Global Ecosystem of Ecosystems Partnership in Innovation and Cybersecurity Terms of Reference


The purpose of the global ecosystem of ecosystems partnership in innovation and cybersecurity (EPIC) is to co-create and adopt world-changing solutions to high-impact cybersecurity challenges, both current and emergent.


Cybersecurity threats are a global challenge that disrupts local modern living. The scale and maliciousness of such threats continues to evolve largely unimpeded. That hardly a day goes by without news of yet another successful attack suggests our current approaches to cybersecurity are failing.

Isolating cybersecurity as its own “special domain,” misreads its inherent embodiment in all sectors and levels of society. Consequently, new and novel approaches need development if we are to achieve the global and local benefits offered by cyber and cyber-enabled technologies.

Across the globe, ecosystems that bring together academia, industry and government operate to respond to cybersecurity threats and enable economic development opportunities. These ecosystems have largely developed independently driven by local objectives. Each ecosystem is anchored on a keystone organization. Increasingly, the leaders of these keystones are becoming aware that the challenges of cybersecurity require global paradigm-shifting partnerships and cooperation that reflect regional and local imperatives. Hence, EPIC focuses on both co-creating globally and benefitting locally. Underpinning this perspective is a conscious attempt to glocalize – localize the global and globalize the local.

Value generation initiatives

The initial value generation initiatives of EPIC are organized as follows:

  1. Network – Each keystone organization provides resources and processes of potential value to other keystones that are part of EPIC. These offerings include, but are not limited to: (i) Soft landing services, (ii) Connectivity with potential customers, multinationals, expert advisors in intellectual property, legal and finance, (iii) Shared operational tools and facilities, (iv) Ecosystem-specific information (e.g., common language – standards, professions, qualifications), and (v) Sharing knowledge and experience.
  2. Projects – EPIC will enable community-generated solutions to domain specific challenges (e.g., autonomous vehicles, internet of things, health systems and financial systems), multidisciplinary (e.g., how to integrate perspectives from computer science, engineering, psychology, sociology, law, economics, etc., to develop holistic approaches to cybersecurity), or fundamental (e.g., developing a science of cybersecurity).
  3. Talent – EPIC will create development programs to enhance skillsets and knowledge of individuals operating in specific scenarios (e.g., pathways).
  4. Exchange – EPIC will enable matchmaking between otherwise disparate ecosystem entities. Examples include: (i) Connecting an enterprise in one ecosystem with a specific mentor in another ecosystem, and (ii) Enabling ecosystem enterprises (e.g., startups) to offer products and services globally thereby accelerating revenue growth.
  5. Evaluation – EPIC will contribute to a structured discussion on how to evaluate the resilience of system-of-systems against cyber-attacks.
  6. Content – EPIC will enable content sharing across ecosystem organizations. Examples of such content would be datasets, localized social networking feeds and journal articles.
  7. Emerging – EPIC will enable horizon scanning, anticipation of emerging issues, trend analysis and investigate theories of new domains.
  8. Advocacy – EPIC will use its globally reach and status to advocate for, and raise awareness of, causes, policies, and recommendations aligned with its general purpose of co-creating and adopting world-changing solutions to high-impact cybersecurity challenges.
  9. Investment – EPIC will strive to become an engine behind generating a global framework programme for research and innovation and play a major role in defining budget allocation mechanisms and prioritization.
  10. Standards – EPIC acts in a synchronizing role (using the assets and expertise of its members) in attempting to standardize our understanding of Cybersecurity.

As EPIC matures, new forms of value generation will emerge.


EPIC members are ecosystem keystones. Each keystone that is part of EPIC is expected to:

  1. Constructively contribute to the EPIC purpose
  2. Leverage EPIC to create value for its local economy.

An EPIC keystone anchors a local or regional ecosystem that consists of institutions such as academia (e.g., universities), innovative industry (e.g., startups, local businesses, multinationals), and government (regional through to national). The ecosystem should have a clear focus on innovation activities for economic benefit.

At the onset, EPIC does not define membership categories.

The contributions an ecosystem keystone makes to EPIC will determine its importance to EPIC.


While details are left to member ecosystems, they will need to deploy personnel, financial and other resources to (i) constructively contribute to the EPIC purpose, and (ii) leverage EPIC to provide value to its local economy.

EPIC may determine that a centralized fund may be required to support an EPIC secretariat and other resources. EPIC governance will determine the need for such a fund and the decision-making around contributions and expenditures.


EPIC will operate as an ecosystem linking keystone organizations that anchor cybersecurity ecosystems globally. Representatives of each keystone organization will act to achieve the purpose of EPIC and will not unnecessarily impede decision-making and consensus building. A decision-making board governs EPIC. Decisions of the board are ratified by a simple majority vote.

Each keystone organization will have a single vote and will designate a single individual as the EPIC point of contact (POC) and official member of the EPIC decision-making board.  A member of the EPIC decision-making board may appoint a delegate to vote in their place when circumstances dictate.

Annually, the EPIC decision-making board will choose a chair (from amongst its members). The chair will preside over meetings; ensure that EPIC functions are in keeping with its purpose; and be the official spokesperson for the EPIC.

Other official positions (e.g., vice-chair or secretary) can be created at the discretion of the decision-making board.

Member ecosystem participation in the various EPIC competencies is solely the prerogative of that ecosystem. Within the context of the EPIC, no ecosystem can be excluded from participating in EPIC activities.


Key to the success of EPIC is the creation of a community that adheres to EPIC’s purpose and underlying glocalization ethos. The value-generation initiatives described above are a means for building the community. The community will be drawn from the keystone organizations and can include, for example, companies, researchers, mentors and consultants.


Regular face-to-face meetings are core to community building. As such, EPIC board meetings will be held approximately every six-months. Such meetings will be held at locations that take into consideration the geographic posture of the EPIC and are made by the board.  Annually, the EPIC will hold a symposium (potentially co-located with another major event – including the board meetings) that focuses on EPIC contributions and challenges.