Session 3: Private Sector and Critical Infrastructures (13:30 – 15:10)

The security of digital infrastructures is of vital importance for the functioning of businesses and national economies. However, confidential information such as industrial and customer data have high economic and strategic value for illicit organizations. Consequently, systems lacking the necessary security mechanisms are often the target of massive security breaches. How are transnational cyber threats reconciled with national jurisdiction? How can policymakers provide adequate support to protect potential private sector targets? What mandate should businesses have to develop powerful non-state cyber security capabilities? How do public authorities best mobilize private cyber security expertise, without sacrificing legitimacy?


Prof. Katrin Merike Nyman-Metcalf

Professor and Head of the Chair of Law and Technology at Tallinn University of Technology and Head of Research at the Estonian e-Governance Academy  

Privatisation of liability?

Cyberspace has been hailed as a new frontier where old rules do not apply and new relationships can be created, similarly to how outer space was seen when it was first used by mankind. However, most commentators have come to presume that international law including humanitarian law (the laws of war) does apply also to cyberspace. Even if no state has sovereignty over cyberspace they can have sovereignty over their activities there. But what is more complicated to fit into the international legal framework is the role of private enterprise, which is so important in cyberspace that major firms like e.g. Google affect cyber activities through their policies more than states are able to do.

Mr. Rami Efrati

Founder and President of Firmitas Cyber Solutions. Click here for Mr. Efrati’s full biography

Cyber in Private Sector and Critical Infrastructures Present Status and Future Trends

What is considered critical infrastructure and should the definition be changed? Who is responsible for cyber security of the critical infrastructure? What is the role of government and its relationship with the private sector? What should government do in order to encourage the private sector to invest in cyber security?

This presentation is based on the speaker’s experience as the Former Head of the Civilian Sector Division in Israel National Cyber Bureau- Prime Minister Office and subsequent experience as a leader in Israel’s cyber private sector.

Zhang Ming 张明 博士

Associate research professor at China Institutes of Contemporary International Relations (CICIR)

China’s Practices and Challenges on Critical Information Infrastructures Protection (CIIP)

Under the holistic view of national security raised by Chinese President Xi, network and information security (or what can be called ‘cybersecurity’) has been seen as an important part of national security. Among the different aspects of cybersecurity, the issue of critical information infrastructures protection (CIIP) is becoming the priority of governmental cyber-related work. In order to safeguard the critical system and infrastructures, the Chinese government is making efforts to draft legislation and streamline procedures. Apart from the legislation on CIIP, Chinese decision-makers also pay more attention to the restructuring the management mechanism. In China, different departments, such as Ministry of Public Security (MPS), Ministry of Industry and Information Technology (MIIT), have historically been empowered with their own responsibilities on CIIP. To streamline the existing capabilities, as well as to adapt to the current situation: these have been two imminent tasks for Chinese leaders. In the future, China still faces lots of challenges on CIIP. First, until now, there are still debates on the definition of critical information infrastructures in China and abroad. Second, the information-sharing on cyber threats between government and private sector still need to be strengthened. Third, China should more actively attend international process to develop the consensus and norms on CIIP.