InfoSecBulletin Cybersecurity for mankind
The G20 ministers for the digital economy met in India and proposed a Framework for Systems of Digital Public Infrastructure (DPI).
The Framework comprises three elements:
WhatsApp banned on all US House of Representatives devices
Kaspersky found “SparkKitty” Malware on Google Play, Apple App Store
OWASP AI Testing Guide Launched to Uncover Vulns in AI Systems
Axentec Launches Bangladesh’s First Locally Hosted Tier-4 Cloud Platform
Hackers Bypass Gmail MFA With App-Specific Password Reuse
Russia detects first SuperCard malware attacks via NFC
Income Property Investments exposes 170,000+ Individuals record
ALERT (CVE: 2023-28771)
Zyxel Firewalls Under Attack via CVE-2023-28771 by 244 IPs
CISA Flags Active Exploits in Apple iOS and TP-Link Routers
10K Records Allegedly from Mac Cloud Provider’s Customers Leaked Online
- Interoperable and reusable digital systems and applications, such as software codes, protocols, and standards, have revolutionized technology by offering versatility and adaptability across various use cases and sectors.
- We need governance standards that not only uphold human rights and safeguard personal data, privacy, and intellectual property, but also provide accessible and transparent mechanisms for addressing grievances. Governance can also extend to cover institutions and funding;
- A collective of private sector and civil society entities working together in collaboration.
The Outcome Document and Chair’s Summary [PDF] from the ministerial meeting provide more details about the Framework. It describes the Framework as a set of principles for developing strong, inclusive, people-centered, and sustainable digital public infrastructure.
The Framework’s recommendation by the G20 during India’s presidency of the organization comes as no surprise. As we mentioned in our previous report, India has taken a significant diplomatic step by making the India Stack bundle of digital public goods a top priority.
Digital public goods, such as free open source software like Linux, are often referred to as such. This is one of the reasons why Red Hat’s decision to no longer share RHEL source code with the public has caused controversy.
The Framework is not binding, but it shows more interest in DPI, which has gained attention since the launch of India Stack. The US’s Open Security Controls Assessment Language (OSCAL) has received recognition for its capability to describe security baselines in an open format that enables the exchange of controls, despite being a less visible effort.
During the ministerial meeting, an important outcome was the creation of a comprehensive set of “High-Level Principles to Support Businesses in Building Safety, Security, Resilience, and Trust in the Digital Economy.” This significant document highlights effective strategies to enhance the capacity of the private sector in safeguarding supply chains, enhancing the resilience of vital services, and promoting mechanisms for redress in the event of cyber attacks on organizations.
A research was conducted to find ways to reduce the risks that young people face online. The result of this research is the “Toolkit on Cyber Education and Cyber Awareness of Children and Youth”. The Toolkit recommends five approaches for consideration by policymakers developing cyber education and cyber awareness initiatives for children and youth, namely:
- Classifying risks and responses based on sub age groups;
- Investing in response, referrals, and support systems;
- Adopting and investing in a multi-stakeholder approach throughout the decision-making process;
- Promoting global cooperation to further child online safety;
- Recognizing the critical role of businesses and online platforms.
Once again, it’s important to clarify that nothing on the list is legally obligatory. Fortunately, the international community is pooling resources in this particular field. India will use its G20 presidency to develop global standards for artificial intelligence to prevent harm to humanity.
It seems that the meeting this weekend has touched upon the topic of AI in various domains. Despite the upcoming G20 Summit in September, there is still ample time for the bloc to make pronouncements regarding AI.
