Quantum-IoT-Infrastructure: Security for Cyberspace | IGF 2023 WS #421

Knowledge Graph of Debate

Session report

Wout de Natris

The lack of cybersecurity measures in Internet of Things (IoT) devices is a pressing issue that demands attention. While the technical community has made efforts to address this concern, the majority of governments and industries have not yet prioritised security by design in IoT. This oversight has resulted in widespread vulnerability and the potential for malicious attacks.

Initially, cybersecurity was not a concern during the early days of the internet, as worldwide connectivity was limited. However, with the rapid expansion and integration of IoT devices into our daily lives, the need for robust security measures has become increasingly evident. Unfortunately, IoT devices are often designed without adequate security measures, making them susceptible to cyber threats and potentially compromising users’ personal data.

One argument put forth is that governments and large corporations should play a crucial role in setting the standard for security in IoT. An example of this proactive approach is seen in the Dutch government, which has taken the lead by imposing the deployment of 43 different security standards. This demonstrates the importance of demanding high levels of security in IoT devices.

Another concerning aspect is the lack of rigorous security testing before new technology, including ICT, enters the market. The fast pace of innovation and the urgency to bring products to market often result in inadequate security measures. It is argued that security should be a fundamental consideration and undergo formal testing before any form of ICT is released, minimising risks for users.

On a more positive note, international cooperation and information sharing are emphasised as pivotal factors in staying ahead in terms of cybersecurity. The power of the internet lies in its ability to facilitate global discussions, enabling the sharing of knowledge and experiences across borders. Governments and larger industries need to be made aware of their role and potential influence in addressing cybersecurity challenges, fostering collaboration and cooperation on a global scale.

In conclusion, the lack of cybersecurity measures in IoT devices poses a significant challenge that needs to be addressed urgently. Efforts from both the technical community and various stakeholders are required to push for security by design and the implementation of robust standards. Governments and large corporations hold the responsibility of leading the way, setting the standards for security in IoT. In addition, rigorous security testing should become a prerequisite before any form of ICT is introduced to the market. Furthermore, international cooperation and information sharing are critical for staying ahead in the ever-evolving landscape of cybersecurity. Only through collaboration can we tackle the challenges and vulnerabilities inherent in the interconnected world of IoT.

Moderator – Carina Birarda

This extended summary highlights the main points and arguments presented in the given information on cybersecurity. It also provides more details, evidence, and conclusions drawn from the analysis.

The first argument states that there has been a significant increase in cybersecurity incidents at the international level, which is viewed as a negative trend. This can be attributed to the global connectivity that has become a key factor behind this increase. Additionally, the emergence of sophisticated criminal activities, such as crime as a service, has further contributed to the rise in cybersecurity incidents. The supporting evidence for this argument is the fact that cyberattacks are often conducted by actors in multiple countries, indicating the global nature of the issue.

The second argument emphasizes the fundamental challenge of adopting internationally-recognised cybersecurity best practices. It is highlighted that only a few organisations currently practise these standards, and the lack of adoption is a global issue. The evidence supporting this argument includes the observation that just a small number of organisations implement these best practices, indicating a need for widespread adoption to enhance cybersecurity at both national and international levels.

The third argument stresses that cybersecurity is a global issue that necessitates international collaboration for effective mitigation. The fact that cyberattacks do not respect borders or jurisdictions is put forward as evidence for the need for international cooperation. Additionally, it is stated that information sharing at the international level is imperative for combating cybersecurity threats. This argument highlights the importance of collaboration between countries to establish a robust global cybersecurity framework.

The fourth argument suggests that understanding the threats facing IoT, web, and quantum technologies is essential for implementing proper cybersecurity practices. By gaining a comprehensive understanding of these threats, appropriate best practices can be selected and implemented. The evidence supporting this argument is the observation that proper implementation of cybersecurity practices can only be achieved by addressing the specific threats posed by emerging technologies.

In conclusion, the extended summary highlights the increasing number of cybersecurity incidents on an international scale as a negative trend. The adoption of internationally-recognised cybersecurity best practices is identified as a fundamental challenge, with only a small number of organisations currently practising these standards. It is established that cybersecurity is a global issue requiring international collaboration for effective mitigation. Understanding the specific threats posed by emerging technologies is emphasised as crucial for implementing proper cybersecurity practices. Overall, the analysis underscores the need for international cooperation and comprehensive measures to address the growing cybersecurity challenges.

Maria Luque

Quantum technologies, specifically quantum computing, present challenges and opportunities in terms of cybersecurity. The concern is that quantum computing has the potential to break current cryptographic systems and expose sensitive information. To combat this threat, researchers are developing technologies like Post-Quantum Cryptography (PQC) and Quantum Key Distribution (QKD). PQC, although not yet standardized, can be applied today as a software-based solution, while QKD requires substantial investment and the creation of new secure communication infrastructures.

It is argued that governments and the technology industry need to continuously and significantly invest in quantum technologies to ensure data security in the face of the quantum threat. QKD, in particular, requires high investment and the establishment of entirely new infrastructures for secure communication. On the other hand, tech companies have already started implementing PQC into their solutions, showing their recognition of the need to adapt to quantum technologies.

Organizations also need to assess and adapt their information security structures to prepare for the quantum threat. They should understand their information architectures, level of encryption, and capabilities necessary for transitioning to quantum security. The approach for organizations may vary depending on their size, with smaller ones potentially adopting PQC and larger ones engaging in quantum communication networks.

For small tech companies, the infrastructure provided by large tech companies like AWS, Microsoft Azure, and Google is crucial for addressing the challenges posed by quantum technologies. These platforms serve as a foundation for smaller companies to navigate the complexities of quantum computing.

Deploying PQC algorithms in the cloud is considered a potential solution for securing data for small companies in the next five to ten years. Despite not being favoured by some, it is argued that deploying PQC algorithms in the cloud offers optimal data security for small companies. However, there is debate regarding this approach, with some opposing the practice for maintaining data security.

Countries are encouraged to focus on their strengths and specialties when planning their national quantum strategies. For example, Spain has chosen to invest in areas where it excels, such as optics and mathematics, to drive its quantum technology development.

In conclusion, quantum technologies pose both challenges and opportunities in cybersecurity. Addressing the quantum threat requires significant investments in quantum technologies, assessments and adaptations of information security structures, and consideration of alternative solutions like deploying PQC algorithms in the cloud. Additionally, countries should strategically focus on their strengths and specialities to plan effective national quantum strategies. Ongoing research and discussions are needed in this rapidly evolving field.

Olga Cavalli

Latin America faces unique technological and internet infrastructure challenges due to economic and distribution inequalities. These challenges stem from the disparities in wealth and resources within the countries of the region. As a result, access to and the quality of technology and internet infrastructure vary greatly across Latin America.

To address these challenges, there is a need for increased participation in policy dialogues related to the internet in Latin America. Olga Cavalli, a university teacher at the University of Buenos Aires, has played a key role in creating a training program for professionals to learn about the rules of the Internet, understand its challenges, and participate more actively in policy dialogues. This initiative aims to empower Latin American countries to have a stronger voice in shaping internet policies that are suitable for their specific needs and circumstances.

Furthermore, the rapid adoption of Information and Communication Technology (ICT) and Internet of Things (IoT) devices in Latin America has raised concerns about increased vulnerabilities due to the lack of initial security designs. It is estimated that there will be between 22,000 million to 50,000 IoT devices in the region next year. The fast pace of adoption leaves little time for proper security measures to be implemented, which could lead to potential breaches and threats in the future.

Argentina has taken proactive steps in addressing cybersecurity concerns. The national administration has implemented binding resolutions that require the preparation of a security plan, the assignment of a focal point for contact, and information sharing in the event of a cyber incident. Additionally, a manual has been developed to guide the national administration on how to respond to such incidents. A new cybersecurity strategy has also been approved, showcasing Argentina’s commitment to ensuring security in the digital realm.

Developing countries and small to medium enterprises (SMEs) face significant challenges in keeping up with rapid technological changes. These challenges include restrictions on importing certain products and hardware, as well as a lack of human resources, as trained professionals often migrate to developed countries in search of better opportunities. The combination of limited resources and a lack of technical expertise hampers their ability to understand and afford new technologies, creating a widening technology gap.

Moreover, developing economies and small to medium enterprises are often consumers of technologies developed elsewhere, which raises concerns about the global technology gap. While major technology companies like AWS, Microsoft Azure, and Google are expected to provide solutions based on emerging technologies like Post-Quantum Cryptography (PQC) algorithms and cloud computing, developing economies and SMEs rely on these technologies without actively contributing to their development. This dependence on technologies developed elsewhere puts them at a disadvantage.

To address these challenges, capacity building and awareness are advocated as essential measures. By investing in the development of local technological capabilities and creating awareness about the importance of technology, Latin American countries can reduce their reliance on technologies developed by other countries. This would help narrow the global technology gap and allow them to actively contribute to technological advancements that suit their specific needs.

In conclusion, Latin America faces unique challenges in technological and internet infrastructure due to economic and distribution inequalities. Increasing participation in policy dialogues, addressing cybersecurity concerns, and bridging the technology gap are crucial steps towards creating a more inclusive and technologically advanced region. Additionally, capacity building and raising awareness about technology will empower Latin American countries to shape their own technological future.

Nicolas Fiumarelli

During the discussion, the speakers emphasised the necessity of implementing security technologies, such as RPKI, DNSSEC, IoT security standards, and quantum-resistant algorithms, through legislation. They pointed out that the rising number of Internet of Things (IoT) devices and the advancements in quantum computing pose significant security risks. These risks can be mitigated by the adoption of robust security measures.

The speakers also highlighted the existence of security standards developed by the Internet Engineering Task Force (IETF) specifically for IoT devices. These standards provide guidelines and best practices to ensure the security of IoT networks and data. However, one speaker questioned why these security technologies are not universally enforced in all Information and Communication Technology (ICT) systems through legal obligations.

It was acknowledged that the implementation of advanced security technologies comes with a high cost. This cost may pose a challenge to widespread adoption. Nonetheless, the importance of safeguarding critical infrastructure and personal information against cyber threats and data breaches justifies the investment in these technologies.

Overall, the sentiment during the discussion was neutral, indicating a balanced examination of the topic. The speakers’ arguments and evidence provided a comprehensive understanding of the urgency to implement security technologies, alongside the challenges associated with their implementation. The discussion aligned with SDG 9: Industry, Innovation and Infrastructure, as it emphasised the need for secure and resilient ICT systems to support sustainable development.

Through this analysis, it becomes evident that the adoption of security technologies through legislation should be encouraged and prioritised. This will help ensure the protection of IoT devices and networks, while also addressing the growing threat of quantum computing to traditional encryption methods. Additionally, the development and enforcement of security standards can play a crucial role in enhancing cybersecurity practices across various industries.

In conclusion, the discussion underscored the significance of deploying advanced security technologies and standards to safeguard ICT systems. Although challenges such as high implementation costs exist, the speakers highlighted the urgency to address these concerns and apply security measures throughout the industry. By doing so, they aimed to emphasise the need for a comprehensive approach to cybersecurity, simultaneously addressing both technological advancements and legal enforcement.

Carlos Martinez

The discussion centres around the vital role of DNSSEC (Domain Name System Security Extensions) and RPKI (Resource Public Key Infrastructure) in securing the fundamental structure of the internet. These security protocols are instrumental in safeguarding the integrity and authenticity of DNS responses and BGP (Border Gateway Protocol) announcements, respectively.

DNSSEC and RPKI operate by utilising digital signatures to verify the legitimacy of DNS responses and BGP announcements. This verification process ensures that the network delivers data packets to the correct destination, maintaining the proper functioning of the internet. The speakers unanimously recognise the crucial importance of DNSSEC and RPKI, highlighting their shared responsibility in both signing and validation processes.

On a related topic, there has been a debate concerning the potential weakening of cryptographic algorithms and the inclusion of backdoors to enable access. However, Carlos, one of the speakers, expresses a negative sentiment towards this notion. He asserts that such actions would be unwise, potentially compromising the security of cryptographic systems. This viewpoint aligns with SDG 16, which focuses on ensuring peace, justice, and strong institutions.

A positive aspect discussed is that both DNSSEC and RPKI have algorithm agility built into their design. This feature ensures that they can adapt to incipient post-quantum cryptographic scenarios. Consequently, when post-quantum cryptographic algorithms are standardized, they can be effectively incorporated into DNSSEC and RPKI, providing continued security measures against quantum threats.

The debate also encompasses the challenge of mandating technology, with the speakers highlighting instances where such endeavors have proven unsuccessful. They note the issues surrounding cost and benefit discrepancies, particularly in the context of the Internet of Things (IoT) and DNSSEC/RPKI implementation. Furthermore, while post-quantum algorithms have been proposed, they have not yet achieved a satisfactory level of performance.

In conclusion, the speakers collectively emphasize the importance of DNSSEC and RPKI in securing the core infrastructure of the internet. Their positive sentiment towards the efficacy of these protocols underscores their significance in maintaining a properly functioning internet. Nonetheless, there is a negative sentiment towards weakening cryptographic algorithms, highlighting the potential risks associated with such actions. The speakers also acknowledge the need for flexibility and tailored approaches when addressing different technologies, rather than enforcing a one-size-fits-all mandate. Ultimately, this discussion highlights the ongoing challenges and complexities associated with internet security and the need for continued research and adaptation to effectively counter emerging threats.

Speakers