[liberationtech] Invitation to contribute to IGF Best Practice Forum on Cybersecurity

Tue Aug 15 14:51:46 PDT 2017

Hi everyone, 

I wanted to let everyone know that earlier today, the 2017 Internet
Governance Forum (IGF) Best Practice Forum (BPF) on Cybersecurity
published a call for contributions. Contributions are due by 15
SEPTEMBER 2017 using the questionnaire provided below, which has also
been posted as a public call on the IGF's website [1]. 

The BPF on Cybersecurity, a multistakeholder and bottom-up group of
experts and practitioners, is now in its second cycle. Its work builds
on its discussions and output document in 2016 [2], which explored
improved collaboration and cooperation among stakeholders on
cybersecurity matters, to identify in 2017 the potential cybersecurity
implications of policies for universal access and achieving the
Sustainable Development Goals (SDGs). More details on this are available
in the Overview below, as is a list of Relevant Reading and all
instructions related to submissions.  

Cheers,
Maarten

BPF ON CYBERSECURITY 2017 - CALL FOR CONTRIBUTIONS

_All stakeholders are invited to submit written contributions addressing
the below questions and issues to the 2017 __IGF_ [3]_ __BPF_ [3]_ on
Cybersecurity mailing list
(subscribe:__https://www.intgovforum.org/mailman/listinfo/bp_cybersec_2016_intgovforum.org_
[4]_) by __15 SEPTEMBER 2017.__ While it is envisioned that initial
drafting of the output document will begin on 15 September, this should
be considered a soft deadline as contributions will be welcome after the
15th of September, particularly contributions from IGF National and
Regional Initiatives (NRIs) and from other relevant entities or
organisations who may be holding meetings relating to cybersecurity
prior to the IGF annual meeting in December._ 

_Contributions will then be compiled and synthesized by the Secretariat,
and further circulated to the community for comment and further work
towards an output document for the BPF to be presented at the 12th IGF
in Geneva, Switzerland from 18-21 December._ 

_All individuals and organizations are asked to kindly try to keep their
contributions to __NO MORE THAN 2-3 PAGES__, and are encouraged to
include URLs/Links to relevant information/examples/best practices as
applicable. When including specific examples or detailed proposals,
those may be included as an Appendix to the document. __PLEASE ATTACH
CONTRIBUTIONS AS WORD DOCUMENTS (OR OTHER APPLICABLE NON-PDF TEXT)._

OVERVIEW: 

During 2015 and 2016, the Policy Options for Connecting and Enabling the
Next Billion(s) (CENB) activity within the Internet Governance Forum
identified two major elements: 

· Which policy options are effective at creating an enabling
environment, including deploying infrastructure, increasing usability,
enabling users and ensuring affordability;
· How Connecting and Enabling the Next Billion(s) contributes to
reaching the new Sustainable Development Goals (SDGs). 

The Best Practice Forum on Cybersecurity realizes that making Internet
access more universal, and thus it supporting the SDGs, has significant
cybersecurity implications. Well-developed cybersecurity helps
contribute to meeting the SDGs. Poor cybersecurity can reduce the
effectiveness of these technologies, and thus limit our opportunities to
helping achieve the SDGs.

BPF participants have conducted an initial study of how the policy
proposals compiled as part of CENB Phase I and II may affect, or be
affected by, cybersecurity implications. 

As part of this ongoing effort, the IGF is now calling for public input
to collect additional risks and cybersecurity policy recommendations
that can help mitigate security impacts, and help ensure ICTs and the
Internet continue to help contribute to achieving the SDGs.

RELEVANT READING: 

Summary Records of the BPF
https://www.intgovforum.org/multilingual/content/bpf-cybersecurity-1 [5]

UN Sustainable Development Goals -
http://www.un.org/sustainabledevelopment/sustainable-development-goals/
[6] 

Policy Options for Connecting & Enabling the Next Billion(s) - Phase II
https://www.intgovforum.org/multilingual/index.php?q=filedepot_download/3416/549
[7] 

Security focused reading of CENB Phase I -
https://www.intgovforum.org/multilingual/index.php?q=filedepot_download/4904/687
[8] 

Security focused analysis of CENB Phase II -
https://www.intgovforum.org/multilingual/index.php?q=filedepot_download/4904/688
[8]

Questions:

· How does good cybersecurity contribute to the growth of and trust in
ICTs and Internet Technologies, and their ability to support the
Sustainable Development Goals (SDGs)? 

· How does poor cybersecurity hinder the growth of and trust in ICTs and
Internet Technologies, and their ability to support the Sustainable
Development Goals (SDGs)? 

· Assessment of the CENB Phase II policy recommendations identified a
few clear threats. Do you see particular policy options to help address,
with particular attention to the multi-stakeholder environment, the
following cybersecurity challenges: 

o Denial of Service attacks and other cybersecurity issues that impact
the reliability and access to Internet services 

o Security of mobile devices, which are the vehicle of Internet growth
in many countries, and fulfill critical goals such as payments 

o Potential abuse by authorities, including surveillance of Internet
usage, or the use of user-provided data for different purposes than
intended 

o Confidentiality and availability of sensitive information, in
particular in medical and health services 

o Online abuse and gender-based violence 

o Security risks of shared critical services that support Internet
access, such as the Domain Name System (DNS), and Internet Exchange
Point (IXP) communities 

o Vulnerabilities in the technologies supporting industrial control
systems 

o Use of information collected for a particular purpose, being
repurposed for other, inappropriate purposes. For instance, theft of
information from smart meters, smart grids and Internet of Things
devices for competitive reasons, or the de-anonymization of improperly
anonymized citizen data 

o The lack of Secure Development Processes combined with an immense
growth in the technologies being created and used on a daily basis 

o Unauthorized access to devices that take an increasing role in
people's daily lives 

o Other: describe a cybersecurity issue critical to developing the SDGs
in ways not listed above relevant to your stakeholder community (100
words or less) 

· Many Internet developments do not happen in a highly coordinated way -
a technology may be developed in the technical community or private
sector, and used by other communities and interact in unexpected ways.
Stakeholders are managing complexity.
This both shows the strength and opportunities of ICTs and Internet
Technologies, but also the potential risks. New technologies may be
insufficiently secure, resulting in harms when they are deployed:
conversely we may adopt security requirements or measures that prevent
the development, deployment, or widespread use of technologies that
would generate unforeseen benefits. Where do you think lies the
responsibility of each stakeholder community in helping ensure
cybersecurity does not hinder future Internet development? 

· Where do you think lies the responsibility of each stakeholder
community in helping ensure cybersecurity does not hinder future
Internet development? 

· What is for you the most critical cybersecurity issue that needs
solving and would benefit most from a multi-stakeholder approach within
this BPF? Should any stakeholders be specifically invited in order for
this issue to be addressed? 

Links:
------
[1]
https://www.intgovforum.org/multilingual/content/bpf-on-cybersecurity-2017-call-for-contributions
[2]
http://www.intgovforum.org/multilingual/content/bpf-cybersecurity-2016
[3] https://www.intgovforum.org/multilingual/lexicon/8
[4]
http://www.intgovforum.org/mailman/listinfo/bp_cybersec_2016_intgovforum.org
[5] https://www.intgovforum.org/multilingual/content/bpf-cybersecurity-1
[6]
http://www.un.org/sustainabledevelopment/sustainable-development-goals/
[7]
https://www.intgovforum.org/multilingual/index.php?q=filedepot_download/3416/549
[8] https://www.intgovforum.org/[link%20to%20be%20completed]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.stanford.edu/pipermail/liberationtech/attachments/20170815/19e9db55/attachment.html>