World Economic Forum
2017—All rights reserved.
No part of this publication may be reproduced
or transmitted in any form or by any means,
including Photocopying and recording, or by
any information Storage and retrieval system.
REF 110117
Contents
Preface 3
1. Introduction 5
2. Using the Playbook for Public-Private Collaboration 6
3. Reference architecture for public-private collaboration 8
4.Policy models 11
4.1 Zero-days 11
4.2 Vulnerability liability 14
4.3 Attribution 19
4.4 Research, data, and intelligence sharing 22
4.5 Botnet disruption 26
4.6 Monitoring 30
4.7 Assigning national information security roles 33
4.8 Encryption 37
4.9 Cross-border data fows 41
4.10 Notifcation requirements 44
4.11 Duty of assistance 47
4.12 Active defence 51
4.13 Liability thresholds 54
4.14 Cyberinsurance 57
5. The future of cyber resilience 60
Appendix: Normative trade-offs framework 65
Acknowledgements 65
Endnotes 70
2 Cyber Resilience
Preface
The World Economic Forum System Initiative on
Shaping the Future of Digital Economy and Society
represents a global platform for multistakeholder
coalitions from across the world to collaborate
and accelerate progress against shared digital
economy goals and to shape a digital future that is
sustainable, inclusive and trustworthy. This future
requires leaders to build and foster institutions that
meet the challenges of cybersecurity and help to
mitigate cyber-risk across our shared networks.
Cyber-risk is and will continue to be one of the
most pressing challenges accompanying the Fourth
Industrial Revolution. Leaders across the public
and private sectors appreciate that mitigating this risk
requires continued collaboration. The Forum has led
discussions on this topic since 2012 and this year will
be inaugurating the Global Cyber Centre as a platform
to continue advancing cyber resilience.
Collaboration is often diffcult in the sphere
of cybersecurity. Not only has technological
innovation begun to implicate core societal values,
the interdisciplinary dialogue required to collaborate
and make progress often spans across many
competencies, from the technical to the ethical.
To help frame discussion for leaders in both the public
and private sectors, as part of the World Economic
Forum System Initiative on Shaping the Future of Digital
Economy and Society, the Forum has partnered with
The Boston Consulting Group to develop a baseline
framework to serve as a springboard for cooperation and
shared understanding in cybersecurity policy-making.
This report is the result of extensive collaboration, debate,
consultation, and iteration to distil complex and nuanced
issues in cybersecurity to their irreducible core.
The Forum would like to thank The Boston Consulting
Group for its leadership, the Steering Committee
and the Expert Working Group for their contributions,
as well as the numerous leaders in cybersecurity who
patiently helped shape our efforts this past year. This
was an effort of multiple communities across industries
and sectors and we are sincerely grateful for each of our
partners’ and contributors’ dedication to this vital work.
We hope this document can begin fruitful collaboration
to help advance our shared cyber resilience.
Cheryl Martin
Member of the
Managing Board
Rick Samans
Member of the
Managing Board
Playbook for Public-Private Collaboration 3
Governments of the Industrial World,
you weary giants of fesh and steel, I
come from Cyberspace, the new home
of Mind. On behalf of the future, I ask
you of the past to leave us alone. You
are not welcome among us. You have no
sovereignty where we gather.
John Perry Barlow, “A Declaration of the Independence
of Cyberspace”, Davos, 19961
Every week there are reports of newly
discovered security problems in all
kinds of software, from individual
applications and services to Windows,
Linux, Unix and other platforms. We
have done a great job of having teams
work around the clock to deliver
security fxes for any problems that
arise. Our responsiveness has been
unmatched — but as an industry leader
we can and must do better… We need
to make it automatic for customers
to get the benefts of these fxes.
Eventually, our software should be so
fundamentally secure that customers
never even worry about it.
Bill Gates, “Trustworthy Computing”, 2002
Like in the real world, freedom
and order are both necessary in
cyberspace. Freedom is what order is
meant for and order is the guarantee
for freedom. We should respect
internet users' rights to exchange their
ideas and express their minds, and
we should also build a good order in
cyberspace in accordance with law as
it will help protect the legitimate rights
and interests of all internet users.
Cyberspace is not a place beyond the
rule of law. Cyberspace is virtual, but
players in cyberspace are real.
Xi Jinping, “At the Opening Ceremony of the Second World
Internet Conference”, 2015
4 Cyber Resilience。。。