Check-in and access this session from the IGF Schedule.

IGF 2022 Networking Session #13 Support IS3C in Making the Internet More Secure and Safer

    Time
    Wednesday, 30th November, 2022 (07:45 UTC) - Wednesday, 30th November, 2022 (08:45 UTC)
    Room
    Caucus Room 11
    Speakers
    Onsite Moderator

    Wout de Natris

    Online Moderator

    Mark Carvell

    Rapporteur

    Nicolas Fiumarelli

    SDGs

    Targets: 4. Quality education 9. Industry, innovation and infrastructure

     

    Format

    Following a short introduction and overview of current and future workstreams by the IS3C Coordinator, Wout De Natris, the Chairs of the coalition’s three thematic working groups will provide summaries of their mission statements and workplans, and explain the resource requirements for their research projects.

    Duration (minutes)
    60
    Language
    English
    Description

    The IGF dynamic coalition Internet Standards, Security and Safety Coalition works towards one overarching goal: to make the Internet more secure and safer by achieving more widespread and rapid deployment of existing security-related internet standards and relevant best practices. The primary goal of this networking session is to present the scope and goals of IS3C’s 2023 work programme to potential supporting and to funding partners for its current and future work programmes.

    After a brief introduction on the 2022 results, IS3C focuses on the work planned for 2023. In total five Working Groups will either continue their work or start it.

    WG 1 Security by design – Internet of Things. After the publication of its report, foreseen for January 2023, the WG will move to the next phase: to change recommendations into actions.

    WG 2 Education & skills. At the IGF the report ‘Closing the gap between the needs of the cybersecurity industry and the skills of tertiary education graduates’ is presented. In 2023 the WG continues its work and turn theory into practice. First by starting working groups containing all stakeholders and work together towards deployment and training programmes.

    WG 3 Procurement, supply chain management and the creation of the business case announces its work programme that will start in the winter of 2023

    WG 5 Prioritising and listing existing, security-related Internet standards and ICT best practices announces its work programme that will start after the IGF.

    WG 9 Quantum computing and post-quantum encryption announces its work programme that will start in 2023.

    With the announcement of the new work programme, IS3C is in need of experts interested to work with the lead experts. It is of extreme importance that the outcomes reflect the views of all stakeholders and a rough consensus can be reached on the way forward.

    Following the introductory networking session which the coalition held at IGF 2021, the networking session at IGF 2022 will be an important opportunity for engaging stakeholder organisations as potential partners. The discussions in the session will be conducted with the aim in particular of laying the groundwork for the provision of the financial and in kind support that is necessary for progressing the working groups’ research activities.

    It is also expected that the work of the coalition will continue to evolve and expand to cover additional policy issues. Feel free to share your ideas on how to continue our work. A policy area that is still under construction is for WG 7, consumer protection and advocacy, that we hope to be able to announce later in 2023.

    Key Takeaways (* deadline at the end of the session day)

    IS3C starts two new working groups in 2023. Their results will set a next step to make the internet more secure and safer. Governments and businesses will receive guidance on how to procure ICT, IoT and digital services secure by design. Ideas for working groups on quantum computing, AI and encryption were announced as well. This work is most urgent to keep the world more secure and safer.

    Call to Action (* deadline at the end of the session day)

    IS3C invites all interested to join its work and contribute to make the world more secure and safer. Experts with an interest in procurement and supply chain management and (post-)quantum encryption are invited to join. Let's get the cyber security internet standards and releated ICT best practives adopted on a massive schale globally, fast.

    Session Report (* deadline 9 January) - click on the ? symbol for instructions

    In this networking sessions the IGF Dynamic Coalition Internet Standards, Security and Safety Coalition (IS3C) presented its plans for 2023. A total of eight working groups presented their plans.

     

    Working Group 1, Security by Design – Internet of Things announced a public consultation of its draft report for December 2022. In the draft the best practices found by comparing policy documents from over 20 countries are presented. All with an interest in the topic are invited to share their insights, knowledge and views with the WG. This will result in a report that takes into account different views and standpoints, allowing for a rough consensus on the outcome, with a higher chance of broader support.

     

    Working Group 2, Education & Skills presented its first report at the IGF (on Thursday 1 December. You can find it here: https://is3coalition.org/docs-category/research-reports/). In this session it presented its plans for 2023, to bring the theory of the report into practice. The WG foresees a collection of pilot panels in different regions around the world, where experts in their respective fields, collaborate to advise on next steps towards implementation if policy guidelines. The following steps are foreseen.

    1. To refine and pilot the competence model in different regions of the world, to gather input and insight into means for implementation.
    2. Work with experts to develop education toolkits to be used in educational institutions and in life-long education schemes.
    3. Continue work with the education sector to improve knowledge sharing and to gather good practices.
    4. Create the means to scale up the identified best practices.
    5. To work with industry and educational leaders to make a career in cyber security more appealing in general and for women in particular.

    Over time this could result in a capacity building programme.

     

    Working Group 3, Procurement, Supply Chain Management and the creation of a business case announced to start its work in 2023 thanks to grant by the RIPE Fund. The WG will research and analyze what are the barriers to actually procure ICTs with the proper standards built in. What is the current landscape? An important step is to create an interested community around this work. The second step is to provide guidance and recommendations that reflect good practices on procurement and supply chain management around the world for governments and large organizations on how to procure secure by design ICT (services).

     

    Working Group 5, “the list” was also able to announce it can start its work, with thanks to the RIPE Fund. Early 2023 a team of experts is to be formed that will be asked to provide the world with a “top 40” of the most urgent security-related  internet standards and ICT best practices that any organization ought to demand when procuring ICT devices, services or software. A second list is to agree upon a list providing a full overview of all security-related internet standards and ICT best practices.

     

    There are ideas to pursue two WGs, 7 and 8, on the topic of respectively consumer protection and advocacy and on three specific standards: DNSSEC, RPKI and IPv6.

     

    Proposed WG 9 post-quantum encryption. The wg focuses on the timely deployment of encryption. In recent years, there has been a substantial amount of research on quantum computers – machines that exploit quantum mechanical phenomena to solve mathematical problems that are difficult or intractable for classical computers.

    When quantum computers become available in mass use by governments and companies, all public and private keys will be exposed to a massive risk. This could seriously compromise the confidentiality and integrity of digital communications on the Internet and elsewhere.

    On the other hand cryptography is evolving too, and the development of quantum-resistant or post-quantum cryptography helps to create cryptographic systems that are secure against both quantum and classical computers, while being interoperable with existing protocols and networks. This creates new Public Key Infrastructure challenges and the need to update cryptographic algorithms currently in use. The IS3C coalition has established this Working Group IX: Quantum Computing and (post)Quantum Encryption with the specific aim of:

    • Reviewing current quantum computing and quantum encryption initiatives and practices worldwide;
    • developing a coherent package of global recommendations,
    • maintain relationships with related technical communities, security leaders, engineers, developers, and other interested organizations.

    Proposed WG 10, the governance of emerging technologies. The first two suggested topics are AI and quantum technologies. Breakthrough developments in dual-use technologies, such as AI & Quantum, led to recent global policymaking efforts and discussions regarding the governance of these domains. The critical security implications of these technologies require further attention of the stakeholders as the advancements continue towards further maturity and commercialization. This working group aims to offer a roadmap for anticipatory governance strategies for the field of emerging technologies, initially focusing on AI and Quantum technology. The proposed governance roadmap will be addressing the relevant roles of the state, the private sector, and civil society stakeholders based on lessons learned from past governance efforts concerning complex technology domains. 

    Deliverables for this working group will include:

    1. Mapping current risks and opportunities associated with these domains 

    2. Policy recommendation report with input from diverse stakeholders

    3. Standardization guidelines based on the policy recommendation report

    These proposal are work in progress. They need to be developed further including whether they are truly separate topics or can or should be merged.

     

    IS3C stresses that without substantial input and funding of the research and coordination, it will be hard to achieve the proposed outcomes.