The cybersecurity debate can be highly confusing at times. There is perhaps an analogy to be made between “Cybersecurity” and “The Economy”. We all want to fix the economy but making progress is not an easy task. As soon as you are beyond that statement you notice that there is a lot of nuance. Issues like trust, influence, actors, and affectivity all come to play when you want to fix the Economy. The cybersecurity discourse has similar features.

The Global Conference on CyberSpace 2015, taking place in The Hague this week, brings representatives from governments, private sector, the technical community, civil society and the research community together to dissect the complex security issues we face today and to discuss practical cooperation in cyberspace for a more stable future.

Addressing the key themes of growth, freedom and security, the conference asks some key questions. For example, how do we enable people to trust in the security of their communication and connections across the Internet while ensuring the Internet remains open and accessible? How do we keep confidence at such a level that businesses are happy offer their products and services on-line, that journalists will feel confident that they can do their work in the more dangerous places on the planet, and that a kid from Bangladesh can invent a new application that can make the current favorite tools and services irrelevant?

Breaking down the cybersecurity debate

It is important to dissect the cybersecurity debate into palatable pieces, recognizing that all these pieces interact, and being careful about what we talk about. Cybersecurity is often about security in a networked world. For example, an attack on a company where lots of data is stolen is in essence a company security issue that is exacerbated because the company is on the Internet.

Given that the Internet is a global network of networks without any centralized control, there is no magic answer. There are no single solutions that can be legislated by governments or just implemented by network operators.

Central to this notion is that when you are on the network you are also part of the network. The reality is that comprehensive Internet security only comes through the efforts of many different people collaborating together to take action to help ensure the security, resilience and stability of the global Internet.

As an active participant in this week’s conference, the Internet Society is focused on promoting the idea that in today’s connected era, a collaborative approach to security is the most effective way to safeguard and protect our global Internet. This approach can be broken down into five key elements:

1. Fostering confidence and protecting opportunities: The objective of security is to foster confidence in the Internet and to ensure the continued success of the Internet as a driver for economic and social innovation.
2. Collective Responsibility: Internet participants share a responsibility towards the system as a whole.
3. Fundamental Properties and Values: Security solutions should be compatible with fundamental human rights and preserve the fundamental properties of the Internet - the Internet Invariants.
4. Evolution and Consensus: Effective security relies on agile evolutionary steps based on the expertise of a broad set of stakeholders.
5. Think Globally, act Locally: It is through voluntary bottom-up self-organization that the most impactful solutions are likely to reached.

On the right path

This idea of “collaborative security” is part of the “Internet way” that has been with us since the birth of the Internet decades ago. There are many examples of its implementation.

The development of standards within the Internet Engineering Task Force (IETF) is a prime example of solutions that scale globally and are available for people to act locally. Deployment of these standards is also a collective responsibility—we must also make sure those standards can and will be implemented, specifically since the deployment of open standards is voluntary, and not mandated.

Many Internet Service Providers (ISPs) and other network operators around the world are collaborating and working together as part of the voluntary, bottom-up Mutually Agreed Norms for Routing Security (MANRS) initiative, with a view to improving the security of the Internet Routing System. Already some of the largest global networks have signed up, with more joining every week.

Further, many governments, businesses, educational institutions, private enterprises and others came to the realization long ago that while they could fight some of the threats to Internet security, their strength would grow if they worked together to share security information.

These are all examples of the kind of collaboration we need.

Collaboration for a more secure future

Significantly, and adding weight to our own thinking on the matter, the Global Commission on Internet Governance (GCIG), chaired by the former prime minister of Sweden, Carl Bildt, has used the GCCS15 conference this week to issue a statement entitled ‘Toward a Social Compact for the Future of Digital Privacy and Security’. In the document’s Executive Summary, it states: “A social compact must be built on a shared commitment by all stakeholders in developed and less- developed countries to take concrete action in their own jurisdictions to build trust and confidence in the Internet. A commitment to the concept of collaborative security and to privacy must replace lengthy and over-politicized negotiations and conferences.” [1]

As a believer in the ‘collaborative security’ approach to help frame how we, as a society, should think about tackling challenging Internet security issues to bring about a better and a stronger, I am pleased to see the approach afforded such visibility in this important statement.

For the Internet to continue to be this global engine of growth and to continue to allow communication and creativity to blossom, we need to work together collaboratively to improve the security of the Internet and ensure that users can have confidence that their communications and information across the Internet can be secure.

But this is not just a discussion. It is a call to action for Internet participants to take responsibility.

And so I urge you to look at your own networks and sphere of influence and ask how you can implement these principles. Join with us to make the Internet more collaboratively secure!

¹ Toward a Social Compact for Digital Privacy and Security, Statement by the Global Commission on Internet Governance, April 2015, page. 1