IGF 2022 Networking Session #13 Support IS3C in Making the Internet More Secure and Safer

In this networking sessions the IGF Dynamic Coalition Internet Standards, Security and Safety Coalition (IS3C) presented its plans for 2023. A total of eight working groups presented their plans.

Working Group 1, Security by Design – Internet of Things announced a public consultation of its draft report for December 2022. In the draft the best practices found by comparing policy documents from over 20 countries are presented. All with an interest in the topic are invited to share their insights, knowledge and views with the WG. This will result in a report that takes into account different views and standpoints, allowing for a rough consensus on the outcome, with a higher chance of broader support.

Working Group 2, Education & Skills presented its first report at the IGF (on Thursday 1 December. You can find it here: https://is3coalition.org/docs-category/research-reports/). In this session it presented its plans for 2023, to bring the theory of the report into practice. The WG foresees a collection of pilot panels in different regions around the world, where experts in their respective fields, collaborate to advise on next steps towards implementation if policy guidelines. The following steps are foreseen.

1. To refine and pilot the competence model in different regions of the world, to gather input and insight into means for implementation.
2. Work with experts to develop education toolkits to be used in educational institutions and in life-long education schemes.
3. Continue work with the education sector to improve knowledge sharing and to gather good practices.
4. Create the means to scale up the identified best practices.
5. To work with industry and educational leaders to make a career in cyber security more appealing in general and for women in particular.

Over time this could result in a capacity building programme.

Working Group 3, Procurement, Supply Chain Management and the creation of a business case announced to start its work in 2023 thanks to grant by the RIPE Fund. The WG will research and analyze what are the barriers to actually procure ICTs with the proper standards built in. What is the current landscape? An important step is to create an interested community around this work. The second step is to provide guidance and recommendations that reflect good practices on procurement and supply chain management around the world for governments and large organizations on how to procure secure by design ICT (services).

Working Group 5, “the list” was also able to announce it can start its work, with thanks to the RIPE Fund. Early 2023 a team of experts is to be formed that will be asked to provide the world with a “top 40” of the most urgent security-related  internet standards and ICT best practices that any organization ought to demand when procuring ICT devices, services or software. A second list is to agree upon a list providing a full overview of all security-related internet standards and ICT best practices.

There are ideas to pursue two WGs, 7 and 8, on the topic of respectively consumer protection and advocacy and on three specific standards: DNSSEC, RPKI and IPv6.

Proposed WG 9 post-quantum encryption. The wg focuses on the timely deployment of encryption. In recent years, there has been a substantial amount of research on quantum computers – machines that exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for classical computers.

When quantum computers become available in mass use by governments and companies, all public and private keys will be exposed to a massive risk. This could seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere.

On the other hand cryptography is evolving too, and the development of quantum-resistant or post-quantum cryptography helps to create cryptographic systems that are secure against both quantum and classical computers, while being interoperable with existing protocols and networks. This creates new Public Key Infrastructure challenges and the need to update cryptographic algorithms currently in use. The IS3C coalition has established this Working Group IX: Quantum Computing and (post)Quantum Encryption with the specific aim of:

• Reviewing current quantum computing and quantum encryption initiatives and practices worldwide;
• developing a coherent package of global recommendations,
• maintain relationships with related technical communities, security leaders, engineers, developers, and other interested organizations.

Proposed WG 10, the governance of emerging technologies. The first two suggested topics are AI and quantum technologies. Breakthrough developments in dual-use technologies, such as AI & Quantum, led to recent global policymaking efforts and discussions regarding the governance of these domains. The critical security implications of these technologies require further attention of the stakeholders as the advancements continue towards further maturity and commercialization. This working group aims to offer a roadmap for anticipatory governance strategies for the field of emerging technologies, initially focusing on AI and Quantum technology. The proposed governance roadmap will be addressing the relevant roles of the state, the private sector, and civil society stakeholders based on lessons learned from past governance efforts concerning complex technology domains. 

Deliverables for this working group will include:

1. Mapping current risks and opportunities associated with these domains 

2. Policy recommendation report with input from diverse stakeholders

3. Standardization guidelines based on the policy recommendation report

These proposal are work in progress. They need to be developed further including whether they are truly separate topics or can or should be merged.

IS3C stresses that without substantial input and funding of the research and coordination, it will be hard to achieve the proposed outcomes.