Dynamic Coalition on Internet Standards, Security and Safety (DC-ISSS)

Making the Internet more secure and safer

Introduction

The Dynamic Coalition on Internet Standards, Security and Safety (DC-ISSS) brings together key stakeholders from the technical community, civil society, government policymakers, regulators, and corporate and individual adopters, with the shared goal of making online activity and interaction more secure and safer by achieving more widespread and rapid deployment of existing Internet standards and ICT best practices.

Internet and ICT security is an issue that is high on the agenda of governments, industry and individuals alike. The COVID-19 pandemic has brought into sharp focus the rapid increase in society’s dependency on the Internet, communications technologies and networks, the interconnectivity of devices, and the vast array of online services, networks and applications that permeate all social and economic sectors, and on which every aspect of daily life, including our health and financial welfare, increasingly rely.

It is also widely recognised that many Internet-related products and services are increasingly vulnerable to security threats and the spread of online harms and criminal misuse. However, if relevant security-related standards and best practices are more effectively adopted and deployed worldwide, these risk can be reduced significantly. This will foster greater trust in the Internet and its related digital technologies and applications and the positive social and economic benefits of these transformative technologies for sustainable development will be fully realised for communities worldwide.

The DC-ISSS aims to ensure that standards and best practices play their full role in addressing these cybersecurity challenges through establishing the conditions for their wider, more effective and more rapid adoption by key decision-takers throughout the standards implementation chain in both the public and private sectors.

This can be achieved only if there is a shared commitment by stakeholders worldwide in a new comprehensive and strategic approach.

Action Plan

The DC-ISSS has established a work programme that i) brings the critical security supply and demand factors together; and ii) proposes the best options for the deployment of key standards and best practices on both sides, in the form of policy recommendations and practical guidance. These outcomes will be presented as IGF policy recommendations for dissemination to policymakers and decision-takers worldwide.

Establishment of DC-ISSS working groups in the first phase of its workplan.

Following the launch of the Dynamic Coalition on Internet Standards, Security and Safety at the IGF in 2020, three working groups were established.

Working Group 1: Security by design

The DC-ISSS membership agreed that promoting security by design should be a key objective for the coalition and it was decided to focus in the first phase of its work on security by design of the Internet of Things (IoT). Other security by design topics would be selected following the conclusion of the working group’s proposals relating to IoT.

Research has confirmed that there is a large gap between the theory of security and the daily practice of IoT security. The working group is focussed on identifying the solutions needed to close this gap. The first results will be reviewed and published after the 2021 IGF in an open process of consultation with stakeholders worldwide.

Working Group 2: Education and skills

A major factor undermining the development of a common culture of cybersecurity is that students graduating from tertiary ICT-related educational programmes often lack the skills that business and society as a whole need in order to understand the benefits of security-related Internet standards and ICT best practices. In order for ICT security to be better understood, it has to be integrated into tertiary ICT educational curricula, at all levels. This may result in the structural development of ICT(-related) products and services that include cyber security Internet standards and ICT best practices. The coalition’s Working Group 2 has therefore the following goals:

• To detect and resolve cyber security skill gaps in tertiary ICT education curricula;
• To encourage tertiary educational institutions to include in their ICT curricula the essential skills, knowledge and understanding of security- related Internet standards and ICT best practices, building on current best practices, in order to bring tertiary education in line with emerging workforce requirements; 
• To strengthen collaboration between educational decision-takers and policy makers in governments and industry in order to align tertiary ICT curricula with the requirements of our cyber future;
• To ensure effective collaboration between key stakeholders in order to keep tertiary ICT educational materials in step with new technologies and standards and prevent new skills gaps from developing.

Working Group 3: Procurement and supply chain management and the business case

The focus of the third DC-ISSS working group is the opportunity to promote the business case for cybersecurity through the inclusion of security-related technical standards in public sector procurement contracts and in supply chain management practice in the private sector. Research has shown that this would be a major driver for the adoption and implementation of security-related standards. Organisations , governments, industry and business users generally can demand secure by design ICT-related products and services by stipulating requirements in their contracts for specific standards and adherence to current best practices.

The next phase of DC-ISSS in 2022

The three DC-ISSS working groups are currently defining research proposals that will be published on the DC-ISSS website and it is expected that the research programmes will conclude in early 2022.

The timeline for the next phase of the coalition’s work is as follows:

November 2021

• Submission of DC-ISSS report to the UN IGF in Katowice with inputs from the three Working Groups, including progress report and initial draft recommendations for consultation.

December 2021

• Discussion of proposed outcomes during the DC-ISSS session at the UN IGF in Katowice. Conclusions and next steps included in the summary of UN IGF outcomes and disseminated to all national and regional IGFs, relevant institutions, IGPs and NGOs. The IGF session will also review the working group structure in line with agreement of the workplan’s next steps in 2022.

January 2022

• Progress report provided at open consultation meeting of IGF’s Multi-stakeholder Advisory Group.

February-May 2022

• Finalisation of implementation and deployment strategies in consultation with key stakeholders including government administrations, parliamentarians and private sector decision-takers.

June 2022

• Progress Report submitted to open consultation meeting of IGF’s Multi-stakeholder Advisory Group.

September 2022

• DC-ISSS members meet to take decision on whether to undertake a further phase of follow-up work in 2022-23 or to dissolve the coalition after the 2022 IGF.

November/December 2022

• DC-ISSS submits its second report to the IGF in Addis Ababa.

January 2023

• Progress or final report provided at open consultation meeting of IGF’s Multi-stakeholder Advisory Group.

Potential future Working Groups

It is possible to establish new DC-ISSS working groups on the additional issues (new or mentioned below) relating to the adoption of security-related standards following stakeholder consultations during and following IGF 2021 in Katowice. Those interested in constituting a new working group can contact the DC-ISSS’ leadership.

Identified policy issues for the Dynamic Coalition

The following topics have been identified for research at the start of the DC-ISSS but have not been taken up.

• Assessing the value of involving non-technical stakeholders in standards development and accreditation processes through i) extending invitations to participate; ii) establishing a liaison system; and iii) providing explanations in non-technical language of why the urgent deployment of finalised and agreed standards is necessary and beneficial.
• Assessing the importance of consumer protection testing.
• Assessing the need for a fair system of faming, naming and shaming.
• Assessing the value of global testing of ICT products and services and a vulnerability reporting modus to ensure their security and safety.

Mailing list

To contact the group, please write to: [email protected]

Subscribe to the mailing list via THIS LINK

Stakeholders

TBC

Documents/Reports

• DC-ISSS governance document (April 2021)
• Annual 2020 Report
• The final report of the IGF’s Pilot Project in 2018-19 entitled Setting the standard for a more secure and trustworthy Internet explained the reasons for the slow and limited deployment of these standards, and identified the key decision-takers in society that as points of pressure would be able to accelerate the processes of deployment globally.
  The Report presented a range of recommendations and solutions that on the demand side would ensure that the right decisions are taken within large organisations relating to the deployment of these standards. On the supply side, the Report recommended leaders in the ICT and Internet industry should integrate security-enhancing standards and best practice in their products and services.

Contacts

Wout de Natris
[email protected]

Mark Carvell
[email protected]