Emerging Cybersecurity Threats

22 October 2013 - A Workshop on Security in Bali, Indonesia

Internet Governance Forum 2013

Workshop # 143 Report

Emerging Cybersecurity Threats

Organizer Name 

Brueggeman Jeff

Organizer Entity 

AT&T

Workshop Theme 

Legal Frameworks and Cyber-crime (Spam, Cyber-security, etc.)

Consise description 

 

The workshop will focus on emerging cybersecurity threats, including mobile and cloud security, and the implications on Internet governance. The discussion will encompass a discussion of the threats, while also discussing proactive strategies and solutions for addressing emerging cybersecurity threats.

The format of the workshop will be designed to elicit a range of views from private sector, government, technical and civil society representatives.  A foundatation for the discussion will be a technical overview of developments such as advanced persistent threats, attacks on mobile networks and cloud computing vulnerabilities.  We will analyze the potential impact of threats on a variety of Internet users, including consumers, governments and users in developing countries. 

The workshop discussion then will address potential strategies and solutions for addressing emerging cybersecurity threats, with a particular focus on Internet governance implications.  We will look at existing best practices and suggested areas for greater focus and improvement, such as multi-stakeholder cooperation, public-private partnerships and technical coordination.  This discussion will include questions the best way to address emerging threats within the Internet governance process and institutions. 

The discussion also will encompass the social and policy implications of emerging cybersecurity threats. We will discuss how responses to emerging security threats should be structured to protect privacy and the free flow of information.  

The goal of the workshop is to provide an expert view on the emerging threat landscape and to identify some policy recommendations for how to address these threats in the context of Internet governance.

 

Agenda 

1. Overview. Introduction will describes the security threat landscape and identifies some emerging security threats and current trends. 2. Threat Assessment. Panel will offer technical insights about emerging cybersecurity threats. What are the current trends and which threats raise the greatest concern? How are evolving Internet services and technologies, such as mobile and cloud computing services, affecting these security threats? 3. Solutions and Response Strategies. Panel will discuss potential solutions and proactive responses to emerging security threats. Key issues include cross-sector and international cooperation, information sharing and technical innovation. What can Internet users do to protect themselves? 4. Policy and Legal Framework. Panel will discuss the types of policy solutions and legal frameworks that will be able to adapt to emerging security threats. How can we promote effective and flexible public-private partnerships? What should be done to safeguard civil liberties as we respond to emerging security threats? 5. Future View. Panelists will generally look ahead and identify the Internet governance implications of emerging security threats. 6. Intereractive Audience Discussion.

Moderator 

Robert Guerra

Remote Moderator 

Claudia Selli

Have you organized workshops at previous IGFs?

No

Workshop format 

Panel

Workshop Transcript 

Transcript

Brief substantive summary of the workshop and presentation of the main issues that were raised during the discussions 

 

The panelists started the workshop by discussing some of the recent cyber threats impacting the Internet.  Panelists discussed a range of attacks including specific incidents impacting the domain name system in Qatar and Malaysia and the increasing global volume of Distributed Denial of Services (DDoS) attacks in particular those targeting financial institutions around the globe.  Panelists also discussed ongoing work in their regions to address the attacks including building technical capacity particularly in regions that are less equipped to respond vis a vis the rest of the world.  There was also discussion of security around mobile devices.  Panelists discussed that some countries, such as Brazil,  are attempting to increase digital inclusion through the use of smart phones and tablets and that attackers may begin targeting those devices thus driving a need for better education and awareness among end users on how to protect devices.  There was also discussion of ongoing work with regional ISPs to protect end users.  
Panelists also discussed issues impacting international collaboration.  A specific issue raised was the increase in national security attacks globally such as Stuxnet and DDoS attacks against the national systems.  Panelists discussed that managing cyber space is starting to be seen as a competition between countries creating major challenges for the technical/CERT community in pursuit of international collaboration due to trust breaking down.  In particular  if CERTS are seeing as extension of national governments and there is a lack of transparency at operational level.  It was proposed that it may be necessary to separate the national security activities from security operations for the technical cyber ecosystem.   
Panelists were also asked what they see happening in the next 6 months.  Panelists discussed upcoming events such as the Winter Olympic Games and the World Cup that would attract attention and raise the potential for cyber attacks and their roles in preventing or responding to those attacks.  Activities discussed included maintaining open channels of communication between operators of infrastructure globally and in increasing technical training and engagement to prepare in advance of potential attacks including around DNS security.  Panelists also discussed efforts to strengthen infrastructure, growing technical capacity, enhancing regional cooperation and in adjusting policy to help build regional capacity to protect network assets.  Panelists also discussed that one challenge to information sharing for policy makers was to balance facilitating information sharing but at eh same time not undermining the business opportunity in cybersecurity services.  Finally there was discussion that one confidence building measure being used in some countries was to ensure that in the event of a DDoS attack against national governments that there was always a technical point of contact to ensure that even while the policy/political community may disagree the technical CERT community was prepared to respond.
In addition to DDoS the topic of surveillance was raised in particular how do national security issues impact collaboration, how does the IGF stakeholder community balance national security interests with collaboration and is it even possible?  Panelists discussed that it helps if the technical community is separate from governments.  Also that in some cases, such as in the Asia Pacific CERT, there are opportunities to turn those challenges into an opportunity by focusing on common goals.  One example discussed was national efforts to hep with botnets which was viewed as an area where countries have common interest and could collaborate quickly helping to develop trust where there may have been initially little trust.  Panelists also discussed that there is a need for more resilient software in particular to deal with zero day threat. Finally there were general comments that the discussion of surveillance has created far greater focus in some counties on how to protect infrastructure.  Last, it was discussed that cooperation in responding to cyber threats was a good example of the multi-stakeholder process working to keep the internet more safe and secure.  
During the audience questions portion of the panel there was discussion of other emerging threats such as machine to machine communications (M2M) and the Internet of Things (IOT).  There was general discussion of activities within industry and participation of national CERTs to develop standards for security.  There was discussion that security becomes necessary to support the growth of M2M and IOT.   The audience also raised questions around the militarization of cyberspace how that impacts trust and cooperation between countries.  There was lengthy discussion of the evolution of security from something that the Internet community had worked on informally between engineers and law enforcement into something that is more national security oriented which is contributing to the lack of trust.  

 

Conclusions drawn from the workshop and further comments 

 

The panel concluded with a wrap up question about the roll of regulation and frameworks and if the panelists could make two recommendations to the stakeholders of the IGF.   The following are some general conclusions from the panel for stakeholders of the IGF:
Increased Cooperation Among Stakeholders - There is a need for greater collaboration internationally to enable response activities to threats both in region and across regions, within and between governments and in the private sector such as mutual self help etc.
Separate Security Operations and Technical Capacity from National Security Issues - Given that National Security issues may be eroding trust there as discussion of how there may be a need to separate the work of national CERTS and the private sector in protecting infrastructure from National Security issues to not allow the breakdown of trust to erode international cooperation in response to threats at the technical/operational level.
Best Practices and Regulation - There appeared to be a general consensus among panelists that it would not be helpful to regulate given the rapid pace of change in cyberspace,  that in the past attempts at regulation lack an understanding of how the internet works and would be ineffective. In lieu of regulations panelists generally agreed that a better approach was to encourage more adoption of best practices and standards that already exist.  That general best practices should be promoted in country and region vs. regulations.
Education and Awareness/Capacity Building - There was also a general recommendation around promoting awareness around the roles each stakeholder has in the Internet.   That cybersecurity is a shared responsibility - each entity has to take on their role in protecting the internet.  And there is a need to shift from a security mindset to more of an enabling mindset.  There is a need to also educate regions/countries on risk management practices to build technical capacity.
Multistakeholder Process - There was general discussion throughout of the informal activities among engineers and others to support security through the multistakeholder process and there appeared to be a general viewpoint from many panelists that security is an area where the multistakeholder process has been working.

 

Reported by 

Christopher Boyer / AT&T

Estimate the overall number of women participants present at the session 

About half of the participants were women

To what extent did the session discuss gender equality and/or women's empowerment? 


It was not seen as related to the session theme and was not raised

Discussion affecting gender equality and women's empowerment 

 

Workshops Staticals 
Number of FEMALE participantsNumber of MALE participantsNumber of Young participantsNumber of Developing Countries ParticipantsNumber of Developed Countries ParticipantsNumber of LDCs participantsNumber of TOTAL Participants
2 4 0 1 5 0 6