[Bp_cybersec_2016] Suggestion on question posed at last virtual call

Matthew Shears matthew at intpolicy.com
Wed Oct 11 11:38:34 EDT 2017 

I'd like to support Andrew's suggestion on working on "culture, norms 
and values" for the very reasons he has outlined.  Building and 
compiling workable multistakeholder ways of addressing these issues 
would seem to be an appropriate area for the IGF to focus. And something 
that could be valuable as an overall contribution to cybersecurity 
processes and policy discussions.

Matthew



On 11/10/2017 16:17, Andrew Cormack wrote:
> Maarten
> Of those four, "culture, norms and values" seems the one that most needs a multi-stakeholder approach. I'd see the IGF as best suited to topics where there is no obvious "right" answer and the important thing is to find a societally-acceptable balance.
>
> For example what’s the appropriate balance between an internet (in the broadest sense, not just technical) that allows people to innovate and an internet that prevents people innovating for malicious purposes?
>
> That's a question where I'd expect individual stakeholder sectors to come to *different* answers, so they need somewhere to get together and find a compromise. As opposed to, for example, critical infrastructure protection, where I'd expect individual sectors to come up with largely similar answers. The main question there is how much we're willing to pay to implement that answer, which seems to me a matter between Governments and their tax-base...
>
> IoT security would have been another candidate (again, there's no "right" answer to the balance between convenience/low-cost and impact on others) but, as Richard says, that seems to be an area where there already seem to be too many groups discussing it and, unless the IGF could persuade some of them to come under its wing, adding another one wouldn’t add much.
>
> Hope that helps
> Andrew
>
> --
> Andrew Cormack
> Chief Regulatory Adviser
>
> T 01235 822302
> Skype ancormack
> Twitter @Janet_LegReg
> Blog https://community.ja.net/blogs/regulatory-developments
> orcid.org/0000-0002-8448-2881
>
>
> Lumen House, Library Avenue, Harwell Oxford, Didcot, OX11 0SG
>
> jisc.ac.uk
>
>
>
>> -----Original Message-----
>> From: Bp_cybersec_2016 [mailto:bp_cybersec_2016-
>> bounces at intgovforum.org] On Behalf Of Maarten Van Horenbeeck
>> Sent: 11 October 2017 00:23
>> To: Wout de Natris <denatrisconsult at hotmail.nl>
>> Cc: bp_cybersec_2016 at intgovforum.org
>> Subject: Re: [Bp_cybersec_2016] Suggestion on question posed at last virtual
>> call
>>
>> Hi Wout,
>>
>>
>> I just did a deep dive into the questionnaire responses, and thought I'd share
>> the high level outline responses to the question "What is the most critical
>> cybersecurity issue that would benefit from a multi-stakeholder approach.
>>
>> The set of responses were:
>>
>> *	Developing a better set of core values around cybersecurity. Ensure
>> full representation and participation of developing countries in the IGF
>> process.
>> *	Development of cybersecurity norms.
>> *	Security is an evolutionary process, and this should be better
>> reflected in risk management approaches.  We need to build acceptance that
>> there is no 100% security.
>> *	Vulnerability of critical infrastructure and internet resources
>>
>> *	DoS/DDoS attack, ransomware, BGP/IP prefix hijacking and DNS
>> abuse
>> *	Cybercrime and state conflict
>> *	Ransomware;
>> *	Lack of education and end user awareness/engagement
>> *	The UN and ITU need to develop a framework to foster international
>> cooperation and legal principles for cyber security;
>> *	For mobile networks: (1) lack of public and available professional
>> forums to address security threats, (2) low awareness of system
>> administrators in securing next generation networks, (3) expansion of the
>> Internet of Things.
>> *	A stronger reflection of criminal justice aspects is needed in
>> cybersecurity policies;
>> *	Extreme threats ("The threats have been so dire that the measures
>> taken to deal with the threats have altered the way the common man lives
>> his life. By the correspondingly extreme processes and measures taken to
>> solve a 25 year old problem, the progress made over millennia has been
>> somewhat reversed")
>> *	Internet of Things ecosystem security, and lack of commercial
>> incentives to secure it;
>> *	Fostering a culture of cybersecurity appropriate to each stakeholder
>> group;
>> *	Cognitive computing and Artificial Intelligence.
>>
>> It seems there's a set of a few that are reflected in a number of different
>> ways, that we may choose to dig into:
>>
>> *	Critical internet infrastructure and its protection
>> *	Developing cybersecurity culture, norms and values
>> *	Ransomware
>> *	Internet of Things
>>
>> Internet of Things was also a topic that is commonly mentioned by most
>> contributions, even if not mentioned as the greatest area of concern. Based
>> not on the original documents, but a summary I created for my own review, I
>> had a word map plotted that shows the respective times a word was used in
>> the documents. IOT (which includes "internet of things") appears 17 times:
>>
>>
>>>>
>> Perhaps we can use some time during the meeting tomorrow to discuss your
>> proposal in greater depth? One question I'd like to discuss is to what degree
>> our forum can provide value beyond what other forums already provide, and
>> where the multi-stakeholder approach can have the most impact here.
>>
>> Cheers,
>> Maarten
>>
>>
>> On Thu, Sep 28, 2017 at 8:51 AM, Wout de Natris
>> <denatrisconsult at hotmail.nl <mailto:denatrisconsult at hotmail.nl> > wrote:
>>
>>
>> 	Dear all,
>>
>>
>>
>>
>> 	During the last Virtual Meeting our lead expert Maarten Van
>> Hoorenbeeck asked me whether I had a concrete idea on how approach the
>> subject of a pilot on working together on an urgent current cyber security
>> issue. I have given this question some thought and, as a suggestion, put the
>> following to you.
>>
>>
>>
>>
>> 	Cyber security is a huge subject, meaning many things to different
>> people, also in respect to their field of expertise or line of work. Be assured, I
>> am fully aware that no matter what subject this group selects, the
>> implications are global and participation exceeds current participation by far.
>>
>>
>>
>>
>> 	What I tried to do is find a topic, as an example, that:
>>
>> 	1) is of "limited" scope;
>>
>> 	2) practical;
>>
>> 	3) has a direct impact and;
>>
>> 	3) is, indiscriminately, available to all.
>>
>>
>> 	Taking that as a given, what if we were to look at software and
>> machines (IoT) going to market with no passwords or admin, 0000 or 1234 as
>> pre-set passwords? The goal being, safer machines through uniquely added
>> passwords and work from there. It starts with very basic questions to first
>> understand the topic better and secondly determine participation,
>> stakeholder groups, engagement, etc..
>>
>>
>>
>>
>> 	Suppose it succeeds, all around the globe profit immediately and
>> indiscriminately.
>>
>>
>>
>>
>> 	This is just one example. I am looking forward to read your thoughts
>> and of course feel free to elaborate or provide other examples.
>>
>>
>>
>>
>> 	Best regards,
>>
>>
>>
>>
>> 	Wout de Natris
>>
>>
>>
>>
>>
>>
>> 	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
>> - - - - - - - - - - -
>> 	De Natris Consult
>>
>>
>> 	Kamerlingh Onnesstraat 43                                                        Tel: +31
>> 648388813 <tel:+31%206%2048388813>
>>
>>
>> 	2014 EK Haarlem                                                                          Skype:
>> wout.de.natris
>>
>>
>>
>> 	denatrisconsult at hotmail.nl <mailto:denatrisconsult at hotmail.nl>
>>
>> 	http://www.denatrisconsult.nl
>>
>> 	Blog http://woutdenatris.wordpress.com
>> <http://woutdenatris.wordpress.com>
>>
>>
>> 	_______________________________________________
>> 	Bp_cybersec_2016 mailing list
>> 	Bp_cybersec_2016 at intgovforum.org
>> <mailto:Bp_cybersec_2016 at intgovforum.org>
>> 	http://intgovforum.org/mailman/listinfo/bp_cybersec_2016_intgovf
>> orum.org
>> <http://intgovforum.org/mailman/listinfo/bp_cybersec_2016_intgovforum.
>> org>
>>
>>
>>
> _______________________________________________
> Bp_cybersec_2016 mailing list
> Bp_cybersec_2016 at intgovforum.org
> http://intgovforum.org/mailman/listinfo/bp_cybersec_2016_intgovforum.org

-- 


Matthew Shears
matthew at intpolicy.com
+447712472987
Skype:mshears

More information about the Bp_cybersec_2016 mailing list