No cyber security without government imposed regulation

24 October 2013 - A Workshop on Security in Bali, Indonesia

Internet Governance Forum 2013

Workshop # 90 Report

No cyber security without government imposed regulation

Organizer Name 

Veraart sophie

Organizer Entity 

NL IGF

Workshop Theme 

Legal Frameworks and Cyber-crime (Spam, Cyber-security, etc.)

Consise description 

 

Cyber security as a standard is aimed inwards. As concluded from last year’s workshop #87 on 'Cross border cooperation in incidents involving (Internet) Critical Infrastructure', cyber security should be a priority but solely through self-regulation. This workshop takes off from this premise by staging a debate around the provocative title: cyber security is unattainable without government imposed regulation. Cyber security as a standard is aimed inwards. How do I protect my property? Millions are invested in cyber securing organizations. At the same time these organizations bring products to the market to which hardly any thought seems to be given towards cyber security, providing new opportunities to cyber criminals, hackers, etc., perpetuating cyber insecurity. Cyber security can be obtained through more secure products. That’s why standardized best cyber security practices need to be continuously implemented in very diverse industries active on and around the Internet. This needs a preset understanding that is not commonly felt at present: a jointly accepted obligation to make and keep the Internet more secure and ensure a safer Internet experience for all end users. We will discuss forms of cooperation between governments, industry and regulatory bodies that could enhance cyber security significantly in the coming years. Building bridges for better cooperation and joint actions to enhance self-regulation and secure the Internet.

 

Several questions will be addressed. Does the present state of self-regulation lead to an acceptable level of cyber security? Are there examples of successful self-regulation and can these models be copied? How could sharing of best practices be encouraged? What makes regulation unacceptable? Are their forms of regulation that could be acceptable? Could an imposed and regulated "duty to care" make a difference? If a form of regulation could be agreed upon, what form should this take? Is the present form of regulation/regulatory bodies equipped for the 21st century Internet? If attaining security takes a global approach, how can a discussion be started in such a divided environment

 

Agenda 

Questions that will be addressed in this workshop are: - Does the present state of self-regulation lead to an acceptable level of cyber security?; - Are there examples of successful self-regulation and can these models be copied? - How could sharing of best practices be encouraged? - What makes regulation unacceptable?; - Are their forms of regulation that could be acceptable?; - Could an imposed and regulated “duty to care” make a difference? - If a form regulation could be agreed upon, what form should this take? - Is the present form of regulation/regulatory bodies equipped for the 21st century Internet? These questions will be posed to the panel in an open discussion.

Moderator 

Wout de Natris- NL IGF / ECP

Remote Moderator 

Sheba Mohammid

Have you organized workshops at previous IGFs?

Yes

Workshop format 

Panel

Workshop Transcript 

Transcript

Brief substantive summary of the workshop and presentation of the main issues that were raised during the discussions 

The first question asked was whether cyber-security issues should be solved through government-imposed regulations or self-regulation mechanism, with the panelists and the participants coming to a consensus, that both should be used.

Later on the governments representatives expressed interest in promoting security of critical ICT infrastructure through regulations. 
The discussion then drifted to the role of the IETF in promoting cyber-security and the lack of collaboration between governments and the technical community.

 

Conclusions drawn from the workshop and further comments 

The major conclusion was that fighting cyber-crime is only possible through collaboration of all the stakeholders. 

Any regulations should be set up in a fair, multistakeholder dialogue.
The participants and the panelists discussed ways for the government to take part in the developing of standards on an equal footing with other actors in the technical community.

 

Reported by 

Sergey Ovcharenko

Estimate the overall number of women participants present at the session 

About half of the participants were women

To what extent did the session discuss gender equality and/or women's empowerment? 


It was not seen as related to the session theme and was not raised

Discussion affecting gender equality and women's empowerment 

 

Workshops Staticals 
Number of FEMALE participantsNumber of MALE participantsNumber of Young participantsNumber of Developing Countries ParticipantsNumber of Developed Countries ParticipantsNumber of LDCs participantsNumber of TOTAL Participants
38 32 10 30 30 10 70