Dynamic Coalition on Internet Standards, Security and Safety (DC-ISSS)

Introduction

Consistent with strengthening the IGF’s role as a global policy incubator, the Dynamic Coalition on Internet Standards, Security and Safety (DC-ISSS) will bring together key stakeholders from the technical community, civil society, policymakers, regulators, corporate and individual adopters, with the shared goal of making online activity and interaction more secure and safer. The DC-ISSS will hold its first stakeholder consultation event during IGF2020.

Internet and ICT security is an issue that is high on the agenda of governments, industry and individuals alike. The COVID-19 pandemic has brought into sharp focus the rapid increase in society’s dependency on the Internet, communications technologies and networks, interconnectivity of devices, and the vast array of online services, networks and applications that permeate all social and economic sectors, and every aspect of daily life, including our health and financial welfare.

It is also widely recognised that many existing and future Internet-related products and services will be vulnerable to security threats and the spread of online harms and criminal misuse, if relevant standards are not effectively deployed worldwide to reduce and prevent these risks.

Furthermore, the trust of private, corporate and public sector users in the Internet and its related digital technologies and applications will continue to be undermined and eroded with the result that the positive social and economic benefits of these transformative technologies will not be fully realised for all communities worldwide.

This new IGF Dynamic Coalition aims to ensure that standards and best practices play their full role in addressing these challenges through establishing the conditions for their wider, more effective and more rapid adoption by key decision-takers throughout the standards development and implementation chain.

Why is a new initiative relating to the adoption of standards necessary?

One way to make the Internet immediately more secure in a wholly neutral way for all users, organisations and private individuals alike, is more effective and comprehensive deployment of standards and ICT best practices. This can be achieved only if there is a shared commitment by stakeholders worldwide throughout the chain of standards development, dissemination and deployment.  The current level of deployment shows that all initiatives undertaken in the past two decades have not led to widespread deployment. A new comprehensive and strategic approach is called for.

Action Plan

The DC-ISSS will establish a work programme that will i) bring the critical demand and supply factors together; and ii) propose the best options for the deployment of key standards on both sides. These outcomes will be presented as IGF policy recommendations for the relevant leading stakeholders to take forward as their contributing actions in promoting rapid and comprehensive implementation of these standards and best practices in their respective constituencies.

Policy issues for the Dynamic Coalition’s Working Groups

• Ensuring procurement best practice takes into account Internet security and safety requirements, and that this is included in procurement training, in particular in developing countries.
• Assessing the value of involving non-technical stakeholders in standards development and accreditation processes through a) extending invitations to participate; b) establishing a liaison system; and c) providing explanations in non-technical language of why the urgent deployment of finalised and agreed standards is necessary and beneficial.
• Resolving widespread education, and skills gaps through the inclusion of cyber security, Internet standards, ICT best practices and Internet architecture background in relevant teaching, training and induction programmes etc.
• The desirability of an easily accessible inventory of relevant national laws and regulations.
• The importance of consumer protection testing.
• Identification and global dissemination of best practices for wider adoption.
• The need for a fair system of faming, naming and shaming.
• The value of global testing of ICT products and vulnerability reporting modus to ensure their security and safety.
• The Dynamic Coalition on Internet Standards, Security and Safety will establish individual working groups at its first consultation event at the virtual IGF in October/ November 2020 (see below). The members will agree work programmes to examine the above issues during 2020-21 with the aim of submitting their initial findings and draft recommendations for inclusion in a report by the DC-ISSS to be submitted to the IGF in November 2021.

Timeline

• July-September 2020
  Outreach by the DC - ISSS proposers to key stakeholder representing stakeholder constituencies (including technical community, human rights entities, business leaders) to promote awareness of the DC-ISSS opportunity and invitations issued to participate in the Dynamic Coalition.
• October 2020
  
• November 2020
  Launch of the DC-ISSS and its overall work programme at the virtual UN IGF 2020.

Working groups meet to agree their work programmes for 2020-21 for addressing the issues identified by the Pilot Project, under the following proposed general headings (to be confirmed by the members):

1. Standards by design
2. Business case for standards deployment
3. Human rights and consumer protection
4. Skills and education
5. Role of government policymakers and regulators
6. The value of global testing and vulnerability reporting

• January-October 2021
  The DC-ISSS Working groups hold open consultations with stakeholders and prepare draft recommendations covering their specific issues.
  Written progress reports during this period will be provided to national and regional IGFs worldwide, international standards bodies (including the IETF and ENISA), global Internet governance organisations (such as ICANN, the Internet Society and the Global Forum on Cyber Expertise), Inter-governmental and non-governmental organisations with a direct policy interest in security standards and online safety.
• November 2021
  Submission of first main DC-ISSS report to the UN IGF in Katowice with inputs from all Working Groups, includes progress report and draft recommendations.
  Discussion of proposed outcomes at a DC session in UN IGF programme. Conclusions and next steps included in summary of UN IGF outcomes and disseminated to all national and regional IGFs, relevant institutions, IGPs and NGOs. Review of DC’s working group structure in line with final next steps tasks in 2021-22.
• January 2022
  Progress report provided at open consultation meeting of IGF’s Multi-stakeholder Advisory Group.
• February-May 2022
  Finalisation of implementation and deployment strategies in consultation with key stakeholders including government administrations, parliamentarians and private sector decision-takers.
• June 2022
  Progress Report submitted to open consultation meeting of IGF’s Multi-stakeholder Advisory Group.
• September 2022
  DC-ISSS members meet to take decision on whether to undertake a further phase of follow-up work in 2022-23 or to dissolve the coalition after the 2022 IGF.
• November 2022
  DC-ISSS submits its final report to the IGF in Addis Ababa.

For the working group phase in 2020-21, it is expected that an independent overall project chair and secretariat would be appointed following consultations with the confirmed DC Working Group members in November 2020.

Working groups

DC-ISSS has established three working groups for its first two years.

Working Group 1: Security by design

• Sub-group on Internet of Things – Mission Statement | June 2021
  • The document outlines the sub-group's aim of (a) reviewing current security-related IoT initiatives and practices worldwide, and (b) developing a coherent package of global recommendations and guidance for embedding security by design in the development of IoT devices and applications. Also included are the research questions explored by the groups, potential outcomes, and a work plan detailing timelines and milestones. 

Working Group 2: Education and skills

• WG 2 Mission Statement | June 2021
  • The document describes the group's focus on examining how educational curricula at all levels need to adapt to ensure that school and college-leavers are equipped with sufficient knowledge and understanding of how deploying security-related standards helps individuals and businesses be secure and safe in the digital economy. The group intends to develop recommendations and guindance in this regard. The document also provides details on the group's work plan and timeline.

Working Group 3: Procurement and supply chain business management

• WG 3 Mission Statement | June 2021
  • The document outlines the group's goal of developing actionable and practicable policy recommendations and guidance to ensure that public sector procurement and private sector supply chain best practice and related professional training takes into account Internet security and safety requirements. It also provides information on the activities and outcomes envisioned by the group.

Mailing list

To contact the group, please write to: [email protected]

Subscribe to the mailing list via THIS LINK

Stakeholders

TBC

Documents/Reports

• DC-ISSS governance document (April 2021)
• Annual 2020 Report
• The final report of the IGF’s Pilot Project in 2018-19 entitled Setting the standard for a more secure and trustworthy Internet explained the reasons for the slow and limited deployment of these standards, and identified the key decision-takers in society that as points of pressure would be able to accelerate the processes of deployment globally.
  The Report presented a range of recommendations and solutions that on the demand side would ensure that the right decisions are taken within large organisations relating to the deployment of these standards. On the supply side, the Report recommended leaders in the ICT and Internet industry should integrate security-enhancing standards and best practice in their products and services.

Contacts

Wout de Natris
[email protected]

Mark Carvell
[email protected]