COLLABORATIVE SECURITY An approach to tackling Internet

Slides:



Advertisements
Similar presentations
A strategy for a Secure Information Society –
Advertisements

Socioeconomics knowledge cafe Wrap-up. Agreed the list of socioeconomic themes/issues that have dependencies with RWI research priorities Standardization.
Supporting New Business Imperatives Creating a Framework for Interoperable Media Services (FIMS)
OpenStand and IEEE 802 Konstantinos Karachalios Managing Director, IEEE-SA 17 November 2012.
The Future Internet: A clean-slate design? Nicholas Erho.
OpenStand and Collaborative Communities For innovation, solutions and market growth Kantara Initiative 3 June 2014 Summit Karen McCabe Senior Director,
Improving Cybersecurity Through Research & Innovation Dr. Steve Purser Head of Technical Competence Department European Network and Information Security.
Challenges to freedom of expression The right to freedom of expression is a “foundation right” in society. It protects the right to: -Express ourselves.
Horizon 2020 Secure Societies Security Research and Industry DG Enterprise and Industry 2013.
DIVISION Landstingsdirektörens stab Coral Interreg Europe proposal Project proposal addresses objective 1.2 of the Interreg Europe Programme: Improve the.
OpenStand Principles for the modern paradigm for standards development.
Social and Professional Issues in IT Roshan Chitrakar.
20th November 2009 National Policy Dialogue 1 Role of State in a Developing Market Economy S.B. Likwelile.
Updated September 30, 2010 Open Health Tools (OHT) Strategic Plan.
Community-Driven Development: An Overview of Practice Community Development Strategies – how to prioritize, sequence and implement programs CommDev Workshop.
DOCUMENT #:GSC15-PLEN-62 FOR:Presentation SOURCE:ISACC AGENDA ITEM:Opening Plenary (6.14) CONTACT(S):Jim MacFie Cloud Computing Jim MacFie Chairman, ISACC.
New World, New World Bank Group Presentation to Fiduciary Forum On Post Crisis Direction and Reforms March 01, 2010.
Digital Ecosystems Re-tuning the user requirements after 3 years Digital Ecosystems Re-tuning the user requirements after 3 years Towards Business Cases.
What’s Happening at Internet2 Renee Woodten Frost Associate Director Middleware and Security 8 March 2005.
World summit on the information society 1 WSIS: Building the Information Society: a global challenge in the new Millennium Tim Kelly, Claudia Sarrocco.
©Ofcom EU Communications package : State of Implementation Kip Meek, Senior Partner, Content & Competition Brussels, 30 May 2005.
Internet Society © 1992–2016 Internet-related government policy, corporate decisions, and technical-development choices influence the extent to which the.
Channeling Change: Making Collective Impact Work
Integration of sustainable development approach
COMPLIMENTARY TEACHING MATERIALS
A policy framework for an open and trusted Internet
Challenges and opportunities for the CFO
Update from the Faster Payments Task Force
Combating Botnets Botnets are a complex and continuously evolving challenge to user confidence and security on the Internet. Introduction Botnets are.
5 OCTOBER 2015 MANILA, PHILIPPINES
Building the foundations for innovation
Dr. Konstantinos Komaitis
CCNET Managed Services
The Value of Twisting the Lion’s Tail: How the Design of Policy Experiments Impact Learning Outcomes for Adaptation Governance. Belinda McFadgen, PhD researcher,
HOSTED BY IN PARTNERSHIP WITH SUPPORTED BY Barcelona iCapital 2015.
Internet Exchange Points (IXPs)
Standards for success in city IT and construction projects
The Challenge of Spam Spam is a harmful, costly, and evolving threat to Internet users. A collaborative approach is needed to provide the best spam-mitigation.
Asset Governance – Integrated Strategic Asset Management
Software Product Testing
The Vision for Sport in Wales
Commissioning principles
Why the Multistakeholder Approach Works
Internet Interconnection
Digital Transformation Asia 2018 – CALL FOR SPEAKERS
The SWA Collaborative Behaviors
COLLABORATIVE SECURITY
Global Strategy: Course Outline
Advanced Management Control and Sustainable Development
Societal resilience analysis
Supply Chain Process ISCOM/ 374.
SOUTH AFRICAN INSURANCE ASSOCIATION
Refreshing New Zealand’s Cyber Security Strategy 2018
SuperBIO: Evaluation Els Van de Velde
The Impact of Digitization on Global Alignment of Product Safety Regulations ICPHSO International Symposium November 12, 2018.
Enterprise Architecture at Penn State
“The Anatomy of Grass root Capacity Building for Sustainable Management of Natural capital in the Nile Basin” -A Political Economy Approach Donald Kasongi.
Open Internet Standards
STRENGTHENING/IMPROVING THE CAPACITY OF
MAZARS’ CONSULTING PRACTICE Helping your Business Venture Further
Helsinki – Accelerating Open Innovation
The Internet of Things (IoT)
Adoption of IPv6 Implementing the IPv6 protocol standard is essential for the Internet’s long-term growth. Introduction: The Internet operates by moving.
Unit 14 Emergency Planning IS 235
New Approaches to Governance
Energy Systems Catapult
I4.0 in Action The importance of people and culture in the Industry 4.0 transformation journey Industry 4.0 Industry 3.0 Industry 2.0 Industry 1.0 Cyber.
Project leader: Richard Morton Lead Editor: Jalal Benhayoun
Community Mobilization: Garnering public support for your housing plan
Towards a frictionless social security
Presentation transcript:

COLLABORATIVE SECURITY An approach to tackling Internet security issues Introduction Internet security depends not only on how well you manage your own security risks, but also how you manage security risks that you may pose to others. If you act independently and solely in your own self-interest, the security of the Internet be impacted, and the overall pool of social and economic potential that the Internet offers the global community could be diminished. “Collaborative Security” is thus an approach to tackling Internet security issues that involves voluntary, multistakeholder cross- border cooperation and collaboration. It is premised on an understanding of the fundamental properties of the Internet as well as an appreciation of the complexity of the cybersecurity landscape. The Internet is a network of networks without centralized control. As such, the security of the Internet cannot be maintained by one entity. All stakeholders must thus collaborate and share the responsibility for addressing Internet security issues. The challenge is in how to achieve cybersecurity strategies while respecting fundamental human rights, properties, and values (i.e. privacy). The Internet is for everyone and we must work together to realize it’s full potential.

Elements of the Collaborative Security Approach Fostering confidence and protecting opportunities Collective responsibility Fundamental properties and values Evolution and consensus Think globally, act locally Elements of the Collaborative Security Approach 1 2 3 4 Elements of a “Collaborative Security” framework: The Internet enables opportunities for economic and social prosperity globally. The starting point for Internet security should be what solutions are need to preserve those opportunities and foster confidence in the Internet. The security of the Internet is a shared responsibility. We will all be secure only when we are protecting ourselves – and our neighbors. Security solutions must preserve the fundamental, open nature of the Internet as well as fundamental human rights, values, and expectations (such as privacy and freedom of expression). Achieving security objectives, while preserving these fundamental properties, rights and values is the real challenge. We must find solutions that build on lessons learned, which are developed by consensus, and which will evolve to meet whatever new threats emerge. Commercial competition, politics and personal motivation play a role in how well collaboration happens. But differences can be overcome to cooperate against a threat. Solutions should be implemented by people at the closest point where they can have the most impact. This is called the subsidiarity principle. Think globally, but act locally. 5

1 2 An Internet security paradigm should: Foster confidence globally, Protect social and economic opportunities, and Advance objectives in design and in practice. 2 Internet participants have: A common interest in the management of the Internet to ensure its sustainability, and A collective responsibility to care for the Internet for the benefit of everyone. Fostering confidence and protecting opportunities: The Internet enables opportunities for human, social and economic development on a global scale. These opportunities will only be realized if Internet participants have confidence that they can use the Internet securely, reliably, and privately. Security solutions must, in design and in practice, foster confidence in the Internet and protect opportunities for economic and social prosperity. Otherwise, security solutions may go too far, thereby jeopardizing the very infrastructure that ties together the global economy and provides the engine for its growth. EXAMPLE: An ISP locking down a firewall may provide better security but would stifle innovation, because some applications won't be accessible without prior configuration. Collective responsibility: The Internet is a global interconnected network of networks. Participation on the Internet means global interdependency. In an interconnected interdependent system, no one participant can achieve absolute security. No security solutions exist in isolation. Internet security depends on how well participants manage both their own security risks and the outward security risks that they may pose to others (whether through their action or inaction). These factors mean that Internet participants have: a common interest in the management of the Internet to ensure its sustainability; and a collective responsibility to care for the Internet for the benefit of everyone. If Internet participants act independently and only in their own self-interest, the security of the Internet will be impacted. In addition, the overall pool of social and economic potential that the Internet offers the global community will be diminished. As such, Internet participants must see cybersecurity as a long-term investment for the benefit of everyone. It is not enough to ask that participants take responsibility just for their part of the Internet ecosystem. Collective responsibility extends to the system as a whole, and requires a common understanding of the problem, shared solutions, common benefits, and open communication channels. Multistakeholder cross-border collaboration is an important component of collective responsibility. Its success depends on trustful relationships – between nations, between citizens and their government, between operators, service providers, and across all stakeholder groups. EXAMPLE: Mutually Agreed Norms for Routing Security (MANRS) demonstrates how industry players have been able to turn to the principles of collective responsibility to voluntarily address issues of resilience and security in the Internet’s global routing system. Traditional, government-led regulatory approaches are not effective and agile enough for the global Internet.

3 4 Security solutions should be integrated to preserve the: Internet Invariants, and Fundamental human rights, values, and expectations. 4 Agree on the problem and then find the solution. Security solutions need to be: Flexible enough to evolve over time, Responsive to new challenges, Resilient against change and threats, and Take an open, consensus-based participatory approach. Fundamental properties and values: The Internet Invariants are the fundamental properties of the Internet. They include: open standards, voluntary collaboration, reusable building blocks, integrity, permission-free innovation, and global reach. Security solutions must preserve these fundamental properties of the Internet and fundamental human rights, values and expectations. All security solutions are likely to have an effect on the Internet’s operation and development, as well as on the rights and expectations of Internet end-users. Such effects may be positive or negative. EXAMPLE: If we weaken cryptography, we hurt only the well-meaning and law-abiding citizens who rely on companies to protect their data. Criminals and bad actors will still encrypt their data, using the tools that are readily available to them, but consumers might loose trust in the technology. Removing bad parts can also kill good parts. Evolution and consensus: Technology is going to change. Security threats will adapt to take advantage of new platforms and protocols. Therefore, security solutions need to be responsive to new challenges. Solutions that build on “lessons learned” make the Internet more resilient to threats. Solutions can be incremental. Even if a problem can not be solved completely, you might be able to make the vulnerability less attractive to malicious actors. Be open to testing disruptive or non-traditional ideas. Experience suggests that an open, consensus-based participatory approach is the most robust, flexible and agile. Processes which draw upon the interests and expertise of a broad set of stakeholders are more likely to lead to success. EXAMPLE: Encryption keys that are strong enough today will not be strong enough in the future. Technology and practices should be flexible and evolve over time to maintain the security and stability of the global Internet.

5 Security solutions should involve communities: Of different players taking action closest to where issues occur, That are the smallest, lowest, or least centralized link in the chain, Formed in a bottom-up, self-organizing fashion, and That effectively and efficiently define and implement solutions based on interoperable building blocks. Think globally, act locally: The security of the Internet cannot be maintained by any one entity or organization. Creating security and trust in the Internet requires different players (with different roles and responsibilities) to take action. Solutions should be implemented by the smallest, lowest or least centralized competent community at the point in the system where they can have the most impact. Communities often form spontaneously in a bottom-up, self-organizing fashion around specific issues (i.e. spam, or routing security) or a locality (i.e. protection of critical national infrastructure or security of an Internet exchange). Solutions should be based on interoperable building blocks – i.e. industry-accepted standards, best practices and approaches. Solutions must not undermine the global architecture of the Internet or curtail human rights, because the Internet is for everyone. EXAMPLE: RIPE works with diverse technical actors, in an output-orientated multistakeholder approach, to make fast policy decisions. The smooth running of the Internet depends on the involvement of those who give their input where they can help and implement changes on a voluntary basis.

Download the Briefing Paper Questions? Conclusion: People are what ultimately hold the Internet together, so we have to work together in order for the Internet to realize its full potential. We must have an Internet that is both secure and open, and where participants trust it is a tool for empowerment and prosperity. We need greater collaboration on security issues, and to work faster at getting things right, so that the Internet can grow and flourish. Download the Briefing Paper