Documentary coverage of IGF-USA by the Imagining the Internet Center

Archive for the ‘IGF-USA 2010’ Category

Closing remarks from IGF-USA 2010 cover improvements, invitation to IGF in Vilnius

leave a comment »

Brief description:

Marilyn Cade, head of the IGF-USA 2010 Steering Committee and president of ICT Strategies, leads the final plenary discussion.

Marilyn Cade, chair of the IGF-USA Steering Committee, led a closing discussion that also included remarks from Markus Kummer, executive administrator for the global IGF Secretariat; Larry Strickling, assistant secretary of the National Telecommunications and Information Administration (NTIA), which is part of the U.S. Department of Commerce; and Deimante Bartkiene, a representative of the Lithuanian Embassy, invited IGF-USA attendees to the global IGF, taking place in Vilnius, Lithuania, Sept. 14-17.

Details of the session:

Marilyn Cade, president of ICT Strategies, asked the gathered audience during the closing session of IGF-USA 2010 to suggest at least five ways the IGF process can be improved in the future. She received more input than that. Here are a few of the ideas:

  • The “users reign” scenario isn’t based in reality right now. The only way the scenario can come to fruition is if the people involved in global IGF efforts help design it and make it work.
  • People should not demonize innovative companies that make mistakes. When companies take risks, let them fail, call them out but don’t overreact or issue calls for new laws to stop an experiment from ever happening again.
  • The people involved with IGF should embrace transparency, inclusion and collaboration. Inclusion, in particular, means reaching out to parties that don’t show up to participate in opportunities like IGF-USA. The IGF effort should increase awareness, extend more outreach and have broader information available to people.
  • The organizers of IGF should extend participation, particularly remote participation (ability to “attend” virtually, online), to the conferences.
  • The Internet is inherently not like real life, and the more we try to make it like real life, the less appealing it will be to users. The people participating in the discussions at IGF should to keep this sentiment in mind going forward.
  • The IGF organizers should more clearly articulate the roles of the different Internet stakeholders and organizations, define and implement a funding model for IG and enact some form of output for the IGF itself.
  • The IGF should have more voices from emerging markets and the private sector at the table.
  • A final piece of advice: Make sure what the people involved in IGF ask for is going to gain the best result. Don’t change the mandate, just renew.

(From Left: Deimante Bartkiene, Markus Kummer, Larry Strickling) Panelists wrap up the IGF-USA 2010 conference with closing remarks.

Strickling said in his closing remarks that the U.S. government is committed to the continuation of the IGF in its current form. He said allowing a multistakeholder discussion will only enhance the accessibility of the Internet.

“Internet stakeholders across the globe are committed to this type of forum,” he said. “We want to make sure IGF is not just about dialogue. We need to make sure lessons learned from these discussions are put into action. I don’t imagine I am alone in thinking that open dialogue in IGF is an ideal way to enhance trust in these stakeholders.

“Changes that place one group above another in IGF would ultimately undermine this model.”

Kummer closed by saying that the IGF mandate will be up for a vote in the United Nations’ General Assembly later this year, and he added that the general assembly should almost certainly vote to extend the IGF mandate. But he’s concerned about what kind of changes might be suggested.

“Now we will have to find synthesis between two tendencies: the Internet will stay with us and nation-states will stay with us,” Kummer said. “We see the IGF as a synthesis between these two tendencies.

“I hope they will not do much tweaking moving on. All of you can have a role to play in this by reaching out, talking to governments.”

Click here to go to the main site used by

the organizers of IGF-USA: http://www.igf-usa.us/

-Colin Donohue, http://imaginingtheinternet.org

Advertisements

McLaughlin: Transparency, openness of Internet important to promotion of democracy

with one comment

Andrew McLaughlin, Deputy Chief Technology Officer of Internet Policy for the White House, spoke about the importance of the openness of the Internet in a solid democracy.

Brief description:

Andrew McLaughlin, deputy chief technology officer for Internet policy at the White House, worked as a top policy expert for Google before joining the administration of President Barack Obama. McLaughlin talked about transparency and democracy in his keynote.

Details of the session:

U.S. government leaders believe that a wide-open Internet promotes growth, innovation and democracy, according to Andrew McLaughlin, the deputy chief technology officer of Internet policy for the White House. He talked about openness, transparency, innovation and democracy during his closing remarks at the IGF-USA conference July 21 at the Georgetown Law Center in Washington, D.C.

He said President Barack Obama and the leaders of the federal government want to keep the Internet transparent and decentralized because they believe openness spurs creativity and discussion online.

“We’ve been trying to advance those policies,” McLaughlin said. “Openness is a normative value, which is to say a good in and of itself, but also an important network value. It helps everyone connected to the network understand what’s going on in the network.”

McLaughlin drew a strong distinction between the regulatory model developed for telephone services and the policies being established for the Internet, warning that the latter communications entity is definitely not simply a successor to the former. He said the public-switched telephone network was a closed system that was centralized, tightly controlled based on proprietary technologies and vertically integrated.

In contrast, he said, the Internet is an open, decentralized network that’s built around layers where power really rests in the edge of network, rather than its core. McLaughlin said the government needs to find a way to take advantage of this “ever more cheaper, ever more powerful technology” to help promote transparency.

“Transparency can be loosey-goosey term,” he said. “It can be related to openness in one sense. (It also) means the thing you put in is same thing that comes out at the other end. I think transparency in the network needs to come with transparency in policy making.”

McLaughlin said the first memorandum President Obama signed on his first day of office centered on the transparency of government, and one clear example of governmental openness is the digitizing of the Federal Register.

“We took the Federal Register and started publishing it in XML format, and when we did this, within about 24 hours a group of people at Princeton threw up a simple online application that allows you to type in search terms, and you can get e-mail or an RSS feed that pops up in your inbox any time something is published in the Federal Register that you’re interested in,” McLaughlin said. “That’s great because it’s 70,000 pages a year. It’s inscrutable. Now it’s all freely available.”

So yes, the Internet inherently spurs innovation, creation, growth and global dialogues. But it can’t be a staid resource. McLaughlin said its continued positive evolution is integral to its future success.

“We all have an interest in keeping the Internet global,” McLaughlin said. “The Internet should be open, and the Internet should be decentralized. It is and should be treated as a layered stack.

“The Internet governance work we are doing needs to recognize that and treat each of those layers differently. The Internet needs to evolve. We need to be open to that kind evolution and not let the Internet be hardened into its current structure. It’s breathtaking that in my lifetime this communications network has opened possibilities, enabled change and presented encouraging new horizons for the culture and for the practice and performance of democracy.”

-Colin Donohue, http://imaginingtheinternet.org

IGF-USA 2010 Workshop- Best Practices Forum: Considerations on Youth Online Safety in an Always-Switched-On World

with one comment

Jennifer Hanley from Family Online Safety Institute and Stacie Rumecap from Stop Child Predators discuss the risks that young people face when using the Internet.

Brief description:

Danny Weitzner, associate administrator for the Office of Policy Analysis and Development in the U.S. Department of Commerce’s National Telecommunications and Information Administration, led this session. In June of 2010 a new report was provided to the U.S. Congress: “Youth Safety on a Living Internet.” Topics addressed in that report were covered in this session. They include: the risks young people face; the status of industry voluntary efforts; practices related to record retention; and the development of approaches and technologies to shield children from inappropriate content or experiences via the Internet.

Details of the session:

Braden Cox, policy counsel for the NetChoice Coalition, shared an anecdote: While driving to the IGF-USA 2010 conference he was listening to a traffic report. The reporter complained about his long commute from Fredericksburg, Md., to Washington, D.C., each morning. A traffic engineer then came on the air and explained that long commutes are often caused by people who choose the wrong routes.

“You know what?” Cox said. “D.C. traffic is a lot like the Internet. There are a lot of different options, people can become overwhelmed and it can be slow. But all it comes down to education.”

Education is something the panel and respondents in the “Best Practices Forum: Considerations on Youth Online Safety in an Always-Switched-On World” IGF-USA 2010 session discussed extensively.

Panelists included Cox; Jennifer Hanley of the Family Online Institute; Michael W. McKeehan, the executive director of Internet and technology policy at Verizon Wireless; and Stacie Rumenap from Stop Child Predators.

There to respond were Jane Coffin of the National Telecommunications and Information Administration; Morgan Little, a research associate with the Imagining the Internet Center; Bessie Pang, the executive director of the Society for the Policing of Cyberspace; and Adam Prom, an intern for the law firm of Akerman Senterfitt.

The session leader was Danny Weitzner, the associate administrator of the Office of Policy Analysis and Development at NTIA.

The 148-page report, “Youth Safety on a Living Internet” (available as a PDF download here: http://www.ntia.doc.gov/reports/2010/OSTWG_Final_Report_060410.pdf) was provided to the U.S. Congress in early June. Cox and McKeehan were part of the Online Safety and Technology Working Group that prepared the report. Cox said the findings indicate that while issues such as child predators and “sexting” are minor problems, the main worry online today in the United States is cyberbullying by peers.

Cox said the report includes four recommendations to fight this trend:

  • Avoid scare tactics. Instead, promote social norms and good etiquette on the Internet.
  • Promote digital citizenship, e-literacy and computer security in pre-kindergarten through 12th grade education.
  • Focus online safety programs on risk prevention, including interventions with high-risk youth.
  • Create a digital literacy core on Internet safety.

“The Internet is living,” Cox said. “And much like in everyday life, we operate without truly understanding the risks.”

Many lawmakers have tried to crack down on cyberbullying, Rumenap said. Forty-four states now have some sort of law about it. But she said most of the laws are ineffective.

“What’s the best way to prevent cyberbullying?” Rumenap asked. “Don’t be a teenage girl,” McKeehan responded. Rumenap said the majority of cyberbullying consists of teenage girls being teenage girls – gossiping and saying mean things to one another. “Criminalizing a 14-year-old for saying something mean probably isn’t the best result,” Rumenap said.

The panelists discussed attitudes online. The best method for cutting down on cyberbullying, the group affirmed, is education. “We have to inform minors about the permanence, about the implications and about what they are posting online,” Little said.

Hanley said that starts with teaching kids accountability. “We’re building a culture of responsibility,” she said. “We’re trying to move rights and responsibilities that we take for granted in the offline world to the online world. We have to make sure we’re teaching them new social norms.”

Participants in the discussion agreed that there is only so much public policy can do. “You can’t legislate cyberbullying away,” Prom said.

The opportunity for Internet education exists on every level, Little agreed. “It’s nothing that can come from the top down, it’s nothing that can come instantaneously, and I don’t think it can come from schools,” he said. “They’re stretched too thin as it is. It has to come from all around.”

The message is simple, McKeehan said. “The No. 1 recommendation: Teach your kid not to be a jerk online,” he said. “Don’t be a jerk in the real world, and don’t be one online either.”

While a lot of this education can start at home, it should be present everywhere in kids’ lives, especially when they are relating with their friends, Rumenap said.

“It’s a conversation,” she said. “It’s a conversation at home. It’s a conversation at school. It’s a conversation in after-school programs. And it needs to be a conversation with their peers. It needs to become a social norm.”

Sam Calvert, www.imaginingtheinternet.org

IGF-USA 2010 Workshop- The promise and challenges of cloud computing

with 2 comments

Daniel Castro, a Senior Analyst for ITIF, talks about the promises and challenges of cloud computing.

Brief description:

Cloud computing holds great promise for customers and entrepreneurs in the United States and around the world. It offers users – including governments and enterprises – the opportunity to pay only for the computing they use rather than maintaining all their computing needs and resources themselves. For innovators, the cloud offers a greatly reduced cost of entry into a market heretofore dominated by big players. However, there are policy challenges to be addressed. Fully realizing this potential requires unprecedented cooperation between industry, consumers and governments to ensure individual privacy and data security and ensure confidence in the remote storage of critical information. Not all are optimistic about the future of cloud computing because of the centralization of personal information, concentrated threats to security and the questions it raises about national sovereignty. This panel, moderated by Jonathan Zuck, president of the Association for Competitive Technology, explored opportunities and challenges of “the cloud.”

Details of the session:

There is a need for discussion about the opportunities and challenges of cloud computing in the public policy arena because of the popularity of platforms like Flickr, Facebook, fantasy sports leagues, Google and Amazon, according to panelists in a cloud computing workshop at the IGF-USA conference July 21 in Washington, D.C.

Panelists included:

  • John Morris, general counsel, Center for Democracy and Technology
  • Dan Castro, senior analyst, Information Technology and Innovation Foundation
  • Jack Suess, vice president of information technology, University of Maryland
  • Evan Burfield, chief executive officer, Synteractive
  • Marc Berejka, policy advisor, office of the secretary, U.S. Department of Commerce

Cloud computing offers users — including governments and enterprises — the opportunity to pay only for the computing they use rather than maintaining all their computing needs and resources themselves. This allows innovators to have increased access to the market at a reduced price, increasing competition in the market.

“There is a definite trend to using cloud computing,” Castro said. “There are much lower start-up costs because they don’t have to pay for the infrastructure. It gives you the ability to scale up or scale down. “

A common question is if data posted on cloud computing platforms is secure. The risks to data security and integrity rise with transnational cloud computing. Cloud users often do not know which law enforcement rules apply to their data.

“They don’t even know for sure where the data is; they don’t know exactly what country the data is in,” Morris said. “The challenges of being a cloud computing service provider and how to respond to law enforcement requests are very significant.”

If a cloud customer lives in the United States, but her data is stored on a server in another country, does that make her data more or less secure? Will the laws of the other country alter her rights regarding the actions she takes online?

“I think we will move to seeing risks to free speech on the Internet due to cloud computing,” Morris said. “I think that cloud computing could lead to repression.”

The panel also discussed issued tied to cloud computing and intellectual property.

“As we do move into the cloud there is a question about if we want to protect copyright protection,” Castro said. “Can service providers do a better job? We have a lot of intellectual property in the United States that we care about.”

Panelists noted that cloud computing presents completely new challenges in regard to cybersecurity, copyright protection and free flow of information on the Internet. “In the 1990s, during the version 1.0 era, the government philosophy on the Internet was ‘hands off,’” Berejka said. “We are now truly globally interconnected; it’s not a theory any more. Our philosophy is still to do no harm, but that might not necessarily translate into doing nothing.”

Higher education is one industry that has found a way to take advantage of cloud computing platforms. The outsourcing of student e-mail is becoming common, broadband and advanced networking are available to many more participants and vendor and government support for federations like InCommon is increasing.

“A lot of universities are coming together and thinking about community cloud services,” Suess said. “Higher education likes to collaborate with one another but one of the things that is holding the cloud back is stability. And trust is another question.”

Small businesses are also able to take advantage of cloud computing platforms. Burfield’s company, Synteractive, has 45 employees. He said they have no servers, conduct all their e-mail business in the cloud, use Skype for meetings and use Facebook for marketing. His company created recovery.gov for President Obama’s administration. They built the platform on an Amazon-provided server in about a week, creating the entire platform in the cloud.

“For a small business like ours it’s a great competitive advantage that never existed before,” Burfield said.

Panelists listen as Daniel Castro discusses his perspective on cloud computing.

Cloud computing is allowing small businesses to be competitive, but there are still limits to what cloud computing services can do.

“For the cloud computing revolution to really work for consumers we need for the industry to move to a world of robust data portability,” Morris said. “The real promise of cloud computing for consumers is innovation and competition. I hope that there is data portability so when a new service comes online I can take my data and try the new service.”

Rebecca Smith, www.imaginingtheinternet.org

IGF-USA 2010 Workshop- E-Crimes and Malicious Use in the DNS: Implications and Observations

with one comment

Panelists (From Left Dr. James Galvin, Bobbie Flaim, Garth Bruen) discuss e-Crimes and the malicious use in the DNS in a workshop format.

Brief description:

The online world and the Internet are continuing to expand at exponential rates. As more and more users and more applications move into the online world with the expansion of broadband and mobile, concerns about online crimes and malicious threats to the Internet and to users also grow. This workshop was established to examine the range and scope of online crimes and malicious use of the Domain Name System. For instance, scam artists host websites with false information or a phisher registers a domain intended to resemble a famous brand. Consumers and businesses can be victims of abuse, and legitimate service providers are seeing crime and fraud in the network. The use of DNS security (DNSSEC) is part of a mitigation strategy.

Details of the session:

Every time an individual pulls up a webpage or website, the Domain Name System is used.

Moderators and industry leaders met at an IGF-USA 2010 workshop titled E-Crimes and Malicious Use in the DNS: Implications and Observations.

Panelists participating in the discussion noted that malicious use and criminal behavior in the DNS is not acceptable, but they did not come up with any clear conclusions regarding new ways to better control these problems.

The moderator of the event was Jim Galvin, director of strategic relationships and technical standards for Afilias. Panelists included Garth Bruen, founder of KnujOn; Doug Isenberg, attorney at law with GigaLaw Firm; Shaundra Watson, counsel for international consumer protection at the Federal Trade Commission; John Berryhill, intellectual property lawyer; Bobbie Flaim, special agent with the FBI; Margie Milam, senior policy advisor for ICANN; and Matt Serlin, senior director of domain management at MarkMonitor.

The panelists agreed the abuse of the DNS is not a regional issue nor is it confined to a particular sector of the Internet. The crimes occur across multiple jurisdictions and affect a variety of individuals.

Some shared anecdotes about incidents where collaboration with other entities gave way to resolving a major DNS violation.

-Anna Johnson, http://www.imaginingtheinternet.org

IGF-USA 2010 Workshop – Web security will define the future of the Internet

leave a comment »

Panelists discuss the different options, perspectives and issues surrounding web security.

Brief description:

This panel, moderated by Robert Guerra of Freedom House, focused on critical Internet resources and how to ensure that the underlying principles that have led to the Internet’s success persist in the face of security challenges. These principles include openness (open standards, open technologies), accessibility transparency, bottom-up decision-making, cooperation and multi-stakeholder engagement. Key to implementing these principles is also a broadened understanding of the role of the infrastructure providers, such as global and national Internet services/connectivity providers who build and operate the backbones and edge networks. The panel was also expected to address some of the implications for the implementation of DNSSEC and IPv6 on a national basis that contribute to the security and resiliency of CIR on a global basis.

Details of the session:

The Internet’s success well into the future may be largely dependent on how it responds and reacts to increasing security challenges, according to panelists in a critical Internet resources workshop at the IGF-USA conference July 21 in Washington, D.C.

The Internet continues to evolve. It is also growing, as it becomes accessible to billions more people. The major challenge of our generation is to make the Internet more secure while continuing to promote openness, accessibility, transparency, bottom-up decision-making, cooperation and multistakeholder engagement. It is important that organizations continue to retain these values as much as possible as they react to cybersecurity and cybertrust issues.

Panelists at this workshop included:

  • Moderator Robert Guerra, Freedom House
  • Trent Adams, outreach specialist for the Internet Society
  • Matt Larson, vice president of DNS research for VeriSign
  • Steve Ryan, counsel to the American Registry for Internet Numbers
  • Patrick Jones, senior manager of continuity and risk management for ICANN
  • Jeff Brueggeman, vice president for public policy for AT&T

Panelists all expressed a desire to continue to engage in multifaceted talks because a single governmental entity is not the solution; it takes many people working together. As Brueggeman put it, there’s no “silver bullet” for the issue of Internet security.

“What we do on a day-to-day basis is ensure that those conversations take place,” Adams said. “The (critical Internet) resource is not a thing you can touch. You have this mesh of interconnected components that is the critical resource. You can’t pull one of those components out. Everyone must be around that table.”

So what’s the solution? The answer to that question is still a little unclear because Internet service providers and other organizations are often reactive to issues. Brueggeman said it’s time to embrace a forward-thinking approach.

“Things can get complicated when you’re reacting to an attack,” he said. “The best way to deal with these things is to try to think about them up front. How do we detect and prevent rather than react after the fact? How can we have more cooperative information sharing before attacks to try to prevent them and have the best information we can?”

Ryan stressed, though, that not all government is bad. He said citizens and organizations need to think “carefully about what the role of the government is.” But still, there should be a symbiotic relationship.

“There’s become a sense in government policy circles, including in the most sophisticated, that somehow (the Internet) runs on its own and you can’t break it,” he said. “I have news for you: You can break it. We look at government as something that has an increasingly important role because the Internet has an increasingly important role in economies.”

Ryan continued by saying non-governmental organizations have a responsibility to work with governments and to educate the people who work in them. He and the other panelists agreed that an international governmental organization wouldn’t work, though, unless core Internet values are embraced and upheld. They said a set-up that would allow countries around the world to vote on how the Internet is governed would not be a favorable solution.

“Until we get it right,” Ryan said, “I think we’re muddling along rather well.”

Panelists weigh in on the debate surrounding web security.

DNS issues and DNSSEC

Larson spoke specifically about the security of the Domain Name System because he views the DNS as an absolutely critical Internet resource. “If you don’t have the DNS, you don’t have the Internet,” he noted. He said users can’t truly trust the DNS, though, which is a bit disconcerting because of its necessity.

He supports DNSSEC—Domain Name System Security Extensions—which give users digital signatures (origin authentication) and data integrity. “Once you have that, you can validate data and have a higher level of confidence that the data you’re getting back is valid,” Larson said.

(You can read more about DNSSEC here: http://en.wikipedia.org/wiki/Dnssec.)

He also said that DNSSEC makes DNS more trustworthy and critical to users as more applications—not just host names—depend on it. “We’re going to look back and realize it enabled a whole new class of applications to put information in the DNS,” Larson said. “Now you can trust the information coming out of the DNS.”

Going from IPv4 to a combination with IPv6

Ryan emphasized the importance of Internet Protocol version 6, IPv6, a new Internet layer protocol for packet switching that will allow a “gazillion numbers” vastly expanding the address space online. There is a rapidly decreasing pool of numbers left under IPv4. Ryan said the increased flexibility of IPv6 will allow for the continued growth of the Internet, but it won’t be a free-for-all.

“The numbers we have issued are not property,” he said. “We have a legal theory that’s embodied in every contract we’ve issued. They belong to community. If you’re not using them, you have to give them back. They are in essence an intangible, non-property interest, so over the next couple of years there will be some very interesting legal issues.”

ICANN in action

Jones said ICANN, which recently passed its 10-year milestone, has continued to work collaboratively with the community to take on major initiatives, such as the introduction of internationalized domain names in the root.

“We have taken requests from countries for internationalized country codes and approved 15,” Jones said.

“There’s a huge development in those regions of the world where you can now have domain names and an Internet that reflects their own languages and scripts. That will have an impact as discussion around critical Internet resources continues, especially in the IGF space.”

Physical critical resources

Brueggeman said AT&T has a broader perspective of critical Internet resources because the company is responsible for carrying Web traffic and for the underlying infrastructure, not just involved in issues tied to the DNS. He said the transition to IPv6 is daunting because it’s not backward-compatible. His main challenge has been in outreach efforts to customers.

“We have to deal with a lot of traffic that’s generated as we’re making changes to DNSSEC and IPv6,” he said. “In some cases, you might create some new security concerns, but overall both are important essential transitions.”

Brueggeman emphasized that multistakeholder discussions will be important in the coming years.

“We really need all of the parties who have the direct stake at the table to be part of the solution,” he said. “We need to have the resources handled in a way that promotes openness and promotes interoperability. There’s a huge policy risk of not managing these resources in a multistakeholder way.”

-by Colin Donohue, http://imaginingtheinternet.org

IGF-USA 2010 Workshop- A national framework for cybersecurity: The U.S. approach and implications

leave a comment »

Moderator Audrey Plonk, a Global Security and Internet Policy Specialist for Intel Corporation, opened the workshop with comments addressing the multi-faceted issue of Cyber security.

Brief description:

Cybersecurity is a multifaceted issue that requires attention to various strategic and operational efforts to make progress. Five overarching areas for focus are 1) development of a national strategy; 2) collaboration between government and industry; 3) cybercrime; 4) incident response; and 5) building a culture of cybersecurity/awareness. This session was scheduled to explore how the U.S. is addressing each of these, where there are opportunities for improvement and obstacles to progress, where the U.S. needs to work with international partners, and how cybersecurity contributes to Internet governance globally. Session moderators were Liesyl Franz, vice president for information security and global public policy at TechAmerica, and Audrey Plonk, global security and Internet policy specialist at Intel Corporation.

Details of the session:

Panelists and moderators discussed cybersecurity at one of the first morning workshops at the 2010 Internet Governance Forum-USA at Georgetown University Law Center. Co-moderator Liesyl Franz introduced the workshop and set the scene by presenting the session’s five overarching areas of focus, including national strategy, collaboration between government and industry to foster cybersecurity, combating cybercrime, incident response and building a culture of cybersecurity and awareness.

Developing a national strategy

The United States’ national strategy for cybersecurity has constantly evolved over the past 15 years. In the 1990s, the Critical Infrastructure Protection Board was created to address issues tied to cybersecurity. A few years later the United States created the Department of Homeland Security. These organizations worked to create the National Strategy to Secure Cyberspace, which was put into place in 2003.

“We’ve moved even beyond the 2003 strategy towards a more comprehensive strategy that is really trying to encompass all the departments and agencies in the United States federal government and deal with the international aspects,” said co-moderator Audrey Plonk, global security and Internet policy specialist at Intel Corporation. “Having a high level of strategy is very important.”

The Obama administration conducted a “clean-slate” review to assess U.S. policy, strategy and standards regarding security and operations in cyberspace in the summer of 2009. That report, aimed at addressing economic, national security, public safety and privacy interests can be found here: http://www.whitehouse.gov/assets/documents/Cyberspace_Policy_Review_final.pdf

Collaboration between government and industry

The panelists noted that a national strategy is dependent on the collaboration of many people, including industry bodies and government agencies.

Cheri McGuire, director for critical infrastructure and cybersecurity at Microsoft and chair of the Information Technology Sector Coordinating Council, said that the public/private partnership relies on several key principles.

“One principle is trust,” McGuire said. “There is a long history of lack of trust between industry and government. This adds a unique factor to when government invited industry to the table to work collaboratively on cybersecurity issues.”

She noted that many public and private partnerships from the past can be used as a lesson on how to conduct successful partnerships today. “There is no one right model, there is no one right way to do this,” McGuire said. “There are a lot of lessons learned – that the many of us who are involved in the public and private debate have learned – that can be used to create the framework for these partnerships.”

The IT-SCC was established in 2006 to encourage cooperation between tech industry entities in addressing infrastructure protection, response and recovery. To read more, see http://www.it-scc.org/.

Combating cybercrime

“Cybercrime runs the gamut of most of the bad things that humans do to each other,” said Don Codling, unit chief at the Federal Bureau of Investigation. “Think of everything from slavery, to human trafficking, to embezzlement, to fraud. You can even hire a hit man online.”

Codling said the domestic approach of the FBI regarding cybercrime almost instantly turns into a global effort. Due to the nature of the Internet, how records are stored and how financial transactions are performed, almost all major crimes become global instantly.

“We are members of the global community,” Codling said. “The global law enforcement community has coalesced rapidly and said we have similar problems. We need to work together.”

To read more about the FBI’s cyber mission, see: http://www.fbi.gov/cyberinvest/cyberhome.htm. For background from the U.S. Justice Department on international aspects of computer crime, see this page: http://www.justice.gov/criminal/cybercrime/intl.html

Incident response seen as vital

Scott Algeier, executive director of the IT Information Sharing and Analysis Center, said it is important for there to be open communication in order for people to share their expertise. He noted that when industry partners share information people are able to analyze the different trends that many different companies are experiencing.

“By sharing information, we give each other a larger capability,” Algeier said. “We are able to say ‘this is a neat trend we are seeing,’ and analyze all of the information that we are receiving.”

Computer emergency readiness teams work to assess attacks and vulnerabilities. The US-CERT site is http://www.justice.gov/criminal/cybercrime/intl.html.

Building a culture of cybersecurity and awareness

Franz said the five overarching elements covered in the session are all dependent on each other.

“I don’t want to focus on five elements and that they each do their own thing,” Franz said. “But instead emphasize that it is important to collaborate between these elements.”

“Cybersecurity means preserving this open, free Internet that we have learned to value so much,” said Greg Nojeim, senior counsel and director at the Project on Freedom, Security and Technology of the Center for Democracy and Technology (http://www.cdt.org/about). “We are only just beginning to realize what it would be like if it was all taken away. Security allows you to use the Internet freely.”

Nojeim said correctly balancing the needs for security and privacy online is important. He added that an increase in transparency could make people really understand the need for security.

“A lot of the cybersecurity efforts necessarily have to take place behind the scenes, but I think that openness is one key to a successful program,” Nojeim said. “It builds trust, it helps companies know what happens to the information that they share.”

All panelists agreed that there will never be a time where there is no cybercrime.

“I don’t think there is a perfect system – what we have to find is what is reasonable security and the proper balance between privacy and freedom of speech and safety and cybersecurity,” said Adam Palmer, Norton lead cybersecurity advisor for Symantec Corporation, a security systems company.

-Rebecca Smith, http://www.imaginingtheinternet.org