Last October, the Internet Society (IS), a leading open standards advocacy group for Internet technologies (and OpenStand partner), presented its vision for a collaborative model of Internet security standards at Mobile 360, a telecommunications technology conference. The conference, held in Cape Town, South Africa, attracted a broad array of industry players; from buyers to users, to developers, to policy shapers, groups from both the private and governmental sectors gathered to discuss security standards in Internet-based telecommunication.
Security was the leading topic of the Mobile 360 conference, and ISOC’s primary contribution was to present a new model for collaborative security, based upon the simple premise that comprehensive Internet security is best created by people working together. The ISOC team made an eloquent pass at drawing out a collaborative utility that represents and how, at its core, the Internet is the ultimate venue for collaboration.
Still, ISOC went on to say, the very quality that makes the Internet an unparalleled tool for cooperation also makes it vulnerable to misuse. Because of its open and global nature, cyber miscreants can reach across borders and operate with relative freedom from reprisal as they ply their trade from anywhere in the world. Until quite recently, the predominant network security strategy has been to guard against specific internal and external threats. While this is obviously superior to having no security approach at all, the strategy has shown itself to be cumbersome and cost ineffective.
In response to the challenges of conventional security practices, there is a growing awareness in the tech industry that a reimagining of threat prevention may be necessary. Models that protect opportunities for economic and social prosperity should be prioritized over models wholly focused on preventing perceived harm. The ISOC collaborative security approach starts from this premise and builds out on these five key elements, which are consistent with the OpenStand principles:
- Fostering confidence and protecting opportunities: The objective of security is to foster confidence in the Internet.
- Collective Responsibility: Internet participants share a responsibility towards the system as a whole.
- Fundamental Properties and Values: Security solutions should be compatible with fundamental human rights and preserve the fundamental properties of the Internet, thus the Internet Invariants.
- Evolution and Consensus: Effective security relies on agile evolutionary steps based on the expertise of a broad set of stakeholders.
- Think Globally, act Locally: It is through voluntary bottom-up self-organization that the most impactful solutions are likely to be reached.
- Network operators are major stakeholders that can contribute to the collaborative security.
Fortunately, for security managers interested in building more collaborative security models, there is already a published framework that identifies best practices in network operations. Mutually Agreed Norms for Routing Security (MANRS) defines four concrete actions that network operators should implement, including:
- Prevention of propagation of incorrect routing information.
- Prevent traffic with spoofed source IP addresses.
- Facilitate global operational communication and coordination between network operators.
- Facilitate validation of routing information on a global scale.
- The Internet Society urges African network operators to subscribe to MANRS and contribute to making Internet routing more secure for the benefit of all.
Check out the ISOC Collaborative Security Approach here and be sure to leave your questions, comments and thoughts!