Building Trust Security

‘Major Initiatives in Cybersecurity’ Shows Everyone Can Contribute to Trust

How do we work toward a more secure Internet?

In the Cyber Security discussions that take place in the various policy fora around the world, there is often little appreciation that the security of the Internet is a distributed responsibility, where many stakeholders take action.

By design, the Internet is a distributed system with no central core or point of control. Instead, Internet security is achieved by collaboration where multiple companies, organizations, governments, and individuals take action to improve the security and trustworthiness of the Internet – so that it is open, secure, and available to all.

Today we’ve published Major Initiatives in Cybersecurity: Public & Private Contributions Towards Increasing Internet Security to illustrate, via a handful of examples regarding Internet Infrastructure, there are a great number initiatives working, sometimes together and sometimes independently, in improving the Internet’s security. An approach we call collaborative security.

Major Initiatives in Cybersecurity describes Internet security as the part of cybersecurity that, broadly speaking, relates to the security of Internet infrastructure, the devices connected to it, and the technical building blocks from which applications and platforms are built.

We make no claim to completeness, but we do hope that the paper illustrates the complexity, breath, and depth of the various initiatives out there. And, by extension, that there are no one-size fits all solutions. In the spirit of collaboration, we appreciate any feedback you might have for future versions of this document.

Read Major Initiatives in Cybersecurity:Public & Private Contributions Towards Increasing Internet Security

Internet Governance Public Policy Shaping the Internet's Future

Lessons Learned from the Multistakeholder Process in the Philippines

In 2018, we began collaborating with the Philippines’ Department of Information and Communications Technology (DICT) to develop the country’s National ICT Ecosystem Framework (NICTEF), a successor to the Philippine Digital Strategy for 2011-2016.

The DICT, like all Philippine government agencies, is mandated by law to hold open consultations as a means of improving transparency and encouraging public involvement in the policymaking process. But it took this initiative further by ensuring that NICTEF is fully reflective of the needs and priorities of different sectors across the archipelago. For one year, the DICT led capacity building workshops, focus group discussions, writeshops, an online public survey, and regional consultations in each of the country’s major island groups, localizing the multistakeholder approach in the process to reach important and difficult decisions.

The NICTEF is now an authoritative guide on the Philippines’ digital ecosystem, and a roadmap to harmonize and coordinate the country’s ICT programs. The multistakeholder process adopted by NICTEF has been documented in a case study, offering other countries in the region a reference in developing public policies that are forward-thinking, inclusive, and suited to the needs of a steadily-interconnected world.

Below are some of our key takeaways from the process:

Develop and clearly present a value proposition to ensure that the multistakeholder process is productive and outcome driven.

In invitations and announcements, it is helpful to clearly specify to stakeholders why they should participate and what they would gain from their involvement in the policymaking process. This would help organizations identify appropriate representatives to take part in consultations and enable them to prepare their inputs.

Build strategic and sustainable partnerships for the implementation of a collaborative, multistakeholder model.

The multistakeholder model needs to be a continuous and sustainable process rather than a one-time initiative. For example, the DICT found it effective to initiate discussions with the policy and planning division of other government agencies. This division is most likely to be familiar with the overall direction, as well as the deliverables of each ministry, and would be able to provide guidance on possible collaboration and relevant divisions that may be tapped to contribute to the NICTEF.

Conduct face-to-face consultations at the regional level to hear from the countryside and harder-to-reach stakeholders.

Working with its regional and provincial offices, the DICT conducted public consultations across the country to reach out to each island group and accommodate different levels of development, priorities, and perspectives.

Tailor the multistakeholder process to the culture of the country.

In many Asian cultures, individuals tend to be reluctant to speak up when senior or governmental personnel are in the room. There is therefore a need to offer multiple ways for individuals to voice their concerns, even anonymously through surveys.

Focus on the entire ICT ecosystem, not just what the government or the ICT sector is doing.

A crucial part of ICT policymaking is identifying existing gaps in different sectors where policy interventions might be useful. To reach individual companies and organizations, DICT engaged with industry and professional bodies, such as the Philippine Chamber of Telecommunications Operators and the Information Technology and Business Process Association of the Philippines. Discussions and consultations were open to all and were announced online on government websites and social media sites.

Previous ICT policymaking exercises focused on governmental efforts in the ICT sector. NICTEF, however, is a national framework for the entire ecosystem of stakeholders to work collaboratively. It represents what the people of the Philippines collectively want for the country, and within this framework, the role that government can play.

Read A Multi-Stakeholder Model in ICT Policymaking: Case Study from the Philippines.

Internet Governance Shaping the Internet's Future

Asia-Pacific ICT Ministers Focus on Co-Creating the Future of the Internet

In June, ICT ministers across Asia-Pacific got together in Singapore to decide on the direction of ICT development in the region. At the end of the three-day gathering, leaders adopted the Singapore Statement of the Asia-Pacific ICT Ministers on Co-creating a Connected Digital Future in the Asia-Pacific, a set of high-level policy guidelines that will set the tone for activities of the Asia-Pacific Telecommunity (APT) in the next five years. 
The Singapore Statement is significant in that it fortifies the principles that underpin a conducive environment for the digital economy to thrive:

  • It reinforces support for the multistakeholder approach, with states highlighting their own efforts to make ICT policy processes more inclusive during the meeting.
  • It renews its commitment to foster digital communities through collaborative projects to connect unserved and underserved areas.
  • It makes explicit references to interoperability and the free and secure flow of information online, putting equal weight on protecting users’ privacy.

It is particularly encouraging to see that amidst the race to capitalize on the vast amounts of data collected from us and our online activities, ICT Ministers opted to focus on trust –  built on accountability, transparency, and ethics – as a fundamental pillar in the region’s digital future, one that will enable users to fully explore the potential of the Internet to improve their lives.

The APT, borne out of a treaty-based initiative of the United Nations Economic and Social Commission for Asia and the Pacific and the International Telecommunication Union, has come a long way since it was conceived four decades ago. It has made tremendous progress in harmonizing member states’ policies, facilitating cross-border cooperation, and amplifying the region’s voice in global policy fora.

Since the last Ministerial Meeting five years ago, APT has supported numerous pilot projects to connect remote island communities in the Pacific, strengthened policymakers’ capacity through training courses on Internet Governance, and ensured the participation of small island developing states and landlocked developing countries in international policy discussions.

The APT’s role has never been more relevant: It oversees a region that is home to 60% of the world’s population and accounts for two-thirds of global economic growth. It also has a growing number of tech giants – some of which are among the most valuable companies globally. Yet, there is no denying that vast disparities in ICT and Internet development persist.

With APT’s guidance, the region has begun, in a coordinated manner, to move from coverage to providing meaningful Internet access, and empowering marginalized and vulnerable sectors through accessibility tools and relevant content. It is also heartening to see more and more nation states invest in equipping citizens with the skills and means to protect themselves in cyberspace, recognizing that digital literacy entails much more than knowing how to type and transact online.

International agreements of late have increasingly focused on risks and threats, with a growing number of countries asserting greater control over content, businesses, and activities online. The Singapore Statement makes a confident bid for a positive future, charting a path that will make Asia-Pacific an even bigger force to be reckoned with.

Image ©Engin Akyurt

Building Trust Internet of Things (IoT)

Uruguay Joins Others Taking Action to Strengthen IoT Security

The use of Internet of Things devices has substantially increased in recent years and the trends indicate that the number will continue to grow significantly. In this environment of rapid technological adoption, the inclusive and collaborative approach is essential to face the challenges and take advantage of the opportunities that arise.

Specifically, to overcome the privacy and security challenges associated with the growing number of Internet of Things (IoT) devices and systems, the Internet Society signed an agreement with the Agency of Electronic Government and the Information and Knowledge Society of Uruguay (Agesic). The agreement will encourage us to strengthen our collaborative ties to develop a multistakeholder process that will seek to issue recommendations on IoT security in the country.

The recommendations issued will be useful to guide the processes of development of national and regulatory policies in Uruguay. In addition, the agreement focuses on two broad areas: the exchange of information and the development of training materials on consumer protection and network resilience.

This is undoubtedly great news for the region, since Uruguay joins a group of countries that have opted for the multistakeholder processes to strengthen the security of IoT devices. The most recent example is Canada, whose process published its final recommendations a few weeks ago. In addition, there are similar efforts in France and Senegal.

The process, which will end later this year, will adhere to the principles of the multistakeholder model, such as the inclusion of diverse actors, with their participation on an equal footing, and transparency.

No one can build a secure Internet alone. Solutions need all of us. Read the Canadian Multistakeholder Process: Final Outcomes and Recommendations Report.

Building Trust Internet of Things (IoT)

Your Voice Matters: The World Can Learn from Canada’s Inclusive Solutions to Make Citizens Safer Online

Canada has shown great leadership in its innovative approach to secure our connected future by drawing on the diverse strengths, backgrounds, and perspectives our country has to offer.

While the wrap up of a collaborative effort to produce policy recommendations to keep us safe online is definitely worth celebrating, the real work for Canadians has just begun.

The Internet has profoundly changed the way we do things, expanding opportunity as it shrinks distances between people, cultures, and ideas. With connected devices hitting the shelves of major Canadian retailers like never before, the Internet of Things (IoT) is adding countless facets to a new era of human potential.

It has also brought new and complex challenges in areas such as privacy and security.

Many of us worry about our security when we log on. Despite recent calls by governments around the world to create regulation to keep citizens and information safe online, it is critical to consider that not one person or government can solve these issues alone.

If there’s anything the world of Internet governance has shown us, it’s that we get better answers to tough questions when a range of experts and interests can meaningfully take part in the conversation.

When it comes to IoT security, Canada nailed it. It met this challenge with a collaborative project that drew on the expertise of diverse people and organizations. Known as the Canadian Multistakeholder Process: Enhancing IoT Security, the group included civil society, technology companies, academics, and developers. All worked in partnership with agencies such as the Canadian Ministry of Innovation, Science and Economic Development, the Canadian Internet Registration Authority, CANARIE, and CIPPIC.

Participants established three working groups that focused on consumer education and awareness, network resiliency, and the potential for a trustmark. The recommendations of each group are included in the final report released May 28.

The project’s recommendations carry serious weight in terms of credibility because they include perspectives from people who don’t always get a seat at the decision-making table.

For instance, youth delegates brought invaluable ideas about the potential future challenges of IoT from people who grew up in a world where the Internet has always existed. Likewise, participants of the 2018 Indigenous Connectivity Summit helped us understand the unique IoT access and security challenges of people without fast, reliable, and affordable Internet.

What’s more, other countries are already looking towards Canada’s collaborative model as a best practice to secure IoT. The Canadian Multistakeholder Process was the linchpin to the IoT Security Policy Platform, a collaborative body of government agencies and global organizations championing inclusive solutions to make security a pillar of our digital future. Senegal and France are also taking this way of working forward.

There isn’t a single person out there who can build a secure Internet by themselves. Solutions that are going to last need all of us. While the Canadian report represents a new way of meeting the potential and challenges of the Internet, it is only the starting point.

What’s next? We need your help to make things happen.

Now that the recommendations are in place, Canada needs to make them happen. That’s where you come in.

A new working group is already formed with the mandate to carry these recommendations forward. You can be a part of it.

The more the merrier: whether you’re an active community leader, policy maker, business leader, or concerned citizen, you can join group of changemakers working to secure our connected future through the IoT Security Implementation Committee. If you are interested, contact Senior Policy Advisor Katie Jordan at

Inclusivity is part of the Internet’s own DNA. It is an open and global network of networks that voluntarily work together.  Each network that joins the Internet does its own thing, but together they are all richer and more reliable.  It’s stronger because it works that way. We are too, and your voice is critical to the equation.

Join the IoT Security Implementation Committee and help ensure a secure, open, and accessible Internet for the future.

Shaping the Internet's Future

Internet Society and UNESCO Offer a Capacity Building Program for Judges

Trust is vital to the future of the Internet. The best way to build it is to let a diverse group of people and interested organizations contribute their experience and knowledge. For this reason, the Internet Society and the UNESCO Regional Office has developed a capacity-building program for judges, prosecutors, public defenders, and other judicial operators in Latin America and the Caribbean.

This program shares our vision for an open, globally-connected, trustworthy, and secure Internet for everyone. We allied with UNESCO to incorporate a plan related to freedom of expression, privacy, encryption, and access to public information. In this way the program responds to the needs of judicial operators facing real cases related to the use of the Internet.

For Raquel Gatto, Senior Policy Advisor of the Internet Society, the program represents an unprecedented opportunity: “The technical foundations of the Internet show us that collaboration is a fundamental factor for the functioning of the network. The Internet is a network of networks that trust each other, allowing interconnection. The Internet can not exist without such collaboration”.

Guilherme Canela, Regional Councilor for Communication and Information of UNESCO, says, “For 5 years, UNESCO, in cooperation with the Special Rapporteur for Freedom of Expression of the Inter-American Human Rights System, and many other international partners, has developed the Judges Initiative, which seeks to deepen the dialogue with Ibero-American judicial operators on Freedom of Expression, Access to Information and Security for Journalists. In this framework, more than 8,000 judges, prosecutors, public defenders, and other judicial operators have already gone through the training offered by the initiative. In the interaction with these operators, their interest in deepening knowledge about the broad Internet agenda is clear. That is why we are proud of this cooperation with the Internet Society, which will offer this opportunity for additional training for those who have already gone through the basic modules of the Judges Initiative”.

The program will be divided into two phases and will have a capacity for 1,000 people. During the first phase, participants will have access to topics related to the technical and policy principles of the Internet ecosystem, the foundations of the Internet Governance system, and the actors involved in the community. Participants who successfully complete the first phase of the program will access a second phase, consisting of a series of discussions led by experts on current issues of the Internet ecosystem, including privacy, freedom of expression, and encryption on the Internet.

Interested applicants can request registration through a simple form. The registration period is open from 21 March to 12 April. Those selected will receive a notification on 16 April to start the first phase of the course on the 22 April.

The Internet is a network of networks that interact with each other on a voluntary basis. Collaboration is part of the fundamental architecture of the Internet, which is why we promote this approach for security and trust. Together, as a community, we can contribute to trust in the ecosystem and continue working for an open, globally-connected, trustworthy, and secure Internet for everyone.

Read about the collaborative security approach to tackling Internet issues.

Internet Governance

Philippines Adopts the Multistakeholder Model for Policy Development

Yesterday in Manila, the Philippines launched its national information and communications technology (ICT) framework, which lays out how digital transformation will empower citizens and the economy as a whole.

The National ICT Ecosystem Framework (NICTEF), is a successor to the Philippine Digital Strategy initiative from 2011-2016. Its plans, programs, and projects will be updated periodically as the government continually considers comments from all sectors of society and other indicators and results.

The release of NICTEF is remarkable in many ways. It was developed in a collaborative way, with stakeholders from multiple sectors engaged in dialogue and discussions to help inform and build an inclusive framework.

NICTEF is a living document. Subcommittees will gather ongoing feedback and updates will be made available on the framework’s website.

Considering the faltering international cooperation in Internet policymaking and the trend towards unilateral policies, it takes determination and belief for a government to embark on a landmark multi-year initiative that has at its core a multistakeholder approach.

This commitment is all the more remarkable for a developing country like the Philippines, where the levels of Internet use and literacy vary greatly from region to region. The Department of Information Communications Technology (DICT) recognized right from the start that a collaborative approach was needed. No single source of opinion – no matter how sophisticated – could address all possible issues that all sectors of society would face in building a roadmap for a digital economy.

NICTEF goes further than simply accepting comments from the public: it is aimed at paving the road for an inclusive, bottom-up policymaking model by encouraging people to set the agenda and goals of the country’s digital strategy.

“While it may not be possible to include all stakeholders in the process, the more inclusive and transparent the process is, then the more likely it is to produce workable outcomes and to engender the requisite trust and support of those outside the process, furthering dynamic and participatory e-governance,” the NICTEF document reads.

The Philippine government’s commitment to the multistakeholder model in the development of NICTEF is an exemplary approach and could be a model for other countries in their policy development processes.

The Internet Society, and I in particular, feel honoured and privileged to have been a part of the development of NICTEF, which will guide the development of Philippine digital ecosystem – and lay the foundation for all sectors to benefit from the use of ICTs and the Internet.

Our partnership with DICT in developing the framework has been highly rewarding. I believe NICTEF sets a new standard for how policy can be developed in an inclusive and collaborative manner. With the release of the framework, we can now look forward to the implementation phase and how the development of a robust digital ecosystem will propel the Philippine economy into the future.

Read Why the Multistakeholder Approach Works.

Building Trust Internet of Things (IoT)

Internet Society Botswana Chapter Hosts Webinar on the Internet of Things

The Internet of Things (IoT) is upon us. The exponential advancements are fast becoming a reality and Africa is a part of the current wave. On 13 December 2018, the Internet Society Botswana Chapter held an Internet of Things webinar at the University of Botswana Library to discuss local IoT-related implications. In attendance were approximately seventy-five individuals, including members of the public, academia, the developer community, and students.

A quick Internet search reveals that IoT can be synonymous with tracking and monitoring systems, wearables, and smart homes. These may not be relatable in the African context, but IoT prospective usage in farming, irrigation, and utilities management brings it home and introduces the possibilities of IoT being used to provide solutions that fit Africa’s needs. It therefore becomes important to implement a multistakeholder approach where governments and regulators provide high speed connectivity, infrastructure, and the right policies to foster local innovation.

The interactive session offered the participants an appreciation of the current IoT situation in Botswana. A remote presentation by Steve Olshansky, Internet technology program manager at the Internet Society explained the Internet Society’s view of IoT, the  OTA IoT Trust by Design Framework, and why we should ensure security and privacy are engrained in IoT’s development and use. The OTA Framework document notes that that all stakeholders have a role to play in securing IoT including manufacturers, suppliers, consumers, and regulator/policymakers. Describing “data as a double-edged sword,” Steve noted that accountability by all stakeholders becomes crucial, especially given privacy concerns.

Solomon Kembo, president of the Internet Society Zimbabwe Chapter, gave a presentation on the local Chapter efforts with regards to IoT. Highlighting the progress made thus far in implementation of IoT concepts, Solomon also described technical IoT framework perspectives. The Botswana Chapter’s collaboration with the Zimbabwe Chapter on IoT shows how Chapters can work together to achieve common objectives.

The Q&A session was a key indicator that the local Chapter needs to invest in future public awareness training exercises on IoT and engage with policymakers. In summary the concerns noted were:

  • Are stakeholders in Botswana ready to embrace IoT and related trends?
  • How can local entrepreneurs leverage current digital trends?
  • How can regulators and policymakers address cybersecurity concerns?
  • What learnings can we adopt from regions that have embraced IoT technologies?

This conversation is key in unlocking the digital possibilities for communities in Botswana and beyond. The call to attendees was to embrace trending technologies with caution and to implement relevant context-based solutions.

We’re looking for new ideas from people all over the world on how to make their community better using the Internet. The Internet Society Beyond the Net Funding Programme funds projects up to $30,000.00 USD.

Internet Governance

International Approach to Internet Policy Declining, Some Experts Say

A long-time multistakeholder and international approach toward creating Internet policy is breaking down, with individual nations and some large companies increasingly deciding to go their own way and create their own rules, some Internet governance experts say.

The multistakeholder decision-making model that created the Internet’s policy standards over the last two decades has largely fallen apart, with countries pushing their own agendas related to privacy, censorship, encryption, Internet shutdowns and other issues, some of the experts said Tuesday at the State of the Net tech policy conference in Washington, D.C.

Recent efforts to keep the Internet safe for free expression and free enterprise are “mission impossible,” said Steve DelBianco, president and CEO of Internet-focused trade group NetChoice.

Back in the early 2000s, the Internet was enabling the disruption of governments and powerful businesses by providing users ways to work around those organizations, DelBianco added. “Fifteen years later, I’d have to say that governments and big businesses have regained their footing and are reasserting control,” he said.

Many nations are looking for new ways to control Internet content and users, added Laura DeNardis, a communications professor at American University and a scholar focused on Internet architecture and governance.

For many years, there have been “two clashing world views” about the Internet, but a heavy-handed government control model pushed by China and Russia seems to be gaining traction, she said. Many other countries still believe in a “free flow of information,” she said, and the clash of the two models will have wide-ranging effects on foreign policy, free expression, the digital economy, and the Internet itself.

Some countries pushing for a more sovereign control of the Internet have advanced data localization laws, and some have created local redirects in the Domain Name System as a way to drive users to government-approved sites, she noted.

These government efforts to control the Internet is a “sea change” from the previous multistakeholder, international model, DeNardis added.

The concerns from Tuesday’s panelists came about three months after Freedom House warned of a trend toward “digital authoritarianism” in a report on Internet freedom.

Countries that believe in free expression shouldn’t give up, however, said Drew Mitnick, policy counsel at digital rights group Access Now. International pressure can make countries rethink Internet shutdowns and overly aggressive cybersecurity laws, he said.

Last November, more than 60 countries, 100 companies, and 100 other organizations signed the France-sponsored Paris Call for Trust and Security in Cyberspace, showing some international agreement on Internet issues, Mitnick noted. However, the U.S. did not sign on to the agreement, and French President Emmanuel Macron followed the document with a speech calling for increased censorship and for a defense against the excesses of the Internet, DelBianco noted.

Traditional allies the U.S. and European Union seem to have a diverging view of how to regulate the Internet, he added. Between Macron’s concerns about “dangerous ideas” on the Internet and the EU’S strong stance on individual privacy, Europe seems to be headed in a different direction than the U.S., he said.

The EU’s right to be forgotten, for example, gives residents the ability to have websites remove old information or links to information about them. But that right conflicts with the freedom of expression and the press valued in the U.S., with important news information sometimes removed from the public’s view in the EU, DelBianco said.

One audience member asked what Internet governance model will emerge if the international approach is dying. Some panelists urged supporters of an international, multistakeholder approach to keep fighting, while DelBianco suggested that bilateral agreements between countries may be the wave of the future.

“We can’t have this escalating battle where we block their content, and they block ours,” he said. “That doesn’t serve anyone’s best interest.”

Read “We Won’t Save the Internet by Breaking It.”

Building Trust

New UN Tool Maps Asia-Pacific Cybersecurity Landscape

News of cyber attacks and personal data breaches frequently make headlines nowadays, particularly in Asia Pacific*, and every time a new incident happens, it deals a blow to the trust of some users. Since cyber threats are grave and growing, society must understand how policymakers are addressing cybersecurity concerns, and what can be done to strengthen trust.

A United Nations agency recently launched a tool to do exactly that. Against the backdrop of increasingly complex cybersecurity policies around the world, the portal aims to “enhance informed participation in key policy processes by all relevant stakeholders”, thus facilitating information sharing, capacity building, and trust and cooperation in cyberspace. We spent some time with it to evaluate the state of cybersecurity in Asia Pacific and to highlight the importance of the issue.

The Cyber Policy Portal, released this month by the United Nations Institute for Disarmament Research (UNIDIR), maps the global cybersecurity capability landscape, covering all 193 of the UN Member States, 13 intergovernmental organizations, including the Association of Southeast Asian Nations (ASEAN), and a number of multilateral frameworks.

The interactive map draws from public information and, where applicable, carries links to original documents. Systematically, it answers some of the salient questions about a country’s cybersecurity capabilities: What policies are in place? Are they supported by any strategy documents or implementation frameworks? What is the agency responsible for cybersecurity? Is there a national Computer Emergency Response Team (CERT) or Computer Security Incident Response Team (CSIRT)? What laws are there? And, finally, is it part of any international cooperation?

It is encouraging to notice from the portal that most countries in Asia Pacific have adopted national cybersecurity strategies. Some countries, notably Australia, Indonesia, Japan, Malaysia, the Philippines, Singapore, Sri Lanka, and Thailand have detailed and up-to-date cybersecurity strategies in place, often backed up by legal and operational frameworks and dedicated agencies that address critical infrastructure protection requirements and emergency response. Others, including Laos, Myanmar, and Pakistan, have general information and communication technology (ICT) master plans that cover aspects of cybersecurity.

The exceptions include Bhutan, Timor-Leste,Tuvalu, and Vietnam, which have not developed a national cybersecurity strategy. Since cybersecurity is a threat that cuts across many domains, there is a clear need for a strategy that sets out a country’s vision, goals and priorities in ensuring that public and private entities and individuals are equipped to respond to the cybersecurity challenges of an ever more connected world. It also raises awareness and facilitates partnerships for a resilient and trusted Internet.

Another positive finding is that almost all APAC countries – with the exceptions of Island countries including Fiji, Solomon Islands, and Tuvalu – have in place national CERTs or CSIRTs, which play a crucial role in incident reporting and responses, thus improving cyber resilience. Like a fire department, the bodies are set up to manage critical events that threaten the availability and integrity of key information networks and systems.

The APAC region’s strength and consistency in the establishment of CERTs and CSIRTs reflect its relatively high level of cybersecurity awareness. It is no coincidence that cybersecurity has been the top concern for Internet users in Asia Pacific in the past two years, according to the Internet Society Survey on Policy Issues, done yearly by the Internet Society’s APAC Bureau. The region’s other pressing concerns include access, data protection, privacy, and Internet of Things (IoT). The Online Trust Alliance (OTA), an Internet Society initiative, has released the IoT Trust Framework, a strategic set of 30 foundational principles providing guidance for developers, device manufacturers, and service providers to help enhance the privacy, security, and life-cycle of their products.

But the UN portal sheds light on only part of what is necessary in the management of cyber risks. In fact, no single policy, strategy, or legislation can secure cyberspace by itself: the collaborative approach that helped to drive the growth of the Internet and allows it to thrive is essential for effective cybersecurity. This means participation not only by policymakers and a few big companies, but also security practitioners and developers, protocol developers, network operators, civil society groups, and researchers.

Moreover, it should be noted that when policies are indeed deemed necessary, it is important that they are flexible enough to evolve over time. It is clear the technology is going to change, and so the solutions should be responsive to new challenges.

Beyond the multilateral frameworks the portal covers, there is also an essential need to foster international collaboration, such as the Paris Call for Trust and Security in Cyberspace, one of many cross-border efforts.

In addition, amid an ever-shifting threat landscape, education and awareness programs are also vital to ensure governments and organizations of all sizes, as well as consumers, take the right steps to secure their own systems. Many APAC countries, including Singapore and Australia, have dedicated considerable resources to cybersecurity education, including innovative awareness campaigns aimed at the general public, but it is by far not the norm.

*The Asia Pacific region accounted for 35.9 percent of the global number of cybersecurity events in the first half of 2018, the highest in the world, according to the findings by digital security company Gemalto, as reported by CIO Asia. Gemalto said the region was subject to 27.2 percent of compromised records worldwide in the period. However, the actual figures could be much higher since most countries in Southeast Asia did not require a compulsory report of data breaches.

Read Why the Multistakeholder Approach Works.

Image: the Cyber Policy Portal’s interactive map, which covers all 193 member states of the UN.

Internet Governance

The Importance of the Multistakeholder Approach: My Experience at the Internet Governance Forum

My name is Gustavo Babo, I’m from Brazil and I’m a Law and Political Science student. One of my biggest interests is to understand the best way to create national and international policies related to the Internet and other technologies such as Artificial Intelligence, IoT, and Blockchain. Having participated in the IGF as a 2018 Youth@IGF Fellow has enhanced my perspective on the future of all these technologies. Enjoy my opinion!

Throughout the IGF event, in all the panels I have attended, I have noticed one thing in common: the feeling that the human being has had less-and-less control over technology and its implications. The unpredictable factor for the future of some emerging technologies that have developed very rapidly is a situation that divided the event into two perspectives: some of those present believe that technology will bring to the world many positive situations and we need to collaborate with its acceleration to any cost. However, there are others who fear the speed and lack of control of the impacts of these technologies – which are really transforming the world – believing also that the human being may be tracing a disastrous path for itself, since we no longer control the consequences of the development of the technology.

A situation that supports these different perspectives well and the uncertainty of how people might proceed in the face of the accelerated development of technology is the speech of the president of France at the event, Emmanuel Macron. The president also shared the same uncertainties discussed there in the forum, always on the wall and saying that we need to promote the growth of technologies in a healthy and positive way and we must try to prevent the second pessimistic perspective from happening. Macron’s solution to this is a greater government approach and possible intervention through regulations and public policy. (You can read his speech here.)

However, Macron is not necessarily right. Sharing experiences in the forum with different countries of the world, I realized that there are innumerable perspectives regarding the future of technology in each country. Thus, it is possible to say that the human being does not yet know the best way to lead the emerging technologies, there are many opinions about these technologies that imply different results, many still unknown, as we can see in a global analysis of countries that adopt more or less restrictive regulations and policies. Therefore, we can conclude that we do not yet know how to regulate (or not regulate) technology and how best to create policies. However, at least we can say that we already know what is the ideal model to discuss these technologies, which is the multi-participatory or multistakeholder model adopted by the Internet Governance Forum. This is exactly what was made clear to me during the experience of attending the forum as an Internet Society Youth@IGF Fellow. The model that the forum works is absolutely exceptional in what it proposes and it is exactly in this style of discussion that the world will discover what to do with all this.

The Multistakeholder Model

This is the model used by the UN forum to discuss the different perspectives, regulations, and policies of the Internet and emerging technologies. The multistakeholder model consists of a discussion involving representation from all interested sectors: the private sector, the government sector, the academic community, the technical community, and civil society. These actors participate through an inclusive and egalitarian basis. In this way, the interests of multiple parties are met and the results of the discussion can be very positive and balanced. To be sure, this is the model of discussion we must follow in order to understand the best way to conduct technology from a national or global perspective. We still do not know how to regulate, but it is clear that with this model of discussion we will have the best results, since, for example, discussions between engineers alone or between politicians have already proved to be very unproductive and unrealistic. We need to move this model to other discussions, regulations, and policymaking that involve technology as quickly as possible. As I said, we still do not know how we should regulate technology and create public policies. In this way, we should discuss how to do this – using this model. So, one day we will know how to do it in the best way. I hope it’s not too late!

Young people are one of the categories most affected by these technologies and Youth@IGF promotes their approach to the discussion environments. The program gives form and voice for young people to contribute to the important debates. In addition, the program also serves as training for hundreds of young people who will one day move from Youth to You. We need to think in the long term to have more and more qualified people around the world to participate in debates and decisions in the world of technology.

Thank You(th)!

Read “We Won’t Save the Internet by Breaking It.”

Image from APrIGF 2018 ©Frederic Courbet/Panos Pictures

Building Trust Internet of Things (IoT) Privacy

Senegal Kicks Off Enhancing IoT Security Project

On April 4, 2018, the Canadian Multistakeholder Process: Enhancing Internet of Things (IoT) Security held its first convening in partnership with the Canadian Internet Registration Authority (CIRA)CANARIEInnovation, Science and Economic Development (ISED) Canada; and the Canadian Internet Policy and Public Interest Clinic (CIPIC). Over 80 participants from government, academia, public interest, industry, and other organizations attended the first meeting and many have continued to engage at in-person and virtual meetings ever since. Over the past eight months, this group has experienced significant success in the areas of consumer education, labeling, and network resiliency. And these achievements have been well-noted on a global scale.

A delegation from Senegal came to Canada in July to meet with members of the Enhancing IoT Security oversight committee. The group was comprised of government officials, Senegal Chapter members, and staff from the Internet Society’s African Bureau. The delegation met with Canadian government officials, technologists, public interest groups, and North American Bureau staff to learn more about how and why the IoT security project was initiated, and what the group had accomplished to date. The group discussed the significant successes the Canadian multistakeholder group had already achieved, the challenges it faced, and goals for the project.

These conversations ultimately aided the delegation in its decision to replicate the Canadian process to enhance IoT security in Senegal.

On November 28-29, the Internet Society and its Senegal Chapter, in partnership with the Ministry of Communications, Telecommunications, Postal Services, and Digital Economy (MCTPEN) and the Telecommunications and Postal Regulatory Authority (ARTP) hosted the inaugural Senegalese Multistakeholder Process: Enhancing Internet of Things (IoT) Security. The Internet Society’s President and CEO, Andrew Sullivan, and I were grateful for the chance to attend and share some of the lessons learned from the Canadian process and the Internet Society’s involvement in IoT security globally. We were both highly impressed by the participation and engagement of this group, and encouraged by the motivation by all involved to work together to make a secure network of IoT devices a reality in Senegal.

On the first day of the meeting, Dawit Bekele, Regional Bureau Director of the Internet Society’s African Bureau, introduced participants to IoT, its potential positive impacts, and the security risks it poses to both consumers and networks. The group then heard from Hu Xianhong, the UNESCO representative on the Internet Universality Index project in Senegal, and Professor Ahmath Bamba Mbacke, from Cheikh Anta Diop University (ESP), about the state of IoT in Senegal.

Participants were also introduced to the idea of the multistakeholder process, its key characteristics, and some best practices the Canadian multistakeholder group has learned. These included utilizing the members of the multistakeholder group to continuously identify and reach out to new stakeholders, maintaining momentum through continuous engagement between full-group meetings, and ensuring that meetings are facilitated by an invested moderator – preferably someone who is both a subject-matter expert and familiar with the multistakeholder process.

The Senegalese participants were also interested to hear about the work that the Canadian multistakeholder group has already accomplished through its working groups on consumer education, labeling, and network resiliency. They plan to utilize the groups’ outputs, and the experts involved in their creation, as they move forward in this process.

On the second day of meetings, Andrew Sullivan; M. Abdoulaye Blade, Ministre de la Communication et de l’Économie Numérique; Ndeye Maimouna Diop, Chair of the Senegal Chapter; Alpha Abdoulaye Thiam, Director of Information Systems at ARTP (Regulator); and Souleymane Diallo, Chief of Staff of the Minister of ICTs (MCTPEN), kicked off the sessions with a conversation on the risks and opportunities IoT poses. The participants then split themselves into three groups for further discussion regarding what they consider to be the most important factors impacting the following in Senegal:

  • Security impacts on critical infrastructure
  • Security by design
  • Consumer protection

Each of the self-selected groups reported their priorities for these issue areas back to the full group, which will use the conversations as the foundation for future workshops.

Importantly, throughout the second day participants reiterated many times the importance of collaboration – both on a national and global scale – to improve IoT security, prevent consumer harm, and encourage technological innovation. This is a theme that we have consistently heard during the Canadian IoT security meetings, showing that the multistakeholder model is an important and valued approach to solving complex Internet issues around the world.

We hope that these meetings will lead to future, fruitful discussion between Canadian, Senegalese, and other global states dedicated to securing the Internet of Things.

For more information and to watch a livestream of the event, please visit our website.

Read Why the Multistakeholder Approach Works and demand that your voice is counted for a secure IoT!