Chair of #ICANN Board, @cherinechalaby on behalf of @AfICTA presented a Distinguished Speaker Recognition plaque to @pdandjinou, ICANN Vice-President, Stakeholder Engagement Africa for his support & speaking engagements at AfICTA Summits while AfICTA Chair @jolufuye applauds.
The evolving face of “Enhanced Cooperation”. What is next after WGEC2.0? - by Jimson Olufuye
Ordinarily when you review the phrase “Enhanced Cooperation”, it should reflect the etymology of the two words “enhanced” and “cooperation” to indicate that a measure of existing cooperation is being taken to the next level. Yes, this is the intention of the architects of the language to avoid an imminent deadlock at the World Summit on Information Society (WSIS) in Tunis, 2005.
The European Union (EU) who have successfully used many forms of cooperation to achieve tremendous success over years came to the rescue when countries demanded that they join the US in its historical oversight role on the management of the critical Internet resources (CIRs); Internet Address names, numbers and protocol parameters.
It can be recalled that the United States (US) provided initial research funding that resulted in the global networks of networks called the Internet which is managed by interest-motivated volunteers across the US and later the rest of the world. As the Internet became the cornerstone of any modern economy, and governments in the late 1990s began to take note of this critical development enabler, they began to express interest in the management of the Internet which culminated in the convening of the 1st World Summit on Information Society in Geneva in 2003; and due to inconclusive outcome scheduled another round of Summit for 2005 in Tunis, Tunisia that produced the famous Tunis Agenda (TA).
In the Tunis Agenda are reaffirmation of Action Lines and Targets of the Geneva Action Plan of WSIS 2003 with 2 important outcomes connected to the management of CIRs namely the Internet Governance Forum (IGF) and Enhanced Cooperation (EC). While IGF convened immediately first in Greece in 2006 and every year till the last in Geneva in 2017, Enhanced Cooperation track could “not take-off” as envisaged due to different interpretations by UN member states of the meaning of “Enhanced Cooperation” and the nature of mechanism for its implementation.
I had the privilege to speak though remotely at the 1st United Nations Commission on Science and Technology for Development (UN CSTD) consultative forum on Enhanced Cooperation on International Public Policy Issues pertaining to the Internet in 2012, where I reflected as a matter of fact that EC has been on-going for years even at the bedrock of the Internet.
Without sustained cooperation, networks cannot be built talk-less of network of networks. I also indicated that in the government circle, government have increasingly continued to cooperate on diverse public policy issue pertaining to the Internet. Issues like cybersecurity and cybercrime have seen governments collaborating through Interpol, OECD, EU, G7, etc with positive outcomes like the Budapest Convention on Cybercrime and more recently on the upcoming General Data Protection Regulation (GDPR) in Europe.
While some stakeholders including governments maintained that EC was already taking place, other governments indicated that EC according to paragraphs 69 to 71 of the TA was yet to begin. The consultation on EC in 2012 led to the convening of the first Working Group on Enhanced Cooperation by a resolution of the UN General Assembly (GA) (paragraph 20-21) asking the Chair of CSTD to establish the WG which convened between 2013 and 2014.
Composed of 22-nation representatives according to UN representation process and 5 representatives each from business, civil society, academic and technical communities; and International organizations with previous hosts of IGFs; the WG could not agree to produce a consensus report due to just one controversial issue - how governments on an equal footing can make decisions on international public policy matters pertaining to the Internet viz-a-viz CIRs. Based on the work of a correspondence group, the WG produced evidence that EC has increasingly been on-going among governments and other stakeholders.
On the strength of increasing evidence of cooperation on International public policies issues pertaining to the Internet, the GA by a resolution in 2015 asked the Chair of CSTD to once again convene another WGEC with the hope of finding a consensus position on the intractable Tunis Agenda outcome.
By the time the WG was to meet in September 30, 2016, the United States Government (USG) had wisely in 2014 announced and begun a process to relinquish its unique oversight function on the Internet. USG said it was in continuation of a planned process begun in 1998 that saw to the creation of the Internet Corporation for Assigned Names and Numbers (ICANN), a private sector-led US registered company not-for-profit organisation focused on serving global public interest in ensuring a stable, secure and resilient Internet. The USG through its agency, the National Telecommunication and Information Administration (NTIA) of the Commerce Department as part of its condition to the global Internet community indicated that it would not subscribe to any government led replacement to its oversight role.
ICANN based on the mandate given by NTIA led the world to produce an acceptable proposal to NTIA that convinced the USG to abandon its oversight function on the Internet on October 1, 2016. This event was like a miracle because a young US Official once told me in Geneva that “ I don’ t see USG relinquish this role in my life-time.”
USG relinquished its oversight function on the Internet but yet some governments still wanted paragraph 71 implemented to the letter. Most private sector (business, civil society,academic and technical community) and Western Countries including Japan posited that nations can exercise their public policy sovereignty within their borders but not on International Internet public policy issues (IIPPI). But come to think of it, what is wrong if governments on an equal footing have a mechanism to discuss IIPPI? Nothing is really wrong and that was why I proposed for adoption at the WGEC2.0 for the CSTD to continue to provide the platform for governments to discuss IIPPI with full participation of other stakeholders since the CSTD already has in its mandate the responsibility to discuss and make recommendation on public policy issues to the GA through the Economic and Social Council (ECOSOC).
This was to be the consensus agreement as many Western countries that hitherto objected to the idea later embraced it in the spirit of compromise. Unfortunately, a handful of countries (e.g. Saudi Arabia) opposed the idea insisting the only idea they supported was the creation of a new Institutional mechanism in the likes of ITU or UNESCO to handle IIPPI. A vast majority did not support the creation of new Institutional mechanism because: 1. the nature of the Internet (which is distributive) does not concentrate control on one entity and 2. it would be expensive considering cost cutting measures within governments across the world not least the United Nations itself.
WGEC2.0 met eight times for 3 days each in Geneva over a 2-year period (2016-2018) under the distinguished chairmanship of Ambassador Benedicto Fonseca of Brazil, who did from my perspective an outstanding job of co-ordination to the effect that even with high tensions many times and eventual failure of consensus recommendation, all participants remained cordial, hopeful and appreciative of his efforts. The CSTD Secretariat also worked tirelessly and impressively to support the work of the WG.
Nevertheless, the WG agreed on the characteristics of EC including transparency, inclusivity, collaboration, effectiveness, sustainability, responsiveness, peace etc but its failure to agree a position by consensus on paragraph 71 torpedoed many other positive conclusions of the WG.
Perhaps the next line of action is for the subject of EC to continue to be a subject line item on the schedule of the CSTD whenever its convenes its annual meeting. CSTD already has such mandate within its statute anyway.
For me, it has been a great learning experience and a privilege representing business and participating at the cutting edge of global Internet public policy debate as the first Africanbusiness person in two high profile UN Working Groups and on the same footing with states.
Jimson Olufuye is the CEO of Kontemporary Konsulting, Chair of Africa ICT Alliance, AfICTA
and one of the 5 global business representatives to WGEC 1.0 & 2.0.
Addressing the Risk Challenge of Internet of Things (IoTs)
By Dr Jimson Olufuye, Chair AfICTA @ IGF2017 Workshop on Internet of Things: Supportive Role of Smart Solutions in the Decision Making Process.
19/12/2017
Introduction
As there are already about 12 billion Internet of Things (IoT) devices connected today, it is projected that by 2020 the figure would rise to more than 35billion. Access to the Internet has made living conditions better over time, and as such, decision makers have continued to rely on IoT devices and smart solutions to enhance decision making process in the area of health management, transportation, communication, security management, home management, office management, sustainable development, governance, accounting. Payments, auditing etc. Critical to IoTs benefit realization is the issue of the associated security risks which if not properly address could cause the loss of private data, assets, money, reputation, business and even life.
The case for Addressing the Risk Challenge of IoT
Many high level distributed denial of service (DDoS) attack witnessed in recent times have prompted strong focus on the security of IoT devices. In the attack on Dyn, over 1million devices were involved for which 96% were IoT devices. The devices were compromised and turned into thingbots. Thingbots are botnets of infected IoT devices that can be used to launch attacks.
The US Food and Drug Administration issued safety advice for cardiac devices over hacking threat, and St. Jude Children’s Research Hospital patched vulnerability medical IoT devices. Also, hackers demonstrated a wireless attack on the Tesla Model S automobile. Researchers hacked Vizio Smart TVs to access a home network.
Therefore, there is need to resolve to address IoT device security at various levels - hardware and software, government and enterprise, consumers and services. Indeed, the primary issue is with IoT hardware, which is manufactured without any form of regulation. Regulation is seriously required in this regard. The retail industry has been the leading adopter of IoTs technology because it connects directly to numerous customer base, unlike the health care sector, which does not have benefits that are transparent immediately to the end user and has higher risk.
Again, the need for IoT security cannot be overemphasized when we consider many cases of missed security opportunities occurring during IoT installation and post-installation configuration. You find for example many devices being installed and left unhardened with default user ID and passwords which are well known in the industry. So, IoT security needs to be implemented holistically and it requires understanding of IoT Ecosystem, standards, frameworks and regulatory proposals that have developed recently.
IoTs Ecosystem
The IoT ecosystem is underpinned by information security consideration over cloud computing and analytics process environment. It encapsulate the hardware manufacture stage (Chip & device) with embedded firmware (software), connectivity (communication), platform and integration (service).
IoT Standard and Framework Development
One of the positive outcomes of the Dyn DDoS attack was the US Department of Homeland Security (DHS) release, in 2016, of principles and guidelines for securing the IoT. These guidelines are not legally mandatory, but are definitely a sign of a good start towards IoTs device security.
Some of these guidelines though known to most security professionals are:
The Industrial Internet Consortium primarily comprised of IoT – related enterprises, rolled out the Industrial Internet Security Framework (IISF) which outlines best practices to assist developers and end users with gauging IoTs risks and possibly defending against the risks.
Also, the nonprofit Internet of Things Security Foundation (IoTSF) supports all IoT manufacturers, vendors and end users to help secure IoT devices. Notwithstanding, the best countermeasure to combat the hardware vulnerabilities is to regulate the process of manufacturing an IoT device so that manufacturers of IoT devices can be accountable for not adhering to the appropriate IoT regulatory standards, industrial standard and /or guidelines.
Conclusion
Decision makers are increasingly becoming more reliant on IoTs to enhance decision making processes. This is good as optimum decisions are always made when all necessary data and information are available. However, the challenge of risk to IoTs is high at this point at the hardware and software (firmware) levels thereby necessitating calls for regulation and for enterprises to take holistic security measures based on existing IoT devices and the future ones to be deployed.
Download the pdf format here
The 5 global Business reps in UN CSTD Working Group on Enhanced Cooperation on International Public Policy issues pertaining to the Internet @ the Final Meeting of the Group.
