This week saw the advent of a powerful call to action regarding internet security issues on The Internet Society’s (ISOC) blog, where Chief Internet Technology Officer Olaf Kolkman asks the following questions regarding cyber security:
How do we enable people to trust in the security of their communication and connections across the Internet while ensuring the Internet remains open and accessible?
How do we keep confidence at such a level that businesses are happy to offer their products and services online, that journalists will feel confident that they can do their work in the more dangerous places on the planet, and that a kid from Bangladesh can invent a new application that can make the current favorite tools and services irrelevant?
Cyber security and the debates surrounding it, posits Kolkman, can make it easy to lose sight of the forest for the trees. While there are nuances that need to be considered for various scenarios, it’s important to recognize that security issues can become amplified into cybersecurity issues simply by being connected to the Internet, where businesses and individuals accept the increased risks and liabilities of attack along with the increased reach and potential of internet presence.
For this reason, says Kolkman, “It is important to dissect the cybersecurity debate into palatable pieces, recognize that all these pieces interact, and be careful about what we talk about.”
The weaknesses of the Internet’s collaborative, open, and democratic environment correspond to it’s greatest strengths and potential. This, Kolkman believes, is a clue to the solution: “When you are on the network you are also part of the network. The reality is that comprehensive Internet security only comes through the efforts of many different people collaborating together to take action to help ensure the security, resilience and stability of the global Internet.”
To this end, Kolkman’s article introduces a new paradigm for approaching Collaborative Security to frame the discussion around “how we think we, as a society, should be tackling these challenging issues to bring about a better and a stronger Internet.”
Collaborative Security is made up of five key points:
- Fostering confidence and protecting opportunities: The objective of security is to foster confidence in the Internet and to ensure the continued success of the Internet as a driver for economic and social innovation.
- Collective Responsibility: Internet participants share a responsibility towards the system as a whole.
- Fundamental Properties and Values: Security solutions should be compatible with fundamental human rights and preserve the fundamental properties of the Internet – the Internet Invariants.
- Evolution and Consensus: Effective security relies on agile evolutionary steps based on the expertise of a broad set of stakeholders.
- Think Globally, act Locally: It is through voluntary bottom-up self-organization that the most impactful solutions are likely to reached.
Aligned with the OpenStand principles, ISOC is carrying a strong message of support for open standards development approaches to cybersecurity. Kolkman even notes that “specifically since the deployment of open standards is voluntary, and not mandated…creating the standards is only the first part of the equation; we must also make sure those standards can and will be implemented.”
Collaborative action is one of the greatest strengths of the internet environment, and has already shown some effectiveness when applied to cybersecurity efforts; Kolkman cites the example of Cyber-security response teams (CERTS and CSIRTS) who realized years ago that their strength was multiplied by collaboration: “Through organizations such as the Forum for Incident Response and Security Teams (FIRST), these teams are showing the elements of “collaborative security” in action on a daily basis.”
Just as the principles of collaboration, community, and global interaction are necessary to foster the greatest successes and experiments of a connected world, ISOC believes that “For the Internet to continue to be this global engine of growth…that allows communication and creativity to blossom, we need to work together collaboratively to improve the security of the Internet and ensure that users can have confidence that their communication and information across the Internet can be secure.”
Kolkman closes his post with a powerful call for internet participants to take responsibility, inspect their spheres of influence and networks, and to implement a process of active inquiry and collaboration into their internet practices.
You can read the Internet Society’s full Collaborative Security Statement here.
Do you think collaboration is the key to turning the greatest weakness of cybersecurity into its greatest source of strength? What questions should internet participants be asking to increase collaboration and support security? We’d love to hear from you on this important topic in the comments.