IGF 2018 WS #203 IoT4Dev: Digital Transformation vs Cyber (in)Security

Format: 

Round Table - 90 Min

Organizer 1: Hartmut Glaser, Brazilian Internet Steering Committee (CGI.br)
Organizer 2: Cristine Hoepers, CERT.br
Organizer 3: Klaus Steding Jessen, CERT.br / NIC.br

Speaker 1: Miriam Wimmer, Government, Latin American and Caribbean Group (GRULAC)
Speaker 2: Maarten van Horenbeeck, Technical Community, Western European and Others Group (WEOG)
Speaker 3: Lucimara Desidera, Technical Community, Latin American and Caribbean Group (GRULAC)
Speaker 4: Veridiana Alimonti, Civil Society, Latin American and Caribbean Group (GRULAC)
Speaker 5: Vidushi Marda, Civil Society, Asia-Pacific Group

Relevance: 

The issues pertaining to digital transformation and Internet of Things play a central role to modern societies. In this context, all sorts of the so-called emerging technologies bring a series of public policy implications, as they strike stakeholders differently, sometimes referring to power and economic concentration, sometimes relating to consumer protection, among other aspects that must be carefully examined by policy makers. A common feature of all of those aspects is a concern for cyber insecurity.

Cybersecurity concerns strike society in multiples ways, ranging from specific and technical measures to protect the Global Domain Name System to broader practices and processes aimed at providing public and national security. Recently, some of the largest DDoS attacks were delivered by botnets of hijacked IoT devices, some of them surpassing 660 Gbps of traffic. Those cases reinforce the centrality of cybersecurity for the stability not only of any ICT system but for societies as a whole. Drawing upon the Sustainable Development Goals - SDGs discussion, it's worth noting that the proposed session dialogue with the SDGs as the global overarching goals, which demand a series of efforts from society to achieve them. At the same time, it is still necessary to reflect upon the dilemmas and trade-offs between, on the one hand, technological innovation and interoperability, and, on the other hand, their cybersecurity implications.

The policy questions which will guide the activity are: (a) what sort of opportunities do IoT create for modern societies and how to extract the best from them?; and (b) what are the main cybersecurity concerns that must be addressed by all stakeholders and how to deal with them in sustainable ways? An open dialogue with the audience will follow the panel.

Session Content: 

The development of modern societies, especially from the technology and ICTs point of view, has been triggering a series of new scenarios and a broader transformation of urban and rural landscapes. IoT has been identified as a lynchpin for such digital transformation, as it has been connecting different sectors of industry and different types of knowledges to provide society with (a) new modes of communicating and integrating all types of devices and machines, as well as (b) the capacity to control ICT systems and all sorts of objects remotely. The subject is directly connected to UN efforts of debating sustainable development for the world, taking into account that those processes are part of the broader pursuit of the sustainable Development Goals - SDGs achievement, such as the goals 9 and 11, respectively "industry, innovation and infrastructure" and "sustainable cities and communities". In spite of putting many benefits on the table, IoT and digital transformation also bring together a lot of concerns, such as challenges to digital inclusion and accessibility, inequalities mitigation, the combat of monopolies, among others.

Cybersecurity flaws and vulnerabilities inherent to IoT developments have been identified as potentially harmful to organizations, governments and users in general, for they are behind large-scale botnets and DDoS attacks (most prominently as in the case of Mirai and some of its variants that target surveillance cameras, ISPs CPEs, etc.), as well as cases of ransomware (such as in some developments of the WannaCry case, in which critical devices that relied upon IoT were compromised, mainly in the field of healthcare). Those flaws and vulnerabilities stem from the fact that companies investing in the development of IoT devices tend are not necessarily native to the ICT world and operate in disregard of the notion of security-by-design. Additionally, there has been a lack of standardization processes and the dissemination and consolidation of best practices for developing and operating such systems. Moreover, the deployment of IoT technologies is not necessarily followed by appropriate levels of maintenance and update routines (as in the case of CPEs installed by ISPs in households of their respective clients).

On the one hand, digital transformation is entirely dependent on IoT. On the other, the risks and vulnerabilities inherent to the pace of IoT development today poses significant challenges not only to digital transformation, but also to the achievement of the SDGs as a whole. To frame this problem accordingly, we propose a multistakeholder round-table session to approach that, with presentations from invited specialists and use cases presented by stakeholders, followed by a general discussion with the audience. The policy questions which will guide the activity are: (a) what sort of opportunities do IoT create for modern societies and how to extract the best from them?; and (b) what are the main cybersecurity concerns that must be addressed by all stakeholders and how to deal with them in sustainable ways? An open dialogue with the audience will follow the panel.

Interventions: 

The session is structured around three 30-minute segments. The first will count on a 5 minutes general introduction about the topic under discussion by one of the moderators. He/she will summarize his briefing by posing a policy question to the participants: what sort of opportunities do IoT create for modern societies and how to extract the best from them? A 25-minute segment will follow in which participants in the round-table will be able to make 2-minute interventions at a time. In the second 30-minute segment, the other moderator will present for 5 minutes and propose the following question for discussion: what are the main cybersecurity concerns that must be addressed by all stakeholders and how to deal with them in sustainable ways? Another 25-minute segment will follow in which participants in the round-table will be able to make 2-minute interventions at a time. The last part of the session will comprise a 30-minute open mic session for participants in the audience and remote participants indistinctly to comment on the previous discussion and dialogue with the panelists. The remaining minutes will be used by the moderators to summarize discussions.

List of speakers:
Mrs Miriam Wimmer (Government, Brazil) [Confirmed]
Mrs Nina Leemhuis Janssen (Government, Netherlands) [TBC]
Mr Maarten Van Horenbeeck (Technical Community, Canada) [Confirmed]
Mrs Lucimara Desiderá (Technical Community, Brazil) [Confirmed]
Mrs Audrey L. Plonk (Private sector, US) [TBC]
Representative from Huawei China (Private Sector, China) [TBC]
Mrs Veridiana Alimonti (Civil Society, Brazil) [Confirmed]
Mrs Vidushi Marda (Civil Society, India) [Confirmed]

Moderators:
Mrs Cristine Hoepers (Technical Community, Brazil) [Confirmed]
Mr José Luiz Ribeiro (Technical Community, Brazil) [Confirmed]

Diversity: 

The list of confirmed and prospective speakers comprises people from all stakeholder groups and individuals who have convergent and divergent economic, political and social perspectives on the policy question proposed. It also follows a roughly 50/50 gender balance at the time of this submission. Moderators, debaters and speakers come from six different countries and part of them come from the developing world, some of them being newcomers to the IGF space.

Online Participation: 

Online participation and interaction will rely on the WebEx platform. Those joining the session using WebEx (either invited members of the round-table or the general audience) will be granted the floor in the Q&A segment of the workshop. People in charge of the moderation will strive to entertain onsite and remote participation indiscriminately. Social media (twitter and facebook) will also be employed by the online moderator who will be in charge of browsing social media using some hashtags (to be defined).

Discussion Facilitation: 

The discussion will be facilitated by the onsite moderators who will guide the debate in each of the proposed “rounds” for the workshop as well as during the Q&A and comments session. The online moderator will make sure the remote participants are represented in the debate.

Onsite Moderator: 

Cristine Hoepers, Technical Community, Brazil; José Luiz Ribeiro, Technical Community, Brazil

Online Moderator: 

Vinicius W. O. Santos, NIC.br, Technical Community, Brazil

Rapporteur: 

Diego Canabarro, NIC.br; Nathalia Sautchuk Patrício, NIC.br

Contact Information

United Nations
Secretariat of the Internet Governance Forum (IGF)

Villa Le Bocage
Palais des Nations,
CH-1211 Geneva 10
Switzerland

igf [at] un [dot] org
+41 (0) 229 173 678