Home / Blogs

Internet Security and the Multistakeholder Approach: Is It Attainable?

Wout de Natris

Internet Security is a topic that has drawn a lot of attention over the past year. As awareness grows that cooperation is necessary, it dawns on people that there are many and very different stakeholders involved, stakeholders that may never have met before. Let alone have cooperated. An example of an approach is the National Cyber Security Council (NCSC) that was installed in The Netherlands on 30 June. This is a high level council that will give advice to public as well as private entities on how to better secure themselves and society at large against cyber attacks and how to become more resilient. However, without the right approach it is doomed to become a talking shop. The aim must be to take down barriers, build trust and create the atmosphere in which new approaches are created and implemented. If this does not happen, not much will change and valuable time is lost. In short the difference between mopping and turning off.

Before I enter into this, I would like to present to you a few quotes from various sources of the past few days (27 June - 1 July).

Trust in ICT is threatened of being undermined. This is caused by a growing amount of digital attacks on governments and companies ...

Cisco: The total damage of spearphishing amounts to €89 billion.

Security and trust in an open and free digital society are an important prerequisite for economic growth and innovation.

Brain Krebs: "...TDSS malware (a.k.a. TDL), a sophisticated malicious code family that includes a powerful rootkit component that compromises PCs below the operating system level, making it extremely challenging to detect and remove".

Brian Krebs: "The market for rogue pharmaceuticals could be squashed if banks and credit card companies paid closer attention to transactions destined for a handful of credit and debit card processors".

Kaspersky Labs on the TDSS botnet: "Once the genie is out of the bottle, everyone who isn't up to date with the latest patches is vulnerable."

Veni Markovski on CircleID: "The key word is cooperation".

Wout de Natris at the IGF in Vilnius on the Cyber Crime Working Party: "I… (came) back (from IGF Sharm el Sheikh, WdN) with the idea of the multistakeholder approach, and started to work on to create an environment to build trust". (By comparison, this quote is from September 2010.)

Do you prefer mopping or turning off taps?

If something comes through from the various quotes it is that the world is, sort of, ready for cooperation to combat the multi-headed beast called cybercrime. There are two approaches:

1. Mopping spilled water
2. Turning the tap off.

Resilience, better security, patches, awareness and such all fall under mopping while the tap is turned on ever more and the water spills over the floor of the bathroom and eventually will run out into the street. Of course, this approach is important and necessary, but after a success the world can wait for an even more sophisticated attack, like the TDSS botnet Kaspersky Lab and Brian Krebs wrote on, a botnet that apparently borrowed it's prowess from Stuxnet, implying how fast technology is copied through/on the Internet.

True security will come through international cooperation across many boundaries. Those who have read me before or heard me present will not be surprised by this claim. It implies discussing the (so far) undiscussable together, to build trust and to give the comfort that creates an atmosphere in which the topics that need to come unto the agenda are approached positively by "the multistakeholders". An environment that truly addresses the individual concerns for what they are: concerns. And takes them away when possible. Only then will things take an alternate course. But, as I expressed in Vilnius: Do we know all the stakeholders? Are they present and what could or should be their role?

To step over your own shadow takes courage

All this implies topics that look at:

  • the flaws of the weaving in the digital world;
  • discuss old habits;
  • the exchange of available information into the right hands;
  • private-public cooperation;
  • setting priorities that make it possible for law enforcement to make the necessary arrests;
  • look into regulatory approaches;
  • together identify and go for the identified weak spots of cyber criminals.

The combination of these approaches (and undoubtedly more) will hurt criminals where it hurts most: access, ease and duration of use and (transfer of) money.

It takes courage to get there and the ability to step over one's own direct personal interests in order to achieve a long term result. This however should be of great interest to everyone concerned: a free and innovative Internet that is safe, is used more efficiently and cost less.

So, is internet security attainable through a multistakeholder approach? What would be the right approaches? Interested? Come and talk with me on how to start this process up. You will find a willing ear, an inspired mind and ideas from experience.

By Wout de Natris, Consultant international cooperation cyber crime + trainer spam enforcement. More blog posts from Wout de Natris can also be read here.

Related topics: Access Providers, Cyberattack, Cybercrime, Internet Governance, Malware, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Wout, I mostly agree with you here Suresh Ramasubramanian  –  Jul 03, 2011 6:37 PM PDT

But as I said earlier, the problem is also that there are actors that don't cooperate and don't want to cooperate, for various reasons.

Lack of capacity
Bureaucracy
Corruption
Apathy
....?

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Nominum Announces Future Ready DNS

New from Verisign Labs - Measuring Privacy Disclosures in URL Query Strings

ICANN London Recap Webinar

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

3 Questions to Ask Your DNS Host about Lowering DDoS Risks

Continuing to Work in the Public Interest

Verisign Named to the OTA's 2014 Online Trust Honor Roll

Sophia Bekele Weighs in on Obama's August US-Africa Leader Summit at the NYF Africa

4 Minutes Vs. 4 Hours: A Responder Explains Emergency DDoS Mitigation

Dyn Acquires Internet Intelligence Company, Renesys

Tips to Address New FFIEC DDoS Requirements

DotConnectAfrica's Expert Selected to Attend the Hague Institute of Global Justice

DotConnectAfrica Delegates Attend the KHRC Internet & Human Rights Breakfast Roundtable in Nairobi

Smokescreening: Data Theft Makes DDoS More Dangerous

Internet Business Council for Africa Participates at the EU-Africa 2014 Business Forum, Brussels

dotStrategy Selects Neustar's Registry Threat Mitigation Services for .BUZZ Registry

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

DotConnectAfrica Statement Regarding NTIA's Intent to Transition Key Internet Domain Name Function

What Does a DDoS Attack Look Like? (Watch First 3 Minutes of an Actual Attack)

Joining Forces to Advance Protection Against Growing Diversity of DDoS Attacks

Sponsored Topics