There is general agreement that the Internet needs to become more secure and safer. Vast sums of money are spent each year on security products and measures, many of them bought, downloaded and installed by the end-user. Whether you’re a large corporation, an international organization, a government institution, someone working in the media or a private individual, the responsibility for security and safety is something we all need to deal with ourselves.
However, there is another way to protect all end-users: Ensuring ICT-related products and services are made fundamentally secure by design. In March 2020, a report was published on the website of the UN Internet Governance Forum (IGF) entitled “Setting the standard for a more secure and trustworthy Internet.” This set out the conclusions and recommendations of an IGF pilot project which examined the reasons why Internet security standards and best practices, which are intended to make Internet connections, devices and services more secure, are not in practice widely adopted and deployed. The report explains why ICT services and products do not follow best practices and standards in enhancing their security, such as in email and routing systems, websites, connected devices (the so-called “Internet of Things”) and apps, data storage, software development, etc. The report makes concrete recommendations on the next steps and actions that will put pressure on manufacturers and service providers to substantially increase security and safety in their products, devices and services.
No organization involved in the deployment of technical standards and network applications can achieve these aims singlehandedly. The solutions for addressing the lack of security online can only be achieved through the kind of multi-stakeholder engagement, dialogue and consensus-building that the UN Internet Governance Forum (IGF) was established to facilitate. For the follow-up to the work undertaken by the group of experts in the IGF’s pilot project, it is proposed that experts from the ICT industry, the technical community, corporate users, governments and civil society join together in an IGF Dynamic Coalition on Internet Standards, Security and Safety. It is envisaged that the coalition will undertake its work by setting up working groups on specific themes relating to the recommendations set out in the report of the pilot project. The working groups will convene over a period of two years in 2021-22 and formulate specific proposals to the coalition for creating opportunities and the means for achieving widespread and rapid deployment of Internet standards and best practices relating to security and safety.
A key area of focus for the proposed dynamic coalition will be how to build a sustainable business case for the immediate deployment of Internet standards and ICT best practices to provide a return on investment, for example, through the product procurement process.
Another major recommendation made in the report of the IGF pilot project concerned awareness-raising, training and education. Consumer welfare and child protection advocates and related governmental and regulatory agencies are often less aware of the (final outcomes of) technical processes of standards development. In the educational sector, the national curriculum rarely includes Internet policy issues and advice about security and safety online. Therefore, it will be important to involve experts from these fields in the work of the dynamic coalition. This will ensure that the work of the coalition is informed about their respective roles and potential actions.
The media also has a crucial role in creating greater public awareness about Internet security and safety. It will be important, therefore, to involve media experts.
The Internet has evolved to become ever more important in everyone’s daily life — and will become even more so as demonstrated by the responses to the global Covid-19 crisis. The relentless and remarkable advance in the spread of digital technologies into virtually every aspect of life puts even more focus on stakeholders’ wider roles and responsibilities for strengthening safety and security online and establishing greater trust. Security needs, therefore, to become the overarching standard for all ICT-related services, devices and products. Their safe use is ultimately the responsibility of the end-users. The deployment of standards, however, is the responsibility of society as a whole. The overall aim of the proposed IGF Dynamic Coalition on Internet Standards, Security and Safety will be to ensure that the ICT products and services, designed, produced and procured for Internet use, are more secure and safer to use.