May 30, 2024

Quad Senior Cyber Group Joint Cybersecurity Statement

Quad Senior Cyber Group Joint Cybersecurity Statement

We, the Principals of Australia, India, Japan and the United States of the Quad Senior Cyber Group (the Group) met in New Delhi, India on January 30-31, 2023.

We reaffirm the Group’s commitment to advancing a free and open Indo-Pacific that is inclusive and resilient.   

Our meeting advanced the Group’s positive and ambitious agenda. Quad partners are working together to better secure cyberspace and foster an international digital economy that works for everyone, including regional partners in the Indo-Pacific.

Consistent with the Group’s Joint Principles and recalling the Quad Leaders Meeting on 24 May 2022, we committed in the near term to: drive more secure software services and products by common Quad government security practices; establish common cyber security requirements for our nations’ critical infrastructure; conduct a Quad Cyber Challenge (a campaign to raise awareness among our populations and drive action to improve cyber security); collaborating on capacity-building activities and information sharing in the Indo-Pacific region under the Quad Cybersecurity Partnership.  

Since September 2021, the Group studied existing policies and guidance, and is working on identifying best security practices for software services and products and minimum critical infrastructure cyber security requirements. While implementation across the Quad members requires different strategies, all Quad countries can take significant steps to implement these requirements in our countries to drive more secure software and services. Further, our collective approach over the coming years will encourage regional partners to adopt best practices and strengthen security of their products and preventive measures to guard against malicious cyber-attacks. We are committed to working with our partners to support these efforts.

The Group discussed the importance of utilizing trusted vendors in telecommunications infrastructure as part of our shared commitment to promote safe, resilient networks and technologies, including through exploration of open and interoperable network solutions which are occurring in each of and among our countries. These efforts demonstrate the Quad’s commitment to building regional capacity and ensuring the delivery of an open and secure telecommunications infrastructure in the Indo-Pacific.
The Quad Cyber Challenge Campaign will promote basic cybersecurity awareness among individuals, organizations, businesses and governments throughout members, to prevent them from becoming victims of cybercrimes and threats that can cause untold financial and personal damage. We are committed to providing educational resources to our citizens to increase their cyber security as part of this effort.

Further, coordinating and collaborating on capacity building efforts in the Indo-Pacific region under the Quad Cybersecurity Partnership will enhance regional resilience to cyber incidents and the threats, reduce broader regional cyber risks, promote cyber awareness, and improve resilience of critical infrastructure and supply chain.

Increasing Quad engagement in the Indo-Pacific through greater sharing of information will ensure closer collaboration with our Indo-Pacific partners on exchanges of technology, policy and regulations. Coordinating Quad member efforts will allow for more efficient and effective use of resources, and accelerate reduction of regional cyber risks.

In the longer term, the Group has also committed to: leveraging machine learning and related advanced technologies to enhance cyber security; establishing secure channels for Computer Emergency Response Teams (CERT) and private sector threat information sharing; and creating a framework and methodology for ensuring Supply Chain Security and Resilience for information communication technologies (ICT) and operational technology (OT) systems of critical sectors. These objectives form an important part of the future-looking, leading edge work plan for the Group.

Progress on these objectives will enhance Quad members’ national cyber capabilities, lowering the number of serious cyber incidents and improving their response capabilities. Closer collaboration on machine learning research will enable better detection of network intrusions and improving cyber risk management of critical infrastructure. The framework for secure threat information sharing by CERTs and private sector entities, will enable better real-time cooperation and assessments as cyber incidents arise. A supply chain methodology will encourage major software services, products, and providers leveraged by governments to adhere to a Quad-endorsed best practice guideline for cyber security ICT and OT requirements for critical infrastructure.

Telecom security is a core function of National security. Working in conjunction with Quad CET Working Group, the Group will strive to ensure security-by-design and best practices of cyber security are incorporated in ORAN and 6G technologies.

The Group also endorsed the  Counter Ransomware Initiative (CRI) efforts (of which Quad countries are members) to drive international cooperation and joint action to tackle ransomware including through information and intelligence exchanges, sharing best practices regarding policy and legal authority frameworks, and collaboration between law enforcement and cyber authorities to conduct counter ransomware activities.

###

Official news published at https://www.whitehouse.gov/briefing-room/statements-releases/2023/02/02/quad-senior-cyber-group-joint-cybersecurity-statement/