[Bp_cybersec_2016] Possible topics for 2016

Alejandro Pisanty apisanty at gmail.com
Tue Jun 7 15:05:06 EDT 2016 

Dear Wout,

thanks for keeping us in motion. Two very worthy subjects indeed. IoT will
surely be getting a lot of attention in workshops and maybe even plenaries
so we should look carefully for an angle that is appropriate for a Best
Practice Forum and though which we can make a distinctive contribution
(yes, I will make a couple of proposals but first another point):

Both IoT and the supply chain have something that is especially problematic
from the Internet governance point of view: they are mainly industrial
processes, with very little transparency to stakeholders outside the
industries thems elves. There is very little that civil society, in
particular, can do about these products before they are in stores (speaking
of the consumer-oriented ones from cellphones on.) Standards development
tends to be international and little subject to scrutiny by government or
civil society. Manufacturing is complex, transnational and mostly behind
closed doors. Backdoors may be inserted in hardware or software; there are
no guaranteees for fail-safe designs; as you well mention, security and
functional updates may be unreachable; and so on.

If we are thinking of consumer-facing devices, we can recognize that some
of the above features apply also to industrial and infrastructure SCADA
systems. Most of these things are operating in spaces like Information
Techonlogy, measurement, fabrication, telecommunications, computing, etc.
and not on the Internet itself except for a small part of their design and
operation.

So our question may shift to an Ecology of Governances, in which Internet
governance has little place, but is affected by off-Internet governances.
For the Internet well-known interactions of this kind have been exemplified
by the Heartbleed event, which is based on the governance of an open-source
community. How do we bring these threads together coherently? (disclosure,
I've filed a proposal for a workshop on this subject and will welcome
participation to flesh out the proposal.)

Yours,

Alejandro Pisanty

On Tue, Jun 7, 2016 at 7:26 AM, Wout de Natris <denatrisconsult at hotmail.nl>
wrote:

> Dear all,
>
>
> During the recent call I was invited to give an overview of the outcomes
> of the 2015 BPFs on "spam" and "CSIRTs". In this introduction I focused on
> the recommendations of both BPFs.
>
>
> Looking back at the discussions that preceded the final documents I found
> two topics that were parked for possible later use as they would make the
> respective 2015 Fora too broad and unmanageable. The importance was
> recognised though. I would like to introduce them for your consideration to
> discuss on our next call to find if they could be of interest for the 2016
> cyber security BPF as well.
>
>
> 1) Internet of Things
>
>
> The Internet of Things brings many possibilities and connects a sheer
> endless number of devices to the Internet. This comes with many security
> issues and questions.
>
>
> 2) The product(ion) and service chain
>
>
> With a device, whether a smart phone, laptop, connected refrigerator or
> light bulb, comes a long line of involved companies and services that have
> one thing in common only, they are a part of the device and/or a part of
> the service that allows the device to be online and reached.
>
>
> All individually involved companies, whether manufacturers or service
> providers, have a share in the online security of the end user, the device
> and society as a whole. To have more knowledge of and of individual
> responsibilities within the chains, makes it possible to address these
> parts of the chain and invite them on board in Internet governance debates.
>
>
> As an example. Who is responsible for updates on a smart phone? Which
> layers in the chain need to cooperate and in what way to make that update
> happen? Just try and answer that question to yourself.
>
>
> Best regards,
>
>
> Wout de Natris
>
>
>
> _______________________________________________
> Bp_cybersec_2016 mailing list
> Bp_cybersec_2016 at intgovforum.org
> http://intgovforum.org/mailman/listinfo/bp_cybersec_2016_intgovforum.org
>
>


-- 
- - - - - - - - - - - - - - - - - - - - - - - - - - -
     Dr. Alejandro Pisanty
Facultad de Química UNAM
Av. Universidad 3000, 04510 Mexico DF Mexico
+52-1-5541444475 FROM ABROAD
+525541444475 DESDE MÉXICO SMS +525541444475
Blog: http://pisanty.blogspot.com
LinkedIn: http://www.linkedin.com/in/pisanty
Unete al grupo UNAM en LinkedIn,
http://www.linkedin.com/e/gis/22285/4A106C0C8614
Twitter: http://twitter.com/apisanty
---->> Unete a ISOC Mexico, http://www.isoc.org
.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://intgovforum.org/pipermail/bp_cybersec_2016_intgovforum.org/attachments/20160607/db99d0cf/attachment.htm>

More information about the Bp_cybersec_2016 mailing list