Successful GFCE Triple-I New Delhi meeting
On Friday 12 October, preceding the India School on Internet Governance 2018 (INSIG2018), the Indian Ministry of Electronics and IT (MeitY) hosted the GFCE Triple-I Internet Infrastructure Security Day. Participants were regional Internet stakeholder groups, including the government, business and technical community, who all contributed in finding solutions to strengthen an open end-to-end Internet.
Please find a detailed report of the GFCE Triple-I New Delhi meeting here.
Recap of the GFCE Triple-I meeting
The Dutch Ministry of Economic Affairs and Climate as a member of the Global Forum on Cyber Expertise coordinated this initiative to find out how we can strive to a more trusted use of Internet and email in the region. Participants were regional Internet stakeholder groups, including the government, business and technical community, who all contributed in finding solutions to strengthen an open end-to-end Internet. This is the third of a series of workshops organized globally, after Dakar, Senegal (hosted by the African Internet Summit), and Almaty, Kazakhstan (hosted by RIPE NCC).
Official opening & welcome
The workshop was opened by Mr. Ajay Prakash Sawhney, Secretary of the Indian Ministry of Electronics & Information Technology (MeitY). He emphasized that, since 2015, the GFCE has provided a valuable space to ensure that all nations can embrace an ever-expanding cyberspace. The Secretary also underscored that India sees cyberspace as an ecosystem that emerging digital nations can leverage to transform the lives of the people through good governance. He emphasized that a trusted ecosystem is a prerequisite in order to encourage the people to embrace the Internet and to enable them to make extensive use of it to affect change in their lives. A platform like the GFCE's Triple-I initiative is important, since it helps create an ecosystem that enables efficient international cooperation in building cyber capacities.
Improving justified trust in the Internet
Block I: Better Use of Today's Open Internet Standards
During the first block we focused on Open Internet standards that could already be applied today, and Olaf Kolkman (CITO ISOC), Anurag Bhatia (Hurricane Electric), and Jitender Kumar (Afilias) talked about the use and usefulness of Open Internet Standards such as DNSSEC, TLS, DANE, DMARC, DKIM, SPF and IPv6. Everyone in the room was invited to participate, to ask questions and to contribute where useful. A very good tool to measure the use of these standards by websites and mail servers is the website www.internet.nl. On this website, it is possible to fill in any website or email address to check whether it is up-to-date in its use of these open standards.
Block II: Inspiration from Good Practice Actions
The second block is the space where inspirational practices and useful ways forward are shared. Cristian Hesselman, head of SIDN Labs (the research team of the .NL operator) and SSAC Member, on DDOS attack mitigation; Olaf Kolkman on application of MANRS by ISPs and why this matters; and Dr. Ajay Data, Data Xgen Technologies Pvt Ltd, on IDN/UA and trust aspects related to that. In addition, Cristian Hesselman, Olaf Kolkman and Maarten Botterman introduced a discussion on different aspects of trusted IoT. Cristian Hesselman explained the concept of a DDOS Radar, which facilitates a proactive and collaborative DDoS mitigation strategy. It resolves around providers of critical services (e.g. ISPs, banks, government agencies, and hosting providers) continually collecting information on potential and active DDoS sources and automatically sharing this information with each other. Ajay Data has been championing IDN introductions as he believes this will be a major support for many Indians that currently do not use the Internet, yet. A big challenge in this is Universal Acceptance, i.e. that Internet systems recognize the characters used in IDN addresses. According to Ajay, trusted Internet with IDN is very much possible and possibly more guaranteed than current state of security issues faced by the industry and end users, yet that will require cooperation by registries and registrars keeping certain principles. Olaf Kolkman introduced the why and how of MANRS, explaining the Internet “hourglass model” in which it is the IP layer that basically connects all what we do with it (applications) with the infrastructure that enables this (infrastructure layer). A clear example of a way forward by better collaboration and adoption of good practice by Internet Service Providers. In addition, the merits but also dangers of IoT were discussed. Clear that IoT becomes an increasingly integrated element of the fabric of society, and also clear that there is an increasing awareness that all participants in the value chain need to take their responsibility. Several approaches that would help improve the quality of IoT tools and services were discussed and explored.
Block III: Planning for a More Trusted Internet: Marketplace for Action
After this fruitful session, participants were inspired and explored the three possible actions that were the results of the day, so far, and a possible answer on the question the moderator raised:
What to do, together, to improve justified trust in using the Internet and email in the region?
Actions explored included the possible set up of a DDOS Radar initiative, following the Dutch collaborative examples. The big opportunity seems to be in working together, and sharing both DDOS attack sinking facilities as information about attacks, as soon as they are recognized. The initiative could be coming from the CERT community, or the ISP community, or in fact the business community – yet will require collaboration across sectors. IDNs play a major role in the Indian context and further preparation for uptake and universal acceptance needs to be made. As with IPv6, we may see that it will take some time before the new users (those that have not used the ascii based networks, yet) will truly join and start to trust and benefit from it. This will require action from service providers as well as information providers. On IoT, next to mitigating the short term risks, longer term solutions need to be developed and adopted. Several building blocks were discussed and considered for action. The www.internet.nl website allows to check whether the Internet in use is up to date, for website, email and internet connections. The source code for the checks will shortly become available for use by third parties in other parts of the world. This would allow the possibility of creating a specific regional platform with reference to regional service providers in helping to move things forward, and several people showed interest to take this on for the Indian region.
Please find the presentations of the three blocks attached below.
Many of the good practices presented on subjects like IoT security, DDOS mitigation approaches, and ways to deal with IDN challenges were received well by at least a good amount of people that participated during the workshop. During this GFCE Triple-I workshop, delegates/participants explored opportunities for action inspired by global resources to help local activities/actions, and are considering action on one or more of the discussed ways forward.