IGF 2019 WS #214
Global Collaboration for Internet of Things Security

Organizer 1: Frederic Donck, Internet Society
Organizer 2: Katie Watson, Internet Society

Speaker 1: Frederic Donck, Technical Community, Western European and Others Group (WEOG)
Speaker 2: Taylor Bentley, Government, Western European and Others Group (WEOG)
Speaker 3: Maarten Botterman, Technical Community, Western European and Others Group (WEOG)

Moderator

Frederic Donck, Technical Community, Western European and Others Group (WEOG)

Online Moderator

Katie Watson, Civil Society, Western European and Others Group (WEOG)

Rapporteur

Katie Watson, Civil Society, Western European and Others Group (WEOG)

Format

Panel - Auditorium - 90 Min

Policy Question(s)

What opportunities and threats do Internet of Things devices pose to the Internet and its users?

How can government representatives work with all stakeholder groups to increase Internet of Things security and network resiliency?

How can government representatives and global organizations work across borders to create a sustainable, secure IoT market?

How can device manufacturers instill security by design principles in their work? How can they collaborate with other stakeholder groups to enhance IoT security?

Do we need one global standard or set of norms for IoT security? If yes, how should it be developed?

What needs to be done in the next year, five years, and ten years to truly secure the IoT?

SDGs

GOAL 9: Industry, Innovation and Infrastructure
GOAL 17: Partnerships for the Goals

Description: This session will bring together government representatives, global organizations, and technical experts to discuss the state of the Internet of Things (IoT), and the importance of collaboration to ensure devices are secured and network resiliency is enhanced. There are currently several multistakeholder processes to enhance IoT security being carried out around the world in order to create and implement best practices and recommendations.

A representative from Canada, which will be in the implementation stage of its process, will discuss why the government partnered with the Internet Society and others to lead this initiative, the best practices and recommendations the multistakeholder group created, and what is being done to implement those recommendations.

A representative from Uruguay, which will be in the beginning stages of its own multistakeholder process, will discuss why they decided to carry out this process, what key outcomes they are working towards, and how they are including global perspectives in the work.

Other panel participants will discuss their own frameworks for IoT security, how they differ or are similar to those developed through the multistakeholder process, and how they are working together to harmonize their differences, including through the Global IoT Security Policy Platform.

This Platform has brought together representatives from government agencies across the globe (including in North and South America, Europe, and Africa) to address the challenges to the Internet ecosystem both by the rising threat of IoT security breaches and network resiliency risks, but also by the multitude of frameworks being promulgated across the globe.

This session will serve as an opportunity for those involved in multistakeholder processes and global collaboration initiatives around the world to discuss their work and the things they have learned from each other. It will also provide an opportunity for participants to ask questions about the processes and learn about opportunities to engage, including by creating their own multistakeholder processes at home with support from the Global IoT Security Policy Platform.


Expected Outcomes: As a result of this session, participants will be able to participate in global, high-level discussions regarding IoT security. It will provide a platform to highlight the work done to date by a variety of stakeholders, solicit feedback on that work, identify new potential partners, and identify future opportunities for collaboration.

Moderator will actively engage session participants by reserving at least a third of the designated time slot for questions and conversation. Moderator will also announce at the beginning of the session that questions, comments, and feedback are encouraged throughout. The Online Moderator will actively manage comments and questions through the livestream and on Twitter and will read aloud any relevant questions from the online community.

Additionally, by the time of the session, all panelists will have met in person at least once before and will be familiar with each other. This will allow the session to function more as a conversation, as opposed to rote question and answer.

Relevance to Theme: The Internet of Things (IoT) security addresses all aspects of the theme, “Security, Safety, Stability and Resilience”. Internet connected devices pose serious security challenges to the rest of the Internet, especially considering the scale, vulnerability, and longevity of devices. Compromised IoT devices can be used to form “botnets”; networks of Internet-connected, externally controlled devices.

Botnets can be mobilized to perform large-scale attacks. In 2016, a botnet, known as the “MIRAI Botnet”, made up principally of poorly secured Internet connected security cameras performed a distributed denial of service (DDoS) attack on the Dyn, a major Domain Name Service provider for the Internet. The attack not only broke records as one of the largest DDoS attacks, but also made major websites, including Twitter, Amazon, and Netflix, temporarily inaccessible for Internet users in some parts of the world. As more poorly secured devices connect to the Internet, the impact of the next attack could be even larger, destabilizing increasing large and impactful services and sites online.

These security threats are particularly daunting as the number of IoT devices for health-related purposes enter the market each year. Life-saving health devices, such as pace makers and glucose monitors, that are connected to the Internet can pose massive security risks to the individuals that use them – both through the control of the device and the sensitive data it collects.

This creates a pressing need for greater security and safety mechanisms to be built into the devices, and resilience to be built into the networks, servers, and software that transmit and store data from IoT devices in order to reduce the risk of weaponization – for both users and the Internet’s benefit.


Relevance to Internet Governance: All across the world, governments, civil society, academics, technologists, and private sector representatives are working together to enhance IoT security. They are forming and carrying out successful multistakeholder processes at a national level, and collaborating on best practices and recommendations on a regional and global level. There are several examples of this collaboration and norm-setting, which will be discussed in detail during the session:
Canadian Multistakeholder Process: Enhancing IoT Security (http://iotsecurity2018.ca)
Le Groupe de Travail pour un Internet des Objets de Confiance (France, https://www.isoc.fr/services/groupe-iot/)
Senegal Multistakeholder Process on Enhancing IoT Security (https://www.iotsecurity.sn/)
Global IoT Security Policy Platform (link forthcoming)

Online Participation

Online moderator will actively track the online participation tool for questions and comments and will voice all relevant questions in the room for response.

Proposed Additional Tools: Online moderator will actively monitor Twitter and respond to questions or comments.