Internet resilience towards a renewed resilience for society
9 Dec 2021 14:05h - 15:35h
Event reportModerated by Mr Lucien Castex (Public policy representative, AFNIC) and Mr Samih Souissi (Deputy head of the Open Internet unit, ARCEP), this session addressed the multifaceted issue of Internet resilience and its relation with the global resilience of society. Souissi argued that the resilience of the Internet is a collective responsibility and the mobilisation of the different players in the ecosystem is necessary to preserve the Internet and its core values. The session aimed at better understanding of the perspectives of various stakeholders (the government, international organisations, technical community, as well as the private sector) in tackling this issue and envisioning the future of Internet resilience.
Mr Ghislain de Salins (Policy expert, OECD) detailed the role of the Organisation Economic Cooperation and Development (OECD) in relation to Internet resilience. Within one of the committees of the OECD focused on digital economy, a specifically dedicated working group on cybersecurity has been set up. While defining Internet resilience as the ability to anticipate and recover from cyber incidents, de Salins argued that the resilience of communication infrastructure has evolved significantly over the past years, in line with dramatic changes at the network level. These evolutions relate to the increasing critical nature of networks, the current convergence between communication networks and cloud providers, as well as the increasing use of artificial intelligence (AI). In relation to the products and services used on top of infrastructure, the OECD has published two reports highlighting that the resilience of products and services is not only a technical issue, but also an economic and social challenge. As market dynamics are not likely to bring an optimal level of resilience, policymakers need to step in and try to realign market incentives. The OECD proposed a range of high-level principles to guide policymakers, including transparency, information sharing of responsibility, duty of care, and cooperation.
Ms Eglé Dauksiene (policy analyst, Lithuanian government) presented the work of the Lithuanian government to improve Internet resilience and increase the level of cybersecurity at the national and the EU level. In addition to the processes and obligations created by the NIS directive on cybersecurity at the EU level, Dauksiene emphasized the need for more cooperation at various levels. Companies and citizens need to be better included, for instance, through the practice of coordinated disclosure of vulnerabilities, ensuring that the individuals who discover vulnerabilities can report them without fear of retaliation. There is a need for stronger international strategies at the technical and political levels to improve cooperation, as is already done at the EU level with the toolbox, in order to address security risks related to the rollout of 5G. In relation to situational awareness, there is a need to enhance engagement among different communities in preparing for large scale incidents and crises. Among the main obstacles for progress, Dauksiene listed the lack of awareness of cybersecurity challenges, difficulties to develop efficient mutual assistance mechanisms, the lack of human resources, and limited trust among key stakeholders. On the latter, Lithuania is leading a project of cyber rapid response teams with partner countries.
Mr Jean-Jacques Sahel (Asia-Pacific Information Policy Lead, Google) then detailed how Google attempts to guarantee the resilience of its infrastructure and be an active player in ensuring global Internet resilience. In this context, Sahel referred to resilience in its broader comprehension, taking into account also how the Internet is used. Among the existing threats to Internet resilience, Sahel listed the permanence of the digital divide across the world, the possibility of technical outages, as well as the growth of Internet shutdowns. To address those challenges, Google invests into infrastructures (including sub-sea cables) as well as hundreds of data caching points over the world. Sahel noted that in a number of countries it remains extremely difficult to land subsea cables due to antiquated laws governing local infrastructures. In light of recent spikes in terms of Internet traffic, different measures have been adopted, including setting by default to standard (rather than high definition) the streaming quality for YouTube. In relation to Internet resilience, Sahel called for democratic countries to lead by example and make sure their online content regulations are freedom-oriented and take into account the global and open nature of the Internet.
Mr Marco Hogewoning (Public Policy Manager, RIPE-NCC) provided a technical perspective on the issue of Internet resilience, and explored how to allow a security culture change in order to better handle cyber incidents. Hogewoning emphasized that all stakeholders should be conscious of the technical engineering reality that there is no such thing as zero risk. In terms of security culture and the way incidents are handled, great improvements could still be made, like looking at practices in other sectors (such as aviation), for instance. While a great focus is now placed on reporting, there is however still a problematic lack of transparency in relation to the technical information that would help actors identify the root causes of incidents and understand how to address them in the future. The issue of trust is indeed crucial, as shown by the fact that governments, even among partner countries, often deliberately choose not to share their ‘exploits’ and identified vulnerabilities.
By Clement Perarnaud
Session in numbers and graphs
Automated summaryDiplo’s AI Lab experiments with automated summaries generated from the IGF sessions. They will complement our traditional reporting. Please let us know if you would like to learn more about this experiment at firstname.lastname@example.org. The automated summary of this session can be found at this link.
Internet Governance Forum (IGF) 2021
6 Dec 2021 10:00h - 10 Dec 2021 18:00h
Katowice, Poland and Online