***BPF on Cybersecurity 2017 - Call for Contributions***
All stakeholders are invited to submit written contributions addressing the below questions and issues to the 2017 IGF BPF on Cybersecurity mailing list (subscribe: https://www.intgovforum.org/mailman/listinfo/bp_cybersec_2016_intgovforum.org). While it is envisioned that initial drafting of the output document will begin on 15 September, this should be considered a soft deadline as contributions will be welcome on a rolling basis, particularly from IGF National and Regional Initiatives (NRIs) and from other relevant entities or organisations who may be holding meetings relating to cybersecurity prior to the IGF annual meeting in December. Contributions received past 30 September may not be guaranteed for inclusion in the BPF's output document.
Contributions will then be compiled and synthesized by the Secretariat, and further circulated to the community for comment and further work towards an output document for the BPF to be presented at the 12th IGF in Geneva, Switzerland from 18-21 December.
All individuals and organizations are asked to kindly try to keep their contributions to no more than 2-3 pages, and are encouraged to include URLs/Links to relevant information/examples/best practices as applicable. When including specific examples or detailed proposals, those may be included as an Appendix to the document. Please attach contributions as Word Documents (or other applicable non-PDF text).
Overview:
During 2015 and 2016, the Policy Options for Connecting and Enabling the Next Billion(s) (CENB) activity within the Internet Governance Forum identified two major elements:
- Which policy options are effective at creating an enabling environment, including deploying infrastructure, increasing usability, enabling users and ensuring affordability;
- How Connecting and Enabling the Next Billion(s) contributes to reaching the new Sustainable Development Goals (SDGs).
The Best Practice Forum on Cybersecurity realizes that making Internet access more universal, and thus it supporting the SDGs, has significant cybersecurity implications. Well-developed cybersecurity helps contribute to meeting the SDGs. Poor cybersecurity can reduce the effectiveness of these technologies, and thus limit our opportunities to helping achieve the SDGs.
BPF participants have conducted an initial study of how the policy proposals compiled as part of CENB Phase I and II may affect, or be affected by, cybersecurity implications.
As part of this ongoing effort, the IGF is now calling for public input to collect additional risks and cybersecurity policy recommendations that can help mitigate security impacts, and help ensure ICTs and the Internet continue to help contribute to achieving the SDGs.
Relevant reading:
Summary Records of the BPF
https://www.intgovforum.org/content/bpf-cybersecurity-1
UN Sustainable Development Goals
http://www.un.org/sustainabledevelopment/sustainable-development-goals/
Policy Options for Connecting & Enabling the Next Billion(s) - Phase II
https://www.intgovforum.org/filedepot_download/3416/549
Security focused reading of CENB Phase I -
https://www.intgovforum.org/filedepot_download/4904/687
Security focused analysis of CENB Phase II -
https://www.intgovforum.org/filedepot_download/4904/688
Questions [*Please see HERE for NRIs-specific questionnaire]:
- How does good cybersecurity contribute to the growth of and trust in ICTs and Internet Technologies, and their ability to support the Sustainable Development Goals (SDGs)?
- How does poor cybersecurity hinder the growth of and trust in ICTs and Internet Technologies, and their ability to support the Sustainable Development Goals (SDGs)?
- Assessment of the CENB Phase II policy recommendations identified a few clear threats. Do you see particular policy options to help address, with particular attention to the multi-stakeholder environment, the following cybersecurity challenges:
- Denial of Service attacks and other cybersecurity issues that impact the reliability and access to Internet services
- Security of mobile devices, which are the vehicle of Internet growth in many countries, and fulfill critical goals such as payments
- Potential abuse by authorities, including surveillance of Internet usage, or the use of user-provided data for different purposes than intended
- Confidentiality and availability of sensitive information, in particular in medical and health services
- Online abuse and gender-based violence
- Security risks of shared critical services that support Internet access, such as the Domain Name System (DNS), and Internet Exchange Point (IXP) communities
- Vulnerabilities in the technologies supporting industrial control systems
- Use of information collected for a particular purpose, being repurposed for other, inappropriate purposes. For instance, theft of information from smart meters, smart grids and Internet of Things devices for competitive reasons, or the de-anonymization of improperly anonymized citizen data
- The lack of Secure Development Processes combined with an immense growth in the technologies being created and used on a daily basis
- Unauthorized access to devices that take an increasing role in people’s daily lives
- Other: describe a cybersecurity issue critical to developing the SDGs in ways not listed above relevant to your stakeholder community (100 words or less)
- Many Internet developments do not happen in a highly coordinated way - a technology may be developed in the technical community or private sector, and used by other communities and interact in unexpected ways. Stakeholders are managing complexity.
This both shows the strength and opportunities of ICTs and Internet Technologies, but also the potential risks. New technologies may be insufficiently secure, resulting in harms when they are deployed: conversely we may adopt security requirements or measures that prevent the development, deployment, or widespread use of technologies that would generate unforeseen benefits. Where do you think lies the responsibility of each stakeholder community in helping ensure cybersecurity does not hinder future Internet development? - Where do you think lies the responsibility of each stakeholder community in helping ensure cybersecurity does not hinder future Internet development?
- What is for you the most critical cybersecurity issue that needs solving and would benefit most from a multi-stakeholder approach within this BPF? Should any stakeholders be specifically invited in order for this issue to be addressed?