The World Economic Forum (WEF) is establishing a new Global Centre for Cybersecurity “to help build a safe and secure global cyberspace.”
This was announced at the 48th Annual Meeting currently taking place in Davos-Klosters, Switzerland. This year’s WEF theme is Creating a Shared Future in a Fractured World. WEF’s annual Global Risk Report for 2018 shows cyberattacks are now considered the third most serious global threat behind only extreme weather and natural disasters. Data fraud/theft is fourth.
|Aerial photo from the futuristic and stylish Intercontinental Hotel in Davos, Switzerland. The Annual Meeting of the World Economic Forum takes place in Davos-Klosters, Switzerland from January 23 to 26, 2018. (Image Credit: World Economic Forum)|
The Global Centre for Cybersecurity is seen as providing a unique opportunity to promote a global public/private response to increasing cyber threats. Alois Zwinggi, managing director at the WEF and head of the new center said cybercrime is currently costing the world economy $500 billion annually and is still growing. “As such, addressing the topic is really important for us. The Forum sees a need for much greater collaboration in that space.”
WEF describes five main areas of operation for the center: consolidating existing initiatives (such as its Cyber Resiliency Playbook); establishing a library of best practices; improving partners’ understanding of cybersecurity; promoting a regulatory framework; and serving as a think tank for future cybersecurity scenarios (such as the fourth industrial revolution and the effect of quantum computing). Although not specified per se, a consistent theme for the new center will be global cybersecurity information sharing.
Rob Wainwright, Executive Director of Europol, said that the center has “absolutely full support from Europol.” He explained that Europol, which includes the European Cybercrime Centre) can only function as well as it does because of the public/private networks it has established in Europe: “but it is not nearly enough… That’s why I am so delighted that WEF, with its unique networking capability, is now establishing this Global Centre for Cybersecurity — because it will interconnect a large, dynamic, a very important business community… and will take us to a new level of public/private cooperation.”
The Global Centre for Cybersecurity will be located in Geneva, Switzerland, and will be operational in March 2018. Although under the umbrella of WEF, it will be autonomous. WEF spokesperson Georg Schmitt told SecurityWeek that it will be funded by members, with an initial investment of several million Swiss francs from the forum itself. Ongoing, he said in an email, “partner companies will have to pay a certain fee to join. Fees for governments, academia and civil society will be waived. We are planning to hire 20-30 staff this year alone.”
It’s not yet known how many ‘government partners’ will join the center. “We will be able to announce the government partners at a later stage, but to give you an impression: at our preparatory meeting in November representatives of almost 20 governments participated, including several G7 and G20 countries.”
Effective threat information sharing between the public and private sectors is often seen as the holy grail of cybersecurity — but has so far proved just as elusive. However, business, like cybercrime, is transnational; and if any organization is well-suited to tackle the problem it is a global business organization. “The announcement of the creation of a Global Security Centre at WEF is welcomed as a potentially hugely valuable way forward in coordinating the activities of nations against this scourge of modern times,” Jim Palmer, CISO at ThinkMarble told SecurityWeek. “That said,” he continued, “the proof of its effectiveness will be in the pudding — adequate funding and the positive cooperation from all will be an essential enabler. As a cyber and information security company, we watch with interest.”
Mark Noctor, VP EMEA at Arxan Technologies, is hopeful. “We are delighted to see a body with the global importance of the WEF addressing the growing sophistication of cyber threats,” he told SecurityWeek. “This move by the WEF will help governments and international organizations to work more closely with industry, manufacturers and software providers to create safe environments and eliminate cyber threats.”
But there are many who don’t believe that WEF actually delivers on its potential. Bono famously described it as ‘fat cats in the snow’. It has also been described as ‘a mix of pomp and platitudes’. And there are many in the security industry who do not believe the new Center will achieve much.
“This is what happens when you get a bunch of politicians in a room who have no clear understanding on cybersecurity and the threats,” comments Joseph Carson, Chief Security Scientist at Thycotic. “When the need to have a Global Centre for Cybersecurity is being discussed at the World Economic Forum it becomes a pointless political debate usually without industry experts’ input.”
Carson doesn’t believe that centralizing the effort against cybercrime will be effective. “Cybersecurity is most effective when we work together collectively but decentralized. Being decentralized in cybersecurity is a strength as it reduces the risk. We have had this discussion for many years in the EU about a European Centre for Cybersecurity though in the EU, it has been important to be working as a collective and at the same time, being decentralized.”
Nevertheless, the potential of a WEF-backed global cybersecurity center cannot be denied. “The Global Centre for Cybersecurity could ultimately become an organization that fosters industry change and helps to educate the market and reduce the success cybercriminals are having on a daily basis,” said Sam Curry, chief security officer at Cybereason.
The question is whether the WEF can deliver. “It is premature to declare victory,” he continued; “and ultimately whether or not this works is dependent upon the collaboration of enterprises and a focused and determined group of leaders. It is clear to me that there will be minimal success if the organization is filled with toothless sinecures for washed up security hacks.”