WSIS+10 And The Challenge Of Securing The Internet Thumbnail
Improving Technical Security 8 December 2015

WSIS+10 And The Challenge Of Securing The Internet

By Kathryn BrownFormer President / CEO

In just one week, representatives of governments from all around the world will gather at the UN headquarters in New York for the 10-year Review of the World Summit on the Information Society, a.k.a. “WSIS+10”. We are very pleased to see the consensus forming that the principles of multi-stakeholder cooperation and engagement should be at the core of the Information Society. Moreover, consensus has emerged around a “post-2015” vision for how the Internet can be used to support the Sustainable Development Goals (SDGs) that will bring about a better future for us all. We are also pleased to see continued support for the Internet Governance Forum (IGF) as a key part of the multistakeholder future of the Internet.

However, not all governments share this post-2015 vision that a partnership among all stakeholders is needed to achieve our collective goals. As our matrix analysis of recent comments on the draft document show, some are in fact actively opposed to it, particularly in the area of cybersecurity. There are many explanations for this disagreement, but at its core is a worldview of applying national solutions to global problems, and a misbelief that cooperation among a single stakeholder group (ex. governments) is sufficient to solve issues that require the expertise and commitment of all stakeholders. In short: it is a perspective of the past projected to the world of the future.

In our view, raising the level of trust in the Internet through increasing both security and privacy is the critical imperative of our time. Embedded as the Internet Society is within the Internet’s technical community, we see the massive distributed denial-of-service (DDoS) attacks that are happening. We see the phishing and spam issues. We see large-scale pervasive surveillance and corporate and state espionage. And we see the erosion of trust that this is causing for end users, and the negative effect of these security threats on the economic development of countries.

The challenge, as we have said many times before, is that “the Internet” is not one single entity where there can magically be a simple solution to make everything secure. If this was possible, it would have been done by now.

The reality is that the Internet is a global “network of networks” comprised of tens of thousands of Internet service providers (ISPs) connecting together millions of individual home networks, data centers, WiFi networks and more –  all of which interact with each other through the power of open Internet standards and many of which operate across national boundaries. Just as keeping burglars out of our own physical neighborhood requires each of us to lock the doors of our houses and keep a watch out, so, too, does keeping criminals and attackers out of our virtual neighborhoods require each of us to implement Internet security measures. We call this “Collaborative Security” and see this as a necessary approach for how we make the Internet more secure, particularly as the security threats are constantly evolving at a rapid pace.

After the revelations of large-scale surveillance over the past few years, the technical community has focused a significant amount of energy on its role in this overall ecosystem. A prime example of this is the “Privacy and Security” program of the Internet Architecture Board (IAB). Recognizing that Internet security challenges are at an extremely large scale, and also that the Internet is composed of many different layers that act as building blocks for other layers, the IAB has undertaken an effort in three main areas:

  • Internet-scale resilience – work to address the large DDoS attacks, route hijacking and other attacks.
  • Confidentiality – work to address and mitigate surveillance.
  • Trust – work on how to bring about a more trusted Internet

This work out of the IAB is also reflected in the many efforts of the individual working groups within the IETF and other standards organizations.

We’re already seeing the results in new versions of the TLS protocol, the increasing deployment of DNS security (DNSSEC), the increasing number of organizations signing on to efforts to increase routing security, and the many different individual developers who are making their applications and services more secure.

But most importantly we see a global Internet, operated and continuously evolving through a diverse eco-system of technologists, businesses, states, civil society, and most importantly its users. This open and inclusive nature of the Internet is the foundation of its strength, which has allowed it to bridge social and geographical divides. To ensure a secure, sustainable Internet we must harness this diversity and address the challenges ahead as one global community – not as rivals defined by national borders.

As we head toward the UN discussions next week, we seek a post-2015 Vision that recognizes this diversity and the importance of solving collective problems through collaborative solutions. It is important to note that we recognize that governments have a role to play in Internet security. In times of trouble, most citizens look to their governments to provide security and safety. But the Internet is a global multi-stakeholder community, and as such its stability can never be ensured only through a lens of national security.

For the Internet Society, promoting and restoring trust in the Internet is a critical component of our 2016 Action Plan and will be driving much of our activity over the next year. The technical community is already diving deep into the hard core technical work needed to make the Internet more secure.

However, securing the Internet cannot be done solely through technology, and we cannot solve this on our own. Ensuring an open, trusted Internet must involve all its stakeholders operating on all fronts, and as we head toward the WSIS+10 discussions next week, we look for governments to join us and all the other stakeholders in this critical work that we must do together to make the Internet more secure.


Image credit: Christiaan Colen on Flickr CC BY SA

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Building Trust 21 February 2020

NDSS 2020: The Best in Security Research – For the Good of the Internet

On 23 February, the 27th consecutive Network and Distributed System Security Symposium (NDSS) kicks off in San Diego, CA....

Improving Technical Security 23 October 2019

Securing the Internet: Introducing Oracle Internet Intelligence IXP Filter Check

Oracle is an Organization Member of the Internet Society. We welcome this guest post announcing a new tool that...

Improving Technical Security 4 October 2019

Network Operators in Latin America and the Caribbean Take Steps to Strengthen Routing Security

2019 has been a very good year for the Internet in Latin America and the Caribbean. In May, during...