InfoSecBulletin Cybersecurity for mankind
The G20 ministers for the digital economy met in India and proposed a Framework for Systems of Digital Public Infrastructure (DPI).
The Framework comprises three elements:
SonicWall patched SSLVPN Vuln Allowing Firewall Crashing
GitLab Releases Security Update For Multiple Vulns
ISPAB president “whatsapp” got hacked via phishing link
Zyxel released patches 2 vulns in its USG FLEX H series firewalls
South Korea’s largest SK Telecom Hit by Malware: SIM-related info leaked
ChatGPT Develops Exploit for CVEs Before Public PoCs Share
TP-Link Router Vulns Allow to Execute Malicious SQL Commands
SSL.com’s domain validation system’s bug found: Hacker exploited
Amazon Follows Microsoft’s Lead, Halts Some Data Center Deals
Hackers Exploit Zoom’s Remote Control Feature for System Access
- Interoperable and reusable digital systems and applications, such as software codes, protocols, and standards, have revolutionized technology by offering versatility and adaptability across various use cases and sectors.
- We need governance standards that not only uphold human rights and safeguard personal data, privacy, and intellectual property, but also provide accessible and transparent mechanisms for addressing grievances. Governance can also extend to cover institutions and funding;
- A collective of private sector and civil society entities working together in collaboration.
The Outcome Document and Chair’s Summary [PDF] from the ministerial meeting provide more details about the Framework. It describes the Framework as a set of principles for developing strong, inclusive, people-centered, and sustainable digital public infrastructure.
The Framework’s recommendation by the G20 during India’s presidency of the organization comes as no surprise. As we mentioned in our previous report, India has taken a significant diplomatic step by making the India Stack bundle of digital public goods a top priority.
Digital public goods, such as free open source software like Linux, are often referred to as such. This is one of the reasons why Red Hat’s decision to no longer share RHEL source code with the public has caused controversy.
The Framework is not binding, but it shows more interest in DPI, which has gained attention since the launch of India Stack. The US’s Open Security Controls Assessment Language (OSCAL) has received recognition for its capability to describe security baselines in an open format that enables the exchange of controls, despite being a less visible effort.
During the ministerial meeting, an important outcome was the creation of a comprehensive set of “High-Level Principles to Support Businesses in Building Safety, Security, Resilience, and Trust in the Digital Economy.” This significant document highlights effective strategies to enhance the capacity of the private sector in safeguarding supply chains, enhancing the resilience of vital services, and promoting mechanisms for redress in the event of cyber attacks on organizations.
A research was conducted to find ways to reduce the risks that young people face online. The result of this research is the “Toolkit on Cyber Education and Cyber Awareness of Children and Youth”. The Toolkit recommends five approaches for consideration by policymakers developing cyber education and cyber awareness initiatives for children and youth, namely:
- Classifying risks and responses based on sub age groups;
- Investing in response, referrals, and support systems;
- Adopting and investing in a multi-stakeholder approach throughout the decision-making process;
- Promoting global cooperation to further child online safety;
- Recognizing the critical role of businesses and online platforms.
Once again, it’s important to clarify that nothing on the list is legally obligatory. Fortunately, the international community is pooling resources in this particular field. India will use its G20 presidency to develop global standards for artificial intelligence to prevent harm to humanity.
It seems that the meeting this weekend has touched upon the topic of AI in various domains. Despite the upcoming G20 Summit in September, there is still ample time for the bloc to make pronouncements regarding AI.
