European Dialogue on Internet Governance (EuroDIG) 2022 took place in Trieste Italy from 20 – 22 June 2022. The three-day event serves as the European platform for discussion and exchange of ideas on emerging issues and challenges concerning the Internet, organized around major themes such as Access & Literacy; Media and Content; Security and Crime; Human Rights; Innovation, and Economic issues.
This hybrid event was well attended both through the online platform and in person. The results of all the sessions will be summarized and presented at the 2022 global UN Internet Governance Forum (IGF) to be held in Addis Ababa, Ethiopia from 28 November to 2 December 2022.
Reality Check – Do We Implement Effective Regulations and Set the Right Standards to Solve the Problems of the Future?
IEEE organized two workshops at this year’s EuroDIG focusing on the value of a collaborative standards development approach so that strong safeguards exist where there are risks to security and the fundamental rights of people in Europe:
- Workshop: How Can Collaborative Standards Development Support the European Cybersecurity Agenda?
- Workshop: How to Enable Rapid Cybersecurity Standards Implementation for Impact?
International standards are developed to build resilience to cyber threats and to deliver implementation benefits for citizens and businesses no matter where they are located. The key is to help identify and implement trustworthy digital technologies.
This aligns with three areas the EU identified for action:
- Resilience, technological sovereignty, and leadership,
- Building operational capacity to prevent, deter and respond, and
- Advancing a global and open cyberspace through increased cooperation.
The first workshop was a panel discussion on collaborative standards development moderated by Vladimir Radunovic, Director, E-diplomacy and Cybersecurity Programmes, DiploFoundation. panel members included: Jari Arkko, Internet Ericsson Research and IETF Architecture Board (IAB); Sławomir Górniak, Senior Cybersecurity Expert, European Union Agency for Cybersecurity (ENISA); Thorsten Katzmann, Cybersecurity Standardization, IBM; David Tayouri, Chair, IEEE SA Cybersecurity for Agile Cloud Computing Industry Connections program; and ELTA Systems, Israel Aerospace Industries (IAI).
Tayouri said that when it comes to security, regulations are a must. People are not always aware of cyber risks. Even if subject matter experts are aware of the risks, they will have a hard time to find cyber experts for mitigating the risks. So they trust service providers. The role of the regulator is to make sure that this trust is covered by the required policies and products, and this can be achieved with standards.
“For instance, with IoT, people are less concerned with the risks, and suppliers prefer to invest in functional, aesthetical, and commercial aspects,” Tayouri commented. “Therefore, there should be cybersecurity standards that regulators will enforce, as they enforce safety, for example, in transportation or baby products.”
“It would be better for Europe and globally to have one standard for each subject. This would be more efficient (less resources), clearer (no confusion which standard to use), and most importantly this would enable securing the supply chains, which often involve many different countries around the world.”
– David Tayouri, Chair, IEEE SA Cybersecurity for Agile Cloud Computing Industry Connections Program
The workshop explored how collaborative standards development and its outputs can help support the European Cybersecurity Strategy and how standards strengthen linkages between European cyber policy and non-government sectors.
The second workshop that IEEE facilitated looked at how implementation of cybersecurity standards help improve the security of IT systems, networks and critical infrastructures. The standards typically define both functional and assurance requirements within a product, system, process or technology environment, and well-developed cybersecurity standards help enable consistency among product developers and serve as a reliable metric for purchasing security products.
Riccardo Nanni, Fondazione Bruno Kessler moderated the panel. Panelists include: Chiara Giovannini, Deputy Secretary-General, Senior Manager Policy & Innovation, ANEC; Alex Leadbeater, BT and TC Cyber Chair, ETSI; and Esteve Sanz, Head of Sector, Internet Governance and Multi-stakeholder Dialogue, European Commission.
The workshop discussed the importance of not only the need for collaborative standards development but the critical requirement to have standards implemented to ensure products and services are certified against the standard for consumers at a national and international level. In this complicated landscape, along with increasing cybersecurity challenges and complex set of regulations, there is a need to follow through with implementation by industry, governments, and consumers when a standard is developed.
Author: Karen Mulberry, Senior Manager of Public Affairs, IEEE SA
