Loading IS3C ...................

OUR WORKING GROUPS

OUR ACTION PLAN

The IS3C has established a work programme that i) brings the critical security supply and demand factors together; and ii) proposes the best options for the deployment of key standards and best practices on both sides, in the form of policy recommendations and practical guidance. These outcomes will be presented as IGF policy recommendations for dissemination to policymakers and decision-takers worldwide.

Establishment of IS3C working groups in the first phase of its workplan.

Working Group 1: Security by design

The IS3C membership agreed that promoting security by design should be a key objective for the coalition and it was decided to focus in the first phase of its work on security by design of the Internet of Things (IoT). Other security by design topics would be selected following the conclusion of the working group’s proposals relating to IoT.

Research has confirmed that there is a large gap between the theory of security and the daily practice of IoT security. The working group is focussed on identifying the solutions needed to close this gap. The first results will be reviewed and published after the 2021 IGF in an open process of consultation with stakeholders worldwide.

Sub-group on Internet of Things – Mission Statement | June 2021

The document outlines the sub-group's aim of (a) reviewing current security-related IoT initiatives and practices worldwide, and (b) developing a coherent package of global recommendations and guidance for embedding security by design in the development of IoT devices and applications. The report will include the outcome of research questions shared globally.

Working Group 2: Education and skills

A major factor undermining the development of a common culture of cybersecurity is that students graduating from tertiary ICT-related educational programmes often lack the skills that business and society as a whole need in order to understand the benefits of security-related Internet standards and ICT best practices. In order for ICT security to be better understood, it has to be integrated into tertiary ICT educational curricula, at all levels. This may result in the structural development of ICT(-related) products and services that include cyber security Internet standards and ICT best practices. The coalition’s Working Group 2 has therefore the following goals:

  • To detect and resolve cyber security skill gaps in tertiary ICT education curricula;
  • To encourage tertiary educational institutions to include in their ICT curricula the essential skills, knowledge and understanding of security- related Internet standards and ICT best practices, building on current best practices, in order to bring tertiary education in line with emerging workforce requirements;
  • To strengthen collaboration between educational decision-takers and policy makers in governments and industry in order to align tertiary ICT curricula with the requirements of our cyber future;
  • To ensure effective collaboration between key stakeholders in order to keep tertiary ICT educational materials in step with new technologies and standards and prevent new skills gaps from developing.
WG 2 Mission Statement | June 2021

The document describes the group's focus on examining how tertiary educational curricula at all levels need to adapt to ensure that school and college-leavers are equipped with sufficient knowledge and understanding of how deploying security-related standards helps individuals and businesses be secure and safe in the digital economy. The group intends to develop recommendations and guidance in this regard.

Working Group 3: Procurement and supply chain management and the business case

The focus of the third IS3C working group is the opportunity to promote the business case for cybersecurity through the inclusion of security-related technical standards in public sector procurement contracts and in supply chain management practice in the private sector. Research has shown that this would be a major driver for the adoption and implementation of security-related standards. Organisations , governments, industry and business users generally can demand secure by design ICT-related products and services by stipulating requirements in their contracts for specific standards and adherence to current best practices.

WG 3 Mission Statement | June 2021

The document outlines the group's goal of developing actionable and practicable policy recommendations and guidance to ensure that public sector procurement and private sector supply chain best practice and related professional training takes into account Internet security and safety requirements.

WG4: Communication

The Communication WG has the Chair: Raymond Mamattah (President of E-Governance and Internet Governance Foundation for
Africa – EGIGFA, Ghana) and Vice-chair: Olévié Kouami (Directeur général chez Le FA de la Téranga, Senegal) . This is to help the IS3C with its communication strategies in order to help make all the communication activities of coalition official.

WG4: Communication Mission Statement | June 2021

Its purpose is to create and manage the various communication channels of the coalition such as creation of a website, email, social media handles etc.

Working Group 5 : Prioritizing and listing existing, security-related Internet standards and ICT best practices

Security by design through procurement
In order to become more proactive where prevention of online harms is concerned, organisation will have to demand the deployment of a multitude of Internet standards and ICT best practices, in numerous disciplines, from manufacturers and developers. Over time, they will all have to be deployed, as they all contribute to a more secure Internet and far safer ICT services, devices and products. At the same time the dependency on the mitigation of incidents will decline.
This proposal looks at the issue of procurement from two angles:
1. How can decision-takers and procurement offices be assisted in learning to make decisions with security fully in mind, without being swamped with all standards at once?;
2. What is the full view of the topic at hand?
These questions led to the formulation of two goals:
1. To present to the world a list of the most important or urgent, security-related Internet standards and related ICT best practices, that assist individuals in decision-taking position to demand and choose secure by design products;
2. To present an, iterative, overview list with all relevant, security related Internet standards and ICT best practices.
At the start of this Working Group IS3C will gather a panel of experts from around the globe and engage them in finding a rough consensus on what standards, in what categories, need to be a part of this list. They will be recruited from international and regional organisations in government, Internet institutions and industry.
An overall list, containing all security related Internet standards and ICT best practices can be started at any moment, as soon as there is a clear decision on who hosts it and people with editing rights are identified.

WG 5 Mission Statement | January 2023

IS3C provides decision-takers and procurement officers involved in ICTs procurement with a list containing the most urgent internet standards and related best practices. This assists them to take into account internet security and safety requirements and procure secure by design ICT products, services and devices, making their organisations as a whole more secure and safer.

WG chair: Wout de Natris

Working Group 6 on Data Governance

Data and related issues and developments in the public sector have become increasingly important in terms of government analysis and operations, academic research, and real- world applicability and acceptance. Data are now integral to every sector and function of government—as essential as physical assets and human resources. Much of the operational activity in government is now data-driven, and many Governments would find it difficult, if not impossible, to function effectively without data.
While governments are more connected, they are equally exposed to new and emerging threats. Cyberattacks and incidents such as data leaks highlight the complexity at stake in determining what kinds of responses are adequate from a policy, norms, regulatory and governance when it comes to securing data. Many governments have responded by including such concerns as a core part of their national cybersecurity strategies and data protection regulations.

This Working Group will support the development of global review of data security, identifying emerging trends, sub-topics, and best practices in this area. The working group will place in the coming two months and directly engage in a mapping exercise and the develop recommendations for data security framework. Activities will include:

1. Mapping data security frameworks and regulations.
2. Developing recommendations for how governments can better respond to data security challenges.

The first results of the activities conducted by the Working Group will be presented at the IGF in a dedicated Open Forum and in the IS3C workshop.

Working Group 6 Mandate.

The Working Group’s chair is Louise Marie Hurel. The work is supported by the United Nations Department of Economic and Social Affairs (UNDESA), Division for Public Institutions and Digital Government

Working Group 8 on DNSSEC and RPKI deployment

Two of the fundamental building blocks of the internet are the Domain Name System (the DNS) and the system of routing that allows Internet traffic to flow between our devices and sites. Both routing and the DNS are older technologies from a more innocent age, and neither was designed with any built-in security mechanisms. To help secure the DNS and the routing system from both malicious attacks and unwitting misconfigurations, the engineering community developed two protocols: Domain Name Security Extensions (or, DNSSEC) and the Resource Public Key Infrastructure (or, RPKI).
Wide deployment of these two standards is uneven across countries and regions, and globally remains a challenge. RPKI enjoys relatively good deployment levels. DNSSEC however, has not been widely deployed. Overall, although progress continues to be made, it is to the benefit of the security and resilience of the Internet to continue to strive towards greater general uptake. Internet resource organisations like ICANN and RIPE NCC deem this topic of importance.

This working group focuses on outreach and engagement efforts to increase trust in, and contribute to the wider deployment of, DNSSEC and RPKI. This working group provides a work plan, containing among others a new and different narrative and recommendations for the next phase, including an outreach plan at the global level.
Background
Research conducted in an IGF project in 2019 contains causes of, and recommendations to change, the slow uptake of standards deployment. One of the causes presented in the report, on the basis of input from the internet community at large, pointed to the fact that lack of deployment is perceived as being a technical issue, needing a technical solution. However, it was pointed out that what holds deployment back can actually often be based on financial, economic, or social decisions. This implies that the narrative is insufficiently tailored towards individuals in decision-taking positions in organisations. This conclusion led to two consecutive recommendations: a) to include and engage individuals in decision-taking positions and; b) to change the narrative in such a way, that they will decide favourably on deployment. The working group will provide this.
Workplan
A multistakeholder group will:
• Define the issue;
• Evaluate current content;
• Define current gaps in argumentation;
• Work on (redefining) best practices and recommendations for a new target audience;
• Write the narrative in line with this target audience;
• Present a plan for outreach;
• Present (interim) outcomes at the IGF in Kyoto, 8-12 October 2023;
• Present the outcome report, November 2023.

Working Group 8 Mandate.

This working group focuses on outreach and engagement efforts to increase trust in, and contribute to the wider deployment of, both DNSSEC and RPKI. This work will offer a narrative that allows decision takers to decide positively on the deployment of DNSSEC and RPKI within their respective organizations. This narrative will be a guideline for the deployment of all security-related internet standards and ICT best practices.

Chair: David Huberman, ICANN
Vice-chair: Bastiaan Goslings, RIPE NCC

Working Group 9 - Governance of Emerging Technologies: Quantum & AI

Breakthrough developments in quantum computing and artificial intelligence (AI) have led to recent global policymaking efforts and discussions regarding governance issues. The critical security implications of these technologies require further attention of stakeholders as these technologies continue to  advance and be commercialized. 

There is increasing attention both from tech companies, in terms of investment, and from policymakers through regulation such as the European Union’s AI Act which is now being drafted and the proposed Algorithmic Accountability Act in the USA. There are also important technical developments in the quantum technology field. Although some of the safety and security discussions revolve around the potential use of quantum computing, current developments in different quantum technology domains such as quantum computing, quantum networks, and quantum sensing indicate that certain applications of quantum technologies will be more eligible for commercialisation than others. The cybersecurity community has already highlighted the importance of investment in post-quantum encryption for assuring future safety and security of the digital world.

This working group of the UN Internet Governance Forum’s Dynamic Coalition on Internet Standards, Security and Safety (IS3C) aims to develop a roadmap for governance strategies for emerging technologies, focusing on quantum and AI technologies. The roadmap will set out the roles of governments, the private sector, and civil society stakeholders,  and will be based on lessons learned from previous governance efforts relating to complex technologies such as automated systems. 

 

The goals of IS3C’s working group include:

  • raising awareness of the security and safety issues relevant to policy decisions for Quantum and AI technologies;
  • investigating emerging issues that would require the attention of stakeholders, with  inputs from the public and private sectors, including the technical community, and from civil society;
  • developing policy recommendations and guidelines as IGF outcomes that will assist governments, regulators and private sector entities in policymaking and standard-setting efforts relating to quantum and AI governance.

 

It is envisaged that the deliverables of this working group will include:

  1. mapping current risks and opportunities associated with quantum and AI technologies; 
  2. publication of a comparative report of existing frameworks with the aim of delivering policy  recommendations; 
  3. standardization guidelines based on the policy recommendations.
WG 9 Mission Statement | February2023

The goals of IS3C’s working group include:

  • Raising awareness of the security and safety issues relevant to policy decisions for Quantum and AI technologies;
  • Investigating emerging issues that would require the attention of stakeholders, with inputs from the public and private sectors, including the technical community, and from civil society;
  • Developing policy recommendations and guidelines as IGF outcomes that will assist governments, regulators and private sector entities in policymaking and standard-setting efforts relating to quantum and AI governance.

    WG Chair: Elif Kiesow Cortez

    • to contact the group, please write to

    dc-isss@intgovforum.org

    OR

    Visit our contact page

    Contact Us
    Join Mailing list