InfoSecBulletin Cybersecurity for mankind
The G20 ministers for the digital economy met in India and proposed a Framework for Systems of Digital Public Infrastructure (DPI).
The Framework comprises three elements:
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
CVE-2024-12284
Citrix Issues Security Update for NetScaler Console
CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries
Hacker chains multiple vulns to attack Palo Alto Firewall
150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh
Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru
- Interoperable and reusable digital systems and applications, such as software codes, protocols, and standards, have revolutionized technology by offering versatility and adaptability across various use cases and sectors.
- We need governance standards that not only uphold human rights and safeguard personal data, privacy, and intellectual property, but also provide accessible and transparent mechanisms for addressing grievances. Governance can also extend to cover institutions and funding;
- A collective of private sector and civil society entities working together in collaboration.
The Outcome Document and Chair’s Summary [PDF] from the ministerial meeting provide more details about the Framework. It describes the Framework as a set of principles for developing strong, inclusive, people-centered, and sustainable digital public infrastructure.
The Framework’s recommendation by the G20 during India’s presidency of the organization comes as no surprise. As we mentioned in our previous report, India has taken a significant diplomatic step by making the India Stack bundle of digital public goods a top priority.
Digital public goods, such as free open source software like Linux, are often referred to as such. This is one of the reasons why Red Hat’s decision to no longer share RHEL source code with the public has caused controversy.
The Framework is not binding, but it shows more interest in DPI, which has gained attention since the launch of India Stack. The US’s Open Security Controls Assessment Language (OSCAL) has received recognition for its capability to describe security baselines in an open format that enables the exchange of controls, despite being a less visible effort.
During the ministerial meeting, an important outcome was the creation of a comprehensive set of “High-Level Principles to Support Businesses in Building Safety, Security, Resilience, and Trust in the Digital Economy.” This significant document highlights effective strategies to enhance the capacity of the private sector in safeguarding supply chains, enhancing the resilience of vital services, and promoting mechanisms for redress in the event of cyber attacks on organizations.
A research was conducted to find ways to reduce the risks that young people face online. The result of this research is the “Toolkit on Cyber Education and Cyber Awareness of Children and Youth”. The Toolkit recommends five approaches for consideration by policymakers developing cyber education and cyber awareness initiatives for children and youth, namely:
- Classifying risks and responses based on sub age groups;
- Investing in response, referrals, and support systems;
- Adopting and investing in a multi-stakeholder approach throughout the decision-making process;
- Promoting global cooperation to further child online safety;
- Recognizing the critical role of businesses and online platforms.
Once again, it’s important to clarify that nothing on the list is legally obligatory. Fortunately, the international community is pooling resources in this particular field. India will use its G20 presidency to develop global standards for artificial intelligence to prevent harm to humanity.
It seems that the meeting this weekend has touched upon the topic of AI in various domains. Despite the upcoming G20 Summit in September, there is still ample time for the bloc to make pronouncements regarding AI.
