Building Trust Deploy360 Internet of Things (IoT) Mutually Agreed Norms for Routing Security (MANRS)

ISOC Advocating IoT Trust at APAN 46

APAN 46 is being held on 5-9 August 2018 in Auckland, New Zealand, with the Internet Society being one of the sponsors. I’ll also be talking about IoT Security and the OTA IoT Trust Framework, as well as using the opportunity to continue to raise awareness of the MANRS Routing Security Initiative amongst network operators in the Asia-Pacific region.

The Asia Pacific Advanced Network (APAN) supports the research and education networks in the region to help them to connect to each other and to other R&E networks around the world, provides opportunities to exchange knowledge, and coordinates common activities, services and applications for its membership. It was established back in 1997, and this is the second of its two annual meetings for 2018.

I’ll be speaking during the Internet-of-Things session next Wednesday (8 August 2018 @ 09.00-10.30 UTC+12), and will discuss how IoT is responsible for huge growth in the number of unmanaged or minimally-managed devices connected to the Internet, but do we really know who or what is communicating with them, and the information they are collecting and sending? I’ll also present ISOC’s Online Trust Alliance’s initiative to develop the IoT Trust Framework which is backed by major industry players to promote best practices in the protection of user security, privacy, identity, data stewardship, and life cycle management.

KOREN, one of the Korean R&E networks, will also be talking about its SmartX Platform during the same session, which aims to provide an open, programmable, user-centric test environment for IoT application developers. Then KREONET, another Korean R&E network, will be presenting its ScienceLoRa service which offers a wireless IoT network for science applications based on LPWAN technology. Low-Power Wide-Area Networks (LPWAN) are designed to allow long range communications from remote devices (e.g. sensors) using a low bit rate to conserve limited battery power.

Other highlights of the conference include David Lassner (University of Hawaii) who will highlight some of the new fibre projects in the Pacific regions that are finally enabling R&E networking in some of the remotest global locations. Jamie Curtis (REANNZ) will follow-up on this theme by presenting about the recent completion of the Hawaiki Cable which is linking Australia, New Zealand, American Samoa and the USA

There’s also an interesting IoT-related talk by Gill Jolly (GNS Science) who’ll be discussing GeoNet which is a network of 600 instruments to monitor geological hazards (e.g. earthquakes and volcanoes) in New Zealand and Vanuatu. Takuji Kiura (NARO) and Royboon Rassameethes (HAII) will then round-off the conference by presenting how remote sensing, big data and AI are being used for improving agriculture processes.

For those interested in training, Sunday and Monday are largely devoted to this, including a TRANSITS-I workshop that introduces network incident and handing practices for CERT/CSIRTs, as well as a session on setting up DNSSEC.

The conference is being held at the Grand Millennium Hotel in the centre of Auckland, and more information can be found on the APAN 46 website.

Building Trust Improving Technical Security

Proposed APEC Cybersecurity Framework gains momentum at TEL 52

APEC’s forthcoming cybersecurity framework continues to take shape following the recent 52nd Telecommunications and Information Working Group meeting in Auckland, New Zealand, where another round of deliberations has brought forth a draft terms of reference that is currently under review by APEC economies.

Led by the Security and Prosperity Steering Group (SPSG), the proposal has matured conceptually since it was first brought forward at the 51st TEL meeting in May this year. Earlier discussions were kept broad and amorphous but by TEL 52, member economies were much more keen to move away from defining ‘cybersecurity’ to focusing on what can and should be achieved through the framework. Notably, participants agreed that it should accord with APEC’s objectives: facilitating cross-border trade, investment and economic growth.

There is some lingering skepticism on the necessity of a regional framework for cybersecurity, but on the whole, stakeholders at the session saw a role for APEC in promoting dialogue and coordination, addressing policy gaps, and in potentially providing a set of voluntary standards that can perhaps become building blocks for carrying out better cybersecurity mechanisms.

The current draft TOR reflects these sentiments. It seeks to develop a common language for cybersecurity measures, first by collecting existing practices in APEC economies, and putting the best ones into a repository for others to refer to. A similar approach is taken by the US National Institute of Standards and Technology (NIST) framework—an early resource for the SPSG. It also draws from the shared features of several domestic cybersecurity policies presented at the session—by the US, Malaysia, Chinese Taipei, the Philippines and New Zealand: It puts critical infrastructure protection as its first priority, along with partnerships with different sectors, information-sharing, and capacity building.

A decade ago, APEC came up with the Strategy for a Trusted, Secure and Sustainable Online Environment (TSSOE), which fundamentally treats cybsecurity as a means to encourage more people to access and use the Internet. The document, while still deemed highly relevant in today’s times, has thus far been underutilised, and is perceived to have had little influence on domestic cybersecurity agendas. The proposed framework does not abandon the TSSOE but builds upon its principles and focus areas: national strategy development, mutual assistance, and international collaboration, particularly in raising awareness among end-users, incident response and recovery, and research on security measures for new technologies.

The SPSG aims to have the APEC Cybersecurity Framework ready for approval by the 53rd TEL meeting in Peru next year. The bulk of the work will be done intercessionally, with member economies mapping out key aspects of their domestic frameworks onto the agreed reference structure, as well as contributing new work areas for consideration. Thus far, the working group is off to a good start. Underpinning its momentum is a recognition that forward-looking international policies, such as the OECD’s newly revised guidelines, are starting to take a risk-based approach to security amidst a constantly evolving threat landscape, moving away from building walls towards fostering confidence in an open and interconnected environment.


Growing the Internet Human Rights Women in Tech

Growing e-entrepreneurship in Asia-Pacific

Is Internet connectivity enough? A growing body of data suggests that it isn’t. At the 52nd APEC TEL meeting in Auckland last week, member economies have started to shift the conversation to boosting online adoption, or what people do once the Internet becomes available.

The gap between access and use is being felt in advanced economies like New Zealand, where 96% of enterprises are connected to the Internet but only 50% have an online presence, and just 38% have a website.  To improve this, TUANZ, an organisation of telecoms users in New Zealand, has launched a 10-minute online assessment tool that businesses can take to gauge how digitally mature they are. The test, which industry groups can re-brand for their own members, subsequently offers tailored strategies to help businesses enhance their operations through the Internet. 

These measures are crucial amidst increasing evidence that the Internet’s biggest benefits go to non-ICT sectors.  A study by Innovation Partnership among businesses in New Zealand for instance has found that firms that use the Internet regularly were 73% more productive than those that use the Internet less in the same industry. Many of these companies are going online to find new customers, improve their data collection and customer service, and move their work processes to the cloud.

Such opportunities are even more significant for micro and small enterprises in marginalised sectors. The Internet Society’s Wireless Women for Entrepreneurship and Empowerment (W2E2) programme, a component of our Wireless for Communities project, has witnessed former trainees—housewives, students, farmers and workers—set up their own e-services shops, take up work-at-home jobs, and transition to higher-value businesses, such as organic farming.

We focus on women for a number of reasons:  Entrepreneurship is a surefire way to build women’s confidence and skills, elevate their socio-economic status and engender financial independence. Yet just some 30% of SMEs around the world are owned by women: A lot more are unaccounted for, as the majority, especially in developing countries, operate informally, and often do not grow beyond subsistence level.

The biggest obstacle by far is funding. The World Bank, for instance, estimates that women-owned businesses have unmet financial needs of up to $320 billion each year. Gender-based barriers in no small part restrict a woman’s ability to utilise these resources. In developing countries, women are still less likely to have borrowed through formal means—and more likely to have availed of loans using riskier, if not exploitative, instruments.  Others also have local customs that continue to deny women the right to inherit property, which they can use as collateral.

ICT-enabled tools can help to change this. Crowdfunding and peer-to-peer micro-lending let aspiring innovators and entrepreneurs raise money from other Internet users to get their ideas off the ground. With mobile money, banks and other providers are starting to use subscriber behaviour to assign them a corresponding credit score.

Other online platforms can guide women through the stages of entrepreneurial setup. Cause-based groups in Malaysia, for instance, are using ICTs to link women entrepreneurs with business counselors. Websites like Coursera and Udacity have a growing repository of free or inexpensive business courses that students can complete remotely and at their own pace. Even video-sharing sites like YouTube have on-demand webinars on practical topics like business plan development.

Social media and instant messaging apps can help women join or even establish peer to peer groups which can offer further assistance in setting up their businesses. Studies have found that business networks—which are traditionally male-dominated—are crucial to building women’s social capital, which in turn gives them better access to more diverse credit options, as well as clients and suppliers.

Taken together, these channels can help women overcome ‘time-poverty’ which comes from having to juggle multiple roles at home and at work, as well as possible restrictions to physical mobility. In countries where women continue to face a high risk of harassment outside the home, the Internet can allow them to conduct business more flexibly in the location of their choice.

Women in Asia-Pacific are the world’s fastest growing category of migrant workers. Providing opportunities for women in their own communities would reduce the necessity for them to uproot themselves to work in cities or abroad, while bringing about more even economic development, which could in turn stem the tide of rapid urbanization in many countries in the region.

Doing this, however, requires an overall conducive environment for e-entrepreneurship, starting with affordable and reliable Internet connectivity.  Platforms that expedite business transactions with government, such as one-stop shops with instructions and forms that can be downloaded and submitted online, can also encourage women to formalise and scale-up their enterprises.

Integrating women-led businesses in supply chains and even procurement programmes could be another step forward. In Kerala in India, for instance, the state government has outsourced data entry and IT maintenance work for its transport and tax bureaus to local collectives, which helps to sustain some 60 women-led enterprises. More broadly, a comprehensive system of support, from women’s desks in agencies that deal with MSMEs, to literacy programmes that help build women’s confidence with ICT tools, will help to ensure that the positive impact of the Internet is spread out more inclusively to entrepreneurs of all sizes in the Asia-Pacific.

If you would like to help expand opportunities for women online, please join the Internet Society as a member and get connected to efforts in your region.  You can also read about our work in closing the technology gender gap.