This action might not be possible to undo. Are you sure you want to continue?
IGF Workshop 28 Report: Priorities For The Long-Term Stability of The Internet
! ! ! ! ! ! ! ! ! ! ! ! ! ! Bill Graham Strategic Global Engagement October 2010 ! ! !
Galerie Jean-Malbuisson, 15 CH-1204 Geneva Switzerland Tel: +41 22 807 1444 Fax: +41 22 807 1445 http://www.isoc.org 1775 Wiehle Ave. Suite 201 Reston, VA 20190, USA Tel: +1 703 439 2120 Fax: +1 703 326 9881 Email: firstname.lastname@example.org
! INTERNET GOVERNANCE FORUM 2010 VILNIUS, LITHUANIA 14-17 SEPTEMBER 2010 WORKSHOP 28: PRIORITIES FOR THE LONG-TERM STABILITY OF THE INTERNET ORGANIZERS: The European Commission, Internet Society, Government of the Netherlands, Communications Regulatory Authority of the Republic of Lithuania (RRT) and Tama University SPEAKERS: Session 1: Hillar Aarelaid (Chief Security Officer, Estonia CERT); Danny McPherson (Vice President, Network Security Research, at VeriSign Labs.); Alain Aina (Special Projects Manager, AFRInic Network Engineer,); Ram Mohan (Executive Vice President, & Chief Technology Officer of Afilias Limited); Raul Echeberria (Executive Director LACNIC); Theresa Swinehart (Executive Director, Global Internet Policy, Verizon); Max Senges (Policy Team, Google Germany); Paul Vixie (President of Internet Systems Consortium and ARIN Board Chairman) Session 2: Rytis Rainys(Head of Network and Information Security Division,RRT, Lithuania); Natalija Gelvanovska (Head of Network and Access Division, RRT, Lithuania) Session 3: Avri Doria (Professor at Luleå University of Technology); Izumi Aizu (Professor and Senior Research Fellow at the Institute for InfoSocinomics, Tama University ); Andrzej Bartosiewicz (CEO of YonConsulting.com, ) REPORT: The workshop was opened by Ms Neelie Kroes, who stressed how the stability of the Internet is a multi-faceted topic that concerns users all over the world. Although the Internet has proven to be fairly robust and resilient so far, this does not mean that there is no necessity to continue addressing threats. Therefore, it is important to know who does what and where more work would be needed. Last, not least, Ms Kroes "reassured" the audience that in the view of the Commission the private sector, not public authorities, should continue to play the leading role in day-to-day operations of the Internet, in full respect of the multistakeholder approach. However, given the importance of the Internet for societies at large, public authorities have an interest – and a responsibility – to understand what is done and what could be done to ensure the stability and resilience of the Internet. This is the spirit of the discussion on principles for Internet resilience and stability which Member States of the European Union are already conducting, with the Commission providing a facilitating role.
The workshop revealed three areas where attention is needed to improve global confidence in the ongoing stability of the Internet. There are a range of technical threats. Speakers identified: 1. Malicious acts – bad people doing bad things; e.g., malware, botnets, DDOS attacks, route hijacks, middlebox cache poisoning, etc.. 2. Implementation issues - new protocols and new services are being created and introduced almost daily that need to be integrated into the Internet in a consistent way in order for them to work well together and across the networks that make up the Internet. If that is not achieved because of lack of expertise, or because some networks don't keep up, problems can develop. In that way, protocols and services intended to be improvements or to deal with threats can themselves become threats to stability. 3. Issues of interdependence – the international nature of the Internet means that no country can assure the stability of the Internet without the agreement and cooperation [or collaboration] of its neighbours, or at least all the stakeholders for which relative dependencies or fate is shared. 4. Issues of growth – the continuing explosion of Internet demand challenges service providers of all types, and also highlights the need to improve some characteristics of the Internet protocol itself (e.g., inability to verify authenticity of IP source addresses; routing insecurities, etc.) One speaker said that the main challenges for Internet stability will not come from the technical area, but from the political and policy arenas. He said one cannot speak about stability without speaking about integrity of the network. That integrity is facing challenges such as possible fragmentation due to the loss of the neutrality of the network, threats to the free end-to-end flow of information; from over-regulation due to otherwise well-meaning efforts to solve problems like cybercrime, infrastructure security vulnerabilities, etc.
Turning to threats in the realm of policy. Speakers identified the following: 1. The fact that Internet policy needs to be developed with knowledge of how the technology works, and taking into account the needs of users. 2. There must be a multi-stakeholder approach to policy development concerning the Internet, because of the Internetʼs globally distributed nature, and as a consequence of the end-to-end model. Working in a multistakeholder environment is unfamiliar to some accustomed to working in more traditional environments, and needs to be learned. 3. There is no agreement yet on principles underlying Internet policy, and until those can be developed, the resulting misunderstandings and conflict are themselves a threat to stability.
Third, threats arise from the need to build skills: 1. In both developed and developing countries there is a need for education and capacity building so that there are people who can deal comprehensively with the new global policy environment, and the opportunities and challenges it presents. Some organizations are already doing that, but considerably more is necessary. 2. Similarly on the technical side, trained, experienced and capable people are needed to address each type of threat identified above. 3. Finally, because of the nature of the Internet, there is a need for skills development at the intersection between the technical and policy worlds. Technical people need to think about possible social/policy implications of their work; while policy people need to be able to understand the technical constraints on their desired policy development. This is a relatively novel requirement, and there are few institutions trying to address it so far. In the second session, the Communications Regulatory Authority of the Republic of Lithuania (RRT) presented their national experience with efforts to address the need for Internet infrastructure resilience assessments in order to identify and then monitor security and stability of national networks. Lithuania has five years of experience preparing to have a knowledgeable national response to threats to Internet stability. They spoke about the challenges for a small country to build knowledge at a national and local level. Specifically, they described efforts to identify common indicators to assess Internet resilience and to develop mechanisms to collect the relative information. It is a priority for Lithuania to understand the state of their infrastructure, which led them to undertake a mapping exercise that showed a surprisingly large and interconnected web of actors, which has proven to be useful. The work identified a lack of academic capacity for researchers & studies and international co-operation between state institutions performing similar assessments. This was emphasized as an area needing further development. The workshopʼs final session began a conversation about gaps that need to be addressed, who is active in the field, and what else needs to be done. One speaker noted that the technical community knew about many or all of the vulnerabilities identified long before they were known to the policy people. And even then, the policy side of the house only became aware when the nature of the threat became critical. People from the policy and technical worlds need a way to get together earlier, and in an environment where they can communicate early and often. The Internet Governance Forum is a good start, but more is needed.
Second, many of the solutions, and general facts of life in the network are determined by business imperatives and the profit motive. For a public good like the Internet, profit is not always the best motivator of the sorts of behavior needed for stewardship. Some things, like the adoption of IPv6 and some steps to increase security, donʼt have an obvious or immediate economic benefit; yet they need to be implemented for the ongoing health of the Internet. Changes at the infrastructure level, particularly at the IP Network layer, tend to be complex and expensive and lack obvious direct incentive. A way must be found to get beyond the current situation where, if there is no profit advantage – i.e no killer app or financial incentive – the necessary steps won't be taken. And third, in terms of finding a way to evolve the network (i.e., to go from a wooden wheel, to iron rimmed wheel, to a rubber-tired wheel) there must be a way to bridge the gap between the researchers, operational people and policy people. That means we have to find a way to evolve both our understanding and our systems in a multi-stakeholder way. The continuation of threats to the longterm stability of the Internet also shows there are not sufficient monitoring and analytical tools to deal with the challenges posed by the rapidly expanding Internet, both from security and performance points of view. Finally the results of an analysis of organizations involved in local, regional and global technical and policy issues was presented. There was discussion about where gaps exist and how they might be addressed. Specifically, the gaps that need to be filled to deal with threats against stability are creating a mechanism for global policy coordination on regular basis, as well as a mechanism for global operation coordination. Both require a good degree of cooperation and coordination among the various actors concerned. The word “global" is used here to recognize that most actors in developing countries do not participate in the existing mechanisms sufficiently, yet threats are generated and spread globally, or are inherently systemic. While there was no appetite for creating new organizations to fill these gaps, the problems were recognized. People attending the workshop felt it would be useful to continue work with such an analysis. There was also a call made for participants to elaborate some principles that would be instrumental in ensuring vibrant (and stable) evolution of the Internet, possibly in cooperation with the Dynamic Coalition on the Internet Rights and Principles. ! !
This action might not be possible to undo. Are you sure you want to continue?
We've moved you to where you read on your other device.
Get the full title to continue reading from where you left off, or restart the preview.