You are on page 1of 5

!!!!!!!!

!
!

!
!
!
!
!
!
!
!
!
!
!

IGF Workshop 28 Report: Priorities For


The Long-Term Stability of The Internet

!
!
!
!
!
!
!
!
!
!
!
!
!
!

Bill Graham
Strategic Global Engagement
October 2010
!
!
!

Internet Society Galerie Jean-Malbuisson, 15 Tel: +41 22 807 1444 1775 Wiehle Ave. Tel: +1 703 439 2120
CH-1204 Geneva Fax: +41 22 807 1445 Suite 201 Fax: +1 703 326 9881
Switzerland http://www.isoc.org Reston, VA 20190, USA Email: info@isoc.org
!
!
INTERNET GOVERNANCE FORUM 2010
VILNIUS, LITHUANIA
14-17 SEPTEMBER 2010

WORKSHOP 28:
PRIORITIES FOR THE LONG-TERM STABILITY OF THE INTERNET

ORGANIZERS: The European Commission, Internet Society, Government


of the Netherlands, Communications Regulatory Authority of the Republic
of Lithuania (RRT) and Tama University

SPEAKERS:
Session 1: Hillar Aarelaid (Chief Security Officer, Estonia CERT); Danny
McPherson (Vice President, Network Security Research, at VeriSign Labs.);
Alain Aina (Special Projects Manager, AFRInic Network Engineer,); Ram Mohan
(Executive Vice President, & Chief Technology Officer of Afilias Limited); Raul
Echeberria (Executive Director LACNIC); Theresa Swinehart (Executive Director,
Global Internet Policy, Verizon); Max Senges (Policy Team, Google Germany);
Paul Vixie (President of Internet Systems Consortium and ARIN Board Chairman)

Session 2: Rytis Rainys(Head of Network and Information Security


Division,RRT, Lithuania); Natalija Gelvanovska (Head of Network and Access
Division, RRT, Lithuania)

Session 3: Avri Doria (Professor at Luleå University of Technology); Izumi Aizu


(Professor and Senior Research Fellow at the Institute for InfoSocinomics, Tama
University ); Andrzej Bartosiewicz (CEO of YonConsulting.com, )

REPORT:
The workshop was opened by Ms Neelie Kroes, who stressed how the stability of
the Internet is a multi-faceted topic that concerns users all over the world.
Although the Internet has proven to be fairly robust and resilient so far, this does
not mean that there is no necessity to continue addressing threats. Therefore, it
is important to know who does what and where more work would be needed.
Last, not least, Ms Kroes "reassured" the audience that in the view of the
Commission the private sector, not public authorities, should continue to play the
leading role in day-to-day operations of the Internet, in full respect of the multi-
stakeholder approach. However, given the importance of the Internet for societies
at large, public authorities have an interest – and a responsibility – to understand
what is done and what could be done to ensure the stability and resilience of the
Internet. This is the spirit of the discussion on principles for Internet resilience
and stability which Member States of the European Union are already
conducting, with the Commission providing a facilitating role.

! "!
The workshop revealed three areas where attention is needed to improve global
confidence in the ongoing stability of the Internet.

There are a range of technical threats. Speakers identified:


1. Malicious acts – bad people doing bad things; e.g., malware, botnets, DDOS
attacks, route hijacks, middlebox cache poisoning, etc..
2. Implementation issues - new protocols and new services are being created
and introduced almost daily that need to be integrated into the Internet in a
consistent way in order for them to work well together and across the
networks that make up the Internet. If that is not achieved because of lack of
expertise, or because some networks don't keep up, problems can develop.
In that way, protocols and services intended to be improvements or to deal
with threats can themselves become threats to stability.
3. Issues of interdependence – the international nature of the Internet means
that no country can assure the stability of the Internet without the agreement
and cooperation [or collaboration] of its neighbours, or at least all the
stakeholders for which relative dependencies or fate is shared.
4. Issues of growth – the continuing explosion of Internet demand challenges
service providers of all types, and also highlights the need to improve some
characteristics of the Internet protocol itself (e.g., inability to verify authenticity
of IP source addresses; routing insecurities, etc.)

One speaker said that the main challenges for Internet stability will not come from
the technical area, but from the political and policy arenas. He said one cannot
speak about stability without speaking about integrity of the network. That
integrity is facing challenges such as possible fragmentation due to the loss of
the neutrality of the network, threats to the free end-to-end flow of information;
from over-regulation due to otherwise well-meaning efforts to solve problems like
cybercrime, infrastructure security vulnerabilities, etc.

Turning to threats in the realm of policy. Speakers identified the following:


1. The fact that Internet policy needs to be developed with knowledge of how the
technology works, and taking into account the needs of users.
2. There must be a multi-stakeholder approach to policy development
concerning the Internet, because of the Internetʼs globally distributed nature,
and as a consequence of the end-to-end model. Working in a multi-
stakeholder environment is unfamiliar to some accustomed to working in more
traditional environments, and needs to be learned.
3. There is no agreement yet on principles underlying Internet policy, and until
those can be developed, the resulting misunderstandings and conflict are
themselves a threat to stability.

! #!
Third, threats arise from the need to build skills:

1. In both developed and developing countries there is a need for education and
capacity building so that there are people who can deal comprehensively with
the new global policy environment, and the opportunities and challenges it
presents. Some organizations are already doing that, but considerably more
is necessary.
2. Similarly on the technical side, trained, experienced and capable people are
needed to address each type of threat identified above.
3. Finally, because of the nature of the Internet, there is a need for skills
development at the intersection between the technical and policy worlds.
Technical people need to think about possible social/policy implications of
their work; while policy people need to be able to understand the technical
constraints on their desired policy development. This is a relatively novel
requirement, and there are few institutions trying to address it so far.

In the second session, the Communications Regulatory Authority of the Republic


of Lithuania (RRT) presented their national experience with efforts to address the
need for Internet infrastructure resilience assessments in order to identify and
then monitor security and stability of national networks. Lithuania has five years
of experience preparing to have a knowledgeable national response to threats to
Internet stability. They spoke about the challenges for a small country to build
knowledge at a national and local level. Specifically, they described efforts to
identify common indicators to assess Internet resilience and to develop
mechanisms to collect the relative information. It is a priority for Lithuania to
understand the state of their infrastructure, which led them to undertake a
mapping exercise that showed a surprisingly large and interconnected web of
actors, which has proven to be useful. The work identified a lack of academic
capacity for researchers & studies and international co-operation between state
institutions performing similar assessments. This was emphasized as an area
needing further development.

The workshopʼs final session began a conversation about gaps that need to be
addressed, who is active in the field, and what else needs to be done. One
speaker noted that the technical community knew about many or all of the
vulnerabilities identified long before they were known to the policy people. And
even then, the policy side of the house only became aware when the nature of
the threat became critical. People from the policy and technical worlds need a
way to get together earlier, and in an environment where they can communicate
early and often. The Internet Governance Forum is a good start, but more is
needed.

! $!
Second, many of the solutions, and general facts of life in the network are
determined by business imperatives and the profit motive. For a public good like
the Internet, profit is not always the best motivator of the sorts of behavior
needed for stewardship. Some things, like the adoption of IPv6 and some steps
to increase security, donʼt have an obvious or immediate economic benefit; yet
they need to be implemented for the ongoing health of the Internet. Changes at
the infrastructure level, particularly at the IP Network layer, tend to be complex
and expensive and lack obvious direct incentive. A way must be found to get
beyond the current situation where, if there is no profit advantage – i.e no killer
app or financial incentive – the necessary steps won't be taken.

And third, in terms of finding a way to evolve the network (i.e., to go from a
wooden wheel, to iron rimmed wheel, to a rubber-tired wheel) there must be a
way to bridge the gap between the researchers, operational people and policy
people. That means we have to find a way to evolve both our understanding and
our systems in a multi-stakeholder way. The continuation of threats to the long-
term stability of the Internet also shows there are not sufficient monitoring and
analytical tools to deal with the challenges posed by the rapidly expanding
Internet, both from security and performance points of view.

Finally the results of an analysis of organizations involved in local, regional and


global technical and policy issues was presented. There was discussion about
where gaps exist and how they might be addressed. Specifically, the gaps that
need to be filled to deal with threats against stability are creating a mechanism
for global policy coordination on regular basis, as well as a mechanism for global
operation coordination. Both require a good degree of cooperation and
coordination among the various actors concerned. The word “global" is used
here to recognize that most actors in developing countries do not participate in
the existing mechanisms sufficiently, yet threats are generated and spread
globally, or are inherently systemic. While there was no appetite for creating new
organizations to fill these gaps, the problems were recognized.

People attending the workshop felt it would be useful to continue work with such
an analysis. There was also a call made for participants to elaborate some
principles that would be instrumental in ensuring vibrant (and stable) evolution of
the Internet, possibly in cooperation with the Dynamic Coalition on the Internet
Rights and Principles.

!
!

! %!

You might also like