Debate - 90 Min
IS3C's general session is an opportunity for interactive stakeholder engagement on the coalition's progress in achieving its goal of increasing the contribution of security-related standards to greater security and safety online. Following an introduction by IS3C's Coordinator who will set the context for coalition's progress since IGF 2022 (10 minutes), the session has the following two segments:
Part 1: Reports on the current status of IS3C's activities and research, including 6 WG progress reports (60 minutes including open discussion of the WG reports lasting 30 minutes).
- Working Group 1 on Internet of Things Security by Design following the recent publication of its report on existing national and regional government policies, regulations and best practices. (5 minutes)
- Working Group 2 on education and skills on the follow up to the publication at IGF 2022 of its research report on closing the gap between the needs of the cybersecurity industry and the skills of tertiary education graduates. (5 minutes)
- Working Group 3 which recently commenced its work on public sector procurement and supply chain management as drivers for increasing the deployment of security-related standards. (5 minutes)
- Working Group 5 which is developing a list of key Internet security-related standards and related best practices for public and corporate decision-takers to refer to when procuring Internet devices and applications. (5 minutes)
- Working Group 8 which was recently launched with the aim of increasing trust as the basis for wider deployment of two protocols: DNSSEC (Domain Name System Security Extensions) which strengthens authentication in the domain name system by using digital signatures based on public key cryptography; and RPKI (Resource Public Key Infrastructure) which provides greater security in the routing via the Internet's border gateway protocols (BGP). (5 minutes)
- Working Group 9 which is developing policy recommendations and guidelines that will assist governments, regulators and private sector entities in policymaking and standard-setting efforts relating to quantum and AI governance. (5 minutes)
PART 2: Forward look to 2024, led by the IS3C Coordinator, including: potential new areas of work; outreach on funding support; and increasing active stakeholder participation in working groups. (25 minutes including open discussion of 15 minutes):
Coordinator's concluding remarks (5 minutes).
Wout de Natris - IS3C Coordinator; De Natris Consult - Private Sector - Europe
Mark Carvell - IS3C Senior Policy Adviser; Independent Internet Governance Consultant - Private Sector - Europe
Wout de Natris - IS3C Coordinator; De Natris Consult - Private Sector - Europe
Mark Carvell - IS3C Senior Policy Adviser; Independent Consultant - Private Sector - Europe
Nicolas Fiumarelli - IS3C Working Group 1 Chair; LACNIC - Technical Community - Latin America
Sam Goundar - IS3C Working Group 1 Vice Chair; RMIT University, Hanoi - Academia - South Asia
Janice Richardson - IS3C Working Group 2 Chair; Insight SA - Education - Europe
Awo Aidam Amenyah - IS3C Working Group 2 Vice-chair; Child Online Africa - Civil Society - Africa
Mallory Knodel - IS3C Working Group 3 Chair; Center for Democracy & Technology - Civil Society - North America
Elizabeth Orembo - IS3C Working Group 3 Lead Researcher; Global Cyber Security Capacity Centre - Technical Community - Africa
David Huberman - IS3C Working Group 8 Partner; ICANN - Technical Community - North America
Bastiaan Goslings - IS3C Working Group 8 Partner; RIPE NCC - Technical Community - Europe
Dr Elif Kiesow Cortez - IS3C Working Group 9 Lead Researcher - The Hague University of Applied Sciences - Academia - Europe
9. Industry, Innovation and Infrastructure
Targets: The work of IS3C to promote awareness and more effective deployment of existing security-related Internet standards and related best practices in digital infrastructure is directly relevant to SDG 9's objectives of promoting innovative and sustainable technologies, inclusivity and prosperity. The scope of the coalition's current work programme includes security by design for the Internet of Things and standards relating to quantum technologies and AI. IS3C's recommendations, guidelines and practical toolkits will therefore contribute to economic policy and investment decisions in developing countries and small island states that ensure greater resiliency and trust through the adoption of standards-based solutions for addressing online security risks and citizens' safety concerns.
Public sector and corporate decisions on whether to procure secure by design Internet devices and network applications are often based on economic and financial considerations rather than technical or security requirements. A new approach to procurement practice should be adopted that prioritises the importance of security and safety requirements. This would drive more effective and wider deployment of security standards.
1. IS3C’s annual reporting of its recent activities
In the first part of its third annual IGF session since its launch at the IGF in 2020, the Dynamic Coalition on Internet Standards, Security and Safety (IS3C) reported in Kyoto on its activities since the previous IGF in Addis Ababa in 2022, and announced the publication of the following key reports:
- The coalition’s working groups on Security by Design for the Internet of Things (WG1), and on Procurement and Supply Chain Management (WG3) presented their recently completed research projects which conducted global reviews of publicly available policy documents from national governments, regulators and public administrations in all regions.
- IS3c’s working group on education and skills (WG2) published its report on tertiary cybersecurity education at the IGF in Kyoto.
- IS3C's comprehensive review of the relevance of its work on cybersecurity to the UN’s Sustainable Development Goals.
Drawing on their research findings and analysis, the speakers in the IS3C session described the following key issues and challenges for governments and industry.
- Government administrations and private sector organisations generally do not use their purchasing power to maximise the security of the ICT devices and network services through their procurement contracts;
- there is a limited active cooperation between governments and industry in the development and promotion of secure ICT products and services. This also makes it difficult for industry to comply with commonly-agreed standards;
- Open standards created by the technical community are not recognised or endorsed by most governments and this results in the public core of the Internet’s infrastructure remaining unprotected and vulnerable to attack;
- Increased cooperation between governments and industry will lead to a better protected, more secure and safer Internet for all based on harmonised approaches to security by design of ICT devices and applications;
- The lack of a level playing field in the global ICT markets results in a less secure ICT environment due to products being released onto the market that are insecure by design;
- The low level of demand by users for ICT devices and services that are secure by design due primarily to lack of awareness, creates disincentives for industry to manufacture and develop ICT products and services that are secure by design;
- Governments and private sector organisations can act as major drivers for adopting security by design through ensuring their ICT procurement practices specify this principle as a fundamental requirement.
Following their presentation in Kyoto by members of the coalition’s leadership team, the working group reports are now available on the IS3C website at https://is3coalition.org/docs-category/research-reports/ The IS3C coalition members look forward to working with the IGF’s Secretariat and the Leadership Panel in promoting the adoption of the specific recommendations contained in these action-orientated reports.
2. IS3C’s Proposal to establish a hub for cybersecurity education and skills
The report of WG2's research project identified major gaps in the supply and demand of cybersecurity skills, including knowledge of relevant existing standards and successful best practices. In order to address these gaps, the IS3C announced in Kyoto its proposal to establish a Cybersecurity Hub with the support of the IGF. The primary aim of the hub is to bring together stakeholders in industry, the technical community and the tertiary cybersecurity education sector, in order to provide guidance and recommendations on how to close the gap between the supply side of educational and training curricula on cybersecurity, and the demand side of specific skills and expertise required by the industry. It is also envisaged that at a later stage the remit of the new hub could be extended to include cybersecurity skills at all educational levels, and advising how to close the current gaps in cybersecurity employment supply and demand.
3. IS3C’s ongoing work and projected outputs in 2024/25
In the second part of the session in Kyoto, the coalition’s coordinator Wout de Natris invited questions and comments on IS3C’s next phase of work and planned outputs in 2023-24.
Following up the results of WG3’s research on procurement and supply chain management, IS3C coalition members will develop a narrative for ICT cybersecurity staff to draw on as a guide for influencing ICT procurement and supply chain management decisions for devices and applications that are secure by design. This is expected to have substantive impact on enhancing security, safety and sustainability.
Wout de Natris also explained that three new IS3C working groups had been created in 2023 to take forward specific new project work in 2024.
WG5 is in the process of developing a tool for governments and other larger organisation to use when procuring ICTs. This will describe for policymakers the prioritisation of 40 of the most important security-related Internet standards. The release of the list is planned to be published by the end of 2023.
WG8 will conduct work relating to the fundamental building blocks of the Internet are the domain name system (DNS) and the system of routing that allows Internet traffic to flow between users’ devices and websites. To achieve greater security in the DNS and the routing system and increase resilience against malicious attacks and risks of large-scale data theft, the engineering community developed two protocols: Domain Name Security Extensions (DNSSEC) and the Resource Public Key Infrastructure (RPKI). WG8 members will conduct outreach and engagement efforts to increase trust in, and contribute to the wider deployment of both of these critical protocols with the aim of enabling public and private sector decision takers to deploy them effectively in their respective organisations.
WG9 will start work in early 2024 on standards for deployment in emerging technologies relating in particular to quantum and artificial intelligence. It will conduct a comparative analysis of current policy initiatives worldwide with the aim of developing policy guidance and recommendation in early 2024.
A key overarching challenge that IS3C will continue to address in 2023/24 is turning the theory of cybersecurity into widespread impactful practice in support of the UN’s Sustainable Development Goals. IS3C will create capacity building programmes to bring the theoretical guidance and recommendations to the people who need to learn how to set them in practice and b) find the funding for the next phases working leading up to the IGF in Riyadh in 2024.
There is a world to win where cybersecurity is concerned that is currently under-realised in many key areas of policy development and best practice. The IS3C stakeholder coalition will continue through its expanding work programme to address the key gaps identified in its various research activities and to make recommendations and provide toolkits to guide policymakers and decision-takers on how to resolve them.
Further information about the IS3C (Internet Standards, Security and Safety) IGF coalition is on the IGF website at https://www.intgovforum.org/en/content/internet-standards-security-and-safety-coalition-is3c and on the coalition’s dedicated website https://is3coalition.org
Joining the coalition and contributing to its working groups is free simply by subscribing to the members mail list at https://mail.intgovforum.org/mailman/listinfo/dc-isss_intgovforum.org
The members of the IS3C dynamic coalition express their deep appreciation to the Japanese Government for hosting the IGF in Kyoto. The coalition benefitted substantially from the opportunities provided in Kyoto to report on its activities and to engage such a wide diversity of stakeholders worldwide.
The IS3C leadership team also wish to thank the IGF’s Secretariat, the Dynamic Coalition Coordination Group (DCCG), the Multistakeholder Advisory Group (MAG) and the Leadership Panel for their ongoing support for the year-round activities of IS3C and the other dynamic coalitions.