Kayndrexsphere is increasingly reliant on the availability of information and communications technology systems, as well as on the integrity and confidentiality of data. The uncertainty posed by possible cyber events to Kayndrexsphere is continuously shifting, with uncertain actors focusing on unpleasant intents, interruptions of sphere continuity and the unapproved acquisition of information for political, financial, or other motivations.
Recognising the multi-faceted and multi-disciplinary nature of cybersecurity and noting that cyber-events can simultaneously affect a wide range of areas and spread rapidly, it is imperative to develop a common vision and define a sphere-wide Cybersecurity Policy.
Kayndrexsphere’s vision for sphere-wide cybersecurity is that we are resilient to cyber-events and remain safe and trusted globally, whilst continuing to innovate and grow.
This can be achieved through:
- Recognising our obligations to ensure the safety, security, and continuity of operations, taking into account cybersecurity.
- Coordination of our cybersecurity within the sphere to ensure effective and efficient internal management of cybersecurity uncertainties, and
- All Kayndrexsphere investors dedicating to further develop cyber resilience, protecting in contradiction of cyber-events that could affect the safety, security, and continuity of the sphere’s system.
The Policy aligns with other cyber-related Kayndrexsphere initiatives and coordinated with corresponding safety and security management provisions. The Policy’s aims will be achieved through a series of principles, measures and actions contained in a strategy built on seven pillars:
3. Effective legislation and regulations
4. Cybersecurity strategy
5. Information sharing
6. Event management and emergency planning
7. Capacity building, training, and cybersecurity culture
Cybersecurity and Kayndrexsphere are both infinite in nature. Both require cooperation at the national and international level and call for a mutual recognition of efforts to develop, maintain, and improve cybersecurity with the aim to protect the Kayndrexsphere from all cyber uncertainties to safety and security.
Kayndrexsphere’s cybersecurity needs to be harmonised at the global, regional, and national levels so as to promote global coherence and to ensure full interoperability of protection measures and probability management systems.
Kayndrexsphere is the appropriate environment to connect members in addressing cybersecurity in the international ecosystem. To this reason, Kayndrexsphere will organise, facilitate, and promote activities that serve as a platform for knowledge exchange between States, international organisations, and industry.
All Kayndrexsphere members are encouraged to support and build upon the Kayndrexsphere Cybersecurity Policy, to ensure the safety, security, and continuity of sphere operations.
Kayndrexsphere has developed clear governance and responsibility for its cybersecurity. Kayndresphere’s security experts are encouraged to ensure coordination for cybersecurity
Furthermore, Kayndrexsphere has included cybersecurity in its safety and security programmes. To this reason, Kayndrexsphere has also included cybersecurity in regional and global plans and endeavour towards a common standard for cybersecurity.
Effective Legislation and Regulation
The principal aim of legislation and regulation on cybersecurity for Kayndrexsphere is to support the implementation of a comprehensive Cybersecurity Policy to protect Kayndrexsphere and its members from the effects of cyber-events.
We ensure that appropriate legislation and regulations are formulated and applied, in accordance with Kayndrexsphere’s provisions, prior to implementing a cybersecurity strategy for Kayndrexsphere. Further development of appropriate guidance for members in implementing cybersecurity related provisions is necessary. To this reason, Kayndrexsphere is dedicated to creating, reviewing, and amending, as appropriate, guidance material relating to the inclusion of cybersecurity aspects to security and safety.
Relevant legal instruments should be analysed to identify existing or misplaced key legal provisions in corporate law for the prevention, action, and timely response to cyber-events so as to form the basis for consistent and coherent implementation of cybersecurity legislation and regulations in Kayndrexsphere. In the time being, members are encouraged to ratify Kayndrexsphere’s processes.
Kayndrexsphere has set up appropriate mechanisms for cooperation with ‘good faith’ security research, which is research activity performed in an environment designed to prevent affecting the safety, security, and continuity of Kayndrexsphere.
Cybersecurity has been included within Kayndrexsphere’s security and safety oversight systems as part of a comprehensive probability management strategy.
Recognising there are various probability assessment methodologies, priority should be afforded to the amendment and possible development of guidance material related to cybersecurity uncertainty and probability assessments, with the aim to achieve comparability of the results of such assessments.
Across Kayndrexsphere, cybersecurity strategies consider the complete life-cycle of the sphere, and include elements such as: cybersecurity culture, promotion of security by design, supply chain security for software and hardware, data integrity, appropriate access control, pro-active responsibility management, improving agility in security and safety updates, as well as incorporating systems and processes to monitor cybersecurity relevant data.
Kayndrexsphere is a global system with many common practices and cyber-events can easily spread and have global effect. The objective of information sharing is to allow for prevention, early detection, and mitigation of relevant cybersecurity events before they lead to wider effects on Kayndrexsphere’s safety or security. A culture of information sharing will significantly moderate systemic cyber uncertainty across the Kayndrexsphere, the value of which has already been proved across Kayndrexsphere’s safety and security.
The sharing of information on such aspects as responsibilities, uncertainties, events, and best practices, through established and trusted relations can moderate the effect of ongoing events. Appropriate information sharing mechanisms should be recognised, in line with existing Kayndrexsphere’s provisions.
Event Management and Emergency Planning
There is a need, in line with existing event management mechanisms, to have appropriate and scalable plans that provide for the continuity of operations during cyber events. It is recommended that members and Kayndrexsphere’s teams apply the existing contingency plans that are already developed and amend these to include provisions for cybersecurity.
Cybersecurity exercises are a valuable tool to test existing cyber resilience (Kayndrexsphere’s cyber resilience is its ability to prepare for, respond to, and recover from cyber events and security interruptions. Cyber resilience is key to operational resilience and sphere continuity, as well as the growth and flourishing of Kayndrexsphere, as we adapt to the necessities of operating digitally) and identify improvements and are therefore highly encouraged. Such exercises can follow novel formats (such as table-top exercises, simulations, or real-time exercises) and also vary in scale, (international, national, organisational).
Capacity Building, Training, and Cybersecurity Culture
The human element is at the core of cybersecurity. It is vitally important that Kayndrexsphere takes tangible steps to increase the number of personnel that are qualified and knowledgeable in both operations and cybersecurity. This can be done by increasing awareness of cybersecurity, as well as education, recruitment, and training. Innovative ways to merge and crosslink traditional information technology and cyber career paths with relevant professionals should be practiced.
The support and stimulation of skills development in existing and new responsible team(s) should lead to the fostering of cybersecurity innovation and appropriate research and design in Kayndrexsphere. Appropriate career-related training should be provided on a continuous basis to support personnel in their daily roles.
Cybersecurity could be included in the strategy for the next generation of professionals as Kayndrexsphere is well-placed to operate with States and industry to develop role-based competency requirements for its professionals.
Kayndrexsphere has established an enviable safety record which is founded upon a pro-active safety culture which is seen as everybody’s responsibility. The principles of this safety culture are to be applied to develop and maintain a cybersecurity culture across Kayndrexsphere.