Skip to main content

Highlights from inaugural Cybersecurity Policy Roundtable on ensuring trust in the digital economy

May 4, 2022  l  By Chris Harrall

 

The first annual roundtable discussion about the role of policy and regulation in building trust in the global digital economy was held on April 13, 2022, by The Fletcher School and Mastercard Policy Center for the Digital Economy. 

Co-chaired by Bhaskar Chakravorti, Dean of Global Business at The Fletcher School, Tufts University and Ravi Aurora, Senior Vice President, Global Public Policy, Mastercard, the event brought together thought leaders from around the world to share their perspectives in an open discussion on how rapidly shifting geopolitics, an accelerated digital transformation and digital policy are impacting the cybersecurity landscape.

RAsmall

Ravi Aurora
Senior Vice President
Global Public Policy, Mastercard

RAsmall

Bhaskar Chakravorti
Dean of Global Business at The Fletcher School, Tufts University

PRESENTED BY

RAsmall

Please click on the tabs to see highlights of each of the sessions and key takeaways.

The Role of Trust in the Digital Economy  thought-leader panelists

RAsmall

BHASKAR CHAKRAVORTI

Executive Director of Fletcher’s Institute for Business in the Global Context

RAsmall

JOHAN GERBER

Executive Vice President, Cyber & Intelligence (Mastercard)

RAsmall

CHRIS HARRALL
Moderator

Vice President, Policy Center for the Digital Economy, Mastercard

They discussed the following:

  • Trust can be defined as an absence of friction; people should be able to handle sensitive data within their own sitting room.
  • The Ukraine conflict is the latest and most extreme example of a trend toward “reverse globalization.”
  • The splintering of the digital eco-system creates opportunity for cyber attackers.
  • The countering drive for standards to measure and combat cyber risk is overly politicized across the board, with much discussion simply rhetoric.
  • This effort to standardized is affected by poorer countries lacking voice or fora at which to weigh in on their challenges and perceived opportunities.
  • The anticipated rise of the metaverse, in which digital identity and actual persona become one, will affect this.
  • Biometrics must be an integral part of a multi-layered approach to cybersecurity, making a positive, holistic identification by identifying:
    • the human being
    • the electronic device used
    • the behavior exhibited
  • Effective cybersecurity policy has government playing dual roles of “warden” and “bodyguard” for consumers.

Digital Fragmentation expert panelists

RAsmall

THOMAS LUND-SORENSEN

Partner and Head of Cyber Risk Advisory, Macro Advisory Partners

RAsmall

ALEXIS SERFATY

Senior Analyst, Eurasia Group

RAsmall

CHRIS HARRALL
Moderator

Vice President, Policy Center for the Digital Economy, Mastercard

They delved into the following:

  • Since 2017, the bifurcation of the internet (previously a split between US and China) has been replaced by fragmentation everywhere.
  • Examples of this fragmentation can be seen in things like the UK decision to ban Chinese provider Huawei from future 5G networks and phase out untrusted Huawei equipment from existing networks, and the enactment of the EU’s General Data Protection Regulation (GDPR).
  • The war in Ukraine has refocused attention on supply chain challenges.
  • Allied with the COVID 19 pandemic the war in Ukraine has created a situation that could be viewed as “fragmentation on steroids”.
  • Increasingly, we have a situation in which governments are driving fragmentation in the name of protecting their citizens.
  • The free digital economy is giving way to a patchwork of nations where standards are driven by geopolitics.
  • Governments are increasingly seeking to manage data flows for in the name of:
    • privacy
    • domestic security
    • apprehension about competitor nations
    • and protectionism (China, Brazil)
  • For security reasons, governments are now forensic about looking at what is in software, requiring declarations and analysis
  • All of this fragmentation has fostered an unwillingness to embrace common international standards, which leaves the door open for bad actors.
  • Very few countries have strong cybersecurity infrastructures (Russia, China, US, North Korea, Iran).
  • The rise of “digital aggressor nations’ and supply chain vulnerabilities (Solar Winds and Ukraine) will lead to a rise in localized suppliers.
  • Investing in offensive cybersecurity capabilities is cheap and middle powers can conduct complex cyber-operations.
  • A Top 10 Risks report from the Eurasia Group blamed the fragmentation trend on a lack of global leadership (a la climate change).
  • Nevertheless, the “tech cold war” between US and China is not a given - both need each other and can slow down the process.

The Role of Trust in the Digital Economy  thought-leader panelists

PERSPECTIVE

G20’s cross-border payments targets

Addressing pain points and barriers to achieve the G20’s cross-border payments targets

Learn more
RAsmall

DR. MIKOLAJ BARCZENTEWICZ

Senior Lecturer, University of Surrey School of Law; Research Director of the Surrey Law and Technology Hub

RAsmall

KATHLEEN MCGOWAN

Senior Director, Research, Policy, and Advocacy, Digital Impact Alliance

RAsmall

SALMA JALIFE

Chairwoman, Centro Mexico Digital

RAsmall

FELIPE RINCON
Moderator

Vice President, Public Policy, Mastercard

They spoke about the following:

  • Multi-stakeholder collaboration is now enabled by the Internet in the public policy/regulatory sphere.
  • Inputs are received from across society, from businesses, communities, activists.
  • Regulators and policymakers generally have three objectives for data governance:
    • Reliable architecture with identification access
    • Fair and effective competition in all markets (considering new anti-competitive challenges in the world)
    • Privacy and confidentiality (an expression of human rights in the digital world).
  • Interoperability is also key – this can be legally mandated by government, though this may lead to “lowest common denominator” sourcing, which can be less safe.
  • Alternatively, it can be market driven, which allows private sector players to decide details and make choices but can also lead to exclusion. Often market failures drive interoperability.
  • There is a mismatch between the pace of technological development and the ability of governments and regulators to keep up (despite the prevalence of regulatory sandboxes).
  • Trade-offs for policymakers are many and each market values these differently:
    • security
    • user experience
    • ease of usage
    • cost
  • In this, it is critical that security is recognized for its central importance.
  • Digital public infrastructure in India was not really driven by government, but by private sector innovation and demand.
  • Where digital infrastructure works it tends to be unique.
  • It cannot be the global North telling the global South how to do things (not least because they do not know themselves).
  • The global unbanked have different kinds of trust issues and digital solutions may turn them off and defeat the purpose.
  • The trade-off here is between usability and security.
  • The role of a digital fiduciary is likely to become ever more interesting and complex as we move to a decentralized Internet. Governments are failing to provide leadership, here.
  • There is a need for more public education in cybersecurity, as more people enter the digital world unable to see the danger points.

In conclusion, panelists highlighted several key points:

  • Realistic risk assessments and cost benefit analyses are currently missing from policymaking.
  • There is a gap in global and regional standards relating to data portability (best example is EU GDPR). This is a semi-solvable solution.
  • If the US is serious about digital infrastructure, it should treat it so. The current underinvestment must be resolved, and solid goals set for the economy and US citizens.
  • There is an urgent need to accelerate the way policymakers operate and interact with multi-stakeholder communities. Different markets have different ways of resolving the inherent trade-offs.

 

The roundtable wrapped up with closing remarks on about how often the industry frames innovators and policymakers as bodies in collision, yet this does not need to be the case. What is needed is a collaboration — a back and forth discussion.

  • Trust – It is a moving target. The threshold for trust is changing as consumers’ expectations evolve and the geopolitical climate pushes and prods. A collaborative approach is needed for the digital economy.

  • Fragmentation – This is globalization in reverse. Multiple coalitions form and reform, all of whom trade, but are in opposition to each other. How can this play out in the digital world? With no uniform global standards or agreements, we are increasing the chances for successful cyberattack.
  • Regulation – There is a pressing need for system architecture, fair competition among providers and human rights protection (privacy etc.). These systems all involve trade-offs that require a systematic process for thinking them through as they evolve.

  • Inclusion- there is a direct connection between public policy and inclusion. Access to the digital eco-system is uneven. This is a global problem – even the US government is unsure as to how many citizens lack access to broadband Internet and there are estimates that up to 20 million Americans have no Internet access at all.

As always, there is a trade off as innovation outpaces investment. Can the industry slow down on innovation as Artificial Intelligence comes online, and government plays catch-up?