IGF 2019 WS #202
Designing an environment of security for a trust & safe ICT

Organizer 1: Victor Manuel Martinez Vanegas, Federal Telecommunications Institute
Organizer 2: Diana Gómez, Federal Telecommunications Institute

Speaker 1: Angela Mckay, Private Sector, Western European and Others Group (WEOG)
Speaker 2: Kulesza Joanna, Civil Society, Eastern European Group
Speaker 3: Víctor Rodríguez, Government, Latin American and Caribbean Group (GRULAC)
Speaker 4: Bruce Schneier, Civil Society, Western European and Others Group (WEOG)
Speaker 5: Diane Rinaldo, Government, Western European and Others Group (WEOG)
Speaker 6: Bronwyn Mercer, Civil Society, Western European and Others Group (WEOG)

Moderator

Victor Manuel Martinez Vanegas, Technical Community, Latin American and Caribbean Group (GRULAC)

Online Moderator

Diana Gómez, Technical Community, Latin American and Caribbean Group (GRULAC)

Rapporteur

Diana Gómez, Technical Community, Latin American and Caribbean Group (GRULAC)

Format

Round Table - U-shape - 90 Min

Policy Question(s)

How can certification schemes for secure ICT products manage risk of vulnerabilities in ICT technologies such as IoT and, current and future (5G) mobile networks infrastructure in order to foster the thrive of an innovative and cybersecure industry?

SDGs

GOAL 9: Industry, Innovation and Infrastructure
GOAL 11: Sustainable Cities and Communities
GOAL 16: Peace, Justice and Strong Institutions
GOAL 17: Partnerships for the Goals

Description: The workshop have the following aims:
• To share and discuss experiences, projects and best practices for secure ICT products through certification schemes in order to identify opportunities and challenges.
• To identify approaches in technical regulations and conformity assessment procedures which may be replicated and, result in standards harmonisation.
• To hold a workshop in order to support capacity building.
• To produce recommendations for further collaboration in the strengthening of cybersecurity.


Expected Outcomes: With this workshop, it is expect to identify and share best practices regarding certification schemes for cybersecure ICT products, building the capacity of stakeholders to face these challenges.
In addition, it is expected to outcome the following:
• Develop and support ICT innovation;
• Promote a secure, resilient and trusted ICT environment;
• Enhance the digital economy and the Internet Economy; and
• Strengthen cooperation.

The roundtable will consist about to share projects and best practices for secure ICT products through certification schemes in order to identify opportunities and challenges, to identify approaches in technical regulations and conformity assessment procedures which may be replicated and result in standards harmonization. At the end of each the presentation of each topic, the forum will be open for a session of questions.
In terms of format, the round table will be organized as a facilitated dialogue. Led by the moderator, a diverse range of experts from different stakeholder groups - academia, government, industry, civil society and youth participation – will discuss key questions and issues.
Following the round of questions, experts are invited to give open comments, after which the moderator will turn to those attending the session and invite the audience to engage in the conversation. The proposal agenda is the following: - Welcome and opening comments by onsite moderator (10 min) - Two round of questions (5 min max.) to speaker (25 min each round) - Moderated Q&A with the audience and online participants (20 min) - Closing remarks by onsite moderator (10 min).

Relevance to Theme: The advent of Internet of Things (IoT) and Artificial Intelligence increases the potential social and economic impact of digital security failures. While cybersecurity is transversal and comprises many facets, the workshop will focus on strengthening security of ICT products through certification schemes.
Cybersecurity comprises at least the following aspects: economic, social, technical, law enforcement and national and international security. According to the report of the World Economic Forum (WEF) “The Global Risks Report 2019”, machine learning or artificial intelligence (AI) is becoming more sophisticated and prevalent, with growing potential to amplify existing risks or create new ones, increasing the potential social and economic impact of digital security failures, particularly as the Internet of Things (IoT) connects billions of devices. For example, a number of applications for block chain technologies rely on the use of trusted IoT devices to gather data with the needed integrity. Thus, in order to obtain the benefits of these new technologies, it is necessary to reduce the risk of vulnerabilities in IoT products.
Certification schemes impact on the digital security of the end-users; providing more protection in the cyber space will reduce the negative consequences in other sectors of the society. The sharing of experiences, projects and good practices during the workshop may result in the identification of schemes with similar requirements and approaches that could facilitate the design of applicable digital policies to provide cybersecurity in the entire sector. This workshop will also touch on trade liberalization of digital services since it will help to identify technical barriers of security aspects and to promote the investment on security in the ICT products and services, making them more trustworthy.
Moreover, the workshop seeks to build capacities by exploring technical aspects of cybersecurity, specifically focusing on requirements of certification schemes for secure ICT products such as IoT and incoming 5G mobile networks infrastructure. In this context, it is also important to identify incentives for industry to continue offering digital products and services that meet these standards.
The sharing of experiences, projects or programs between the different stakeholders can contribute to the creation of an environment that promotes international cooperation on this issues, and to gather evidence on whether this approach to cybersecurity is the most appropiate.


Relevance to Internet Governance: Nowadays it is important to design policies that guarantee a safe navigation environment. The new technology advances increase the potential social and economic impact, both positive and negative. This is why cybersecurity ought to focus on user’s protection, data protection, and policy makers and other stakeholders must take it into account when designing policies.
One way or another all the digital activities are interrelated; cross border data sharing increases everyone’s risk of being a victim of a cyber-attack; it is everyon’s responsibility to diligently implement digital policies. This issue has to be addressed from a multi stakeholder perspective because only the different points of view will effectively help to build a more security digital environment and the appropriate policies.

Online Participation

.