Internet Governance Forum 2013

Workshop # 175 Report

Internet Security Through Multi-stakeholder Cooperation

Organizer Name

Buckridge Chris

Organizer Entity

RIPE NCC

Workshop Theme

Principles of Multi-stakeholder Cooperation

Consise description

A secure, functioning Internet is in the interest of all stakeholders and users of the Internet. The objective of the workshop is to clarify and map the security work carried out in the Internet ecosystem and the ways in which multi-stakeholder cooperation is central to achieving the shared goals of security, openness, and resilience. The workshop will look at the the key organisations and forums in the technical community and elsewhere that are key to these security efforts, and how they interface with other actors, particularly those in government, law enforcement. How successful is this interface and what parties, if any, are missing in this process?

The workshop will look at the security work in the standardisation process at the IETF, the coordination work by the CERTs (Computer Emergency Response Teams) and other security-related organisations, and the capacity building activities that have developed across stakeholder lines through the cooperative efforts of the technical community and law enforcement agencies. Participants will be encouraged to identify best practices, as well as areas where further development is needed to realise the potential of a multi-stakeholder security model.

Agenda

1. Opening remarks, setting the scene 2. Goals and concerns of different stakeholder groups 3. Case studies, examples of cooperative initiatives

Moderator

Nurani Nimpuno and Marco Hogewoning

Remote Moderator

Chris Buckridge

Have you organized workshops at previous IGFs?

Yes

Workshop format

Roundtable

Workshop Transcript

Transcript

Brief substantive summary of the workshop and presentation of the main issues that were raised during the discussions

The Internet ecosystem is evolving, and has in the past proven itself suited to evolve in response to new challenges. But with new challenges on the horizon, how do we ensure that the system keeps will continue to address the needs of all Internet stakeholders?

 

The panel discussed the challenges posed by Internet security, starting with the basic definition of "security" itself. Different stakeholders have differing interpretations and these change over time, but there was a general agreement that security is about managing risk, that it is impossible to remove all risk, and that to try to remove all risk would mean unacceptable trade-offs for users. Security comes from a combination of technical solutions, user education, and regulation; a multi-stakeholder approach is therefore vital.

 

Panelists highlighted the need to foster a coherent dialogue between all stakeholder groups, including governments. This multi-stakeholder approach is not a solution, but a necessary process in reaching solutions in such a diverse ecosystem, especially when different stakeholders have such different areas of expertise. Panelists acknowledged the challenges of this approach, noting the need for mutual understanding and a step-by-step approach. But it was stressed that the alternative, a pure regulatory approach without the support of the technical community and others, would not be workable. The legitimate state interest in national security was acknowledged, but the associated lack of collaboration and transparency in developing regulation reduces trust in the regulatory mechanisms. The multi-stakeholder processes can offer a self-correcting means of self-correcting better understanding such risks and identifying the best solution.

 

Emphasis was also placed on the importance of basing security-related decisions on research and concrete data.

 

There was discussion of the role of criminal law in improving security between panellists and participants in the audience. IT was agreed that while criminal law can only be one part of the solution, there is a strong need for clear frameworks to prevent abuse or over-reach. The potential for governments to use security as a pretext for imposing specific agendas was noted, as was the need for vigilance through multi-stakeholder cooperation.

 

Panelists and participants stressed the need for security solutions to balance the rights we want to protect and the freedoms that such solutions may impinge, and agreed on the need to identify the specific objectives of security solutions. Finally, there was a discussion of who takes responsibility for security, with broad agreement on the shared responsibility on the part of all stakeholders, including users and consumers. In that context the role of broader education was again highlighted.

Conclusions drawn from the workshop and further comments

The panel considered some specific points in improving security of the Internet:

-        Hardware and service vendors taking responsibility for their role in security and adopting more thorough error and bug checking on their products.

-        A greater focus on the threats themselves, and less on who the enemy is – security is a tool, and it needs to be adapt as the threats adapt.

-        Ongoing efforts to build multi-stakeholder processes, forums and discussions in the security area, with a focus on education across stakeholder divisions.

 

Reported by

Chris Buckridge

Estimate the overall number of women participants present at the session

About half of the participants were women

To what extent did the session discuss gender equality and/or women's empowerment?


It was not seen as related to the session theme and was not raised

Discussion affecting gender equality and women's empowerment


Workshops Staticals
Number of FEMALE participants Number of MALE participants Number of Young participants Number of Developing Countries Participants Number of Developed Countries Participants Number of LDCs participants Number of TOTAL Participants
0 0 0 0 0 0 0