Today in Amsterdam, Palo Alto Networks joined more than two dozen other companies and organizations in signing a “Coordinated Vulnerability Disclosure Manifesto.” The Manifesto is a declaration signaling that cooperation between organizations and the cybersecurity community can be helpful in finding and fixing ICT vulnerabilities. In coordinated vulnerability disclosure, vulnerabilities are reported to the owner of the information system, affording the organization the opportunity to diagnose and remedy the vulnerability before detailed information is disclosed to third parties or the public. This helps to minimize opportunities for cyber criminals to exploit these vulnerabilities.
Palo Alto Networks is joining this Manifesto because we think it is the right approach on two levels. First, we believe this type of coordination is simply good for cybersecurity. As the complexity of, and dependency on, ICT products and services is increasing, and cyber criminals continue to become more sophisticated, vulnerabilities are also increasing. Cooperation between those who might find a vulnerability and those who can fix it is invaluable—and all societies reap the benefits of a more secure digital infrastructure.
Second, on a broader level, this Manifesto concretely demonstrates proactive industry leadership to improve cybersecurity. As cyber challenges become more complex, effective responses require both industry and government actions. As industry, we can and should spearhead initiatives to improve the ecosystem both individually, as companies, and together—that is simply good corporate citizenship. This cooperative approach is part of the DNA of Palo Alto Networks and why we co-founded the Cyber Threat Alliance, a group of cybersecurity practitioners from organizations that have chosen to work together in good faith to share threat information for the purpose of improving defenses against advanced cyber adversaries across member organizations and their customers.
The Manifesto was released as part of a high-level meeting on cybersecurity, hosted by the Dutch Ministry of Security and Justice, May 12–13, titled “Enabling Partnerships for a Digitally Secure Future for the EU.” The meeting brings together more than 200 senior European Union (EU) and other government officials responsible for cybersecurity, CEOs and board members of security and ICT-related organizations and critical infrastructure, and international organizations. I am pleased to personally be part of the two-day conversation. As its title suggests, the meeting aims to push attendees not only to acknowledge the challenges of cybersecurity but also to look ahead, better understand the developments and difficulties we face, and act accordingly.
The time is right for this push. The EU is announcing and executing on a range of initiatives and proposals regarding cybersecurity and other digital issues. Implemented well, these initiatives have tremendous potential to drive the digitization of Europe’s economy, help European companies become more globally competitive, and contribute to better cybersecurity and resilience both in the EU and globally. These include the Network and Information Security (NIS) Directive, which is expected to go into effect shortly and will be implemented over the subsequent 21 months, and the Digital Single Market’s “Public Private Partnership on Cybersecurity,” which aims to boost the European cybersecurity industry. Strong cybersecurity is the fabric needed to help make successful all of the proposals in the EU’s Digitizing European Industry Package that was just released April 19, including enabling the Internet of Things (IoT) in Europe; building a world-class public cloud and data infrastructure for research, science, and engineering; and increasing cross-Member State e-government services.
The Manifesto and the May 12–13 high-level meeting continue the Netherlands’ leadership in cybersecurity matters, which Palo Alto Networks profiled in our April 2016 blog. We commend Rabobank and CIO Platform Nederland for initiating this Manifesto, for so many organizations signing it, and for the Dutch National Cyber Security Center (NCSC) for strongly encouraging it. Both the meeting and the Manifesto are a testament to Dutch leadership; however, they have impacts far beyond the Netherlands. Their message stressing public-private partnerships as the path to more effective cybersecurity is also certainly applicable worldwide. On July 1, Slovakia assumes the EU presidency. Palo Alto Networks looks forward to supporting their forthcoming efforts, and the efforts of all EU policymakers, to improve cybersecurity throughout the EU for the benefit of the global digital infrastructure.
[Palo Alto Networks Research Center]