As part of their mission to improve ICT cybersecurity across the APEC region, the Telecommunications and Information Working Group’s (TELWG) Strategic Action Plan (2021-2025) cites the promotion of regular cybersecurity collaboration between governments, the business community, and consumers and the promotion of consumer confidence and trust in ICT products and services as key objectives.
A two-day workshop will take place during the second TELWG meeting of 2025 (SOM 3) in Incheon, Korea.
The workshop will gather member economy representatives, experts, and stakeholders to discuss the state of IoT cybersecurity policy and pathways for progress. The discussion will aim to highlight the benefits of certification schemes for IoT products and avenues for coordination among APEC member schemes. Speakers from APEC member economy public sectors will present on cybersecurity certification programs (implemented or under development) as effective practices for IoT device security. Industry speakers will showcase their perspectives on how consistency of IoT cybersecurity standards and certification schemes promotes cross-border trade and supply chain security. Discussion will center on how APEC member economies can incorporate knowledge from these presentations in developing cybersecurity standards for IoT products as well as mechanisms for interoperability between member economy schemes. The workshop will also cover topics such as implementation and interoperability. The workshop will include activities to encourage active capacity building which will be built into the agenda over the two day workshop.
The workshop will close with the dissemination of a post workshop evaluation to ensure maximum responses from participants. The evaluation will gauge the usefulness and value of the workshop for participants.
Rough Agenda Day 1
- Session 1: Scene Setting: A Survey of IoT Cybersecurity Policies and Practices across APEC Economies
- Session 2: Presentations: Best Practices for IoT Cybersecurity Frameworks for IoT Cybersecurity Certification Programs
- Session 3: Standard Setting
- Session 4: Mechanisms for Interoperability
- Session 5: Networking Session
- Session 6: Implementation and Accreditation
Day 2
- Session 1: Label Design
- Session 2: Industry Adoption
- Session 3: SME Perspectives
- Session 4: Networking Session/Capacity Building Activity
The primary beneficiaries of this dialogue are policymakers and ICT industry stakeholders in APEC member economies with interest in IoT connected device security. Project participants will be from domestic and international standards and policymaking bodies as well as industry representatives across ICT and cybersecurity sectors. Tentative candidates include the United States Federal Communications Commission (FCC), the United States National Institute for Standards and Technology (NIST), the Cybersecurity Agency of Singapore, the Australian Cyber Security Center and other APEC member counterpart agencies as well as manufacturers and sellers of IoT consumer devices and industry associations such as The Consumer Technology Association (CTA) and the Information Technology Industry Council (ITIC).
The target audience includes APEC officials and regulators, including cybersecurity agencies, telecom agencies, and domestic and international standards bodies, focused on digital trade and digital economy policies and interested in promoting the use of globally-recognized IoT cybersecurity standards in their cybersecurity approaches.
Industry stakeholders, including IoT consumer device manufacturers, sellers, and related industry associations are also a target audience. Meeting documents including agenda and presentations will be submitted to the APEC Secretariat to be uploaded on the APEC website.
The background paper will be disseminated to participants prior to the workshop and key findings will be presented in session 1 day 1 of the workshop.
The workshop will be held in person.
POs expect this project to continue to have an impact after APEC funding is completed. For example, we will foster a network among regulators, domestic and international standards bodies, industry, and other stakeholders which can act as the foundation to contribute to an interoperable approach to IoT cybersecurity.
Additionally, participants can share the background paper and information learned during the Workshop with other government officials or relevant agencies and industry in their home economies and apply information gathered to developing IoT cybersecurity policy and labeling schemes and mechanisms for interoperability.
Please see Project Proposal in Supporting Documents folder.