Interview transcript:
Terry Gerton Earlier this month, ITI released its global cybersecurity principles. Can you give us some background on why these principles, and why now?
Leopold Wildenauer I would be delighted to do that. Thank you again for having me on today. As you noted, we published a set of global cybersecurity policy principles earlier this month. The reason why we did that was that we recognized that while the goals and objectives of government and industry are fundamentally aligned — because we all want to stop the bad guys as early and as efficiently as possible — that isn’t always reflected in the way that cybersecurity policy is being developed and crafted around the globe. So what we have noticed is that there is a growing mismatch between the rapid digital innovation that we see happening in the ICT space more broadly, and then also a fragmented, sometimes outdated cybersecurity policy landscape. And with our principles, We really wanted to close that gap. We wanted to issue and develop these principles to present a proactive stance of where industry is, of current industry best practices, and that aim to unify and modernize how we think about cybersecurity governance globally.
Terry Gerton It’s really interesting to me that this is a global framework because it seems to me that there’s issues in every country around the balance of collaboration and security. So can you walk us through the principles and how ITI is thinking about them from a global collaboration cybersecurity perspective?
Leopold Wildenauer Gladly. As you know, and your listeners might be interested in knowing, the Industry Technology Industry Council (or ITI) is a representative of multinational companies. So we are a global trade association by nature. And we believe that these issues transcend national borders. So cyberspace is borderless. And so we believe that global policy also ought to be borderless. So the way that we organize our principles is that we have them structured in three general buckets. One is what we label core governance themes. These are things like, adopt a risk-based approach, curtail the fragmentation of the regulatory landscape, leverage international industry-led standards, these types of things. The second bucket that we have is what we term to be the conditions for a resilient ecosystem. So these are things like facilitating open and secure cross-border data flows, engaging all stakeholders early and often throughout the development process, establishing sound c-stream baseline requirements, and also really thinking about cybersecurity from or looking at cybersecurity through the workforce lens. The last and third bucket that we have identified are more topic area-specific recommendations. So we group these together as what we refer to as technological agility and innovation. These are things where we dive deeper into the next level down. These are the things related to the security software development processes. The need to leverage AI and secure AI systems. We talk about trusted cloud and we also talk about cryptography as a fundamental building block of sound cybersecurity policy.
Terry Gerton There’s a feature in there specifically that I wanted to talk about, which is technological neutrality. You talk about the fact that cybersecurity and cyber threats are evolving so quickly that governments need to think about an equally responsive way to address them and that they can’t be tied to a technological solution. Could you expand on that for us a little?
Leopold Wildenauer I would be happy to expand on the need for technological neutrality. I think this is really one of the core themes because of what I discussed earlier, that really the innovation that is occurring is happening at a pace that regulation or lawmaking, policymaking in general, cannot keep up with. And so instead of locking in a point in time that might be outdated or obsolete in a year, maybe even six months from today, we encourage policymakers to think more about what are some of the broader processes that ought to be in place to make sure that cybersecurity risk can be managed appropriately.
Terry Gerton I’m speaking with Leopold Wildenauer. He is the director of policy for cybersecurity and supply chain at ITI. Well, let’s step back a little bit from the specific principles. I want to ask you how different countries are doing relative to the principles. How does the United States in its cybersecurity policy and practice stack up against the principles that ITI’s outlined?
Leopold Wildenauer The United States has really led the world in embracing the partnership-based model in cybersecurity, and we believe that is a good thing. If you look at the current administration, we have seen a lot of activity in the early days of the Trump administration, really focusing on creating efficiencies. So you have the revolutionary far overhaul. You have the focus on spearheading regulatory efficiency through OMB efforts. You have The FedRAMP 20x Initiative. And the way we look at it is that we are starting to see a mindset shift amongst federal agencies and a willingness to rethink some of the old ways. And that’s where we wanted to step in. And as agencies and the various policymakers here in the U.S. start to rethink the procurement and security landscape and really start to reimagine what that could look like, we wanted to be proactive in providing them with some guidance on what are some of the considerations that industry believes ought to be considered in developing these.
Terry Gerton As we are thinking about the principles themselves, what are some of the challenges that public and private entities might face as they try to align their own operations with the principles?
Leopold Wildenauer It’s a good question and I would say that one of the biggest challenges is to think about policymaking holistically, and to really embrace this whole value chain risk assessment to understand, to not only focus on a specific issue, but really to understand the entire land statement, because we do deal with siloed segments and sub-segments, whether it’s different agencies, different departments, whether it’s different stakeholders within an agency. We need to build those bridges. We need to have a central coordinating function and to make sure that the left hand is talking to the right and we’re all marching to the same direction. Really, it’s about building these relationships and building that trust between the public sector, the private sector, but also within those groups.
Terry Gerton So I know the report’s only been out for about a month, but what has the response been so far? Have people largely lined up in agreement, or is it open for discussion?
Leopold Wildenauer As you said, we just released this report earlier this month. So the feedback that we are receiving is positive, but ongoing, and we are looking for continued engagement with the administration, but also with global governments as well. Because again, as we talked about, this is not only a U.S.-focused document, but this is broader than that, and intended for a global audience as well.
Terry Gerton And so what do you hope happens next?
Leopold Wildenauer What we hope happens next is that this can serve as a door opener for us to have those conversations. And we have more material on each of these various talking points. And so we are well positioned to work with global governments on working on addressing the issues that they face. And we will take the content that we have and work with the various governments to make them specific to their unique context and apply it in a specific set.
Copyright
© 2025 Federal News Network. All rights reserved. This website is not intended for users located within the European Economic Area.
