Cybersecurity: Initiatives in and by the Global South

Event report

[Read more session reports and live updates from the 11th Internet Governance Forum]

The workshop on cybersecurity initiatives in and by the Global South was introduced as an opportunity to discuss the importance of cybersecurity as a pre-requisite for growth of the Internet.

Cybersecurity was described as a broad topic by Mr Olaf Kolkman, Chief Internet Technology Officer of the Internet Society. Kolkman stated that in discussing cybersecurity there is the risk of trying to talk about everything. He further described the Internet Society’s approach as one of collaborative security. This approach is used to describe the properties of the Internet. Kolkman also noted that the Internet has a global reach and security can only be done in collaboration at the scale where action can be taken. This implies the notion of subsidiarity where goals are defined and actions taken at the smallest possible level. By definition, the Internet is decentralised and requires collaboration.

Kolkman shared some experiences of working with African experts to identify specific challenges to cybersecurity in Africa. Challenges identified include bandwidth and the cost of bandwidth, reliable electrical power, training, and capacity issues. He also noted the lack of information sharing, the lack of legislation, and the need for enforcement regimes.

Several recommendations were made:

• Set up an Africa-wide coordination and collaboration cybersecurity committee.
• Promote capacity building and knowledge sharing, encouraging universities to create training programmes; collaborate with law enforcement.
• Promote IXPs, which bring resiliency and collaboration.
• Have public institutions lead by example by adopting a set of security practices, for example, DNSSEC.
• Have ISPs implement baseline security, for example, the Internet Society’s MANRS initiative.
• Ensure that cybersecurity is part of the organisation’s genome, embedded in all functions.

He concluded by saying that what was important is that African security is being done by Africans.

Ms Christine Hoepers, CERT Brazil, said that one of the most challenging aspects of cybersecurity is training people with the required technical skills to understand the nature of security issues. She noted that users sometimes believe that it is only the ISP or the government that has the resources to work on these issues. The major challenge is to get everyone to understand that it is a collaborative effort. Users today are purchasing technology or devices with security issues and do not have the information or understanding as to how to deal with these issues. Addressing these security issues is everyone’s responsibility.

CERT Brazil is involved in training at all levels; for ISPs, DNSSEC-related issues, and training in other basic networking skills. The key understanding is that there is no central control of security, it is everyone’s responsibility.  The focus is on bottom-up collaboration, getting people to come together, which requires trust.

Jean-Robert Hountomey, Director of AfricaCERT, discussed how collaboration and trust were dealt with in the African context. At first, stakeholders were focused on their interests. The discussion or debate was reframed into one dealing with economic issues and advantages. This reframing allowed the various stakeholders to work together.

Initially there were only three CERTs on the continent and about three national strategies. Today there are about 8 published national strategy documents with 20 CERTs. The collaboration allowed network operators, researchers, and educators to come together to find solutions for regional problems.

AfricaCERT reaches out to the ITU and the law enforcement community to discuss challenges and identify solutions. Hountomey indicated that the future looks promising, given the awareness activities, support of political leaders, Internet Society involvement,  and the encouragement of civil society. He pointed out that there is a national cybersecurity agenda with specific measurable and attainable goals and an implementation plan. This agenda calls for an effective incident response team, effective legal framework, and the need to create more cyberskills based on a global cybersecurity culture.

One of the attendees noted that security issues do not wait for us to develop legal frameworks or strategies. She also noted that when strategies are being discussed, it is usually to address a specific point. Care should be taken to understand the unintended consequences of these strategies.

We need to first understand how the network works.

Hountomey raised another challenge: different countries operate at different maturity levels which impacts communication and overall understanding. One example given was that the understanding of responsible disclosure may vary between organisations or countries based on their maturity levels.

The Seed Alliance gave a presentation on three cybersecurity projects.

1. Experiences developing the Tonga National Cert which covers 177 islands, 52 of which are inhabited.
2. A project to identify and categorise malicious traffic. Mention was made of anonymous browsers that enable anonymous communication but also make it possible to spread malware and malicious traffic.
3. A project out of Columbia that used the Public Key Infrastructure to validate routes on its network. The project allowed the ISP and academic research teams to understand and validate the network traffic, thus making the network more secure.

In response to a question on the dependence of the South on the infrastructure of the North, it was noted that the global South is dependent on routing traffic off continent, hence the need for IXPs which play a major role in keeping traffic local.  Mention was also made of trust issues as they relate to the monitoring of traffic as it leaves the continent.

The use of open source tools and software to reduce costs and assist with cybersecurity initiatives was also noted. The Pacific Islands use open source software and adopt open standards in their implementations.

Capacity building, partnerships, and cooperation were identified in building cybersecurity initiatives. Opportunity must be created for people to understand the issues, to share their knowledge and experiences, and to benefit from the exchange of ideas with all stakeholders.

by Trevor A. Phipps