a shared responsibility. 20. Participants in the digital economy should act responsibly and be accountable, based on their roles, the context, and their ability to act, for the management of digital security risk to ensure trust, and economic and social prosperity. APEC FRAMEWORK FOR PRINCIPLES OF 4Awareness Privacy Cooperation Responsibility SECURING THE DIGITAL ECONOMY
8 Cooperation Cooperation is essential to effectively manage digital security risk. 21. Regional and global interconnectedness means that the security of the digital economy is dependent on the actions of everyone involved. Successfully managing digital security risk will require cooperation. Cooperation should include all relevant stakeholders and extend across borders. International cooperation is vital for effective cyber-resilience as cyber security threats and challenges are multi-jurisdictional with no adherence to or recognition of economy boundaries. Privacy Privacy protection and digital security should reinforce each other. 22. Privacy and security are one of the central considerations for building trust and confidence in the Internet and digital economy. Economies should adopt or strengthen measures for privacy protection. Digital security measures should be consistent with the principles in the APEC Privacy Framework. Where possible, they should strengthen privacy protection.
9 4) Strategies I. Digital Security Risk Management 23. A risk management approach should be taken to strengthen digital security. In organizations, digital security risk management should be an integral part of economic and social decision-making processes that includes an overall policy framework to manage all risks related to economic and social activities. Digital security risk management relies on a holistic, systematic and flexible set of cyclical and iterative processes that are as transparent and explicit as possible. This set of processes helps to ensure that digital security risk management measures (“security measures”) are appropriate to, and commensurate with, the risk, and the economic and social objectives at stake. Personal Data Security Digital Security Risk Management Digital Security Technologies for Trust Resilient Critical Information Infrastructure (CII) Strengthen Collaboration Develop Economy Strategies Digital User Empowerment 7 Strategies
10 24. To manage digital security risk, stakeholders should conduct regular risk assessments for each of their activities that uses digital technologies. On the basis of each risk assessment, they should decide how to treat the digital security risk related to this activity. Risk treatment is generally a mix of four possibilities: taking the risk and facing the negative consequences in case of an incident; reducing the risk by adopting security and preparedness measures; transferring the risk for example through insurance contracts; or avoiding the risk by not using digital technologies. 25. Digital security risk assessment should guide the selection, operation and improvement of security measures to reduce the digital security risk to an acceptable level determined by the risk assessment and treatment. The selection of security measures should take into account their potential negative and positive impact on the economic and social activities they aim to protect and on the legitimate interests of others. All types of measures should be considered, whether they are physical, digital, or related to people, processes or technologies involved in the activities. Organizations in APEC economies should seek out and appropriately address vulnerabilities as soon as possible. 26. Preparedness measures are based on the recognition that incidents will happen. These measures are essential to ensure the resilience of the economic and social activities that rely on digital technologies. Based on digital security risk assessment, a preparedness and continuity plan including response should be developed, adopted and tested to reduce the adverse effects of digital security incidents, and support the continuity and resilience of economic and social activities. The plan should identify measures to protect, detect, respond and recover from digital security incidents. It should provide mechanisms to ascribe clear levels of escalation based on the magnitude and severity of the effects of digital security incidents, as well as their potential to extend to others in the digital environment. 27. Innovation should be considered integral to reducing digital security risk to an acceptable level determined by the risk assessment and treatment. It should be fostered both in the design and operation of the economic and social activities that rely on the digital environment as well as in the design and development of security measures. 28. APEC member economies are encouraged to: • Promote best practices and procedures for digital security risk management that are publicly available. • Support an economy digital security risk management approach strategy, including the protection of Critical Information Infrastructure (CII). • Promote a digital security risk management approach among all stakeholders by engaging in capacity building activities, including the development and/or adoption of globally recognized standards and best practices. • Lead by example by using a digital security risk management approach in the public sector.
11 • Promote information sharing around current risks and risk management practices among stakeholders and member economies through economy-level Computer Security Incident Response Teams (CSIRTs) and other networks. • Promote cooperation, analysis and research into the coexistence of diverse laws on the cross-border digital economies. II. Develop Economy Strategies 29. In view of the interest of economies in maximizing the economic and social benefits of digital technologies, economy strategies for digital security should foster trust in digital technologies and the activities that rely on them and create the conditions for participants in the digital economy to manage their digital security risk. 30. Economy strategies for digital security: a. Should be supported at the highest level of government. They should articulate a clear and transparent “whole of government” approach that is flexible, technology-neutral and coherent with other strategies that foster economic and social prosperity; b. Should be developed through a coordinated, open intra-governmental approach as well as a transparent process involving all stakeholders. They should be reviewed regularly and updated based on experience and best practices; c. Should take into account the variety of participants in the digital economy, including the large number of micro, small and medium-sized enterprises (MSMEs) who may not have the same abilities and resources to manage digital security risk as governments or large corporations; d. Should promote an approach to digital security risk management that does not increase the risk to other economies; e. Should work in complement with technical cybersecurity methodologies and guidelines; f. Should enable customization to address specific sectors and industries; g. Should allow for evolution and be flexible to keep pace with law, regulation, policy, technology, and risk, as well as encourage the adoption of lessons learned, best practices, and innovative new technologies; and h. Should encourage the utilization of broadly accepted and globally recognized standards.
12 31. APEC member economies are encouraged to: • Provide incentives to stakeholders to manage digital security risk, and to increase market transparency and efficiency. • Foster innovation in digital security risk management. • Promote collaboration among all stakeholders, including MSMEs, to help protect the digital economy. • Promote security measures based on a risk-based approach. • Promote awareness of digital security risk among their citizens, with an emphasis on vulnerable groups. III. Resilient Critical Information Infrastructure (CII) 32. The resilience of critical information infrastructure is essential to the sustained growth of the digital economy and the provision of essential services such as e-government. 33. APEC member economies are encouraged to: • Develop and apply a set of criteria for identifying CII. • Apply a digital security risk management approach to protect CII and encourage stakeholders to do so as well. IV. Strengthen Collaboration 34. Given the cross-cutting and multi-disciplinary nature of digital security, collaboration and coordinated actions among sets of stakeholders are necessary to manage digital security risks, especially across borders. Actions should be taken to promote greater collaboration and understanding among stakeholders, APEC member economies and beyond. 35. CSIRTs play an important role in helping economies and organizations manage digital security risk by identifying and raising awareness of digital security vulnerabilities, threats and incidents, helping organizations recover from attacks and identifying the steps stakeholders can take to respond to digital security incidents. CSIRTs also cultivate a community of security professionals where information on digital security risk and risk management practices can be shared and exchanged.
13 36. APEC member economies are encouraged to: • Participate in relevant regional and international fora and establish relationships to share experience and best practices, as appropriate. • Develop or strengthen existing economy Computer Security Incident Response Teams (CSIRTs). • Provide assistance, on a voluntary basis, to other member economies in addressing common digital security challenges with the participation of other stakeholders. • Establish CSIRT points of contact for addressing cross-border requests relating to digital security risk management issues in a timely manner. • Work together to improve responses to domestic and cross-border threats, including through CSIRTs co-operations, coordinated exercises and other tools for collaboration. • Encourage responsible vulnerability research and reporting mechanisms. • Promote co-ordination and active participation among stakeholders in addressing identified vulnerabilities. V. Digital User Empowerment 37. Participants in the digital economy should be empowered with the education and skills necessary to understand digital security risk, how to help manage it, to evaluate the potential impact of their digital security risk management decisions on their security and the security of the digital economy. 38. Recognition of the impacts that their own action, or inaction, could have on the security of themselves and others is core to strengthening the security of stakeholders and the wider digital economy. 39. APEC member economies are encouraged to: • Support and develop a skilled digital security workforce, including through providing resources for security education and certification programs. • Introduce digital literacy into educational curriculums. • Promote the use of security best practices and globally recognized standards. • Foster information sharing among stakeholders. • Coordinate capacity building activities to avoid duplicate effort.
14 VI. Digital Security Technologies for Trust 40. APEC member economies should support the innovation, development and use of technologies to protect data confidentiality, support authentication and authorization, data integrity, and tamper-detection and resistance to strengthen the digital economy against digital security threats. 41. APEC member economies are encouraged to: • Train individuals and organizations to raise awareness to reduce digital security risks. Foster the open development of and access to “easy-to-use” tools that enable users to secure their data and transactions. • Encourage online service providers to protect the security of their customers’ data and communications by adopting best practices and/or globally recognized standards. VII. Personal Data Security 42. Digital security is essential to protect privacy. Digital security risk management provides a robust foundation to implement the Security Safeguards principle of the APEC Privacy Framework. More generally, the APEC Privacy Framework and this Framework mutually reinforce each other. 43. APEC member economies are encouraged to: • Approach cybersecurity and privacy holistically.
15 Acknowledgement The team wishes to thank the APEC TEL Working Group Executive Committee, members of the Security and Prosperity Steering Group (SPSG) and the volunteer drafting team for their contribution and support. This work was made possible by resources and funding support from the Electronic Transactions Development Agency, Ministry of Digital Economy and Society, Thailand.
APEC Framework for Securing the Digital Economy

More Related Content

PDF
The Value of E-Commerce Survey in Thailand 2018
byETDAofficialRegist
 
PDF
Thailand Internet User Behavior 2019
byETDAofficialRegist
 
PDF
Thailand internet user_profile_2017_final
byETDAofficialRegist
 
PDF
Thailand Internet User Profile 2018 (English Version)
byETDAofficialRegist
 
PDF
The Value of E-Commerce Survey in Thailand 2017
byETDAofficialRegist
 
PDF
mHealth Israel_China Internet Development 2014
byLevi Shapiro
 
PDF
Thailand ICT Overview Q2 2013
byIMC Institute
 
PDF
The Value of E-Commerce Survey in Thailand 2017
byETDAofficialRegist
 
The Value of E-Commerce Survey in Thailand 2018
byETDAofficialRegist
 
Thailand Internet User Behavior 2019
byETDAofficialRegist
 
Thailand internet user_profile_2017_final
byETDAofficialRegist
 
Thailand Internet User Profile 2018 (English Version)
byETDAofficialRegist
 
The Value of E-Commerce Survey in Thailand 2017
byETDAofficialRegist
 
mHealth Israel_China Internet Development 2014
byLevi Shapiro
 
Thailand ICT Overview Q2 2013
byIMC Institute
 
The Value of E-Commerce Survey in Thailand 2017
byETDAofficialRegist
 

What's hot

PDF
Jurnal jmm -volume-9-no.1-june-2019
byskhariv
 
PDF
Thailand FinTech landscape report
byVarun Mittal
 
PDF
Adoption of Ict in the Tourism and Hospitality Sector In Zimbabwe
bytheijes
 
PDF
Effect of Electronic Accounting on Operations of Selected Commercial Banks in...
byijtsrd
 
PPTX
Ban of chinese apps
byRishabh878689
 
PPTX
Service quality of ‘mobile telecom service provider’
byShubham Ahirwar
 
PDF
A Study on Customer Satisfaction of Mobile Wallet Services Provided by Paytm
byDr. Amarjeet Singh
 
PDF
Industry Outlook on India's telecom and broadcast industries, 2018
byVidya S Nath
 
PDF
AN EVALUATION OF THE PERCEIVED BENEFITS OF ELECTRONIC BUSINESS ADOPTION IN TH...
byectijjournal
 
PDF
Digital Enterprise 2019
byThe Business Council of Mongolia
 
PDF
Challenges to the Implementation of It Governace in Zimbabwean Parastatals
bytheijes
 
DOCX
IMPLEMENTATION OF INTERNAL CONTROL INFORMATION SYSTEM IN TRAVELOKA COMPANY
byTashyamrsty
 
PDF
Georgia Annual state IT report 2016
byState of Georgia
 
PDF
E-Commerce Site and Its Development
byIRJET Journal
 
PPTX
Eservice
bySivanangai Uruththiramoorthy
 
PDF
Digital Economy in Indonesia: Prospect, Challenges, and Research Agenda
byWirawan Agahari
 
PDF
B381118
byaijbm
 
Jurnal jmm -volume-9-no.1-june-2019
byskhariv
 
Thailand FinTech landscape report
byVarun Mittal
 
Adoption of Ict in the Tourism and Hospitality Sector In Zimbabwe
bytheijes
 
Effect of Electronic Accounting on Operations of Selected Commercial Banks in...
byijtsrd
 
Ban of chinese apps
byRishabh878689
 
Service quality of ‘mobile telecom service provider’
byShubham Ahirwar
 
A Study on Customer Satisfaction of Mobile Wallet Services Provided by Paytm
byDr. Amarjeet Singh
 
Industry Outlook on India's telecom and broadcast industries, 2018
byVidya S Nath
 
AN EVALUATION OF THE PERCEIVED BENEFITS OF ELECTRONIC BUSINESS ADOPTION IN TH...
byectijjournal
 
Digital Enterprise 2019
byThe Business Council of Mongolia
 
Challenges to the Implementation of It Governace in Zimbabwean Parastatals
bytheijes
 
IMPLEMENTATION OF INTERNAL CONTROL INFORMATION SYSTEM IN TRAVELOKA COMPANY
byTashyamrsty
 
Georgia Annual state IT report 2016
byState of Georgia
 
E-Commerce Site and Its Development
byIRJET Journal
 
Eservice
bySivanangai Uruththiramoorthy
 
Digital Economy in Indonesia: Prospect, Challenges, and Research Agenda
byWirawan Agahari
 
B381118
byaijbm
 

Similar to APEC Framework for Securing the Digital Economy

PPTX
OECD
bypragati241997
 
PPTX
Cyber Security - Awareness Presentation - High Level
bybbothma718
 
PPTX
Securing the Digital Economy: Reinventing the Internet for Trust
byAccenture Insurance
 
PPTX
National cyber security policy final
byIndian Air Force
 
PPTX
The Need for Information Security (powerpoint)
bydrpiyushmaheshwari1
 
PPT
CsecS3-p1-webling.ppt
byParasSehgal12
 
PPTX
Malcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics
byIrish Future Internet Forum
 
PDF
Planning the Next Lap of ASEAN’s Digital Masterplan 2025 (Lim May-Ann)
byTRPC Pte Ltd
 
DOCX
ITC568 Cloud Privacy and SecurityThe Cloud Security Ecosyste.docx
bychristiandean12115
 
PPTX
CNCERT Conference 2017: Capacity development in the Asia Pacific
byAPNIC
 
PPTX
Securing the Digital Economy: Reinventing the Internet
byaccenture
 
PDF
Securing the digital economy
byaccenture
 
PDF
Securing the Digital Economy: Reinventing the Internet
byaccenture
 
PDF
Securing the Digital Economy: Reinventing the Internet
byaccenture
 
PDF
ISOC Update
byAPNIC
 
PPTX
CTO-CybersecurityForum-2010-Richard Simpson
bysegughana
 
PPT
Alberta's Approach To An Itm Control Framework
byGovernment Technology Exhibition and Conference
 
PDF
State of the Region ABAC 1: Opening Plenary Review of Global and Regional Bus...
byFundación Chilena del Pacífico
 
PPTX
Security
bydigitalagenda2012
 
PDF
PITA Strategy Forum 2023: Internet resilience
byAPNIC
 
OECD
bypragati241997
 
Cyber Security - Awareness Presentation - High Level
bybbothma718
 
Securing the Digital Economy: Reinventing the Internet for Trust
byAccenture Insurance
 
National cyber security policy final
byIndian Air Force
 
The Need for Information Security (powerpoint)
bydrpiyushmaheshwari1
 
CsecS3-p1-webling.ppt
byParasSehgal12
 
Malcolm Crompton, IIS Partners Irish Future Internet Forum - Socioeconomics
byIrish Future Internet Forum
 
Planning the Next Lap of ASEAN’s Digital Masterplan 2025 (Lim May-Ann)
byTRPC Pte Ltd
 
ITC568 Cloud Privacy and SecurityThe Cloud Security Ecosyste.docx
bychristiandean12115
 
CNCERT Conference 2017: Capacity development in the Asia Pacific
byAPNIC
 
Securing the Digital Economy: Reinventing the Internet
byaccenture
 
Securing the digital economy
byaccenture
 
Securing the Digital Economy: Reinventing the Internet
byaccenture
 
Securing the Digital Economy: Reinventing the Internet
byaccenture
 
ISOC Update
byAPNIC
 
CTO-CybersecurityForum-2010-Richard Simpson
bysegughana
 
Alberta's Approach To An Itm Control Framework
byGovernment Technology Exhibition and Conference
 
State of the Region ABAC 1: Opening Plenary Review of Global and Regional Bus...
byFundación Chilena del Pacífico
 
Security
bydigitalagenda2012
 
PITA Strategy Forum 2023: Internet resilience
byAPNIC
 

More from ETDAofficialRegist

PDF
THREAT GROUP CARDS: A THREAT ACTOR ENCYCLOPEDIA
byETDAofficialRegist
 
PDF
ASEAN Critical Information Infrastructure Protection Framework
byETDAofficialRegist
 
PDF
Value of e-Commerce Survey in Thailand 2019
byETDAofficialRegist
 
PDF
Etda Annual Report 2019
byETDAofficialRegist
 
PDF
วัยใส วัยเก๋า ฉลาดรู้เน็ต 2
byETDAofficialRegist
 
PDF
วัยใส วัยเก๋า ฉลาดรู้เน็ต
byETDAofficialRegist
 
PDF
ETDA Annual Report 2019
byETDAofficialRegist
 
PDF
เอกสารการแถลงผลการสำรวจมูลค่าพาณิชย์อิเล็กทรอนิกส์ ปี 2561
byETDAofficialRegist
 
PDF
กฎหมายคุ้มครองข้อมูลส่วนบุคคลกับบริบทการคุ้มครองข้อมูลส่วนบุคคลในกฎหมายอื่น
byETDAofficialRegist
 
PDF
แบบประเมินตนเองด้านการรักษา ความมั่นคงปลอดภัยสารสนเทศภายใน 5 นาที
byETDAofficialRegist
 
PDF
รายงานผลการสำรวจพฤติกรรมผู้ใช้อินเทอร์เน็ตในประเทศไทย ปี 2562
byETDAofficialRegist
 
PDF
รายงานประจำปี สพธอ. 2561 - ETDA Annual Report 2018
byETDAofficialRegist
 
PDF
ETDA Annual Report 2019
byETDAofficialRegist
 
PDF
A5 survey 2018 v31
byETDAofficialRegist
 
PDF
30.03.2020 เอกสารการแถลงผลการสำรวจพฤติกรรมผู้ใช้อินเทอร์เน็ตในประเทศไทย ปี ...
byETDAofficialRegist
 
PDF
ETDA Annual Report 2019
byETDAofficialRegist
 
PDF
ผลวิเคราะห์โครงการ mSMEs Scoring
byETDAofficialRegist
 
PDF
รายงานประจำปีไทยเซิร์ต 2560-2561
byETDAofficialRegist
 
PDF
เอกสารการแถลงผลการสำรวจพฤติกรรมผู้ใช้อินเทอร์เน็ตในประเทศไทย ปี 2562
byETDAofficialRegist
 
PDF
ความเสี่ยงของข้อมูลที่เปิดเผยสู่สาธารณะ ภัยคุกคามด้านเทคโนโลยีสารสนเทศต่อภาครัฐ
byETDAofficialRegist
 
THREAT GROUP CARDS: A THREAT ACTOR ENCYCLOPEDIA
byETDAofficialRegist
 
ASEAN Critical Information Infrastructure Protection Framework
byETDAofficialRegist
 
Value of e-Commerce Survey in Thailand 2019
byETDAofficialRegist
 
Etda Annual Report 2019
byETDAofficialRegist
 
วัยใส วัยเก๋า ฉลาดรู้เน็ต 2
byETDAofficialRegist
 
วัยใส วัยเก๋า ฉลาดรู้เน็ต
byETDAofficialRegist
 
ETDA Annual Report 2019
byETDAofficialRegist
 
เอกสารการแถลงผลการสำรวจมูลค่าพาณิชย์อิเล็กทรอนิกส์ ปี 2561
byETDAofficialRegist
 
กฎหมายคุ้มครองข้อมูลส่วนบุคคลกับบริบทการคุ้มครองข้อมูลส่วนบุคคลในกฎหมายอื่น
byETDAofficialRegist
 
แบบประเมินตนเองด้านการรักษา ความมั่นคงปลอดภัยสารสนเทศภายใน 5 นาที
byETDAofficialRegist
 
รายงานผลการสำรวจพฤติกรรมผู้ใช้อินเทอร์เน็ตในประเทศไทย ปี 2562
byETDAofficialRegist
 
รายงานประจำปี สพธอ. 2561 - ETDA Annual Report 2018
byETDAofficialRegist
 
ETDA Annual Report 2019
byETDAofficialRegist
 
A5 survey 2018 v31
byETDAofficialRegist
 
30.03.2020 เอกสารการแถลงผลการสำรวจพฤติกรรมผู้ใช้อินเทอร์เน็ตในประเทศไทย ปี ...
byETDAofficialRegist
 
ETDA Annual Report 2019
byETDAofficialRegist
 
ผลวิเคราะห์โครงการ mSMEs Scoring
byETDAofficialRegist
 
รายงานประจำปีไทยเซิร์ต 2560-2561
byETDAofficialRegist
 
เอกสารการแถลงผลการสำรวจพฤติกรรมผู้ใช้อินเทอร์เน็ตในประเทศไทย ปี 2562
byETDAofficialRegist
 
ความเสี่ยงของข้อมูลที่เปิดเผยสู่สาธารณะ ภัยคุกคามด้านเทคโนโลยีสารสนเทศต่อภาครัฐ
byETDAofficialRegist
 

Recently uploaded

PDF
apidays Australia 2025 | The Strategic Role of APIs in Digital Transformation
byapidays
 
PDF
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
PPTX
Coded Agents – with UiPath SDK + LlamaIndex.pptx
bysuhanisingh58689
 
PDF
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
PDF
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
PDF
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
PDF
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
PPTX
Apache Kafka 101 for Techies in IT dep.pptx
byamulyareddyk97
 
PDF
Kubernetes Cloud Native Indonesia Meetup - January 2026
byPrasta Maha
 
PDF
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
PDF
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
PDF
How to Design Premium Health (Public Health) PPT Using AI? Top Strategies
byPublic Health Concern Nepal
 
PDF
Router-DHCP-Printer-SharingRouter-DHCP-Printer-Sharing
byarbendi2160
 
PPTX
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
PDF
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
PPTX
Strategic Shelf Planning for the New Year Turning Resolutions into Revenue .pptx
byAnoop Ashok
 
PPTX
Advance Computer Architecture Lecture 4.pptx
byBottshikanBottshikan
 
PDF
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
PDF
Agentic AI Roadmap 2026: Mastering Autonomous AI Workflows and Systems
byAeafat Ahmed Mubin
 
DOCX
Mathematical reviewer gor mmw in theofern
byyeojlevantinojesalva
 
apidays Australia 2025 | The Strategic Role of APIs in Digital Transformation
byapidays
 
MINDCTI Revenue Release Quarter 3 2025 - Financial Presentation
byMIND CTI
 
Coded Agents – with UiPath SDK + LlamaIndex.pptx
bysuhanisingh58689
 
Enterprise Data Services_ A Development Guide with Use Cases, Trends and Impl...
by2601harsh23
 
How the EU Ecolabel's Record Growth Creates ESG Opportunities for CRE
byWastify AI
 
Why Are Cloud Migration Services Essential for Modern Business Growth?
byGeoPITS Global Pvt Ltd
 
How PayPal Account Verification Works – Complete Guide for Online Businesses
byjhdhj3989
 
Apache Kafka 101 for Techies in IT dep.pptx
byamulyareddyk97
 
Kubernetes Cloud Native Indonesia Meetup - January 2026
byPrasta Maha
 
Deploying Windows Clients & Managing Identities
byVICTOR MAESTRE RAMIREZ
 
Transcript: What ONIX can do: Leveraging metadata to support the discoverabil...
byBookNet Canada
 
How to Design Premium Health (Public Health) PPT Using AI? Top Strategies
byPublic Health Concern Nepal
 
Router-DHCP-Printer-SharingRouter-DHCP-Printer-Sharing
byarbendi2160
 
6G and Non-Terrestrial Networks (NTN) Testing.pptx
byXRComm
 
What ONIX can do: Leveraging metadata to support the discoverability of First...
byBookNet Canada
 
Strategic Shelf Planning for the New Year Turning Resolutions into Revenue .pptx
byAnoop Ashok
 
Advance Computer Architecture Lecture 4.pptx
byBottshikanBottshikan
 
Ethical AI applied to publishing: Presenting wâsikan kisewâtisiwin, an AI too...
byBookNet Canada
 
Agentic AI Roadmap 2026: Mastering Autonomous AI Workflows and Systems
byAeafat Ahmed Mubin
 
Mathematical reviewer gor mmw in theofern
byyeojlevantinojesalva
 

APEC Framework for Securing the Digital Economy

  • 2.
    1 Foreword.....................................................................................................................2 Preamble.....................................................................................................................3 Scope and Application...........................................................................................5 Principles.....................................................................................................................7 Awareness...............................................................................................................................7 Responsibility.......................................................................................................................7 Cooperation...........................................................................................................................8 Privacy.......................................................................................................................................8 Strategies....................................................................................................................9 I. Digital Security Risk Management.......................................................................9 II. Develop Economy Strategies....................................................................................11 III. Resilient Critical Information Infrastructure (CII)........................................12 IV. Strengthen Collaboration............................................................................................12 V. Digital User Empowerment.......................................................................................13 VI. Digital Security Technologies for Trust...............................................................14 VII. Personal Data Security...................................................................................................14 Acknowledgement..................................................................................................15 Contents Table of
  • 3.
    2 FOREWORD Digital economy offersmany possibilities for APEC member economies, including opportunities in electronic commerce and digital trade. The Internet and the digital economy enable greater economic integration, more innovation, as well as robust, sustainable, and inclusive economic growth for the Asia-Pacific region. To achieve these objectives, the 2016 APEC Leaders Declaration noted1 : We will collaborate to unleash the potential of the digital economy and strongly support an accessible, open, interoperable, reliable and secure ICT environment as an essential foundation for economic growth and prosperity. We will continue to promote policy and regulatory environment to ensure ICT security, data and privacy protection by developing interoperable and flexible frameworks. … and the 2017 APEC Ministerial Statement also noted2 : We welcome the implementation of the Telecommunications and Information Working Group (TEL) Strategic Action Plan 2016 - 2020. We support the continued development of information technology and communications, promoting a secure, resilient and trusted information and communications technologies (ICT) environment. We stress the importance of capacity building and the application of new technologies to promote innovative and inclusive growth. We commend TEL for its coordination with other fora to develop a safe and reliable information technology enviroment. Recognizing that APEC is an economic cooperation forum, the APEC Framework for Securing the Digital Economy (“the Framework”) provides non-binding principles and strategic recommendation to inform member economies as they develop policy and regulatory frameworks to secure their digital economies, and their digital futures. 1 https://www.apec.org/Meeting-Papers/Leaders-C 2 https://www.apec.org/Meeting-Papers/Annual-Ministerial-Meetings/2017/2017_amm
  • 4.
    3 1) Preamble 1. The10th Ministerial Meeting on Telecommunications and Information (APEC TELMIN10) endorsed the APEC TEL Strategic Action Plan 2016-2020 with 5 Priority Areas that include: Develop and support innovation; Promote a secure, resilient and trusted ICT environment; Promote regional economic integration; Enhance the digital economy and the Internet economy; and Strengthen cooperation. APEC member economies recognize the important role that digital security plays in protecting their economies and enabling socio-economic development. 2. To enable accelerated and sustained growth for the economy in the Asia-Pacific region, member economies should take steps to foster digital security in order for digital economy to support innovation3 . 3. Recalling that in 2002, APEC Leaders made specific commitments to establish legal and regulatory frameworks, including “the enactment of domestic cybersecurity laws, the development of domestic computer security incident response teams, and the promotion of international cooperation to strengthen cybersecurity and combat cybercrime.”4 Ministers also endorsed the APEC Cybersecurity Strategy, developed by the APEC Information Working Group, in 2002. The APEC Cybersecurity Strategy identified six areas: legal developments, information sharing and cooperation initiative, security and technical guidelines, public awareness, training and education, and wireless security to “serve as the basis of APEC’s efforts on cybercrime and critical infrastructure protection.”5 4. Also recalling in 2005, APEC Senior Officials endorsed the APEC Strategy to Ensure a Trusted and Sustainable Online Environment. The 2005 strategy encouraged APEC member economies to take actions in several areas, including security awareness for users, cohesive domestic strategies, cooperative efforts among economies, building partnerships among government, industry, academics and others, and ensuring that legal and policy frameworks address substantive, procedural, and mutual assistance arrangements. 5. Also recalling in 2013, the joint APEC-OECD Symposium on Security Risk Management in the Internet Economy6 to exchange views on policy issues and trends related to managing security risk for economic and social prosperity in the digital economy. 3 2016 APEC Leaders Declaration: “We recognize that innovation is a key driver of quality growth. In this regard, we encourage efforts to identify new growth engines, and will embrace the opportunities brought forth by sectors such as the Internet and Digital Economy.” 4 APEC Strategy to Ensure Trusted, Secure and Sustainable Online Environment 5 APEC Cybersecurity Strategy 6 http://www.oecd.org/officialdocuments/publicdisplaydocumentpdf/?cote=DSTI/ICCP/REG(2014)1&doclan guage=en
  • 5.
    4 6. Having regardto the 2004 APEC Privacy Framework7 endorsed by APEC Leaders and updated in 20158 which aims to promote electronic commerce throughout the Asia-Pacific region and reaffirms the value of privacy to individuals and society. And, noting the security safeguards in the APEC Privacy Framework provide a foundation for the security of personal information. 7. Recalling that the APEC Internet and Digital Economy Roadmap which was endorsed in 2017 put “enhancing trust and security in the use of ICTs” into the key focus areas. It recommends that the public and private sectors, and other stakeholders, including academia, should work together to enhance trust and security in the use of ICTs, while taking advantage of the benefits of modern digital systems. 8. Recognizing that the underlying objective of this Framework is to foster economic and social prosperity within the region. 9. Building on past endorsements and commitments from the APEC Economic Leaders, the APEC Framework for Securing the Digital Economy provides agreed high-level principles and specific strategies to: enable greater economic integration in the region, promote innovation, and provide a solid foundation for a growing digital economy. Through the collaboration and collective effort of member economies and other participants in the digital economy, cybersecurity challenges can be effectively addressed. 10. Recognizing and building on the important work done by regional groupings in the Asia-Pacific region such as ASEAN, which among others include the ASEAN Cybersecurity Cooperation Strategy, which provides a roadmap to strengthen cybersecurity cooperation on cybersecurity incident response, Computer Emergency Response Team (CERT) policy and coordination, and cybersecurity capacity building; the ASEAN Regional Forum Inter-Sessional Meeting on Security of and in the Use of ICTs (ARF ISM-ICT) which focuses on the implementation of the 2015 ARF Work Plan on Security of and in the Use of ICTs; and the ASEAN Leaders’ Statement on Cybersecurity Cooperation, which tasks relevant Ministers from all ASEAN Member States to recommend feasible options to better coordinate ASEAN’s cybersecurity efforts among various platforms of the three pillars of ASEAN and to make progress on discussions relating to the adoption of practical, voluntary and non-binding norms of responsible State behaviour in cyberspace, taking reference from recommendations set out in the 2015 Report of the United Nations Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security (UNGGE). 7 https://www.apec.org/Publications/2005/12/APEC-Privacy-Framework 8 https://www.apec.org/Publications/2017/08/APEC-Privacy-Framework-(2015)
  • 6.
    5 2) Scope andApplication 11. The purpose of Part 2 of the APEC Framework for Securing the Digital Economy is to make clear the extent of the coverage of the Principles and Strategies. 12. For the purpose of this Framework: • Digital security refers to the availability, integrity and confidentiality of digital infrastructure, software, communications, and data that supports economic and social activities and services. • Digital security risk refers to the likelihood of detrimental effects on economic and social activities resulting from threats and vulnerabilities in the digital environment. It is not possible to create an entirely safe and secure digital environment conducive to prosperity and growth. There is always some level of digital security risk. However, risk can be reduced to an acceptable level considering the economic and social activity at stake and the context. Digital security risk has great economic and social significance: it includes loss of business reputation, money, innovation, opportunities, and privacy, as well as disruption of operations, and destruction of physical assets and physical harm to people. Since there will always be residual security risk that has to be accepted, it is important to also be prepared to mitigate the effect of incidents. For example, encrypting stored personal information could prevent its misuse in the event of a data breach. • Digital security risk management refers to actions taken by organizations, individuals or economies to address digital security risks while maximizing opportunities. Digital security depends not only on how well digital security risks are managed by an individual, organization or economy, but also on how well these actors manage the digital security risks they may pose to others, whether through their action, or inaction. 13. As the social, cultural, economic, and legal backgrounds of each member economy may differ, there should be flexibility in implementing these Principles and Strategies. A common principles-based approach and a mutual interest in the management of digital security risks among APEC members will strengthen the resilience of APEC digital economies and greatly facilitate electronic commerce and explore opportunities for digital trade within, and beyond, the region. 14. This Framework addresses digital security as it relates to economic and social prosperity. The Principles and Strategies in the Framework focus on those aspects of digital security that are most important for safeguarding the digital economies.
  • 7.
    6 15. Exceptions tothe Principles and Strategies in the Framework should be: a. in accordance with the law; and b. made known to the public. 16. The Principles and Strategies in the Framework should be interpreted as a whole, rather than individually. The Principles and Strategies work closely together as parts of a holistic approach to digital security. 17. While recognizing the importance of protecting the digital economy and strengthening user trust, the Framework is not intended to impede governmental activities authorized by law when taken to protect security, public safety, or other public policy. At the same time, economies take into consideration, as appropriate, the possible economic and social impact of these activities on the digital economy, individuals and organizations’ trust in digital technologies and the economic and social activities that rely on them, as well as the responsibilities and legitimate interests of individuals and organizations.
  • 8.
    7 3) Principles 18. Membereconomies are encouraged to consider the following principles in developing policies to secure their digital economies: Awareness Awareness is the first step towards better digital security. 19. Participants in the digital economy should have a sufficient understanding of digital security risk. They should also understand how to minimize the digital security risk their actions or inactions can create to others. Also, they should be empowered to assess and manage the risk they face. Responsibility Digital security is a shared responsibility. 20. Participants in the digital economy should act responsibly and be accountable, based on their roles, the context, and their ability to act, for the management of digital security risk to ensure trust, and economic and social prosperity. APEC FRAMEWORK FOR PRINCIPLES OF 4Awareness Privacy Cooperation Responsibility SECURING THE DIGITAL ECONOMY
  • 9.
    8 Cooperation Cooperation is essentialto effectively manage digital security risk. 21. Regional and global interconnectedness means that the security of the digital economy is dependent on the actions of everyone involved. Successfully managing digital security risk will require cooperation. Cooperation should include all relevant stakeholders and extend across borders. International cooperation is vital for effective cyber-resilience as cyber security threats and challenges are multi-jurisdictional with no adherence to or recognition of economy boundaries. Privacy Privacy protection and digital security should reinforce each other. 22. Privacy and security are one of the central considerations for building trust and confidence in the Internet and digital economy. Economies should adopt or strengthen measures for privacy protection. Digital security measures should be consistent with the principles in the APEC Privacy Framework. Where possible, they should strengthen privacy protection.
  • 10.
    9 4) Strategies I. DigitalSecurity Risk Management 23. A risk management approach should be taken to strengthen digital security. In organizations, digital security risk management should be an integral part of economic and social decision-making processes that includes an overall policy framework to manage all risks related to economic and social activities. Digital security risk management relies on a holistic, systematic and flexible set of cyclical and iterative processes that are as transparent and explicit as possible. This set of processes helps to ensure that digital security risk management measures (“security measures”) are appropriate to, and commensurate with, the risk, and the economic and social objectives at stake. Personal Data Security Digital Security Risk Management Digital Security Technologies for Trust Resilient Critical Information Infrastructure (CII) Strengthen Collaboration Develop Economy Strategies Digital User Empowerment 7 Strategies
  • 11.
    10 24. To managedigital security risk, stakeholders should conduct regular risk assessments for each of their activities that uses digital technologies. On the basis of each risk assessment, they should decide how to treat the digital security risk related to this activity. Risk treatment is generally a mix of four possibilities: taking the risk and facing the negative consequences in case of an incident; reducing the risk by adopting security and preparedness measures; transferring the risk for example through insurance contracts; or avoiding the risk by not using digital technologies. 25. Digital security risk assessment should guide the selection, operation and improvement of security measures to reduce the digital security risk to an acceptable level determined by the risk assessment and treatment. The selection of security measures should take into account their potential negative and positive impact on the economic and social activities they aim to protect and on the legitimate interests of others. All types of measures should be considered, whether they are physical, digital, or related to people, processes or technologies involved in the activities. Organizations in APEC economies should seek out and appropriately address vulnerabilities as soon as possible. 26. Preparedness measures are based on the recognition that incidents will happen. These measures are essential to ensure the resilience of the economic and social activities that rely on digital technologies. Based on digital security risk assessment, a preparedness and continuity plan including response should be developed, adopted and tested to reduce the adverse effects of digital security incidents, and support the continuity and resilience of economic and social activities. The plan should identify measures to protect, detect, respond and recover from digital security incidents. It should provide mechanisms to ascribe clear levels of escalation based on the magnitude and severity of the effects of digital security incidents, as well as their potential to extend to others in the digital environment. 27. Innovation should be considered integral to reducing digital security risk to an acceptable level determined by the risk assessment and treatment. It should be fostered both in the design and operation of the economic and social activities that rely on the digital environment as well as in the design and development of security measures. 28. APEC member economies are encouraged to: • Promote best practices and procedures for digital security risk management that are publicly available. • Support an economy digital security risk management approach strategy, including the protection of Critical Information Infrastructure (CII). • Promote a digital security risk management approach among all stakeholders by engaging in capacity building activities, including the development and/or adoption of globally recognized standards and best practices. • Lead by example by using a digital security risk management approach in the public sector.
  • 12.
    11 • Promote informationsharing around current risks and risk management practices among stakeholders and member economies through economy-level Computer Security Incident Response Teams (CSIRTs) and other networks. • Promote cooperation, analysis and research into the coexistence of diverse laws on the cross-border digital economies. II. Develop Economy Strategies 29. In view of the interest of economies in maximizing the economic and social benefits of digital technologies, economy strategies for digital security should foster trust in digital technologies and the activities that rely on them and create the conditions for participants in the digital economy to manage their digital security risk. 30. Economy strategies for digital security: a. Should be supported at the highest level of government. They should articulate a clear and transparent “whole of government” approach that is flexible, technology-neutral and coherent with other strategies that foster economic and social prosperity; b. Should be developed through a coordinated, open intra-governmental approach as well as a transparent process involving all stakeholders. They should be reviewed regularly and updated based on experience and best practices; c. Should take into account the variety of participants in the digital economy, including the large number of micro, small and medium-sized enterprises (MSMEs) who may not have the same abilities and resources to manage digital security risk as governments or large corporations; d. Should promote an approach to digital security risk management that does not increase the risk to other economies; e. Should work in complement with technical cybersecurity methodologies and guidelines; f. Should enable customization to address specific sectors and industries; g. Should allow for evolution and be flexible to keep pace with law, regulation, policy, technology, and risk, as well as encourage the adoption of lessons learned, best practices, and innovative new technologies; and h. Should encourage the utilization of broadly accepted and globally recognized standards.
  • 13.
    12 31. APEC membereconomies are encouraged to: • Provide incentives to stakeholders to manage digital security risk, and to increase market transparency and efficiency. • Foster innovation in digital security risk management. • Promote collaboration among all stakeholders, including MSMEs, to help protect the digital economy. • Promote security measures based on a risk-based approach. • Promote awareness of digital security risk among their citizens, with an emphasis on vulnerable groups. III. Resilient Critical Information Infrastructure (CII) 32. The resilience of critical information infrastructure is essential to the sustained growth of the digital economy and the provision of essential services such as e-government. 33. APEC member economies are encouraged to: • Develop and apply a set of criteria for identifying CII. • Apply a digital security risk management approach to protect CII and encourage stakeholders to do so as well. IV. Strengthen Collaboration 34. Given the cross-cutting and multi-disciplinary nature of digital security, collaboration and coordinated actions among sets of stakeholders are necessary to manage digital security risks, especially across borders. Actions should be taken to promote greater collaboration and understanding among stakeholders, APEC member economies and beyond. 35. CSIRTs play an important role in helping economies and organizations manage digital security risk by identifying and raising awareness of digital security vulnerabilities, threats and incidents, helping organizations recover from attacks and identifying the steps stakeholders can take to respond to digital security incidents. CSIRTs also cultivate a community of security professionals where information on digital security risk and risk management practices can be shared and exchanged.
  • 14.
    13 36. APEC membereconomies are encouraged to: • Participate in relevant regional and international fora and establish relationships to share experience and best practices, as appropriate. • Develop or strengthen existing economy Computer Security Incident Response Teams (CSIRTs). • Provide assistance, on a voluntary basis, to other member economies in addressing common digital security challenges with the participation of other stakeholders. • Establish CSIRT points of contact for addressing cross-border requests relating to digital security risk management issues in a timely manner. • Work together to improve responses to domestic and cross-border threats, including through CSIRTs co-operations, coordinated exercises and other tools for collaboration. • Encourage responsible vulnerability research and reporting mechanisms. • Promote co-ordination and active participation among stakeholders in addressing identified vulnerabilities. V. Digital User Empowerment 37. Participants in the digital economy should be empowered with the education and skills necessary to understand digital security risk, how to help manage it, to evaluate the potential impact of their digital security risk management decisions on their security and the security of the digital economy. 38. Recognition of the impacts that their own action, or inaction, could have on the security of themselves and others is core to strengthening the security of stakeholders and the wider digital economy. 39. APEC member economies are encouraged to: • Support and develop a skilled digital security workforce, including through providing resources for security education and certification programs. • Introduce digital literacy into educational curriculums. • Promote the use of security best practices and globally recognized standards. • Foster information sharing among stakeholders. • Coordinate capacity building activities to avoid duplicate effort.
  • 15.
    14 VI. Digital Security Technologiesfor Trust 40. APEC member economies should support the innovation, development and use of technologies to protect data confidentiality, support authentication and authorization, data integrity, and tamper-detection and resistance to strengthen the digital economy against digital security threats. 41. APEC member economies are encouraged to: • Train individuals and organizations to raise awareness to reduce digital security risks. Foster the open development of and access to “easy-to-use” tools that enable users to secure their data and transactions. • Encourage online service providers to protect the security of their customers’ data and communications by adopting best practices and/or globally recognized standards. VII. Personal Data Security 42. Digital security is essential to protect privacy. Digital security risk management provides a robust foundation to implement the Security Safeguards principle of the APEC Privacy Framework. More generally, the APEC Privacy Framework and this Framework mutually reinforce each other. 43. APEC member economies are encouraged to: • Approach cybersecurity and privacy holistically.
  • 16.
    15 Acknowledgement The team wishesto thank the APEC TEL Working Group Executive Committee, members of the Security and Prosperity Steering Group (SPSG) and the volunteer drafting team for their contribution and support. This work was made possible by resources and funding support from the Electronic Transactions Development Agency, Ministry of Digital Economy and Society, Thailand.