IGF 2024 Open Forum #28 How to procure Internet, websites and IoT secure and sustainable

    Roundtable
    Duration (minutes): 90
    Format description: Cybersecurity is an important topic and this open forum will share and gather information on how to secure an organisation by way of procurement policies. This session combines two formats: a tutorial and a knowledge gathering open discussion. 90 Minutes is necessary to a) share current information, followed by Q&A and b) the sharing of other good practices from a range of stakeholders of which many may not be regular IGF participants and will join online. The (hybrid) roundtable format facilitates an open discussion where all participants are equal. To allow for 30 minutes of scene setting and circa 50 minutes of open debate and sharing of experience and information will lead to a maximum result. Not only in gaining knowledge but also by establishing new networks on the important topics of cybersecurity, procurement and Internet standards deployment.

    Description

    Cybersecurity is at the top of mind of all organisations. Billions are spent on it. This open forum focuses on important causes of unnecessarily low levels of security and will show you the easiest and cheapest way towards a higher level of ICT security. You will learn, how existing security-related Internet standards and ICT best practices can contribute to ensuring a higher level of security and how your organization can use this knowledge to its advantage. This open forum is a) an awareness raising session and b) a knowledge gathering session on current good practice all can learn from. First three short introductions on the topic are delivered. Forum Standardisation of The Netherlands presents the ICT procurement procedure it developed for all levels of Dutch government (10 minutes). IGF Dynamic Coalition IS3C presents its research report’s results into procurement and its toolkit containing 23 standards (10 minutes). The Global Forum on Cyber Expertise (GFCE) presents on its current training programme on Internet standards deployment (10 minutes). This is followed by Q&A and an open discussion (50 minutes) in which experience is shared on how to obtain ICTs secure by design. Especially participants from governments, industry, technical community, parliamentarians, consumer protection and civil society are invited to join. The Internet functions because of software code like IPv4, DNS, BGP, HTTP, etc., all developed over 30 years ago. Security was not an issue at the time. It is today. Hence, Internet connections, services, devices and platforms need to be more secure, i.e. developed, manufactured and sold secure by design. This includes the new generation standards the technical community has developed in the past two decades, IPv4 --> IPv6, DNS --> DNSSEC, BGP --> RPKI, HTTP --> HTPPS, etc., that close security risks attackers abuse. These new standards are adopted too slow by (the ICT) industry. The consequence of this slow adoption is that all users of the Internet are, unnecessarily, vulnerable to attacks, abuse and loss of (privacy) sensitive data and finances. One cause may be that your organization is not demanding them. This can change. The following questions are asked in this open forum. Is your organisation aware of existing options to proactively secure their ICTs? A) If yes, what is your policy? B) If no, what stops your organisation from using these options? Are there different causes in respective regions? What do you need to adopt this option? Are you willing to work with us to develop a programme? The questions will be discussed in an open manner, with a clear aim to learn from each other’s experience and to gather and learn from existing knowledge. This is important, because larger organisations can play an important, proactive role in making ICTs more secure and safer. They can use their economic power when procuring ICTs, e.g. hosting, websites, domain names, email services, IoT devices, etc., secure by design or when renegotiating (service) contracts thereof. When the demand for security by design, so including state of the art, security-related Internet standards and ICT best practices, becomes an integral part of all procurement procedures in the public and private sector, this will lead to a selection between ICT companies that are able to deliver security and those who cannot. Most will very soon after. The session ends with a wrap up by the rapporteur and moderator (10 minutes).

    As we intend to actively invite individuals and organisations, who are not regular IGF participants, a well-functioning online environment is of the essence. The onsite and online moderator therefore will operate on an equal footing. A successful hybrid format is important to reach the goals this session has. Both online interventions and the chat will be extensively used. Both moderators will prepare the sessions together, allowing for integration of both kind of participants. We do not intend to use online tools. Should this change, we will notify you well in time.

    Organizers

    🔒Netherlands Standardisation Forum
    Wout de Natris (moderator), DC-IS3C coordinator, Western Europe and others Liz Orembo, lead researcher and vice-chair IS3C, Africa Bart Knubben, Netherlands Standardisation Forum, Western Europe and others Steven Tan, Team Lead Safer Internet Cyber Security Agency of Singapore, Asia Maarten Botterman, Global Forum on Cyber Expertise, IGO Annemiek Toersen (online moderator), Netherlands Standardisation Forum, Western Europe and others Coen Wesselman (rapporteur), ECP, Western Europe and others

    Speakers

    The session is an open roundtable aimed to gather input. There are three introductory speakers and one rapporteur wrapping up the open forum. Wout de Natris (moderator), DC-IS3C coordinator, Western Europe and others Liz Orembo, lead researcher and vice-chair IS3C, Africa (confirmed) Bart Knubben, Netherlands Standardisation Forum, Western Europe and others (confirmed) Steven Tan, Team Lead Safer Internet Cyber Security Agency of Singapore, Asia (confirmed) Maarten Botterman, Global Forum on Cyber Expertise, IGO (confirmed)

    Onsite Moderator

    Wout de Natris (DC-IS3C coordinator)

    Online Moderator

    Annemiek Toersen (Netherlands Standardisation Forum)

    Rapporteur

    Coen Wesselman (ECP)

    SDGs

    9. Industry, Innovation and Infrastructure
    12. Responsible Production and Consumption
    16. Peace, Justice and Strong Institutions

    Targets: ICTs are developed and manufactured by the ICT industry. These forms of innovation must come to the market with the security of all end users in mind. Currently it is at best an afterthought after the first incidences have occurred. Cybersecurity has to lie at the heart of our evermore digitizing world. When governments and larger organisations start to procure ICTs secure by design, based on the principles shared in this workshop, the internet environment as a worldwide critical infrastructure will become far more secure and less prone to incidents and harm (SDG 9). This workshops shows on the one hand the responsibility of industry for a responsible production by delivering ICTs secure by design, so that on the other hand end users can consume their ICTs with less risks for attacks (SDG 12). This will aid economic development because online platforms and services become more secure and safer. It will also provide a more peaceful and inclusive use of the internet and thus assist the goals underneath SDG 16 to flourish.