Security and Internet Governance, Education is the Key

Responses - Stakeholder Government & Parliament

Dr. Olga Cavalli, Governmental Advisory Committee (GAC) member, ICANN Senior Advisor Foreign Ministry of Argentina

For several years since the creation of the TCP/IP protocol and since the establishment of its early structure, the Internet grew and consolidated before becoming a major communication platform as we know it today. It is an essential tool for allowing our societies to produce find and share any kind of information from any place of the world which is connected to it, and it is the basis of what is called "The Information Society".

Dr. Olga Cavalli is an electrical and electronics engineer. She is currently the President of the Women in Technology and Business Forum as well as, among others, Argentina’s GAC representative at ICANN, Latin American Director at South School on Internet Goverance, professor at EURO-SSIG and adviser for technology at the Ministry of Foreign Affairs.

The Internet is today highly relevant for communications and businesses in all countries of the world and it also is a key tool for development. The Internet is growing continually, not only in developed countries but also in developing economies, and at the same time the challenges related to Internet security are witnessing a rise as different types of cybercrimes proliferate.

In a highly connected world, all users know that ICTs offer great advantages and are great tools for working and learning, but at the same time there are several security challenges related to this global connectivity. During the last years, illicit cyber activities have grown and they have become a problem for all types of users, whether individuals, corporations or governments.

The different types of cyber attacks and the damages that they can cause show how important education and awareness among the Internet community is. Moreover, differences among the developed and the developing world mean that not all governments have detailed and complete information about what is happening in relation to cyber security and cyber attacks. As shown in the report “Latin American and Caribbean Cyber Security Trends and Government Responses” governments noted an increase in the frequency of cyber incidents during 2012 compared with the previous year; the same study shows that most states did not differentiate between the types or severity of the cyber incidents they reported.^[1]

Information shared among governments and other stakeholders, seems to be the right way to face these increasing security challenges. At the same time collaboration among stakeholders at all levels is one of the most important and challenging steps forward, as no problem can be solved in the Internet if it is taken on by only one stakeholder. The multistakeholder model provides the space for sharing experiences and the Internet Governance Forum is an important platform for exchanging knowledge on an equal footing basis. The regional and national IGFs also play an important role in this respect.

Several countries have established alert centers called CSIRTs (Computer Security Incident Response Team) as part of their security infrastructure. Unfortunately, however, there are still a number of countries that have not yet put in place this important tool for a more secure Internet infrastructure. As shown on the global Forum for Incident Response and Security Teams web page, there are still members of this association that are lacking national alert centers, making them more vulnerable to cyber attacks.^[2]

Cyber security attacks can potentially cause far-reaching damage to the public and private sectors, to national security, to companies, and to the competitiveness of a country, among many other problems. Eventssuch as these must be avoided, but none of them can be faced or solved by only one stakeholder. On the contrary, having a collaborative and multistakeholder perspective is crucial to our ability to face this challenge. For developing countries, the lack of alert centers is only one of many problems. Another is the sheer pace of technological change, which makes it difficult for local regulations and rules to adapt to and reflect those changes. Furthermore, these countries are in need of skilled IT professionals, but their own professionals often emigrate to developed economies that usually pay more for their professional knowledge and skills than their own community. This is a problem for many countries that invest a considerable amount of resources in training these professionals.

There is no single answer to these challenges, but there are some steps that, especially in developing countries, can be taken in order to be stronger when facing cyber security attacks. One of these steps is coordination, each region should make best efforts to coordinate activities and exchange experiences and information to avoid or warn against cyber attacks. Those countries that have experience in establishing and managing an alert center or CSIRT should share this knowledge with those that do not have one and are in the same region. Travelling shorter distances and sharing the same language and cultural similarities always helps in terms of capacity building.

Education, outreach and training are also essential elements that will surely help all developing economies. Creating learning spaces that promote debate in a multistakeholder environment are of great importance. Not all government employees can go to the Internet Governance Forum, but many of them can be part of a capacity building activity that enhances their skills and creates interest to learn and investigate in more detail some aspects of ICTs, Internet and Internet Governance.

Many of the training activities built upon a multistakeholder approach are focused on Internet and Internet Governance, but address these topics from a holistic perspective. Bringing together experts from different backgrounds and professions is the best way to create a basic ground of knowledge for all experts edealing with Internet security challenges on a daily basis.

The Organization of American States has developed a full virtual online training course on Internet Governance that also focusses on security. The course is based on fellowships granted by the OAS and has been developed in Spanish; an English version will be available as of 2014.^[3] ISOC also offers fellowships for the online training program called Next Generation Leaders.^[4]

The schools on Internet Governance are a great example of global multistakeholder cooperation for training in Internet Governance, including security. The European School on Internet Governance, Euro-SSIG, brings together fellows and well-known academics and experts from all over the world, who teach in a multistakehloder environment. Organized every year in Meissen, Germany, it started in 2007.^[5]

In Latin America the South School on Internet Governance, SSIG, has been established since 2009 and takes place in a different Latin American or Caribbean country each year. This school has come to the attention of governments from the regions, who have found that the SSIG is well-positioned to train their experts, as well as students from the region and abroad.^[6] The SSIG rotates among countries and has so far been organized in Buenos Aires, Sao Paulo, Mexico, Bogotá and Panama. There is also an African School on Internet Governance that started this year in Durban. South Africa.

This holistic and multistakeholder approach is also important for university teachers. Sometimes universities work in knowledge silos, for example engineering or informatics faculties usually focus on high technical training, but there is a lack of understanding of public policy related with technology. In a similar way, law schools do not usually understand the basic concepts related with technology and some difficulties may arise once there is a need to establish regulations related to the ICT infrastructure of the Internet itself.

Another important issue to achieve is balance, balance between security and censorship. As it has been said before, new challenges are arising in the Internet era and in the digital economy as new services are constantly being developed; there are new platforms and new ways of interaction between users, in relation to content, their work, their universities, and their families. The overwhelming amount of data that we are all producing, needs to be stored, cared, managed, secured, copied and protected. Governments must protect the information while at the same time protecting the right to communicate, and there is a fine line between security and censorship. Every community has the right to protect t heir culture as it is reflected in digital content on the Internet, but this protection should not prevent others from communicating using the same technology platform.

All the information and the innovation that is generated today by the Internet would not exist if the concept of openness had not been present from the very beginning and if it were not preserved until today. Perhaps the big challenge is not only finding the right balance between regulation and free flow of information, but, more importantly, avoiding any regime that would inhibit the ability of the users to communicate, of the technology providers to continue enabling access, of service providers to offer new services, of academics to conduct research. Security is an increasingly conflicting element with all these desired freedoms on the Internet.

Regulations play an important role in shaping services and defining the way the Internet functions. All parties need to be heard and considered. Finding the right balance seems to be a difficult challenge. And this is precisely why dialogue and the exchange of information within a multistakeholder environment is so important. Indeed, it is the only way to move forward and find practical ideas and solutions to the diverse problems brought about by the open structure of the Internet, cyber security and freedom of expression.

References:

1. ↑ http://www.trendmicro.com/cloud-content/us/pdfs/security-intelligence/white-papers/wp-latin-american-and-caribbean-cybersecurity-trends-and-government-responses.pdf]
2. ↑ http://www.first.org/members/map
3. ↑ http://www.oas.org/fms/Announcement.aspx?id=357&Type=2&Lang=spa
4. ↑ http://www.internetsociety.org/what-we-do/leadership-programmes/next-generation-leaders-ngl-programme
5. ↑ European School on Internet Governance http://www.euro-ssig.eu
6. ↑ South School on Internet Governance http://www.gobernanzainternet.org

MIND-Multistakeholder Internet Dialog MIND stands for Multistakeholder Internet Dialogue. The discussion paper series is a platform for modern polemics in the field of internet governance. Each issue is structured around a central argument in form of a proposition of a well-known author, which is then commented by several actors from academia and the technical communities, the private sector, as well as civil society and government in form of replications. all MIND-publications