About this blog…

I am employed by Netnod as head of research and development and am among other things chair of the Security and Stability Advisory Committee at ICANN and very active in the UN multistakeholder process IGF (Internet Governance Forum). You can find CV and photos of me at this page.

As I wear so many hats, I find it being necessary to somewhere express my personal view on things. This is the location where that happens. Postings on this blog, or at Facebook, Twitter etc, falls under this policy.

The views expressed on this post are mine and do not necessarily reflect the views of Netnod or any other of the organisations I have connections to.

"Just give me the money"

A blog post at The Internet Governance Project is complaining that a panel where I was a speaker had too low level of content, and no new data. The article is written in such a way that one clearly view that the author think that is a bad thing. (I am by the way the person that the article say is the representative from Cisco.)

I completely agree that the level of the content of this panel was old stuff that for people that work with security issues is nothing new. But where I definitely do not agree with is the tone of the article that is such that if that is a bad thing, or a failure, or something.

My apologies if this is a misunderstanding.

Now, the IGF is, as the article point out, a multistakeholder process. But not only that but also a process that builds on the concept of, or towards, enhanced cooperation. The intention is definitely not to be a conference where for each topic there is deep future looking, topic specific, discussions for each area (where cyber crime and cyber security is one such area), but instead a meeting that is looking back in time. An exchange of experiences, capacity building, that brings people not familiar with the topics up to speed on what is happening.

That panel was not the only one that had pretty low value for the people that know the topic. The discussions today on IPv4 and IPv6 was not really a hit either. It could as well have been held in 2001, or even in the previous millenium. It was even the case that at the line by the microphone I saw the same people I have seen by the microphone discussing this topic for ten (10) years. Same people, same topics, but still people where obviously surprised by what was said.

The daily job I do include helping CERTs start up, and help Governments and others not working with Security issues understand what they should do, and this is exactly what the IGF is about to a large degree. Having people understanding the topic(s), having people both the old timers and the newcomers discuss every part of the issue. For topic specialists absolutely once again.

From my initial statement you can see that I try to make a few important points that is not something new, but definitely something I still have to point out. For example:

  • You can not force a party to trust someone else
  • Building trust is a bottom up process
  • There will always be multiple fora and mechanisms where security is handled, managed and discussed, and everything exists in a eco-system

    Building on principles like these, it is possible of course to be more forward looking like the report[pdf] the article point at. But that discussion is up to much much more topic specific discussions. Not at the IGF. The IGF is not to replace and specifically not compete with topic specific conferences like the meetings of the Regional Registries (RIPE for example — and do not mix up RIPE with RIPE NCC with the Policy Development Process within RIPE, three different things), or equivalent where security issues are discussed.

  • Comments are closed.