Cyberattacks, Cyberconflicts and International Security
New Technologies and Risks to Online Security
Other - 90 Min
Format description: Short presentations, followed by discussion of patrticipants and interaction with the public
As digital has become an integral part of everyone’s lives and work environment, security is no longer nice to have but a prerequisite to work and live safe from online harm and its implications in the offline world. At the same time cyber incidents seem only to grow and have more and more impact. This Open Forum will show what government procurement agencies and purchasing departments of other organisations can do to upgrade their own level of security and as a result, everyone else’s: by procuring secure by design. When discussing cybersecurity, the discussion often focuses on the user. He/she is responsible for security. In practice there often is not a lot these users can do to protect themselves. When Internet standards are not built in by design or ICT best practices ignored by designers or manufacturers, security-wise the end user is, often, clueless. This does not have to be this way. The Dutch government has a policy on open standards to support interoperability, (re)use of data and lower dependency on specific suppliers. To attain these goals, the Standardisation Forum was established in 2006. The Standardisation Forum does not develop standards but can assign a status (required or recommended) to existing standards in the public and semi-public sector. Its ‘Comply or Explain’-list assists governments to procure secure ICT. In this Open Forum, the Standardisation Forum presents its approach and the list of the most relevant and urgent security-related internet standards and ICT best practices. Inspired by the Dutch approach, the Internet Standards, Security and Safety Coalition (IS3C) of the IGF currently conducts a global study into procurement and supply chain management, analysing to what extend governments and industry use procurement to enhance their cybersecurity. The result of this study will be presented in this session. Representatives from other countries are invited to share their ideas and experiences. What are these experiences? The debate will focus on what is perceived to work best. 1. The stick Organisations are threatened with measures or legislation to comply. 2. The carrot Organisations are (financially) stimulated to comply. 3. Preaching Organisations receive messages on why it is good to comply. 4. Force Organisations are forced by legislations or fines to comply. Participants will be asked to share their experience and views on this matter. Finally, an international version of a ‘comply or explain’-list will be presented. This list is the result of an international advisory panel that worked under the aegis of the IGF in 2023, that reached a rough consensus on the content. Imagine how security can be changed for the better when all organisations in the world start to procure and purchase ICTs according to these principal standards. Because of it, they will become integrated in all ICT or IoT devices, services, applications, software and hardware. They will be sold secure by design.
Active engagement between the online and onsite moderator will ensure that all participants get their chances to speak. All participants will be invited to engage in the chat so that opinions can be captured this way as well. A moderator can read the most relevant comments from the chat so that they are on record.
🔒Netherlands Standardisation Forum
Mallory Knodel, Center for Democracy & Technology and Internet Architecture Board (IETF), U.S. Steven Tan, Cyber Security Centre of Singapore, government, Asia (still to be confirmed) Larissa Zegveld, Kennisnet and Netherlands Standardisation Forum, government, Europe Wout de Natris, Coordinator IS3C, Europe Participant from Japan Network Information Center (JPNIC) (still to be confirmed) Gerben Klein Baltink, Dutch Internet Standards Platform (Internet.nl), Europe Marjolijn Bonthuis, ECP, Europe
Mallory Knodel, Center for Democracy & Technology and Internet Architecture Board (IETF), U.S. Steven Tan, Cyber Security Centre of Singapore, Asia (still to be confirmed) Larissa Zegveld, Kennisnet and Netherlands Standardisation Forum, Europe Wout de Natris, Coordinator IS3C, Europe Participant from Japan Network Information Center (JPNIC) (still to be confirmed) Gerben Klein Baltink, Dutch Internet Standards Platform (Internet.nl), Europe Marjolijn Bonthuis, ECP, Europe
Wout de Natris, Coordinator IS3C, Europe
Gerben Klein Baltink, Dutch Internet Standards Platform (Internet.nl), Europe
Marjolijn Bonthuis, ECP, Europe
Targets: Cybersecurity has to lie at the heart of our evermore digitizing world. When governments and larger organisations start to procure ICTs secure by design, based on the principles shared in this workshop, the internet environment as a worldwide critical infrastructure will become far more secure and less prone to incidents and harm (SDG 9). This will aid economic development because online platforms and services become more secure and safer. It will also provide a more peaceful and inclusive use of the internet and thus assist the goals underneath SDG 16 to flourish.