Bridging the policy and technical communities on international cybersecurity discussions

By on 25 Nov 2019

Category: Community

Tags: , , ,

Blog home

The second workshop at the 2017 IGF.

In the last four years, APNIC has collaborated with a team of prominent academics to co-organize a series of workshops at the Internet Governance Forum (IGF), with the aim of bringing the policy and technical communities a step closer to a better understanding of their respective challenges, fears and motivations. These discussions have primarily centred on the concept of cybernorms, a well-tread topic in policy circles, but a newer space of engagement for much of the technical community.

The first collaboration was in 2016, with a workshop named: ‘NetGov, please meet Cybernorms. Opening the debate.’ The driver of this first workshop was to bridge the growing gap between the policy work around this concept and the technical reality of operational networks. While there is always a challenge to overcome differences in perspectives and language, the core concept of norms is in fact quite familiar to the technical community, with efforts such as Mutually Agreed Norms for Routing Security (MANRS) and the tenet of ‘rough consensus and running code’.

With good representation from government, civil society and technical community participants, the initial workshop brought attention to the ‘cybernorms’ processes, particularly in the United Nations (UN), an important starting point to encourage more informed engagement from the Internet governance and the technical communities for better policymaking.

The second collaboration was a workshop at the IGF in 2017, ‘International Cooperation Between CERTS: Technical Diplomacy for Cybersecurity‘. Focusing on the incident response community, this workshop built on the recognition that even well-intentioned policy discussions made in a vacuum can impact the operation of organizations working on, in, and for the Internet. Building on work already taking place in communities such as the Forum for Incident Response and Security Teams (FIRST) to leverage the wealth of expertise and experience of incident responders, there was important recognition of the growing convergence of the different working areas, with the workshop report finding:

“The idea behind these norms is to protect the work CERTs are doing and to prevent them from being instrumentalized by the governments. However, there is little awareness of the UNGGE normative process within the CERT community or if there are any efforts underway in the implementation of those norms. “

The third collaboration occurred at the IGF in 2018, with a roundtable entitled: ‘Whois Collected, Disclosed and Protected: CERTs Viewpoint‘. This session talked about the importance of CERTs’ continued access to whois data, with proper balancing of renewed privacy considerations — such as the GDPR. The unintended consequences of legislation such as GDPR on the operational effectiveness of incident response teams was a timely example of how technical operations on the Internet cannot be isolated from these broader policy efforts.

We are up to our fourth collaboration at the 2019 IGF in Berlin, with a workshop named ‘Usual Suspects: Questioning the Cybernorm-making Boundaries‘. This will likely be the time the IGF community will rally around the notion that cybernorms (their development and their implementation) can be seen as an Internet governance challenge. As new norms have been agreed upon outside the UN, such as the GCSC efforts, new processes have also begun at the UN, such as the OEWG. It makes sense to encourage a constructive dialogue between the policy and the technical communities to discuss operationalization of norms.

Acknowledgement: APNIC’s collaboration at the IGF over the last four years, has been with Madeline Carr, Prof. Duncan Hollis and Louise Marie Hurel. We are thankful for their resolute commitment in bridging the technical and policy communities together and fostering constructive dialogues.

Rate this article

The views expressed by the authors of this blog are their own and do not necessarily reflect the views of APNIC. Please note a Code of Conduct applies to this blog.

Leave a Reply

Your email address will not be published. Required fields are marked *