Time
    Thursday, 9th December, 2021 (15:50 UTC) - Thursday, 9th December, 2021 (17:20 UTC)
    Room
    Conference Room 3
    DC

    Dynamic Coalition on Internet Standards, Security and Safety

    Panel - Auditorium - 90 Min

    Subtheme(s)

    Cybersecurity practices and mechanisms: What are the good cybersecurity practices and international mechanisms that already exist? Where do those mechanisms fall short and what can be done to strengthen the security and to reinforce the trust?
    International standards: How should international standards address the different requirements and preferences of governments and citizens in different countries?

    Description

    Description of the session aims and coverage

    In a highly informative and interactive 90 minute session, the DC-ISSS leadership team will cover four topics in the agenda:

    1) The rationale and intended concrete outcomes of the DC-ISSS: to develop recommendations, toolkits and guidance for policy makers and decision-takers that will lead to more widespread and more rapid deployment of security-related Internet standards as a result of:                           a) security by design in devices and applications;                                                                                                                                                                  b) inclusion of cybersecurity standards deployment in educational curricula and vocational training;                                                                                and c) public procurement and supply chain management as drivers of standards deployment.

    2) The relevance of the DC-ISSS objectives and target outcomes to the IGF policy question on security, trust and stability.

    3) The activities undertaken since the DC-ISSS was launched at the IGF in 2020 following the establishment of three working groups:                                                                                                                                                                                                                                               

      Working Group 1: Security by Design - Internet of Things

      Working Group 2: Education and Skills

      Working Group 3: Procurement and Supply Chain Management

    Time will be allocated for Q&A interaction with the audience.

    The three working groups' mission statements and a paper summarising their activities in 2020-21 will be posted before the IGF 2021 event.

    4) The forward-look to the DC-ISSS's focus and activities in 2022-23 including the possible creation of additional working groups.  

     

    Outline agenda for the session

    1. Introduction by DC-ISSS Coordinator Wout De Natris (15 mins):

    i) DC-ISSS relevance to IGF Policy Question - Trust, Security and Stability.

    ii) DC-ISSS milestones and progress in 2021

    iii) Stakeholder outreach including government ministries and agencies, private sector and tech community, and regional IGFs.

    2. Presentations by the Chairs of the DC-ISSS Working Groups with Q&A interaction (60 mins):

    WG1 Chair: Yurii Kargapolov - Ukrainian Network Information Centre (UANIC)

    WG2 Chair: Raymond Mamattah - E-Governance & Internet Governance Foundation for Africa (EGIGFA)

    WG3 Chair: Mallory Knodel - Center for Democracy & Technology (CDT)

    3. Workplan for 2022-23 and concluding remarks by the DC-ISSS Coordinator Wout De Natris (15 mins)

     

     

    Organizers

    Wout De Natris - DC-ISSS Coordinator - De Natris Consult - Technical community - Region: Western Europe                                                                  Mark Carvell - DC-ISSS Senior Policy Advisor - Private sector - Region: Western Europe

    Speakers

    Wout De Natris - DC-ISSS Coordinator - De Natris Consult - Technical community - Region: Western Europe                                                            Yurii Kargapolov - DC-ISSS Working Group 1 Chair - Ukrainian Network Information Center (UANIC) - Region: Eastern Europe                                    Raymond Mamattah - DC-ISSS Working Group 2 Chair - E-Governance & Internet Governance Foundation for Africa (EGIGFA) - Region: Africa        Mallory Knodel - DC-ISSS Working Group 3 Chair - Center for Democracy and Technology (CDT) - Region: North America

    Onsite Moderator

    Mark Carvell - DC-ISSS Senior Policy Advisor

    Online Moderator

    Janice Richardson - DC-ISSS Working Group 1 Vice-chair -Insight: international advisor on literacy, rights & democracy

    Rapporteur

    Wout De Natris - DC-ISSS Coordinator

    SDGs

    9.1
    9.c

    Targets: The aims of the DC-ISSS are to create more secure, safer and trusted Internet applications, devices and services through deployment of relevant security standards. This will support digital transformation globally which facilitates sustainable economic growth and improved social welfare of all members of communities, and the growth of micro, small and medium sized businesses (mSMEs) which otherwise would be vulnerable to online fraud, loss of trust and cyber security risks generally.

    Key Takeaways (* deadline at the end of the session day)

    Increasing security of online devices is discussed in various standards and digital industry fora but still need collaborative global solutions that design security into devices.

    Product security labelling and cybersecurity education strengthen the retail market for secure devices.

    Call to Action (* deadline at the end of the session day)

    IC3S will consider for next phase i. mapping of regional trends in IoT security initiatives; and ii. surveying IoT protocols agreed by different standards developers.

    Funding will be sought for research on procurement and supply chains as drivers for adopting security standards

    Session Report (* deadline 9 January) - click on the ? symbol for instructions

    REPORT OF THE IGF SESSION OF THE DYNAMIC COALITION ON INTERNET STANDARDS, SECURITY AND SAFETY   9 DECEMBER 2021 15:50-17:20 UTC

    The IGF’s Dynamic Coalition on Internet Standards, Security and Safety celebrated its first birthday at the IGF in Katowice. The coalition has made significant progress following its launch at the IGF in 2020, as was reported by the leadership team during its main session on 9 December.

     

    i. Coalition’s name change

     

    The chair of the coalition’s working group on communications (WG4) Raymond Mamattah announced that following a consultation with members held prior to the IGF, the name of the coalition had been changed to the Internet Standards, Security and Safety Coalition with the acronym IS3C. He also presented the new logo incorporating the mission slogan Making the Internet more secure and safer. The coalition in 2022 will proceed to establish a website, register a domain name, and implement a communications strategy that will include the use of social media platforms.

     

    ii. Objectives

     

    The IS3C coordinator, Wout de Natris, explained the goals of the coalition for addressing cybersecurity challenges and its strategy for producing meaningful outputs including policy recommendations, guidance and toolkits. The global impacts of the insecure Internet environment and the resulting barriers to realising the benefits of digital transformation of economies and society, require new initiatives based on global multi-stakeholder cooperation.

     

    IS3C provides a new approach for preventing cyber-attacks and threats that focuses on the role of standards. The use of the Internet and related technologies can become far safer if existing Internet standards and related best practices become more widely and rapidly deployed than is currently the case. For example, devices that are developed with security by design principles, help to create a higher level of protection from cyber threats and attacks. This prevents attacks from succeeding, thus reducing the level of mitigation of incidents. Adopting these principles would help significantly to close the existing gap between the much-discussed theory of cyber security and the daily user experience of insecurity online. 

     

    This level of increased cybersecurity can only be achieved if stakeholders leave their silos and use their expertise to educate decision-takers, so they can make well-informed choices about cyber security requirements. Furthermore, government procurers and major private sector bodies and companies can lead by example when procuring more secure devices, services and network applications.

     

    iii. Outcomes of first phase of work in 2021-22

     

    IS3C established three working groups for the first phase of the coalition’s workplan:

    WG1 - Security by design - Internet of Things

    WG2 - Education and skills 

    WG3 - Procurement, supply chain management and the business case 

     

    Each group has met virtually at regular intervals during 2021. In the session, the three working group Chairs and Vice-Chairs presented their mission statements, reported on progress in developing their policy recommendations and guidelines/toolkits, and explained their research proposals for 2022 in support of these.

     

    WG1 undertook two main activities in 2021: collation of relevant documents on IoT security worldwide and a survey of existing IoT security initiatives. A template for analysis of best practice has been developed which will provide the basis for a research proposal that is in preparation for 2022.

     

    WG2 has developed a set of questions to interview stakeholders from industry, policy and tertiary educational facilities in order to establish how deep the knowledge and skills gap is and to ascertain whether good practices already exist worldwide that assist in closing this gap. During the IGF, cooperation with Youth IGF was discussed in order to enlarge the number of interviews. The outcomes of the interviews will provide the basis for more in-depth research that WG2 has planned to undertake in 2022.

     

    WG3 presented its research plan for 2022 that will identify current practice worldwide relating to security requirements in procurement and supply chain management.  Following analysis of the findings, the members will identify a set of policy recommendations for stakeholders involved in decisions relating to procurement of secure Internet devices and applications.

     

    It is also expected that the coalition will contribute to capacity building programmes in developed, developing and least developed countries, at all levels of involvement concerning procurement and supply chain management.

     

    In addition to the ongoing activities of the three working groups, the IS3C coordinator Wout de Natris announced two critically important outputs expected in late 2022 that will serve to empower stakeholders (including educationalists for inclusion in curricula, procurement agencies and supply chain managers) with comprehensive information about cybersecurity standards and related best practice:


    -      

    an authoritative list of the most important existing Internet-security standards;


    -      

    a comprehensive listing of all relevant Internet standards and ICT best practices with explanations of a) the cybersecurity threats and risks which they aim to prevent; and b) who the lead actors are for deploying them. 

     

    iv. Governance

     

    IS3C’s Senior Policy Adviser Mark Carvell explained the decision in early 2021 to establish an agreed framework of governance that ensures:


    i)           a) stakeholder inclusivity and predictability in the coalition’s process for developing consensus-based outcomes;


    ii)          b) the target audience of public and private sector policymakers and decision-takers will take proper regard of these outcomes as the result of a rigorously open and accountable multi-stakeholder process.

     

    The IS3C webpage on the IGF website provides information about the open application procedure for coalition membership based on subscription to the IS3C mail list, the bottom up agenda-setting and decision making procedures through consensus-based agreement, and the roles of Working Group Chairs, Vice-Chairs and the Leadership team

     

    v. Outreach

     

    Mark Carvell reported on the past year’s outreach programme to raise awareness, to invite participation in the working groups, to ensure geographical, age and gender diversity, and to seek funding for research activities and to cover administration costs. The programme included presentations to regional Internet governance fora (EuroDIG and APrIGF), regional organisations (including the African Union, European Commission and the Organisation of American States); individual governments and ICT companies, and regional and national Internet standards platforms. The leadership team intends in 2022 to increase its outreach to national and regional administrations and stakeholder communities in Africa, south Asia, Latin America and the Caribbean.

     

    The leadership team had also contributed actively to the work of the IGF’s Dynamic Coalitions Coordination Group (DCCG) in support of promoting the role of the coalitions in the evolution of the IGF as a year-round, issue-focused and outcome-orientated multi-stakeholder hub at the centre of the Internet’s system of global governance.

     

    vi. Next steps

     

    Wout de Natris explained that the coalition’s membership will review progress of the current working groups in early 2022 and consider whether to establish new working groups for the second phase of IS3C work that may examine other security-by-design technologies following the work on IoT, and new generic issues such as consumer protection.

     

    Wout de Natris concluded the workshop with an open call for stakeholders to support the work of the IS3C working groups through active participation, awareness-raising in cyber networks, and contributing funding for the research projects.

     

    20 December 2021