IGF 2024 DC-IoT & IS3C Global Best Practices for a Resilient and Secure IoT by Design

    DC

    Dynamic Coalition on the Internet of Things and Internet Standards, Security and Safety Coalition

    Roundtable
    Duration (minutes): 60
    Format description: During the open session there is usually a good number of newcomers, next to a core of people that have been supporting the DC IoT and IS3C for multiple years, and invited experts. For each of the points on the agenda we foresee (1) short introduction; (2) invited panel reaction; (3) free flow with all participants in the room. A round table setup works best as people can interact better, rather than "wait for their turn", and 60 minutes helps ensure we can properly address a number of the key points that have been coming up, successively.

    Description

    When we consider future challenges, new national cybersecurity policies in various countries have started addressing IoT security more directly:

    1. European Union: The EU has introduced the Cyber Resilience Act, which imposes mandatory cybersecurity requirements for digital products, including IoT devices, covering their entire lifecycle from design to disposal. This act aims to standardize IoT security across the EU and ensure that manufacturers comply with stringent cybersecurity standards.
    2. United States: The US continues to advance its IoT security framework under various initiatives, including expanding IoT security labeling programs to help consumers understand and compare the cybersecurity protections of different IoT devices. This is part of broader efforts to enhance national IoT security as part of the country's cybersecurity strategy.
    3. Global Perspective: Various countries are adopting or updating their cybersecurity frameworks to address IoT security explicitly. For example, the NIS2 Directive in the EU, which will be fully transposed into national law by October 2024, expands the scope of cybersecurity rules to cover more sectors, including those that heavily rely on IoT systems.

    These developments highlight the global movement towards more robust IoT security, with new regulations and policies being implemented to address the growing risks associated with the proliferation of connected devices. The Security issues strongly relate to the data management issues related to confidentiality and privacy, and all this needs to take into account the challenges and opportunities offered by emerging technologies such as Artificial Intelligence and Quantum computing. 

    Agenda:

    • Introduction and Common Ground (5 mins)

    Speakers: Wout de Natris and Maarten Botterman

    • Security by Design and IoT Correlation Mini Panel (10 + 5' Open Floor)

    Speaker 1: Nicolas Fiumarelli (Chair, WG1 IS3C) presenting on IS3C WG1's main categories including examples, including training developments idea, and a speaker from DC-IoT to cover the updated IoT good practice documents, with potential insights on IoT labeling, certification, or zero trust security.

    Speaker 2: Dan Caprio (Chair, Providence Group, DC IoT) presenting on the prevalent issues relating to labelling and certification necessary to empower users to secure their environments as well as possible.

    • Data Governance and IoT (10 + 5' Open Floor)

    Speaker: Jonathan Cave (Alan Turing Institute, Warwick University, DC IoT) addressing the data governance issues that relate to IoT – acknowledging that many live data related to persons are collected, and through analysis may be relatable to people. This can lead to privacy intrusions as well as security issues, unless explicitly addressed.

    • Governance of Emerging Technologies: Quantum & AI - Mini Panel (10 + 5' Open Floor)

    Speaker 1: Elif (Chair, WG9 IS3C) and a speaker from DC-IoT to address concerns on quantum and AI.

    Speaker 2: Maarten Botterman (Chair, Global Forum of Cyber Expertise WG E on Emerging Technologies, DC IoT) highlighting international aspects relating to justified trust in the use of IoT environments in towards the future.

    • Discussion on take-aways (5 mins Open Floor)
    • Preliminary conclusions and next steps (5 mins)
    Organizers

    Maarten Botterman, ICANN Board; GNKS Consult; DC IoT Chair; Netherlands; Jonathan Cave, University of Warwick, Alan Turing Institute, DC IoT; UK; Dan Caprio, Providence Group, DC IoT; USA; Narelle Clark, IAA, Australia Olivier Crépin-Leblond, DC CIV Chair; France; Avri Doria, Technicalities, ICANN Board, DC IoT; USA; Hiroshi Esaki, University of Tokyo, WIDE, Japan Rafael (Lito) Ibarra, SVNet, El Salvador Sarah T. Kiden, Northumbria University, ICANN ALAC; Uganda Wolfgang Kleinwaechter, University of Aarhus, former DC IoT Chair ; Germany Wout de Natris, de Natris Consult, DC IS3C Chair; Netherlands Alesandro Pisanty, University of Mexico (UNAM), Mexico Shane Tews, Logan Circle Strategies, former DC IoT Chair

    Speakers

    Wout de Natris, de Natris Consult, DC IS3C Chair
    Maarten Botterman, ICANN Board
    Nicolas Fiumarelli, Chair, WG1 IS3C
    Dan Caprio, Providence Group, DC IoT
    Jonathan Cave, University of Warwick, Alan Turing Institute
    Elif Kiesow Cortez, Chair, WG9 IS3C
    Narelle Clark

    Onsite Moderator

    Maarten Botterman

    Online Moderator

    Avri Doria (tbc)

    Rapporteur

    Jonathan Cave (tbc)

    SDGs

    2. Zero Hunger
    3. Good Health and Well-Being
    6. Clean Water and Sanitation
    7. Affordable and Clean Energy
    8. Decent Work and Economic Growth
    9. Industry, Innovation and Infrastructure
    11. Sustainable Cities and Communities
    12. Responsible Production and Consumption
    13. Climate Action
    14. Life Below Water
    15. Life on Land

    Targets: - Goal 2 End hunger (specifically 2.3 and 2.4): IoT is already used today to improve crops; - Goal 3. Ensure healthy lives (specifically 3.6 and 3.9): IoT is already today essential for traffic management and environmental warning systems; - Goal 6 Water and sanitation (specifically 6.3; 6.4; 6.5; and 6.6): IoT as become an important part of water management: preventing dumping, alerting in case of hazardous chemicals and materials in the water, and distributing water efficiently; - Goal 7 access to energy (specifically 7.2 and 7.3): for instance sensors and switches that manage energy collection and distribution, detect failures, and increasingly also allow two-way energy streaming and local production; - Goal 8 Economic growth and jobs (specifically 8.2 and 8.3): with modest investments, first steps towards IoT enabled solutions become possible. This does not only allow entrepreneurship and start-ups to take place with minimal resources, it also potentially brings IoT applications to where solutions need to be provided; - Goal 9 Resilient infrastructure and sustainable industry: sustainability comes with feedback loops, and IoT networks are very well suited to provide this feedback, automatically, based on measurements in the system; - Goal 11 Sustainable cities and settlements (specifically 11.4, 11.5, 11.6, 11.7) Networks of monitoring systems and sensors will be able to detect natural disasters building up. Partly, autonomous protection systems can be build in (like closing dams). Monitoring also helps in keeping public spaces safer Cities around the world have started to experiment with IoT applications in many ways, ranging from intelligent waste collection to smart lighting, city bikes on subscription basis to smart traffic management systems and alerts for unhealthy pollution levels; - Goal 12: Sustainable consumption and production (specifically 12.5 and 12.6): feedback loops that become possible thanks to the use of tags and sensors in materials. Maintenance when needed, as indicated by the object that may require maintenance, such as cars, industrial machines, etc.; - Goal 13, 14 and 15 Sustainable environment related: measuring and feedback loops;