IGF 2020 WS #234 Security of digital products: Industry and enhancing trust

    Time
    Wednesday, 11th November, 2020 (11:20 UTC) - Wednesday, 11th November, 2020 (12:20 UTC)
    Room
    Room 3
    About this Session
    Building on the Geneva Dialogue on Responsible Behavior in Cyberspace - a project implemented by the FDFA of Switzerland and DiploFoundation – this interactive session will discuss best practices for creating resilient and ethical digital products. It will bring together perspectives of the businesses, public authorities, tech community, and civil society, from around world. The discussion will build upon the draft output document, and the discussion at SICW2020 (see: https://genevadialogue.ch/)
    Subtheme

    Organizer 1: Jonas Grätz-Hoffmann, FDFA Switzerland
    Organizer 2: Anastasiya Kazakova, Kaspersky
    Organizer 3: Vladimir Radunovic, DiploFoundation
    Organizer 4: Marilia Maciel, DiploFoundation
    Organizer 5: Virginia (Ginger) Paque, DiploFoundation

    Speaker 1: Jon Albert Fanzun, Government, Western European and Others Group (WEOG)
    Speaker 2: Barrack Otieno, Technical Community, African Group
    Speaker 3: Anastasiya Kazakova, Private Sector, Eastern European Group
    Speaker 4: Sebastian Stranieri, Private Sector, Latin American and Caribbean Group (GRULAC)
    Speaker 5: David Koh, Government, Asia Pacific Group

    Moderator

    Vladimir Radunovic, Civil Society, Eastern European Group

    Online Moderator

    Marilia Maciel, Civil Society, Latin American and Caribbean Group (GRULAC)

    Rapporteur

    Andrijana Gavrilovic, Civil Society, Eastern European Group

    Format

    Round Table - Circle - 90 Min

    Online duration reset to 60 minutes.
    Policy Question(s)

    Why is the topic of secure digital products getting higher on the policy (and political) agenda? How is trust in cyberspace influenced by the security of digital products?

    What are the guiding principles for resilience and security of products? How to connect international debates with corporate best practices – and allowing one to feed to another?

    Why are the national foreign policies on cyber issues relevant for reducing vulnerabilities in cyberspace? How can governments work with industry on implementing security-by-design?

    What are the key corporate practices with regards to security-by-design? What are the technological, economic, and political challenges that the industry faces, particularly in developing countries and among start-ups and SMEs?

    What are the expectations of other stakeholders towards the industry with regard to enhanced product security? What particular roles and responsibilities is the industry willing to take at a global level?

    How should the security baseline requirements be designed, having in mind existing global debate, national regulations, standards, and corporate practices?

    What are the main guiding principles for ensuring security of digital products and services? What is industry doing about it - what are good (and bad) practices around the world, from various industries? How do users, civil society look at insecure products, and what is needed to drive the demand for more secure products? What are the policy challenges in enhancing security of products, and what can public authorities and regulators do to help the industry? How to bring emerging businesses on board to implement high security in the product inception phase already?

    SDGs

    GOAL 8: Decent Work and Economic Growth
    GOAL 9: Industry, Innovation and Infrastructure
    GOAL 10: Reduced Inequalities
    GOAL 11: Sustainable Cities and Communities
    GOAL 16: Peace, Justice and Strong Institutions
    GOAL 17: Partnerships for the Goals

    Description:

    Malicious actors increasingly exploit vulnerabilities in digital product security for various purposes.  From nations developing military cyber arsenals for defensive and offensive use, to organised crime operating transnationally, or terrorists and political groups honing their skills to conduct digital attacks: the consequences of cyber-attacks are often global, and increasingly destructive. This puts the stability of the digitalised world at risk, eroding user and investor trust in digital services, while undermining global online business models.

    To reduce these risks, businesses must increase the resilience of their digital products and services. Enhanced security practices not only protect individual businesses, but also act as a general deterrent by raising the cost and complexity of executing cyber-attacks, thereby increasing consumer trust and strengthening supply chains. However, securing the digital space is a collective effort. Among other things, it requires the global business community to work together – in cooperation with authorities and civil society–  - to bolster the security of their digital products, and in doing so,  to lead by example and drive up consumer demand for more secure products.

    Building on the Geneva Dialogue on Responsible Behavior in Cyberspace (https://genevadialogue.ch/) - a project implemented by the Federal Department of Foreign Affairs of Switzerland and DiploFoundation -  this workshop will discuss best practices and examples for creating global, resilient, and ethical digital products. The interactive workshop will bring together perspectives of the private sector, public authorities, technical community, and civil society, from all parts of the world. The discussion will build upon the draft output document for comments (here), as well as the initial discussion led at the Singapore International Cyber Week 2020 (the recording is available here).

    Expected Outcomes

    The discussion will feed into the output documents of the Geneva Dialogue, in particular on principles and good practices for securing digital products and services. Also, government stakeholders will highlight specific outcomes of the discussions in UN fora such as the UN Group of Governmental Experts (UN GGE) on advancing responsible state behaviour in cyberspace in the context of international security.

    Interactive discussion, in round table format. Moderator will invite audience to reflect on policy questions, and then turn to discussants to contribute with own positions. Particular voice will be given to youth participants in the audience, who drive the demand for new solutions. High interaction with the online participants will be stimulated; including through the introduction of online polls, and audio/video interventions from remote hubs. Workshop will include additional interactive and multimedia elements. Before the session begins, best practices and possible roles of the industry for more secure digital products and services, taken from the ongoing Geneva Dialogue on Responsible Behaviour in Cyberspace (https://genevadialogue.ch/) will be provided as direct input into discussions.

    Relevance to Internet Governance: Trust and security in digital technologies are central for the further evolution of the Internet. Governments, the private sector, and civil society have already shaped initial sets of norms for responsible behaviour in cyberspace, in particular in relation to trust and security. The most important international multilateral instruments are the two reports of the UN GGE – namely the reports from 2013 and 2015 – both subsequently adopted by the General Assembly. An important initiative, shaped jointly by governments and the private sector, is the Paris Call for Trust and Security in Cyberspace. Several principles of responsible behaviour of the business sector have been developed by the industry itself – in particular the Charter of Trust for a Secure Digital World, and the Cybersecurity Tech Accord. Not the least, the Geneva Dialogue on Responsible Behaviour in Cyberspace has in its first phase; outlined key roles and responsibilities of governments, the industry, civil society, and communities with regards to Internet use and international security. The workshop, which directly contributes to the second phase of the Geneva Dialogue, will discuss particular roles of the industry in relation to securing digital products and services; and raise good practices related to shaping and implementing joint principles, contributing to trust and security on the Internet.

    Relevance to Theme: Trust in the digital environment heavily depends on the possibility of misuse and exploitation of digital products and services. In order to increase users’ trust and strengthen the supply chain, global businesses must increase the resilience of their digital products and services. A collective effort of the broad community of businesses worldwide is required. This effort includes close co-operation with authorities and civil society communities; to enhance trust and security of the digital environment. The session will bring together various stakeholders from around the globe, to discuss how (in)security of digital products can impact trust, and look for principles and particular roles of the industry to reduce risks and enhance trust.

    Online Participation

    Mr. Arvin Kamberi will support technical organisation of the session.

    Usage of IGF Official Tool. Additional Tools proposed: Mentimeter (online engagement tool), possibly slides/multimedia (not presentations, however) for visual reflections

     

    Agenda

    INTRODUCTION

    Welcome and introduction

     

    PART I: Impact of vulnerable products on international security

    Setting the stage: Policy and regulatory approaches to increase security of digital products

    • Mr David Koh, Commissioner of Cybersecurity and Chief Executive, Cyber Security Agency (CSA) of Singapore
    • Dr Jon Albert Fanzun, Special Envoy for Cyber Foreign and Security Policy, Federal Department of Foreign Affairs FDFA

    Open Discussion

     

    PART II: Good corporate practices

    Geneva Dialogue findings: good practices on security-by-design, and main challenges

    • Ms Anastasiya Kazakova, Public Affairs Manager, Kaspersky
    • Mr Barrack Otieno, Trustee, Kenya ICT Action Network
    • Mr Sebastian Stranieri, CEO and founder, VU

    Open discussion

     

    CLOSING

    Next steps: towards the common baseline requirements

    Open discussion

    Messages/take-aways