Procuring modern security standards by governments&industry | IGF 2023 Open Forum #57

12 Oct 2023 04:30h - 06:00h UTC

Event report

Speakers and Moderators

Speakers:
  • Mallory Knodel, Center for Democracy & Technology and Internet Architecture Board (IETF), U.S.
  • Wout de Natris, Coordinator IS3C, Europe
  • Gerben Klein Baltink, Dutch Internet Standards Forum (Internet.nl), Europe
  • Annemiek Toersen, Dutch Standardisation Forum, Europe
  • Gilberto Zorello, NIC Brasil, South America
  • Flavio Kenji Yana, NIC Brasil, South America
  • Satisch Babu, INAPP, Southern Asia
Moderators:
  • Olaf Kolkman, ISOC

Table of contents

Disclaimer: This is not an official record of the IGF session. The DiploAI system automatically generates these resources from the audiovisual recording. Resources are presented in their original format, as provided by the AI (e.g. including any spelling mistakes). The accuracy of these resources cannot be guaranteed. The official record of the session can be found on the IGF's official website.

Knowledge Graph of Debate

Session report

Wout de Natris

The Internet Standards, Security and Safety dynamic coalition is dedicated to enhancing the security and safety of the internet. They have formed three working groups to address specific areas: Security by design on the Internet of Things, Education and skills, and Procurement and Supply Chain Management and the Business Case. These groups aim to tackle various challenges and contribute to a more secure and safer online environment.

The coalition is actively engaged in several projects, including the deployment of DNSSEC (Domain Name System Security Extensions) and RPKI (Resource Public Key Infrastructure), as well as exploring emerging technologies and addressing data governance and privacy issues. These initiatives reflect the coalition's commitment to promoting best practices and robust security measures in the digital landscape.

One of the key objectives of the coalition is to convince decision makers to invest in secure design and deployment of internet standards. To achieve this, they are developing a persuasive narrative that utilises political, economic, social, and security arguments. By providing compelling reasons, they aim to encourage decision-makers to prioritise and allocate resources towards implementing robust security measures.

The Procurement and Supply Chain Management and the Business Case working group have released their first report, which focuses on comparing global procurement policies. This report sheds light on the current landscape and provides insights into various approaches and practices in procurement. Consequently, this information can be utilised to identify areas for improvement and to advocate for more secure and transparent procurement processes.

An important observation highlighted by the coalition is the lack of recognition of open internet standards by government policies. This finding underscores the need for greater alignment and integration of these standards into policy frameworks. Universal recognition and adoption of standards for data protection, network and infrastructure security, website and application security, and communications security are seen as crucial steps toward a safer digital environment.

In addition, the coalition aims to provide a practical tool for decision makers and procurement officers. This tool, which includes a list of urgent internet standards, will help guide decision-making and procurement processes, ensuring that security considerations are effectively integrated into ICT procurement.

The coalition also seeks to improve procurement policies and the validation process for open internet standards in public procurement. They recognise the importance of streamlining and expediting these processes to ensure efficient and effective adoption of open standards. By doing so, procurement policies can be enhanced, leading to more secure and reliable digital infrastructure.

Overall, the Internet Standards, Security and Safety dynamic coalition is making significant efforts to enhance internet security and safety. Their work spans various areas, from promoting secure design and deployment of internet standards to advocating for the recognition and adoption of open internet standards in government policies. By collaborating and addressing key challenges, they aim to create a safer online landscape for individuals, organisations, and governments.

Audience

The speakers discussed the importance of promoting the international use of testing websites to uphold standards such as accessibility and sustainability. They highlighted the effectiveness of a Dutch testing website and advocated for its adoption globally. The positive sentiment was reinforced by the speaker's personal experience of receiving a T-shirt after testing a website that scored 100%.

Shifting focus to India's digital transformation, the discussion revealed concerns about the poor compliance status. Although India has made progress in digital public infrastructure, including the development of a vaccine website during the COVID-19 pandemic, there is a need for scaling up existing applications to meet the demands of the country's population. The lack of multilingual applications and universal acceptance in India's digital transformation was also brought to attention, with a specific mention of the problem of non-Latin scripts in domain names. The speakers highlighted ICANN's efforts to resolve this issue and suggested incorporating testing for these aspects in the code of internet.nl.

The importance of digital standards was emphasized, but it was noted that India does not have a law mandating compliance with the latest standards. Instead, the speakers proposed nudging stakeholders through volunteer work and the periodic dissemination of test results.

Overall, the analysis provided a comprehensive overview of the discussions, including key points, arguments, and evidence presented. The speakers' positive sentiments, concerns, and suggestions offer valuable insights for further exploration in the field of digital transformation and compliance.

Annemiek Toersen

Open standards play a crucial role in enhancing the interoperability, security, accessibility, and vendor neutrality of IT systems within the Dutch government. The Netherlands Standardization Forum, which advises the Dutch government on open standards, has identified about 40 open standards on the "comply or explain" list that are mandated for use in new IT systems or services.

To promote open standards adoption, the Dutch government has implemented a comprehensive strategy that includes mandating specific open standards, investing in community building, and closely monitoring their adoption. The Netherlands Standardization Forum has successfully secured agreements for implementing standards like HTTPS and DNSSEC. They also use internet.nl to regularly measure the usage of open standards across approximately 2,500 government domains.

To achieve wider acceptance, the Dutch government actively cooperates with vendors and international counterparts. For example, the Netherlands Standardization Forum has collaborated with Microsoft to ensure support for the DANE security standard by spring 2022. They are also sharing the code base of internet.nl with countries like Denmark, Australia, and Brazil to encourage broader adoption of open standards.

Despite these efforts, there is still work to be done, as many government tenders do not fully comply with open standards requirements. The Netherlands Standardization Forum regularly reports insufficient compliance to the Dutch cabinet.

Collaboration between internet.nl and other dashboards focusing on website accessibility can strengthen testing standards, including elements like accessibility and sustainability.

Convergence of different internet standards is necessary to avoid duplicating efforts, and the Ministry of Internal Affairs and Infrastructure is working towards a single dashboard to combine various standards.

Validating standards is crucial, and the Netherlands Standardization Forum emphasizes the need for scrutiny to ensure effectiveness and relevance.

The adaptation of standards is supported, but it requires common agreement among multiple organizations in the Netherlands. Overall, open standards are foundational to the Dutch government's IT systems, and the Netherlands Standardization Forum continues to drive adoption. However, challenges such as compliance and convergence need to be addressed through ongoing cooperation, validation, and adaptation.

Mallory Knodel

The analysis emphasizes the significance of implementing global internet security standards in procurement and supply chain management policies. It highlights that while some countries, like The Netherlands, already incorporate references to standards in their procurement policies, there is a noticeable lack of standardisation across regions and countries. This lack of a unified and syndicated approach poses challenges in ensuring consistent and effective internet security measures throughout supply chains.

To address this issue, the promotion of multi-stakeholderism in procurement and supply chain management is advocated. The suggestion is to utilize platforms such as the Internet Governance Forum (IGF) as a means to advance this initiative. By involving various stakeholders, including governments, private sectors, and civil society, it is believed that a more comprehensive and collaborative approach towards internet security can be achieved.

Moreover, the analysis calls for greater transparency in procurement policies worldwide. Specifically, it points out the need for more countries to openly publish their procurement policies. This transparency not only enhances accountability but also allows for better knowledge-sharing among nations, fostering the adoption of best practices in internet security.

Another key argument made is that cybersecurity standards should be treated as reference points in international treaties. These standards can also be transformed into compliance mechanisms, ensuring that nations adhere to established protocols in internet security. Additionally, there are opportunities to utilize open cybersecurity standards, which provide a basis for common guidelines and practices that can be widely implemented.

In terms of potential future investigations, the relevance of standardisation in the EU procurement process is acknowledged. While not the main focus of the research, the impact of standardisation on EU procurement is considered an area worth exploring further. This suggests that standardisation has the potential to play a significant role in shaping procurement practices within the European market.

Furthermore, the analysis highlights the importance of market entry as a driving factor for companies to pursue standardisation. In some cases, US companies may opt to get their technology standardised at platforms like Etsy in order to meet the requirements of European governments or tender bids. This emphasizes the role of standardisation in facilitating market access and competitiveness in the European market.

In conclusion, the analysis underscores the need for global internet security standards in procurement and supply chain management policies. It calls for a more standardized and syndicated approach across nations, promoting multi-stakeholderism and transparency. By treating cybersecurity standards as reference points and compliance mechanisms, and utilizing open standards, greater consistency and effectiveness in internet security can be achieved. The relevance of standardisation in the EU procurement process and its impact on market entry are also recognized. Overall, this analysis provides valuable insights and recommendations for advancing internet security standards in the procurement and supply chain management domain.

Alisa Heaver

The Dutch government strongly supports the Platform Internet Standards and Forum Standardisation, recognizing the crucial role that standards play in various sectors. They view the adoption of standards as essential for driving innovation and fostering a strong digital infrastructure. The government actively forms public-private partnerships to further promote the adoption of these standards.

These partnerships have been instrumental in advancing the use of standards by the Dutch government. Collaborating with private entities allows them to leverage expertise and resources to implement and develop internet and other types of standards. This collaborative approach strengthens the government's ability to adopt standards and encourages collective responsibility in their development and implementation.

The Dutch government's support for internet standards extends beyond its borders. They actively encourage other governments to embrace these standards for procurement and promote global collaboration. Alyssa Iver, a representative of the Dutch government, emphasizes the importance of working with experts in respective countries on internet and other types of standards. This collaborative emphasis ensures that standards are tailored to meet the unique needs and contexts of different countries, contributing to the global adoption and implementation of standards.

In conclusion, the Dutch government's strong support for the Platform Internet Standards and Forum Standardisation reflects their understanding of the vital role of standards in driving innovation and creating a robust digital infrastructure. Through public-private partnerships and global collaboration, they actively promote the adoption of standards both domestically and internationally. This commitment not only advances their own digital agenda but also contributes to the global framework for standards and collaboration.

Olaf Kolkman

The Internet Governance Forum (IGF) meeting focused on the importance of internet security for the common good. Olaf Kolkman, an advocate for protecting infrastructure, emphasized the need to safeguard the internet to benefit everyone, rather than just individual organizations. This highlights the collective responsibility to ensure the security and stability of the internet.

One of the challenges discussed at the meeting was the slow adoption processes for open internet standards. The adoption of these standards often takes several years before they are widely implemented. However, the meeting recognized that public-private partnerships can play a crucial role in promoting and accelerating the adoption of modern internet standards. By collaborating with various stakeholders, including governments and private organizations, the widespread adoption of these standards can be facilitated.

To further support the implementation of modern internet standards, effective tools were highlighted. The internet.nl test tool, for example, helps organizations and individuals assess if their websites, emails, and local connections are functioning in line with these standards. It is projected that over 1 million tests will be conducted using this tool by 2023. This demonstrates the practical impact and usefulness of such tools in facilitating the adoption of modern internet standards.

Knowledge sharing across countries was also emphasized as a means to promote the adoption of open internet standards. Countries like Brazil, Denmark, and Singapore have already initiated the adoption of these standards and tooling, setting an example for others to follow. The Platform Internet Standards, which was initiated as a public-private initiative, is open to learning from global experiments. This collaborative approach allows for the exchange of knowledge and best practices, enabling more countries to adopt these standards effectively.

Olaf Kolkman strongly supports the use of open internet standards as they enhance user safety, security, and online connectivity. He calls upon organizations to adopt these standards to ensure that the internet functions correctly and benefits everyone. These standards not only safeguard individual users and organizations but also contribute to the overall well-being of society.

Aside from discussions on internet security, the importance of accessibility and captioning in reducing inequalities was also acknowledged. The work done by Rochelle and her team in captioning was appreciated. Accessibility measures play a critical role in ensuring equal access to information and services for all individuals, regardless of abilities.

The Dutch Internet Standards Forum highlighted the need for wider use of testing and procurement methodologies to ensure the proliferation and adoption of internet standards. Olaf Kolkman pointed out the effectiveness of procurement methodologies and tools like internet.nl. He emphasized the practical impact of such initiatives, both in terms of financial considerations and wider deployment. It is imperative that regions and countries beyond the Dutch Internet Standards Forum begin utilizing similar tools to increase their usage and effectiveness.

In conclusion, the IGF meeting emphasized the importance of internet security, the challenges in adopting open internet standards, the role of public-private partnerships, the need for effective tools, and the significance of knowledge sharing and accessibility. It underscored the collective responsibility to protect infrastructure for the common good and to ensure that the internet functions in a safe, secure, and accessible manner for all. The discussions and insights gained from the meeting contribute to advancing the adoption and implementation of modern internet standards globally.

Gerben Klein Baltink

The adoption of modern internet standards is essential for ensuring safety, security, and efficient connectivity in today's interconnected world. However, the process of accepting and implementing these standards can be slow and challenging. It requires the cooperation and agreement of both IT technicians and board members within an organization.

The Platform Internet Standards and internet.nl play a vital role in making modern internet standards more accessible. Internet.nl, for example, has experienced significant growth, with over one million tests conducted in 2023. It provides a platform that allows users to determine whether their website, email, or local connection is functioning correctly with modern standards. This enables organizations to identify and address any issues that may arise during the implementation process, facilitating the correct adoption of standards.

International cooperation and sharing of resources and strategies are crucial for the global success of modern internet standards. Several countries, such as Brazil, Denmark, and Singapore, have established similar initiatives and platforms to promote the adoption of these standards. The Platform Internet Standards is open to sharing its learnings and experiences with other countries and organizations interested in establishing similar initiatives. This collaborative approach promotes knowledge exchange and fosters a more unified and effective implementation of internet standards worldwide.

The Dutch Internet Standards Forum plays a significant role in implementing new internet standards. The process of adding new standards to internet.nl is based on a consensual agreement within the forum. This ensures that all stakeholders have a say in determining which standards should be included and how they should be implemented.

When integrating new standards, the team at internet.nl investigates existing open-source tests that comply with the desired standard. If suitable tests are not available or do not integrate well with the current test environment, they consider creating their own code. This flexible approach allows for the seamless integration of new standards, ensuring that the testing process aligns with the specific requirements of each organization.

In cases where certain standards, such as accessibility standards, do not integrate well with the current test environment, proactive promotion is recommended. Instead of disregarding or delaying the adoption of these standards, they should be promoted as future inclusions. This approach encourages continuous improvement and ensures that all aspects of internet standards are addressed in due course.

In conclusion, the adoption of modern internet standards is crucial for ensuring safety, security, and efficient connectivity. The Platform Internet Standards and internet.nl play a vital role in making these standards more accessible through testing tools and solutions. International cooperation and the sharing of resources are essential for global success. The Dutch Internet Standards Forum facilitates the implementation of new standards, and the integration process involves investigating existing tests or creating new code. Proactive promotion of standards that cannot be immediately integrated ensures a comprehensive approach to internet standards.

Flavio Kenji Yana

NIC-BR is a non-profit civil entity in Brazil that is responsible for the administrative and operational functions related to the .br domain. Their main focus is on improving the internet infrastructure in Brazil, and their projects and actions aim to benefit various sectors of Brazilian society. One significant project is the Test Padrões (Test Standards) project, which utilizes open source code provided by Dutch implementation. This project promotes the best security practices for websites, email services, and user connections to the internet. It was implemented in December 2021, and its effectiveness can be assessed on top.nic.br. By adopting these security standards, NIC-BR aims to enhance internet security in Brazil.

The Test Padrões project is part of Brazil's Safer Internet program, which collaborates with ISPs (Internet Service Providers) and internet service providers, including operators. NIC-BR defines Key Performance Indicators (KPIs) to monitor the effectiveness of their actions. By working with ISPs and service providers, NIC-BR ensures widespread adoption of these security recommendations, creating a safer internet environment.

NIC-BR is actively involved in the Manners initiative, which encourages good online behavior. Brazil has the largest number of participants in this initiative, and there has been a significant annual increase in participation. This demonstrates Brazil's commitment to creating a positive online environment and fostering partnerships for the Sustainable Development Goals (SDGs).

Brazil has a robust internet landscape with over 10,000 ISPs, including small and medium-sized operators nationwide. These ISPs account for approximately 50% of the internet traffic in Brazil. Many ISPs and Internet Service Provider Associations in Brazil actively support NIC-BR's programs and initiatives, emphasizing their dedication to improving the internet ecosystem.

In summary, NIC-BR plays a crucial role in Brazil's internet governance and infrastructure. Their projects, such as Test Padrões, and collaborations with ISPs contribute to a safer internet environment. Brazil's active participation in initiatives like Manners showcases their commitment to responsible online behavior and partnerships for sustainable development. With the support of ISPs and service providers, NIC-BR is working towards enhancing internet security and improving the overall internet experience for users in Brazil.

Speakers

AH

Alisa Heaver

Speech speed

128 words per minute

Speech length

233 words

Speech time

110 secs

Click for more

AT

Annemiek Toersen

Speech speed

143 words per minute

Speech length

2164 words

Speech time

911 secs

Click for more

A

Audience

Speech speed

186 words per minute

Speech length

775 words

Speech time

250 secs

Click for more

FK

Flavio Kenji Yana

Speech speed

120 words per minute

Speech length

1284 words

Speech time

641 secs

Click for more

GK

Gerben Klein Baltink

Speech speed

158 words per minute

Speech length

1160 words

Speech time

441 secs

Click for more

MK

Mallory Knodel

Speech speed

190 words per minute

Speech length

2274 words

Speech time

720 secs

Click for more

OK

Olaf Kolkman

Speech speed

133 words per minute

Speech length

2029 words

Speech time

913 secs

Click for more

WD

Wout de Natris

Speech speed

163 words per minute

Speech length

2297 words

Speech time

848 secs

Click for more