IGF 2022 IS3C General Meeting: Recommendations to Make the Internet More Secure and Safer

Thursday, 1st December, 2022 (13:15 UTC) - Thursday, 1st December, 2022 (14:45 UTC)
Large Briefing Room

Other - 90 Min
Format description: In its General Meeting IS3C will present on the outcomes and / or intermediate results achieved during the 17th IGF cycle. All working groups: 1. Security by design - Internet of Things; 2 Education & skills and 3. Procurement and supply chain management, will present on their outcomes and / or their progress towards recommendations for the deployment of internet standards and related best practices. During the meeting any other urgent business will be discussed, as may proposals for new working groups for 2023.


In this workshop IS3C, Internet Standards Security and Safety Coalition, presents the results of its work of the past year.


WG 1 Security by design – Internet of Things presents the outcomes of an international comparison of legislative texts at the national or supra-national level, 22 in all. Also labelling schemes on IoT security have been compared. This leads to a report, expected January 2023, containing best practices and recommendations. A public consultation of the draft report will be opened soon.


WG 2 Education & skills presents its report ‘Closing the gap between the needs of the cybersecurity industry and the skills of tertiary education graduates’. The report reflects the research conducted this year and presents seven recommendations to the world on how to close this gap.


WG 6, Data governance and security presents its initial outcomes of the research currently conducted, which compares data governance legislation around the world. The report which is expected in the winter of 2023 will contain best practices and recommendations for UNDESA to start a deployment programme on.


WGs 3, 5 and 9 announce the start of their work after the IGF. These bodies of work see to the following topics: (3) procurement and supply chain management and the deployment of internet standards; (5) a priority list of most urgent standards and best practices and a repository with a list containing a total overview; (9) quantum computing and post-quantum encryption.


Wout de Natris, IS3C coordinator, private sector, The Netherlands

Mark Carvell, IS3C senior policy advisor, private sector, U.K.


Wout de Natris, IS3C coordinator, private sector, The Netherlands

Mark Carvell, IS3C policy lead advisor, private sector, U.K.

Nicolas Fiumarelli, IS3C WG 1 chair, technical community, Uruguay

Janice Richardson, IS3C WG 2 chair, education, Australia

Awo Aidam Amenyah, IS3C WG 2 vice-chair, civil society, Nigeria

Mallory Knodel, IS3C WG3 chair, technical community, U.S.A.

Louise-Marie Hurel, IS3C WG 6 chair, academia, UK/Brazil

Narine Katchatryan, IS3C WG 9 representative, private sector, Armenia

Onsite Moderator

Wout de Natris

Online Moderator

Mark Carvell


Mark Carvell/Wout de Natris


9. Industry, Innovation and Infrastructure

Targets: 4.4 By 2030, substantially increase the number of youth and adults who have relevant skills, including technical and vocational skills, for employment, decent jobs and entrepreneurship 9. Industry, Innovation and infrastructure

Key Takeaways (* deadline 2 hours after session)

The findings of the IoT and Education and skills research are best practices, in line with IS3C's goals. Key findings are applicable to all stakeholders. To go from theory to practice, the outcomes need to be acknowledged and deployed. Gender balance is still a problem. An extra effort is needed to reach female respondents and key persons opinions. Our report is here: https://is3coalition.org/docs/study-report-is3c-cybersecurity-skills-ga…

Call to Action (* deadline 2 hours after session)

Outreach to all stakeholders to distribute the findings of IS3C's outcomes. Set up hubs and teams to discuss deployment of outcomes. Maintain a relationship with related stakeholders, as a resource for future work. Reach out to female resources and key persons from developing countries to establish the balance of the research. Cybersecurity and its related issues is long-term work; each day lost in another day.

Session Report (* deadline 26 October) - click on the ? symbol for instructions

IS3C held its general meeting at the IGF in Addis Ababa where it presented on the results of work carried out in 2022 and looked ahead to the near future.

Working Group 1 : Security by design, sub group on Internet of Things

Research has confirmed that there is a large gap between the theory of security and the daily practice of IoT security. The working group focuses on identifying the solutions needed to close this gap. The first results will be reviewed in December and January, after which the final report will be published in the winter of 2023. The IGF open process of consultation with stakeholders worldwide will be announced soon.

The WG's research focused on: (a) a review of current security-related IoT initiatives and practices worldwide, and (b) to develop a coherent package of global recommendations and guidance for embedding security by design in the development of IoT devices and applications. The report will include the outcome of research questions shared globally. One of the outputs of the research is a compilation of all the Security Best Practices that could be collected from the documents. These best practices are divided into four categories: Privacy and Exposure; Update; Non-technical; and Operation/Community.

Also, attention is given to the consumer side. What do they need to know about IoT security by design when they deal with a device containing IoT? Current labelling schemes have been compared to ascertain this. When consumer knowledge is upgraded and it is ensured that they are fully equipped to use a device securely and are aware of their rights, focus shifts to the manufacturers of the IoT devices and tools. They will feel the burden of having the obligation to make sure the device is in a good condition and safe to use more strongly, as well feel a growing awareness to deliver security updates to the devices they manufacture.

A  call for action was launched by chair Nicolas Fiumarelli to all stakeholders to participate in the open consultation process of the draft report.


Working Group 2 : Education and skills

A major factor undermining the development of a common culture of cybersecurity is that students graduating from tertiary ICT-related educational programmes often lack the skills that business and society as a whole need in order to understand the benefits of security-related Internet standards and ICT best practices. In order for ICT security to be better understood, it has to be integrated into tertiary ICT educational curricula; at all levels. This may result in the structural development of ICT(-related) products and services that include cyber security Internet standards and ICT best practices. The coalition’s Working Group 2 has therefore identified the following goals:

  • To detect and resolve cyber security skill gaps in tertiary ICT education curricula;
  • To encourage tertiary educational institutions to include in their ICT curricula the essential skills, knowledge and understanding of security- related Internet standards and ICT best practices, building on current best practices, in order to bring tertiary education in line with emerging workforce requirements;
  • To strengthen collaboration between educational decision-takers and policy makers in governments and industry in order to align tertiary ICT curricula with the requirements of our cyber future;
  • To ensure effective collaboration between key stakeholders in order to keep tertiary ICT educational materials in step with new technologies and standards and prevent new skills gaps from developing;
  • A need to make cyber security education more interesting to young people and especially women;
  • To make cyber security education part of life-long learning programmes.

The research used two methodologies. First interviews with cybersecurity experts in multiple countries and second, a questionnaire that was extensively distributed through internet governance fora. This resulted in input from 66 countries from all regions around the world.

The results show the gap between what people learn in the formal education and what the need in the cybersecurity industries is. When the technical skills could be learned in formal education, employers need to add some soft skills, creativity and critical thinking for example. The resources said that there is a need for collaboration between education and industries, to ensure that knowledge becomes more compatible to employers’ demands. Also, there is a need for constant knowledge sharing from the experts in cyber securities.

The report 'Closing the gap between the needs of the cybersecurity industry and the skills of tertiary education graduates' was formally presented by WG 2 representative Teuntje Manders to MAG chair Paul Mitchell and to the research's sponsors, Mieke van Heesewijk of SIDN Fonds and Julia Piechna of NASK. It can be found here: https://is3coalition.org/docs/study-report-is3c-cybersecurity-skills-gap/, on IS3C’s website.

The working group on Data Governance and security was not able to present but will present its report in the winter of 2023.


Global Digital Compact

IS3C has launched a special working group for its response to the Global Digital Compact. Dr. Allison Wylde leads this body of work which will reflect the outcomes and work underway within IS3C that ought to become a part of the GDC to ensure a more secure and safer Internet, thus world.


The future

Two working groups will start their work in 2023, Procurement and supply chain management, and a prioritisation list when procuring secure by design ICTs. Others are in the process of formulating their mission statements: post-cyber encryption; A working group aims to offer a roadmap for anticipatory governance strategies for the field of emerging technologies, initially focusing on AI and Quantum technology; Consumer protection and advocacy and finally; A working group that focuses on the (barriers preventing) deployment (of) three standards: DNSSEC, RPKI and IPv6.

Everyone is invited to join and/or support the upcoming body of work that IS3C endeavours to undertake in 2023.