Cybersecurity: The technical realities behind the headlines

Event report

The objective of the session was to discuss the basic technical concepts which are the building blocks for cybersecurity discussions.

The session was initiated my the moderator, Mr Chris Buckridge, External Relations Manager, RIPE Network Coordination Centre (RIPE NCC), who stressed the need to understand the technical concepts at work in order to understand the building blocks for contributing to the cybersecurity discussions. In addition to the technical community, other stakeholders also need to understand what happens on the Internet and how it happens.

Mr Patrik Fältström, Manager Engineering, Research and Development at Netnod, Stockholm University, elaborated on the meaning of time, noting that the measurement of time is dependent on accuracy and precision. Based on requirement, organisations need to choose between accuracy and precision. He added that time stamps need to be accurate, especially for events happening in distributed systems. While new technologies such as 5G clocks need to be more accurate, there are challenges owing to the differences in time scales, even within the same time-zone.

Answering a question about Galileo, the global navigation satellite system, vis à vis the Global Positioning System (GPS), he clarified that the former is more modern, however it is very similar to the GPS system.

Responding to a question on the Netnod system, Fältström explained that the Netnod system does not allow access from outside, as redundancy is important for resilience when it comes to security issues.

Fältström explained the importance of replaceability, redundancy, and having multi-vendors that are informed on the way the system works. Moreover, consumers should have the option to choose which service or vendor they want to use.

Mr Marco Hogewoning, External Relations Officer – Technical Advisor, RIPE NCC, pointed out that while most people treat cybersecurity as a technical problem, it is much more than that. He added that although technology can secure the systems, there is a cost associated with building the systems and a need for willingness to apply the solutions. He further added that as cybersecurity is a broad subject, it needs the involvement of all stakeholders, even when the solutions are being designed. He further stressed the importance of looking outside the cause and complexity of cybersecurity, for a more simplistic solution.

Hogewoning indicated that laws today are mostly reactive, and it is important to invest in preventive security, educate people, build quality products and pay the price of the product. He went on to say that it is important for people to report cybersecurity breaches, in order for Computer Emergency Response Teams (CERTs) across the world to provide reports which are meaningful and functional and can help in the discussions.

Ms Marjolijn Bonthuis Krijger, ECP, reiterated that while technical skills are important, it is equally important to have knowledge about cybersecurity and teach self, employees, community Members, and young children about it.

Mr Peter Koch, Policy Advisor at DENIC, emphasised the need for standards. While the complexity in standards today leads to challenges in deployment and their misinterpretation, it is important to learn from mistakes and not repeat them.

He further stressed the fact that no software is bug-free today, especially as software has dependencies on the building blocks, which may have bugs that are harder to fix. Even operating system software has an option to review codes, and security software operating systems have been reported to have bugs. It is therefore important for organisations to invest money and manpower to review software in order to fix the bugs. Moreover, there should be an incentive among users to upgrade the existing versions. He also added that security is like an organisation and demands attention, and that the human factor should not be ignored.