Second GFCE Triple-I meeting: Kazakhstan

On Friday 25 September, during the RIPE NCC Regional Meeting in Kazakhstan, RIPE NCC hosted the GFCE Triple-I Internet Infrastructure Security Panel. The panel included experts from local and global Internet stakeholder groups and was dedicated to finding solutions to strengthen an open end-to-end Internet in the region.

Please find a detailed report of the GFCE Triple-I New Delhi meeting here.

Recap of the GFCE Triple-I meeting

The Dutch Ministry of Economic Affairs and Climate as a member of the Global Forum on Cyber Expertise coordinated this initiative to look for ways forward towards more trusted use of Internet and email in the region. The panel included experts from local and global Internet stakeholder groups and was dedicated to finding solutions to strengthen an open end-to-end Internet in the region. This is the second of a series of workshops organized globally, after Dakar, Senegal (hosted by the African Internet Summit), and before Delhi, India (hosted by the Indian Ministry or Electronics and IT and Indian School for Internet Governance).

Attendance at the RIPE NCC regional workshop GFCE Triple-I panel in Almaty

Improving justified trust in the Internet

Block I: Better Use of Today's Open Internet Standards

Within the framework of the RIPE NCC Regional meeting, Paul Rendek, RIPE NCC Director for External Relations, invited Maarten Botterman to introduce the GFCE Triple-I panel aimed at promoting trusted use of Internet and email in the region. Maarten explained the importance of the topic and purpose of the panel: building a future together with justified trust in the use of the Internet and email through implementation of globally available state-of-the-art standards and local multi-stakeholder collaboration in deploying best practices.

During the first block Hisham Ibrahim focused on Open Internet standards that could already be applied today, such as DNSSEC, TLS, DANE, DMARC, DKIM, SPF and IPv6. All in the room were invited to participate. DNSSEC and TLS are important in ensuring integrity of routing and of the data exchange itself. DMARC, DKIM and SPF are standards that help prevent email to be easily abused to confuse people with spoofing etc.  If only people would use those state of the art standards, the justified trust in the use of Internet and email would go up.

Block II: Inspiration from Good Practice Actions

The second block is the space where inspirational practices and useful ways forward are shared. . Prof. Aiko Pras (University of Twente, Netherlands) started with an introduction on a Dutch collaborative initiative to jointly mitigate DDSOS attacks. The concept of a DDoS radar was proposed by the University of Twente and SIDN (the .NL Registry) after Dutch banks and government agencies were the victim of multiple DDOS attacks earlier in 2018. The initiative leaders hope that this strategy that may provide true inspiration for initiatives in other countries and regions.

Following that, 4 panelists made short introductions on aspects that they felt require appropriate attention in the region. Bakhrom Nasirjanov talked about his experiences as Internet Service Provider with users on "things that go wrong" when using the Internet, and what they do about it. He also called for uptake of IPv6, as that would enable a lot of practical solutions to further induce security in communications between nodes and users.

Kristina Hakobyan explained why awareness raising and education are key in the region, and called for more action on this on all levels: starting with including awareness and use training at school, to including understanding of digitization in higher education, to training and education of IT experts to provide the so much needed yet still scarce expertise in the region, and to the need to train elderly. She eluded also to “twinning” elderly with young people, thus addressing multiple societal challenges with complementary solutions and pointed out that “Digital competence is not just a matter of IT, and not even of the economy as a whole, but is a general social problem – and it should be addressed at all levels.”

Talant Sultanov furthered on the need for societies to move towards further digitization, and do so in a responsible way – step by step with increasing cybersecurity. Whereas over a decade ago Kyrgyzstan was a digital leader in the region - ahead of Uzbekistan and even Kazakhstan - it is now trailing behind most of the countries in the region. Recognizing these challenges, President Atambaev launched a major initiative in 2017 -   National Digital Transformation Program Taza Koom (Transparent Society). The hope is that this initiative will persists even if there are political changes in leadership of the country – as it is in interest of society at large.

Yuri Kargapolov focused on IoT –  the dangers that come with the inevitable deployment of IoT, and what can be done to mitigate those.  . A key priority for successful implementation of IoT, in the benefit of the economy and of society at large, is to establish a trusted multi-stakeholder environment to provide an administrative and organizational basis for the management of systems in the communications and Internet industry. Global good practice exists and can be drawn upon. How to make this apply to your region is a key concern that has now high political and increasing public interest around the world: a call for action, locally and regionally.

Block III: Planning for a More Trusted Internet: Marketplace for Action

Panel participants and people in the room were inspired to explored possible actions, and a possible answer on the question the moderator raised:

What to do, together, to improve justified trust in using the Internet and email in the region?

First and foremost, learning more from the DDOS Radar initiative, and possibly set up local collaborations to make this work should lead to more reliable networks with better protection to DDOS attacks seems to make sense. It is noted that this would require involvement of all key stakeholders, including government. As for IoT, it comes with many promises, yet it is clear that implementation is currently hindered by a lack of standards, awareness and IT expertise. Benefiting from experience elsewhere to inspire sustainable ways forward seems to be a key opportunity. All this will only work if awareness raising and training in IT skills and expertise are happening. This is a shared concern, and should not be left to one single stakeholder. Overall, it is fair to say that some basic steps are needed in the region in stepping up the speed of digitization of societies. A key element here is to ensure that the systems providing services, collecting and sharing data can be trusted and are protected well against cyber-attacks. Again: real progress is only possible with involvement of all actors.

Hisham Ibrahim speaking, and Kristina Hakobyan; Yuriy Kargapolov; Talant Sultanov; Bakhrom Nasirjanov participating to the Triple-I panel presenting a number of core action ideas to the audience

Conclusions

During the panel session in Almaty, there was a lot of interest in the room for the role of different stakeholders, and the need to work together. A challenge, as there is not an existing tradition of government to work with business, technical community and non-governmental organisations – yet working together was broadly seen as a necessity, as no single stakeholder can do what it takes, alone. Emphasis was put on awareness raising – both within government, the industry and to the larger public. Without awareness, there is no inclination for collaboration. Learning from practice in other regions may help players in the region to step up.  Standing at the beginning of a phase of increasing digitization, it will be crucial to build systems to be secure, using state of the art global standards, so that there can be justified trust in support of further uptake and wider deployment over time.