Home / Blogs

Internet Security and the Multistakeholder Approach: Is It Attainable?

Wout de Natris

Internet Security is a topic that has drawn a lot of attention over the past year. As awareness grows that cooperation is necessary, it dawns on people that there are many and very different stakeholders involved, stakeholders that may never have met before. Let alone have cooperated. An example of an approach is the National Cyber Security Council (NCSC) that was installed in The Netherlands on 30 June. This is a high level council that will give advice to public as well as private entities on how to better secure themselves and society at large against cyber attacks and how to become more resilient. However, without the right approach it is doomed to become a talking shop. The aim must be to take down barriers, build trust and create the atmosphere in which new approaches are created and implemented. If this does not happen, not much will change and valuable time is lost. In short the difference between mopping and turning off.

Before I enter into this, I would like to present to you a few quotes from various sources of the past few days (27 June - 1 July).

Trust in ICT is threatened of being undermined. This is caused by a growing amount of digital attacks on governments and companies ...

Cisco: The total damage of spearphishing amounts to €89 billion.

Security and trust in an open and free digital society are an important prerequisite for economic growth and innovation.

Brain Krebs: "...TDSS malware (a.k.a. TDL), a sophisticated malicious code family that includes a powerful rootkit component that compromises PCs below the operating system level, making it extremely challenging to detect and remove".

Brian Krebs: "The market for rogue pharmaceuticals could be squashed if banks and credit card companies paid closer attention to transactions destined for a handful of credit and debit card processors".

Kaspersky Labs on the TDSS botnet: "Once the genie is out of the bottle, everyone who isn't up to date with the latest patches is vulnerable."

Veni Markovski on CircleID: "The key word is cooperation".

Wout de Natris at the IGF in Vilnius on the Cyber Crime Working Party: "I… (came) back (from IGF Sharm el Sheikh, WdN) with the idea of the multistakeholder approach, and started to work on to create an environment to build trust". (By comparison, this quote is from September 2010.)

Do you prefer mopping or turning off taps?

If something comes through from the various quotes it is that the world is, sort of, ready for cooperation to combat the multi-headed beast called cybercrime. There are two approaches:

1. Mopping spilled water
2. Turning the tap off.

Resilience, better security, patches, awareness and such all fall under mopping while the tap is turned on ever more and the water spills over the floor of the bathroom and eventually will run out into the street. Of course, this approach is important and necessary, but after a success the world can wait for an even more sophisticated attack, like the TDSS botnet Kaspersky Lab and Brian Krebs wrote on, a botnet that apparently borrowed it's prowess from Stuxnet, implying how fast technology is copied through/on the Internet.

True security will come through international cooperation across many boundaries. Those who have read me before or heard me present will not be surprised by this claim. It implies discussing the (so far) undiscussable together, to build trust and to give the comfort that creates an atmosphere in which the topics that need to come unto the agenda are approached positively by "the multistakeholders". An environment that truly addresses the individual concerns for what they are: concerns. And takes them away when possible. Only then will things take an alternate course. But, as I expressed in Vilnius: Do we know all the stakeholders? Are they present and what could or should be their role?

To step over your own shadow takes courage

All this implies topics that look at:

  • the flaws of the weaving in the digital world;
  • discuss old habits;
  • the exchange of available information into the right hands;
  • private-public cooperation;
  • setting priorities that make it possible for law enforcement to make the necessary arrests;
  • look into regulatory approaches;
  • together identify and go for the identified weak spots of cyber criminals.

The combination of these approaches (and undoubtedly more) will hurt criminals where it hurts most: access, ease and duration of use and (transfer of) money.

It takes courage to get there and the ability to step over one's own direct personal interests in order to achieve a long term result. This however should be of great interest to everyone concerned: a free and innovative Internet that is safe, is used more efficiently and cost less.

So, is internet security attainable through a multistakeholder approach? What would be the right approaches? Interested? Come and talk with me on how to start this process up. You will find a willing ear, an inspired mind and ideas from experience.

By Wout de Natris, Consultant international cooperation cyber crime + trainer spam enforcement. More blog posts from Wout de Natris can also be read here.

Related topics: Access Providers, Cyberattack, Cybercrime, Cybersecurity, Internet Governance, Malware

 
   

Don't miss a thing – get the Weekly Wrap delivered to your inbox.

Comments

Wout, I mostly agree with you here Suresh Ramasubramanian  –  Jul 03, 2011 6:37 PM PDT

But as I said earlier, the problem is also that there are actors that don't cooperate and don't want to cooperate, for various reasons.

Lack of capacity
Bureaucracy
Corruption
Apathy
....?

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

Mobile Internet

Sponsored by Afilias Mobile & Web Services

Cybersecurity

Sponsored by Verisign

IP Addressing

Sponsored by Avenue4 LLC

DNS Security

Sponsored by Afilias

Promoted Posts

Buying or Selling IPv4 Addresses?

ACCELR/8 is a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman that enables organizations buying or selling blocks as small as /20s to keep pace with the evolving demands of the market by applying processes that have delivered value for many of the largest market participants. more»

Industry Updates – Sponsored Posts

Verisign Named to the Online Trust Alliance's 2017 Audit and Honor Roll

Attacks Decrease by 23 Precent in 1st Quarter While Peak Attack Sizes Increase: DDoS Trends Report

Leading Internet Associations Strengthen Cooperation

i2Coalition to Present Tucows CEO Elliot Noss With Internet Community Leadership Award

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Michele Neylon Appointed Chair Elect of i2Coalition

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year