Dear All,

Am forwarding this on behalf of the IGF - if you could please have a look and if you have time complete and send back :-) 

The end date of 15th September (tomorrow) is a very soft end date.

Cheers

Dick

Richard Leaning
External Relations
RIPE NCC




Begin forwarded message:

From: IGF <IGF@unog.ch>
Subject: Invitation to Contribute to IGF Best Practice Forum on Cybersecurity
Date: 15 August 2017 at 18:49:24 BST
To: rleaning@ripe.net

Dear Mr. Leaning,

As an individual/organization with relevant expertise, the 2017 Internet Governance Forum (IGF) Best Practice Forum (BPF) on Cybersecurity would like to kindly invite you to contribute to its output document this year. Contributions are made within 15 September 2017 using the questionnaire provided below, which has also been posted as a public call on the IGF’s website.

The BPF on Cybersecurity, a mulitstakeholder and bottom-up group of experts and practitioners, is now in its second cycle. Its work builds on its discussions and output document in 2016, which explored improved collaboration and cooperation among stakeholders on cybersecurity matters, to identify in 2017 the potential cybersecurity implications of policies for universal access and achieving the Sustainable Development Goals (SDGs). More details on this are available in the Overview below, as is a list of Relevant Reading and all instructions related to submissions.

In the hope that you will respond positively to this request, we thank you in advance for your valuable inputs.

Should you have any questions, please do not hesitate to reach out to the Secretariat, lead expert Mr. Maarten van Horenbeeck (maarten@first.org), and/or the BPF’s co-facilitators, Mr. Olusegun Olugbile (solugbile@gmail.com) and Mr. Markus Kummer (kummer.markus@gmail.com).

With kind regards,

Eleonora Mazzucchi
IGF Secretariat






BPF on Cybersecurity 2017 - Call for Contributions


All stakeholders are invited to submit written contributions addressing the below questions and issues to the 2017 IGF BPF on Cybersecurity mailing list (subscribe: https://www.intgovforum.org/mailman/listinfo/bp_cybersec_2016_intgovforum.org) by 15 September 2017. While it is envisioned that initial drafting of the output document will begin on 15 September, this should be considered a soft deadline as contributions will be welcome after the 15th of September, particularly contributions from IGF National and Regional Initiatives (NRIs) and from other relevant entities or organisations who may be holding meetings relating to cybersecurity prior to the IGF annual meeting in December.


Contributions will then be compiled and synthesized by the Secretariat, and further circulated to the community for comment and further work towards an output document for the BPF to be presented at the 12th IGF in Geneva, Switzerland from 18-21 December.


All individuals and organizations are asked to kindly try to keep their contributions to no more than 2-3 pages, and are encouraged to include URLs/Links to relevant information/examples/best practices as applicable. When including specific examples or detailed proposals, those may be included as an Appendix to the document. Please attach contributions as Word Documents (or other applicable non-PDF text).


Overview:


During 2015 and 2016, the Policy Options for Connecting and Enabling the Next Billion(s) (CENB) activity within the Internet Governance Forum identified two major elements:


    · Which policy options are effective at creating an enabling environment, including deploying infrastructure, increasing usability, enabling users and ensuring affordability;

    · How Connecting and Enabling the Next Billion(s) contributes to reaching the new Sustainable Development Goals (SDGs).



The Best Practice Forum on Cybersecurity realizes that making Internet access more universal, and thus it supporting the SDGs, has significant cybersecurity implications. Well-developed cybersecurity helps contribute to meeting the SDGs. Poor cybersecurity can reduce the effectiveness of these technologies, and thus limit our opportunities to helping achieve the SDGs.


BPF participants have conducted an initial study of how the policy proposals compiled as part of CENB Phase I and II may affect, or be affected by, cybersecurity implications.


As part of this ongoing effort, the IGF is now calling for public input to collect additional risks and cybersecurity policy recommendations that can help mitigate security impacts, and help ensure ICTs and the Internet continue to help contribute to achieving the SDGs.


Relevant reading:


Summary Records of the BPF
https://www.intgovforum.org/multilingual/content/bpf-cybersecurity-1


UN Sustainable Development Goals - http://www.un.org/sustainabledevelopment/sustainable-development-goals/


Policy Options for Connecting & Enabling the Next Billion(s) - Phase II
https://www.intgovforum.org/multilingual/index.php?q=filedepot_download/3416/549


Security focused reading of CENB Phase I -
https://www.intgovforum.org/[link to be completed]


Security focused analysis of CENB Phase II -
https://www.intgovforum.org/[link to be completed]


Questions:


    · How does good cybersecurity contribute to the growth of and trust in ICTs and Internet Technologies, and their ability to support the Sustainable Development Goals (SDGs)?

    · How does poor cybersecurity hinder the growth of and trust in ICTs and Internet Technologies, and their ability to support the Sustainable Development Goals (SDGs)?

    · Assessment of the CENB Phase II policy recommendations identified a few clear threats. Do you see particular policy options to help address, with particular attention to the multi-stakeholder environment, the following cybersecurity challenges:


      o Denial of Service attacks and other cybersecurity issues that impact the reliability and access to Internet services

      o Security of mobile devices, which are the vehicle of Internet growth in many countries, and fulfill critical goals such as payments

      o Potential abuse by authorities, including surveillance of Internet usage, or the use of user-provided data for different purposes than intended

      o Confidentiality and availability of sensitive information, in particular in medical and health services

      o Online abuse and gender-based violence

      o Security risks of shared critical services that support Internet access, such as the Domain Name System (DNS), and Internet Exchange Point (IXP) communities

      o Vulnerabilities in the technologies supporting industrial control systems

      o Use of information collected for a particular purpose, being repurposed for other, inappropriate purposes. For instance, theft of information from smart meters, smart grids and Internet of Things devices for competitive reasons, or the de-anonymization of improperly anonymized citizen data

      o The lack of Secure Development Processes combined with an immense growth in the technologies being created and used on a daily basis

      o Unauthorized access to devices that take an increasing role in people’s daily lives

      o Other: describe a cybersecurity issue critical to developing the SDGs in ways not listed above relevant to your stakeholder community (100 words or less)


    · Many Internet developments do not happen in a highly coordinated way - a technology may be developed in the technical community or private sector, and used by other communities and interact in unexpected ways. Stakeholders are managing complexity.
    This both shows the strength and opportunities of ICTs and Internet Technologies, but also the potential risks. New technologies may be insufficiently secure, resulting in harms when they are deployed: conversely we may adopt security requirements or measures that prevent the development, deployment, or widespread use of technologies that would generate unforeseen benefits. Where do you think lies the responsibility of each stakeholder community in helping ensure cybersecurity does not hinder future Internet development?

    · Where do you think lies the responsibility of each stakeholder community in helping ensure cybersecurity does not hinder future Internet development?


· What is for you the most critical cybersecurity issue that needs solving and would benefit most from a multi-stakeholder approach within this BPF? Should any stakeholders be specifically invited in order for this issue to be addressed?