InfoSecBulletin Cybersecurity for mankind
The G20 ministers for the digital economy met in India and proposed a Framework for Systems of Digital Public Infrastructure (DPI).
The Framework comprises three elements:
CVSS 10.0 Flaw
Critical flaw in Siemens OZW Web Servers Enable Unauthenticated RCE
Microsoft Patch Tuesday May 2025: 72 flaws, 5 Actively Exploited Zero-Day
OTP glitch disrupted NID services across the country
Google to pay Texas $1.4 billion for location tracking practices
YouTube geo-blocks at least 4 Bangladeshi TV channels in India
Microsoft Patches Four Critical Azure and Power Apps Vulns
Qilin Ransomware topped April 2025 with 45+ data leak disclosures
SonicWall Patches 3 Flaws in SMA 100 Devices
Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed
Critical (CVSS 10) Flaw in Cisco IOS XE WLCs Allows RRA
- Interoperable and reusable digital systems and applications, such as software codes, protocols, and standards, have revolutionized technology by offering versatility and adaptability across various use cases and sectors.
- We need governance standards that not only uphold human rights and safeguard personal data, privacy, and intellectual property, but also provide accessible and transparent mechanisms for addressing grievances. Governance can also extend to cover institutions and funding;
- A collective of private sector and civil society entities working together in collaboration.
The Outcome Document and Chair’s Summary [PDF] from the ministerial meeting provide more details about the Framework. It describes the Framework as a set of principles for developing strong, inclusive, people-centered, and sustainable digital public infrastructure.
The Framework’s recommendation by the G20 during India’s presidency of the organization comes as no surprise. As we mentioned in our previous report, India has taken a significant diplomatic step by making the India Stack bundle of digital public goods a top priority.
Digital public goods, such as free open source software like Linux, are often referred to as such. This is one of the reasons why Red Hat’s decision to no longer share RHEL source code with the public has caused controversy.
The Framework is not binding, but it shows more interest in DPI, which has gained attention since the launch of India Stack. The US’s Open Security Controls Assessment Language (OSCAL) has received recognition for its capability to describe security baselines in an open format that enables the exchange of controls, despite being a less visible effort.
During the ministerial meeting, an important outcome was the creation of a comprehensive set of “High-Level Principles to Support Businesses in Building Safety, Security, Resilience, and Trust in the Digital Economy.” This significant document highlights effective strategies to enhance the capacity of the private sector in safeguarding supply chains, enhancing the resilience of vital services, and promoting mechanisms for redress in the event of cyber attacks on organizations.
A research was conducted to find ways to reduce the risks that young people face online. The result of this research is the “Toolkit on Cyber Education and Cyber Awareness of Children and Youth”. The Toolkit recommends five approaches for consideration by policymakers developing cyber education and cyber awareness initiatives for children and youth, namely:
- Classifying risks and responses based on sub age groups;
- Investing in response, referrals, and support systems;
- Adopting and investing in a multi-stakeholder approach throughout the decision-making process;
- Promoting global cooperation to further child online safety;
- Recognizing the critical role of businesses and online platforms.
Once again, it’s important to clarify that nothing on the list is legally obligatory. Fortunately, the international community is pooling resources in this particular field. India will use its G20 presidency to develop global standards for artificial intelligence to prevent harm to humanity.
It seems that the meeting this weekend has touched upon the topic of AI in various domains. Despite the upcoming G20 Summit in September, there is still ample time for the bloc to make pronouncements regarding AI.
