IGF 2022 Day 0 Event #16 Internet of Things security: achieving greater trust through the deployment of security by design principles

Monday, 28th November, 2022 (06:30 UTC) - Monday, 28th November, 2022 (08:30 UTC)

Wout de Natris, IS3C, private sector, Western Europe Mark Carvell, IS3C, private sector, Western Europe Nicolas Fiumarelli, LACNIC, Technical community, Latin America Janice Richardson, Insight S.A., Education, Oceania Mallory Knodel, Center for Democracy and Technology, U.S.A. Awao Aidam Amenyah, civil society, Africa


Wout de Natris, coordinator IS3C, The Netherlands

Nicolas Fiumarelli, WG 1 chair, Uruguay

All participants

Onsite Moderator

Wout de Natris

Online Moderator

Mark Carvell


João Moreno Falcão / Savyo Vinicius de Moraies


9. Industry, Innovation and Infrastructure

Targets: 9. Industry, innovation and infrastructure A more secure IoT environment equals a more secure internet infrastructure. As such the infrastructure protects privacy, entrepreneurship and innovation, which will lead to a higher level of development everywhere.


The workshop comprises two parts. The first half hour will be a presentation by the lead researcher. The second part will be for interaction and receiving feedback of the experts and users present. The detailed format of the presentations cannot be decided until after the research has been concluded in late September. The results will determine how mature the recommendations and potential toolkits are and the level of information which the WG needs from stakeholders. The most likely format will be break-out groups which will each consider a cluster of possible recommendations. Another option may be to ask a representative of a stakeholder group (e.g. business users) to respond to individual recommendations. This will be decided in October at the latest.


The IGF’s dynamic coalition on Internet Standards, Security and Safety (IS3C) has one overarching goal: to make the Internet more secure and safer by achieving more widespread and rapid deployment of existing internet standards and related ICT best practices.

This workshop focuses on the outcomes and recommendations of IS3C’s Working Group 1 on Security by Design – Internet of Things’ research project in 2022 which aims to reinforce and promote the adoption of security by design principles in the development of IoT networks and connected devices. The research compared legal documents from 22 countries/supra national organisations and IoT certification documents. The report provides recommendations to policy makers and decision takers in industry about IoT security best practices. The research will also contribute to promoting greater awareness of IoT security requirements amongst IoT developers and manufacturers by drawing up a single authoritative resource that compiles examples of current best practices drawn from national and regional policies worldwide with a listing of related IoT security standards.

The draft report is currently up for public consultation, of which this workshop is a part. All participants are invited to comment on the outcomes and provide feedback. This is your opportunity to respond in order to reach a rough consensus on the draft report’s findings and recommendations. Your comments, online and on site will be worked into the report that is slated for publication in January 2023.

This workshop is hybrid and interactive. The onsite and online moderators will ensure that all participants are able to engage and interact with speakers and presenters on an equal basis.

Key Takeaways (* deadline 2 hours after session)

Securing the Internet of Things by design, is a topic of utmost importance. The deployment of existing related Internet standards and ICT best practices is a must. This was widely recognised as a way to achieve this level of security. The world as a whole needs to join in the effort to achieve this goal in order to become more secure and safer. IS3C's draft report was recognised as timely and adds positively to previous work within the IGF.

Call to Action (* deadline 2 hours after session)

1. Public consultation starting in December. 2. The report is released in 02-23. 3.The theory of IoT security by design must become practice. 4. How do IS3C's recommendations coincide with current work within the European Commission. 5. Multistakeholder teams need to define the recommendations leading to deployment. 6. The recommendations need to become part of capacity building programmes around the globe.