Dear Maarten,
Am unable to make the call today as am in a time zone which makes it very impractical.
My comment of the thread below is that the IoT space is already very crowded, many many many organisations (Private, Public, I*s, Governments and LEA’s) have many many working groups. Am not convinced that starting another one is going to help.
Cheers
Dick
Richard Leaning
External Relations
RIPE NCC
> On 11 Oct 2017, at 03:23, Maarten Van Horenbeeck <maarten at first.org> wrote:
>
> Hi Wout,
>
> I just did a deep dive into the questionnaire responses, and thought I'd share the high level outline responses to the question "What is the most critical cybersecurity issue that would benefit from a multi-stakeholder approach.
>
> The set of responses were:
> Developing a better set of core values around cybersecurity. Ensure full representation and participation of developing countries in the IGF process.
> Development of cybersecurity norms.
> Security is an evolutionary process, and this should be better reflected in risk management approaches. We need to build acceptance that there is no 100% security.
> Vulnerability of critical infrastructure and internet resources
> DoS/DDoS attack, ransomware, BGP/IP prefix hijacking and DNS abuse
> Cybercrime and state conflict
> Ransomware;
> Lack of education and end user awareness/engagement
> The UN and ITU need to develop a framework to foster international cooperation and legal principles for cyber security;
> For mobile networks: (1) lack of public and available professional forums to address security threats, (2) low awareness of system administrators in securing next generation networks, (3) expansion of the Internet of Things.
> A stronger reflection of criminal justice aspects is needed in cybersecurity policies;
> Extreme threats ("The threats have been so dire that the measures taken to deal with the threats have altered the way the common man lives his life. By the correspondingly extreme processes and measures taken to solve a 25 year old problem, the progress made over millennia has been somewhat reversed")
> Internet of Things ecosystem security, and lack of commercial incentives to secure it;
> Fostering a culture of cybersecurity appropriate to each stakeholder group;
> Cognitive computing and Artificial Intelligence.
> It seems there's a set of a few that are reflected in a number of different ways, that we may choose to dig into:
> Critical internet infrastructure and its protection
> Developing cybersecurity culture, norms and values
> Ransomware
> Internet of Things
> Internet of Things was also a topic that is commonly mentioned by most contributions, even if not mentioned as the greatest area of concern. Based not on the original documents, but a summary I created for my own review, I had a word map plotted that shows the respective times a word was used in the documents. IOT (which includes "internet of things") appears 17 times:
>
> <Screen Shot 2017-10-10 at 4.19.42 PM.png>
>
> Perhaps we can use some time during the meeting tomorrow to discuss your proposal in greater depth? One question I'd like to discuss is to what degree our forum can provide value beyond what other forums already provide, and where the multi-stakeholder approach can have the most impact here.
>
> Cheers,
> Maarten
>
>
> On Thu, Sep 28, 2017 at 8:51 AM, Wout de Natris <denatrisconsult at hotmail.nl <mailto:denatrisconsult at hotmail.nl>> wrote:
> Dear all,
>
>
> During the last Virtual Meeting our lead expert Maarten Van Hoorenbeeck asked me whether I had a concrete idea on how approach the subject of a pilot on working together on an urgent current cyber security issue. I have given this question some thought and, as a suggestion, put the following to you.
>
>
> Cyber security is a huge subject, meaning many things to different people, also in respect to their field of expertise or line of work. Be assured, I am fully aware that no matter what subject this group selects, the implications are global and participation exceeds current participation by far.
>
>
> What I tried to do is find a topic, as an example, that:
>
> 1) is of "limited" scope;
>
> 2) practical;
>
> 3) has a direct impact and;
>
> 3) is, indiscriminately, available to all.
>
>
> Taking that as a given, what if we were to look at software and machines (IoT) going to market with no passwords or admin, 0000 or 1234 as pre-set passwords? The goal being, safer machines through uniquely added passwords and work from there. It starts with very basic questions to first understand the topic better and secondly determine participation, stakeholder groups, engagement, etc..
>
>
> Suppose it succeeds, all around the globe profit immediately and indiscriminately.
>
>
> This is just one example. I am looking forward to read your thoughts and of course feel free to elaborate or provide other examples.
>
>
> Best regards,
>
>
> Wout de Natris
>
>
> - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
> De Natris Consult
> Kamerlingh Onnesstraat 43 Tel: +31 648388813 <tel:+31%206%2048388813>
> 2014 EK Haarlem Skype: wout.de.natris
>
> denatrisconsult at hotmail.nl <mailto:denatrisconsult at hotmail.nl>
>
> http://www.denatrisconsult.nl <http://www.denatrisconsult.nl/>
>
> Blog http://woutdenatris.wordpress.com <http://woutdenatris.wordpress.com/>
>
> _______________________________________________
> Bp_cybersec_2016 mailing list
> Bp_cybersec_2016 at intgovforum.org <mailto:Bp_cybersec_2016 at intgovforum.org>
> http://intgovforum.org/mailman/listinfo/bp_cybersec_2016_intgovforum.org <http://intgovforum.org/mailman/listinfo/bp_cybersec_2016_intgovforum.org>
>
>
> _______________________________________________
> Bp_cybersec_2016 mailing list
> Bp_cybersec_2016 at intgovforum.org
> http://intgovforum.org/mailman/listinfo/bp_cybersec_2016_intgovforum.org
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://intgovforum.org/pipermail/bp_cybersec_2016_intgovforum.org/attachments/20171011/7bc38eb3/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2611 bytes
Desc: not available
URL: <http://intgovforum.org/pipermail/bp_cybersec_2016_intgovforum.org/attachments/20171011/7bc38eb3/attachment.p7s>