Technical standards

Updates

The US National Institute of Standards and Technology (NIST) and its National Cybersecurity Center of Excellence (NCCoE) published ahow-to guide titled ‘Mobile Device Security: Cloud and Hybrid Build’ for public and private companies to protect their mobile devices form data breaches by using commercially available technology. In general, it is a manual for network architects to ensure employees can access information remotely, while minimising security risks.



 

The Internet Engineering Task Force (IETF) has introduced manufacturer usage descriptions (MUD) which provides the basic framework to allow manufacturers to provide policy that can be used to generate IP-based access lists. This feature will detect and possibly prevent Internet of things (IoT) devices to unrestrictedly access the network, but only allow them to connect to the dedicated services. MUD is realised as RFC 8520.

On March 12, IETF issued a new RFC 8555 for the Automatic Certificate Management Environment. With this new standard, issuing of certifications for websites will be automated and with no human intervention. Previously this process was manual only. ACME will preserve the same level of protection and security. The first version of ACME was developed by the Let’s Encrypt certification authorities back in 2015. Since then many certificate authorities introduced this new standard.

The ETSI (European Telecommunications Standards Institute) Technical Committee on Cybersecurity (TC CYBER) released a cybersecurity standard for Internet of things (IoT) products. The aim of the standard is to establish a security baseline for IoT consumer devices and to provide a basis for future IoT systems. Implementing this standard will require manufacturers to cease using universal default passwords and to implement a vulnerability disclosure policy that will enable to report about security issues. The initial draft of the standard was based on the ‘Code of Practice for Security in Consumer IoT Products and Associated Services’ which was published by the UK Government department for Digital, Culture, Media and Sport in March 2018.

 

According to a news release published by the International Telecommunication Union (ITU), the approval of a new ITU standard (ITU L.163) will pave the way for high-speed broadband services to be brought to rural communities through the use of lightweight, terabit-capable optical cables that can be deployed on the ground’s surface with minimal expense and environmental impact. According to the publication, even though radiocommunication can provide the ‘last mile’ connectivity, challenges arise when deploying in rural areas that are often many kilometres away from core networks. Optical infrastructure supported by the new standard, will therefore be indispensable in solving the challenge of providing true broadband to the otherwise inaccessible communities.

The British Standards Institute together with private companies, the UK National Cyber Security Centre, and the Department for Transport, developed cyber-security standard to help all parties involved in the self-driving vehicles industry in the UK. The guide focuses on issues of safety and security and it is published following the government’s 2017 guidance concerning the key principles of vehicle cybersecurity for connected and automated vehicles.

What are technical standards?

The Internet technical standards and services form the infrastructure that makes the Internet work, and include the Transmission Control Protocol/Internet Protocol (TCP/IP), the domain name system (DNS), and the secure sockets layer (SSL). Standards ensure that hardware and software developed or manufactured by developed entities can work together as seamlessly as possible. Standards therefore guide the technical community, including manufacturers, to develop interoperable hardware and software.

TCP/IP is the main Internet technical standard. It is based on three principles: packet-switching, end-to-end networking, and robustness. Internet governance related to TCP/IP has two important aspects: the introduction of new standards - an aspect that is shared by technical standards in general - and the distribution of IP numbers, which is explained in more detail in the section on IP numbers.

 

Setting technical standards

Technical standards are increasingly being set by private and professional institutions. The Internet Architecture Board (IAB) oversees the technical and engineering development of the Internet, while most standards are set by the Internet Engineering Task Force (IETF) as Request for Comments (RFC). Both the IAB and the IETF have their institutional home within the Internet Society (ISOC).

Other institutions include: the Institute of Electrical and Electronic Engineers (IEEE), which develops standards such as the WiFi standard (IEEE 802.11b); the WiFi Internet Governance Alliance, which is the certification body for WiFi-compatible equipment; and the Groupe Speciale Mobile Association (GSMA), which develops standards for mobile networks.

Standards that are open (open Internet standards) allow developers to set up new services without requiring permission. Examples include the World Wide Web and a range of Internet protocols. The open approach to standards development has been affirmed by a number of institutions. One such affirmation is the Open Stand initiative, endorsed by bodies including IEEE, IETF, IAB, the World Wide Web Consortium (W3C), and the Internet Society.

Technology, standards, and policy

The relevance of setting or implementing standards in such a fast developing market gives standard-setting bodies a considerable amount of influence.

Technical standards could have far-reaching economic and social consequences, promoting specific interests and altering the balance of power between competing businesses and/or national interests. Standards are essential for the Internet. Through standards and software design, Internet developers can shape how human rights are used and protected (e.g. freedom of information, privacy, and data protection).

Efforts to create formal standards bring private technical decisions made by system builders into the public realm; in this way, standards battles can bring to light unspoken assumptions and conflicts of interest. The very passion with which stakeholders contest standards decisions should alert us to the deeper meaning beneath the nuts and bolts.

Possible gaps in dealing with technical standards

Non-technical aspects - such as security, human rights, and competition policy - may not be sufficiently covered during the process of developing technical standards. For instance, most of the past developments of Internet standards aimed at improving performance or introducing new applications, whereas security was not a priority. It is now unclear whether the IETF will be able to change standards to provide proper authentication and, ultimately, reduce the misuse of the Internet (e.g. spam, cybercrime).

Given the controversy surrounding any changes to basic Internet standards, it is likely that security-related improvements in the basic Internet protocol will be gradual and slow. Yet decisive steps are starting to be implemented in this direction, with the Domain Name System Security Extensions (DNSSEC) being a good illustrative example. Following almost 12 years of research, trials, and debates within the technical community, DNSSEC first started to be deployed for some ccTLDs and from 2010 it was also implemented at the root server level. However, further challenges reside in the large-scale adoption of this new security standard down the ladder by the domain name registrars, ISPs, and website owners.

As with web standards, there appears to be a gap in the participation of stakeholders in the development of technical standards. Even though participation is open to all stakeholders groups, some submissions to the WGEC/correspondence group have noted the need for more involvement from specific stakeholder groups such as governments.

Events

Instruments

Conventions

International Telecommunication Regulations (WCIT-12) (2012)
International Telecommunication Regulations (WATTC-88) (1988)

Standards

ITU-T Recommendation X.1601 Security Framework for Cloud Computing (2015)
Recommendation ITU-T Y.3600 'Big data – cloud computing based requirements and capabilities' (2015)
Recommendation ITU-T Y.2060 ‘Overview of the Internet of things’ (2012)

Other Instruments

Resources

IoT – Economic Opportunities and Security Challenges (2018)
Blockchain Technology and Internet Governance (2017)

Publications

Internet Governance Acronym Glossary (2015)
An Introduction to Internet Governance (2014)

Reports

NI Trend Watch 2016 (2015)

GIP event reports

Connected and automated vehicles at the cross-roads to success (2019)
Human rights due diligence in practice in ICT sector (2018)
Forum debate: Are tech companies a threat to human rights? (2018)
Implementations of AI to Advance the SDGs – Panel 4: Safe and Secure AI (2018)
Projects in Action: Towards AI and Data Commons – Part 2 (2018)
Projects in Action: Towards AI and Data Commons – Part 1 (2018)
Ideas for Impact: AI Breakthrough Team Project Pitches (2018)
Collaborating and Investing in Beneficial AI (2018)
Celebration of the World Telecommunication and Information Society Day AI-Powered Moonshots – Meet the Astronauts (2018)
Building Trust for Beneficial AI – Trustworthy Systems (2018)
AI for Outbreaks, Emergency Response, and Risk Reduction (2018)
Storytellers (2018)
Building Trust for Beneficial AI – Developer Communities (2018)
AI Fostering Smart Government (2018)
AI Empowering Smart Citizens (2018)
AI + Smart Cities and communities (2018)
Building digital competencies to benefit from existing and emerging technologies with a special focus on gender and youth dimensions (2018)
Transformations on the Horizon (2018)
AI for Good Global Summit – Opening Keynote (2018)
Domain Names Innovation and Competition (2017)

Other resources

GSMA IoT Security Guidelines (2016)

Processes

Click on the ( + ) sign to expand each day.
 

The GIP Digital Watch observatory is provided by

 

 

and members of the GIP Steering Committee



 

GIP Digital Watch is operated by

Scroll to Top