IGF 2024 Day 0 Event #35 Empowering consumers towards secure by design ICTs

    DC Internet Standards, Security and Safety (IS3C)
    Onsite moderator: Wout De Natris (IS3C Coordinator)
    Online moderator: Janice Richardson (IS3C WG2 Chair)
    Rapporteur: Mark Carvell (IS3C Senior Policy Adviser)
    Speakers topic 1
    Steven Tan - Assistant Director, Cyber Security Engineering Centre, Cyber Security Agency of Singapore (confirmed)
    Hollie Hamblett - Policy Specialist, Consumers International (confirmed)
    Speakers topic 2
    Astrid Oosenbrug, Dutch Institute for Vulnerability Disclosure (TBC)
    CSIRT Global (TBD)

    Speakers

    Wout de Natris, DC-IS3C, civil society, Western Europe and others
    Mark Carvell, DC-IS3C, civil society, Western Europe and others
    Janice Richardson, InSight, private sector, Pacific
    Steven Tan, Cyber Security Agence, Singapore, Asia
    Hollie Hamblett, Consumers International, Western Europe and others

    Onsite Moderator

    Wout de Natris

    Online Moderator

    Janice Richardson

    Rapporteur

    Mark Carvell

    SDGs

    9. Industry, Innovation and Infrastructure
    12. Responsible Production and Consumption


    Targets: The deployment of security-related Internet standards and ICT best practices directly results in the far more secure development and manufacturing of ICTs, resulting in a far more secure and safer use of the Internet and IoT for all end users. This allows for further and safer economic development and innovation. The deployment of security-related Internet standards and ICT best practices also leads to responsible production, which includes the ICT-industry,which is able and often responsible to deploy the standards, which leads to a more secure and protected consumption.

    Format

    Roundtable

    Interactive consultative session comprising two parts (60 + 30 minutes):
    Part 1 (60 minutes): Short opening presentation by two experts from ICT industry and consumer protection agency on the challenge of increasing greater awareness amongst consumers of the benefits of purchasing ICT products that are secure by design. (10 minutes)
    Interactive discussion with onsite and online audience to identify how to ensure consumers understand the importance of buying digital products that are secure by design. (40 minutes).
    Summing up of main points of agreement (10 minutes)
    Part 2 (30minutes): Short opening presentation by an expert from the Dutch Institute for Vulnerability Disclosure on the practice of responsible disclosure and the experience of successful examples in mitigating risks to consumer security and safety. (10 minutes).
    Exploratory discussion with session participants on merits of this approach and how it might be formalised at scale regionally and globally. (15 minutes)
    Summing up of general points of agreement and next steps to develop the required framework of cooperation. (5 minutes)

    Description

    Highly interactive consultative session moderated by experts in cybersecurity standards and consumer protection, with the aim of promoting cooperation between industry and consumer protection agencies on the adoption of security by design principles in the global ICTs market.
    Part 1: (60 minutes) How can industry and consumer organisations promote the development and market for ICT products that are secure by design?
    This part of the session will discuss how consumer protection organisations can contribute to the more wide-spread deployment of the latest cybersecurity standards,
    The session will consider in particular:
    i) new ways of empowering consumers towards a level of awareness that allows them to make a well-informed choice in buying ICT products that are secure by design;
    ii) the value of comprehensive independent testing of the security of ICT products entering the global market;
    iii) whether there is a role for regulators to ensure producers, suppliers and service providers comply with the latest cybersecurity standards, in order to increase the ability of their consumers to protect themselves when they use their devices and services.

    Part 1 concludes with a summary by the onsite and online moderators of the main ideas tabled in support of practical cooperation, the general points of agreement on the respective roles of industry, regulators and consumer protection agencies in promoting user security and safety, and the next steps for developing a new approach to the adoption of secure by design principles in the global ICTs market.

    Part 2: (30 minutes) Can responsible disclosure by professional hackers help to resolve cybersecurity vulnerabilities?
    The practice of responsible disclosure concerns raising awareness of security vulnerabilities after they have been identified and addressed with a technical correction or patch. Quite often this has relied on independent hackers signing up to a legitimate industry programme of cooperation with product manufacturers (which may be supported by governments). This programme could be backed up by an effective independent product testing regime that would be supported by the ICT industry and relevant stakeholders, including consumer protection agencies.

    This part of the session will consider the merits of promoting the practice of responsible disclosure that serves to address quickly and effectively, on a regional and global scale, specific corporate security and consumer safety vulnerabilities and related technical flaws in new ICT products and services.

    The aim of the discussion with participants in this session will be to agree the benefits and broad parameters for developing such an initiative in cooperation with key producers in the ICT market and with the support of governments, regulators and consumer protection authorities and agencies


    1) How will you facilitate interaction between onsite and online speakers and attendees?
    The onsite and online moderators will coordinate the queueing of time-limited interventions in order to ensure fair balance between onsite and online participants’ contributions to the interactive dialogue.
    2) How will you design the session to ensure the best possible experience for online and onsite participants?
    Following short introductions at the start of both parts by the two expert presenters of the context and main questions for the dialogue, the major part of the session time will be given over to interaction with the onsite and online participants.
    3) Please note any complementary online tools/platforms you plan to use to increase participation and interaction during the session.
    (t.b.a. Following consultation with presenters)