ORGANIZATION & PROCESS
The recommendation of the Geneva action plan concerning this action line are :
C5. Building confidence and security in the use of ICTs
12. Confidence and security are among the main pillars of the Information Society.
a) Promote cooperation among the governments at the United Nations and with all stakeholders at other appropriate fora to enhance user confidence, build trust, and protect both data and network integrity; consider existing and potential threats to ICTs; and address other information security and network security issues.
b) Governments, in cooperation with the private sector, should prevent, detect and respond to cyber-crime
and misuse of ICTs by: developing guidelines that take into account ongoing efforts in these areas;
considering legislation that allows for effective investigation and prosecution of misuse;
promoting effective mutual assistance efforts; strengthening institutional support at the international level
for preventing, detecting and recovering from such incidents; and encouraging education and raising awareness.
c) Governments, and other stakeholders, should actively promote user education and awareness about online privacy and the means of protecting privacy.
d) Take appropriatei action on spam at national and international levels.
e) Encourage the domestic assessment of national law with a view to overcoming any obstacles
to the effective use of electronic documents and transactions including electronic means of authentication.
f) Further strengthen the trust and security framework with complementary and mutually reinforcing initiatives
in the fields of security in the use of ICTs, with initiatives or guidelines with
respect to rights to privacy, data and consumer protection.
g) Share good practices in the field of information security and network security and encourage their use by all parties concerned.
h) Invite interested countries to set up focal points for real-time incident handling and response,
and develop a cooperative network between these focal points for sharing information and technologies on incident response.
i) Encourage further idevelopment of secure and reliable applications to facilitate online transactions.
j) Encourage interested countries to contribute actively to the ongoing United Nations activities
to build confidence and security in the use of ICTs.
References and Contributions :
Audio excerpts below from the ITU audio archive
( very unfortunately in the proprietary Real Player format, which should not be considered
as a very appropriate choice for ITU ... ). This particular stream was no easy to rip, and we had
no time to waste, therefore we indicate the specific
excerpts by time stamps on the stream. Sorry for the inconvenience.
Any help whould be appreciated to rip thoses excerpts and make them more easily
available in ogg format.
Procedural issues :
2nd WSIS Action Line C5 Facilitation Meeting ,
ITU proposed draft terms of reference ToR that are quite different from those from UNESCO. There is only one team,
instead of the definition of sub-themes and then designation of moderators of
open-ended teams for those sub-themes.
As said orally, the "team" should have implemented the recommendations coming from the four working groups
( speed sessions of the first
and second days ). The draft ToR was objected by Switzerland, Tunisia and latter on by the United States, followed
by India. Therefore the ToR were not adopted, effectively paralyzing the implementation of C5 action line until
next year. Obviously, this meeting was not a success for ITU, although its duration was the largest
among all action lines meetings, and despite the fact
this meeting was one of the best
prepared and attended of the WSIS cluster of events.
The problem is that the unique C5 "team" positionned itself ipso facto as
a process in competition with existing processes, and the ITU
was not perceived as a worldwide inclusive multi-stakeholder facilitator.
It is our analysis that if the ITU had proposed the same ToR as UNESCO, which are proposing
a more distributed structure that could accomodate existing as well as new processes,
then the C5 meeting outcome would have been more practical.
For example, a theme and a moderator could have correspond to an existing initiative,
Content issues :
1/ It is uncertain if the relationship between Cybersecurity and Ethics has not been really
investigated in the discussions so far. This would imply insuring that
- cybersecurity measures and effectiveness are not compromised by
corporate interests, and that a fair competition
between providers of security solutions does exist.
- freedom of software users and developers is preserved.
Cybersecurity measures should not prevent the development
of Free Software.
- last but no least that Human Rights issues are not forgotten.
Cybersecurity enforcement should not come at the cost of
endangering Human Rights. It is a very sensitive issue
that must be approached in a very balanced way.
2/ The fundamental problem, and strategic choice betwee,
security through obscurity vs "security through transparency" ( ie using
Open Source or Free Software ) has never been debated during the WSIS.
The issue of software models has been debated in a general context, leaving
users free to choose the model "that best fit their needs".
Precisely, in matter of cybersecurity, the question of the determination of the
model that best fit the needs of users ( governments, people, companies )
is a question that has been
left unexplored (
this has nothing to do with the economical question of
gratis vs commercial which was hotly debated in the context
of the digital divide ).
Many users are justified to feel insecure when their internet traffic
is passing through closed "black boxes" ( routers, proxies, mirrors, etc... )
because they are not able
to verify by themselves ( or relying on trusted independant people )
if those network equipments are not compromised and secure.
A very exploratatory proposition for sub-themes
Lead moderator, co-moderators
A/ International Public Law Framework
Council of Europe (
Convention on Cybercrime )
B/ Watch, Warning and Incident Response
Community Emergency Response Team (CERT)
C/ Spam and Related Threats
D/ National e-Strategies and National Law Enforcement
E/ Research of Innovative Solutions in a Global Cybersecurity Environment
F/ Best Practises and Network Policies
G/ Cybersecurity Ethics
( Fair competition, Freedom of Software Users and Developers, Human Rights )
Relationships with the Internet Governance
There is no dynamic coalition on CyberSecurity, just one on a specific aspect :
However, concerning CyberSecurity,
There are quite a few interesting workshops among
those that have been proposed for the IGF in RIO.
Security is a recognized category.
but unfortunately many of the proposals are related more to content filtering ( access )
than to security.