[Bp_cybersec_2016] Possible topics for 2016

James Gannon james at cyberinvasion.net
Tue Jun 7 15:39:04 EDT 2016 

And pivoting off this, I think that this could be a good point to come back to what a number of us on the call were suggesting which is potentially for year one of this BPF to work on “mechanisms for cooperation and coordination in cybersecurity” I think that this is something that is both practical, useful for those of us who see challenges in this area on a day to day basis, a topic that can have a deliverable for the BPF to work on, and fits within the overall scheme of where the strengths of the IGF lie (In my opinion).

I think that going with the above we would also build on the wok that has been done in other areas, and would also attract a lot of new interest in the IGF in general. This would also be something that the national and regional IGFs would be fantastically placed to inform the discussions in a bottom up manner on the variances and regional needs that would need to feed into such a topic.

Others have thoughts?

-james gannon

From: Bp_cybersec_2016 <bp_cybersec_2016-bounces at intgovforum.org<mailto:bp_cybersec_2016-bounces at intgovforum.org>> on behalf of Alejandro Pisanty <apisanty at gmail.com<mailto:apisanty at gmail.com>>
Date: Tuesday 7 June 2016 at 20:05
To: Wout de Natris <denatrisconsult at hotmail.nl<mailto:denatrisconsult at hotmail.nl>>
Cc: "bp_cybersec_2016 at intgovforum.org<mailto:bp_cybersec_2016 at intgovforum.org>" <bp_cybersec_2016 at intgovforum.org<mailto:bp_cybersec_2016 at intgovforum.org>>
Subject: Re: [Bp_cybersec_2016] Possible topics for 2016

Dear Wout,

thanks for keeping us in motion. Two very worthy subjects indeed. IoT will surely be getting a lot of attention in workshops and maybe even plenaries so we should look carefully for an angle that is appropriate for a Best Practice Forum and though which we can make a distinctive contribution (yes, I will make a couple of proposals but first another point):

Both IoT and the supply chain have something that is especially problematic from the Internet governance point of view: they are mainly industrial processes, with very little transparency to stakeholders outside the industries thems elves. There is very little that civil society, in particular, can do about these products before they are in stores (speaking of the consumer-oriented ones from cellphones on.) Standards development tends to be international and little subject to scrutiny by government or civil society. Manufacturing is complex, transnational and mostly behind closed doors. Backdoors may be inserted in hardware or software; there are no guaranteees for fail-safe designs; as you well mention, security and functional updates may be unreachable; and so on.

If we are thinking of consumer-facing devices, we can recognize that some of the above features apply also to industrial and infrastructure SCADA systems. Most of these things are operating in spaces like Information Techonlogy, measurement, fabrication, telecommunications, computing, etc. and not on the Internet itself except for a small part of their design and operation.

So our question may shift to an Ecology of Governances, in which Internet governance has little place, but is affected by off-Internet governances. For the Internet well-known interactions of this kind have been exemplified by the Heartbleed event, which is based on the governance of an open-source community. How do we bring these threads together coherently? (disclosure, I've filed a proposal for a workshop on this subject and will welcome participation to flesh out the proposal.)

Yours,

Alejandro Pisanty

On Tue, Jun 7, 2016 at 7:26 AM, Wout de Natris <denatrisconsult at hotmail.nl<mailto:denatrisconsult at hotmail.nl>> wrote:

Dear all,


During the recent call I was invited to give an overview of the outcomes of the 2015 BPFs on "spam" and "CSIRTs". In this introduction I focused on the recommendations of both BPFs.


Looking back at the discussions that preceded the final documents I found two topics that were parked for possible later use as they would make the respective 2015 Fora too broad and unmanageable. The importance was recognised though. I would like to introduce them for your consideration to discuss on our next call to find if they could be of interest for the 2016 cyber security BPF as well.


1) Internet of Things


The Internet of Things brings many possibilities and connects a sheer endless number of devices to the Internet. This comes with many security issues and questions.


2) The product(ion) and service chain


With a device, whether a smart phone, laptop, connected refrigerator or light bulb, comes a long line of involved companies and services that have one thing in common only, they are a part of the device and/or a part of the service that allows the device to be online and reached.


All individually involved companies, whether manufacturers or service providers, have a share in the online security of the end user, the device and society as a whole. To have more knowledge of and of individual responsibilities within the chains, makes it possible to address these parts of the chain and invite them on board in Internet governance debates.


As an example. Who is responsible for updates on a smart phone? Which layers in the chain need to cooperate and in what way to make that update happen? Just try and answer that question to yourself.


Best regards,


Wout de Natris


_______________________________________________
Bp_cybersec_2016 mailing list
Bp_cybersec_2016 at intgovforum.org<mailto:Bp_cybersec_2016 at intgovforum.org>
http://intgovforum.org/mailman/listinfo/bp_cybersec_2016_intgovforum.org




--
- - - - - - - - - - - - - - - - - - - - - - - - - - -
     Dr. Alejandro Pisanty
Facultad de Química UNAM
Av. Universidad 3000, 04510 Mexico DF Mexico
+52-1-5541444475 FROM ABROAD
+525541444475 DESDE MÉXICO SMS +525541444475
Blog: http://pisanty.blogspot.com
LinkedIn: http://www.linkedin.com/in/pisanty
Unete al grupo UNAM en LinkedIn, http://www.linkedin.com/e/gis/22285/4A106C0C8614
Twitter: http://twitter.com/apisanty
---->> Unete a ISOC Mexico, http://www.isoc.org
.  .  .  .  .  .  .  .  .  .  .  .  .  .  .  .
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://intgovforum.org/pipermail/bp_cybersec_2016_intgovforum.org/attachments/20160607/f582034a/attachment.htm>

More information about the Bp_cybersec_2016 mailing list