It doesn’t immediately
make sense, does it: the terms peace
and cyber hygiene in the same breath.
Still, there is a reason why these two come together at the Paris Peace forum
this week. That reason is simple though. Cyber hygiene – taking basic and
common measures to secure software, devices, and networks – reduces the attack
vectors that can be used by criminals and state actors alike. Cyber hygiene
will reduce the odds that your network is seen as a belligerent actor just
because it has been hacked by others. Cyber hygiene helps to create a more
trustworthy and secure environment where people can go about their daily
business in confidence that nothing dreadful will happen to them. It is one of
the tools in the toolbox of confidence-building measures that enable peace.
Supporters of the Paris Peace Call, which was launched at the Peace Forum last year, are committed to working together to, among other things, “improve the security of digital products and services as well as everybody’s ‘cyber hygiene.’” The Internet Society has joined with a significant number of states, companies, and organizations to sign the Paris Call.
The topic of cyber
hygiene is not new to the Internet Society, but at the Paris Peace Forum three activities
stand out.
Cyber Hygiene and Global Normative Behavior
The Global Commission
on the Stability of Cyberspace explicitly talks about Cyber Hygiene. It
proposes two norms that are related: the Norm
to Reduce and Mitigate Significant Vulnerabilities and the Norm on Basic Cyber Hygiene as Foundational
Defense. These two norms read, respectively:
- Developers and producers of products and
services on which the stability of cyberspace depends should prioritize
security and stability, take reasonable steps to ensure that their products or
services are free from significant vulnerabilities, take measures to timely
mitigate vulnerabilities that are later discovered, and to be transparent about
their process. All actors have a duty to share information on vulnerabilities
in order to help prevent or mitigate malicious cyber activity. - States should enact appropriate measures,
including laws and regulations, to ensure basic cyber hygiene.
The first norm calls
upon the many actors that are involved in the day-to-day operation. The second calls
upon on states’ role to provide the policy and legal environment to foster
cyber hygiene.
The final report of the GCSC, in addition to proposed norms, provides a set of principles to approach cyber peace and stability and a number of recommendations.
The Internet Society
has long promoted the idea that improving the security of the Internet is a responsibility
of those that operate, design, and use the network. There are many endeavors that help improve the
Internet’s security and of cyber space in general. Which is the context for the
next two activities.
Using Technology to Strengthen Cyber Hygiene
We joined CyberGreen,
the Cybersecurity Tech Accord, the Global Cyber Alliance, and Microsoft in an
initiative to promote existing good practices that could help address the
growing set of attacks that lever vulnerabilities have existed for a
significant time. The initiative brings together those that help drive the adoption of essential
measures
to defend against avoidable dangers in cyberspace.
Measures include adoption of the Mutually
Agreed Norms for Routing Security (MANRS) and the deployment Domain-based
Message Authentication, Reporting and Conformance (DMARC).
We hope that over the
coming months and weeks others will join in the effort of promoting the Paris
Call’s cyber hygiene principle and add to the list of good practices that aim
to increase the security and safety of our global online environment.
Please see the Tech Accord for more information about this call.
Collaborative Efforts towards Cyber
Hygiene
Getting to a secure
and trustworthy Internet is complex and multifaceted. It calls for tailored
approaches that, depending on the context and the nature of the subject,
involve different stakeholders. In any case collaboration seems to be the vital
ingredient for success. During the Peace Forum we pitch examples of two endeavors
that address different issues but lead to a more secure cyberspace: the collaborative
approach to face the growing set of challenges in IoT Security, and the Mutual
Agreed Norms on Routing Security (MANRS) that pertains to the very fabric of
the Internet itself.
We have written extensively about MANRS, but if you want to know more see manrs.org Let me focus here on the IoT developments.
The collaborative work
on IoT takes place on many fronts. The Candadian Multistakeholder process on
Enhancing IoT security has produced an extensive report around:
- A shared set of definitions and benchmarks around the security of Internet-connected devices.
- Shared guidelines to ensure the security of Internet-connected devices over their lifespan, including the development, manufacturing, communications, and management processes.
- Recommendations to inform national policy related to IoT security in Canada.
It’s set into motion work
by the government and the community to tackle the challenges with insecure IoT
deployments.
In addition to the
Canadian Multistakeholder process on Enhancing IoT security, the Internet
Society’s French Chapter has worked with AFNIC, ANSSI,
ARCEP, CINOV-IT, Conseil National du Numérique (CNNum), La Quadrature du Net,
Nokia, and Pôle Systematic Paris-Région to explore strategies to strengthen the security and protection of personal
data in IoT. Their report will be launched soon. The developments in
Canada and France do not happen in isolation. Similar activities have been
launched in Senegal and Uruguay.
In order to bring together the experiences from these initiatives we have helped to establish an innovative platform. The IoT Security Policy Platform is made up of national government agencies and non-governmental organizations (NGOs) working in this space, that draw on the strength and expertise of all stakeholders to develop solutions to protect both people and innovation online. By the cross pollination of ideas, practices, and experiences, the platform can aid harmonization of various approaches and speed up the development and deployment of the measures. As far as I know, this is a unique approach.
The Internet Way
The Paris Peace Forum
brings together leaders from across the world with an interest in peace and
stability – in the context of a digitized society. It starts with the
realization that the Internet is not a
thing but rather a result. A
result that reflects the values of sharing and collaboration for the greater
good. Making the Internet, and all that is connected, more secure must be done in
the same spirit. The Paris Call on Cyber Hygiene expresses not just a common
goal, but vision. Much like the Internet itself, a large and distributed set of
collaborative efforts will get us there.
The post Peace and Cyber Hygiene appeared first on Internet Society.