Implementing collaborative security: Challenges and success stories

16 Jun 2017 09:00h - 10:45h

Event report

[Read more session reports from WSIS Forum 2017]

The session, moderated by Mr Ryan Polk (Internet Society), featured discussions on how to enhance trust in the Internet using the collaborative security approach to solving Internet security problems like the WannaCry and botnets attacks. In his introductory speech, Polk explained the concept of collaborative security which can be thought of as interconnection, depending not only on your action, but on action by everyone in relation to others in the network. He presented five key elements of collaborative security which are: (1) stop only perceiving harm, and think about opportunities for development; (2) adopt a concept of collective responsibility through multistakeholder and cross border collaboration based on trust relationships; (3) note that the security solution has to preserve the fundamental properties of the Internet (like open standards, free innovation, global reach) and human rights; (4) ground solutions in the experience and development collaboratively; and (5) think globally about security and act locally.

Mr Flavio Wagner (CGI.br) began his participation by giving an overview about CGI.br, NIC.br, and CERT.br. In his speech, he brought some successful stories from Brazil. First, Wagner mentioned some Antispam.br and CERT.br activities like a study on the legal framework (evaluation bill proposals in congress and creation of a report with a new text of legislation proposed to congress); an e-mail marketing self-regulation initiative; best practices and awareness for Internet service providers (ISPs), telecommunication operators, and end users; and the honeypots and SpamPots projects. He discussed the Port 25 Management working group. The main motivations for the creation of this working group was Brazil being appointed as a big ‘source’ of spam. More than 90% of spam leaving Brazil originates from abroad as end-user computers are being abused in different ways. The goal of this working group was to reduce the abuse of the Internet infrastructure by spammers. The adopted solution was blocking outgoing connections to port 25 at end-user networks (known as Port 25 management) and it needed to be articulated among different sectors like ISPs, telecommunication operators, and Anatel. Wagner said that in less than year Brazil decreased its position in the spam ranking from first to approximately 25th. Finally, he remembered the NETmundial multistakeholder declaration that brought onto its roadmap some guidelines for security initiatives among all the stakeholders.

In her speech, Ms Deborah Brown (Association for Progressive Communications) said that APC works on the three perspectives of security: individual, devices, and networks. She brought some example of initiatives about security like a campaign launched by APC 10 years ago to empower women and girls online using technology for freedom of expression and the IGF Best Practice Forum on Online Abuse and Gender-Based Violence. Brown gave consideration to the difficulty of dealing with personal attacks online and hacking accounts and how human rights activists can be at risk, bringing the need to find a secure way for communication. She also talked about the attacks on human rights websites. According to her, the first reaction of people to an online attack is to delete the post. But it is necessary to be aware of the need to document this kind of threat for use as evidence and after for the takedown notice. Brown spoke about the importance of moving forward and keeping the dialogue without answering violent messages. Finally, she considered that security is a multilayered issue passing through individual spheres, a technical sphere, and the community.

Mr André Fernandes (ISOC Youth SIG) gave some consideration to how youth see the security question and the difficulty of youth to have a voice in this debate. He said that it is common. Young people make some mistakes in the use of technology because of the lack of knowledge among those who do not use the network frequently. Fernandes believes that collaborative security is not only a technical issue but can take into account skills development, and social and economic issues. Another point he made is that young people have an incomplete sense of the meaning of security, associating it only with anti-virus programs and the use of passwords. In his opinion, the security issue is invisible for many young people and privacy is a secondary preoccupation for them. Finally, Fernandes concluded that youth do not believe in traditional institutions; they believe much more in their networking. This vision, he said, came from their use of the Internet.

At the end of the session, Polk raised some questions for the speakers, including the Internet of Things, artificial intelligence, and the role of governments in the collaborative security approach.

by Nathalia Sautchuk Patrício