(No.87) Cross border cooperation in incidents involving (Internet) Critical Infrastructure

Go to Report
Workshop Theme: 
Managing Critical Internet Resources
Theme Question: 

Question1: What are the effects of jurisdiction and territoriality on the ongoing discussions about

Concise Description of Workshop: 

The Internet is main driving force of the modern economy. Economic growth is sustained by availability of a secure Internet. As a consequence the daily lives of more and more institutions, companies and people have become even more dependent on the Internet. With this dependency safe use and a secure Internet access as such have become a necessity for all involved in order to sustain future development and growth. Trust in this critical infrastructure is an important asset. While the relevance of the Internet grows, cross border trade, data storing and sharing, hosting and registrations have become common standard, law enforcement and CERTs are still held back by national borders, making international cooperation a slow and difficult process. Any crime against a critical Internet resource involves almost certainly data and persons located in other countries. In fact it could be anywhere in the world. In order to amend, prevent and investigate individual cases, it is necessary that this data is somehow accessible for CERTs, companies or law enforcement in a timely but legal manner. Present measure like the 24/7 network are a step forward, but not the answer. A new frame work for cooperation is necessary. Does the Internet need an internationally accepted law or treaty like The United Nations Convention on the Law of the Sea (UNCLOS)? This session stages a panel discussion between stakeholders on the most important issues surrounding jurisdictional and territorial restrictions for those involved in incident response and case handling. The panel, holding politicians, incident response, critical infrastructure, law enforcement, parliamentarians and supra national bodies, in the form a debate try to define the main issues, debate potential solutions and propose next steps on the road to change.
Short program:

  • Introduction

Each panelist has 2 minutes to introduce him/herself and make one statement on the topic.

  • Open discussion

This is followed by an open discussion between panelist and the audience, fed and led by the moderator.

  • Recommendations

15 minutes before the end of the workshop, recommendations, emerged from the open discussion, will be put to word.

Organiser(s) Name: 

ECP on behalf of the IGF-NL, (ECP | Platform for the Information Society wants to take barriers for the implementation and acceptance of ICT away to the benefit of our economy and society, and in order to strengthen our international competitive position. In addition, ECP (also at a political-governmental level) draws attention to a number of specific themes such as growth of productivity, strengthening of competitiveness and the European Digital Agenda. One of it programs is the public-private partnership NL IGF. NL IGF prepairs for the IGF and provides good embedding of the results of the IGF in national policy) Dutch Ministry of Economic Affairs, Agriculture & innovation

Previous Workshop(s): 

NL IGF organized : 2010: Public-private cooperation on Internet safety/cybercrime http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=W... 2011: Parliamentarian Challenge: a Round Table between Parliamentarians and other Stakeholders http://www.intgovforum.org/cms/component/chronocontact/?chronoformname=W...

Submitted Workshop Panelists: 

Moderator: Wout de Natris, expert on national and international cooperation on spam enforcement and cybercrime
- Mr. Timo Lehtimaki, Ficora, Finland. CERT, botnet mitigation centre
- Mr. Gaurab Upadhaya from Nepal, Limelight Industries, Singapore
- Mr. Maarten van Horenbeek, FIRST, global leader in incident response
- Mr. Ivo Ivanov, AC/DC
- Mr. Christopher Painter, Coordinator for Cyber Issues at US State Department
- Mr. Michael Niebel, former HoU of the Internet Governance and Cybersecurity Unit
- Mr. Roelof Meijer, CEO of SIDN, the registry for .nl
- Mrs. Sarah Falvey Policy Manager, Google

Name of Remote Moderator(s): 
Sophie Veraart, NL IGF - ECP
Gender Report Card
Please estimate the overall number of women participants present at the session: 
There were very few women participants
To what extent did the session discuss gender equality and/or women's empowerment?: 
It was not seen as related to the session theme and was not raised
Reported by: 
NL IGF (Dutch Internet Governance Forum)
A brief substantive summary and the main issues that were raised: 

International cooperation is a subject which is often mentioned when talked about cyber safety, -security and –crime. This is fundamental for the fight against crime and increasing the online safety.
Yet research shows that it is hard to put forward. In workshop 87 'Cross-border cooperation in Incidents Involving (Internet) Critical Infrastructure’ the topic is discussed by nine panelists from different backgrounds around a central question: ‘Does the world need a comprehensive cyber treaty?’. The background of the panelists were divided as follows: three participants from the Internet industry, two government officials, a supervisor, an interest organization, a supranational government organization and an international partnership. A list of participants can be found below.
Collaboration and partnerships

The industry participants seek for cooperation, structurally in partnerships and on an ad hoc basis depending on the type of threat. They actively exchange knowledge. Also with governments.

Governments are advised to establish a cyber security strategy. In this way a country will focus on priorities. This could led for example to a national cyber security center or one CERT that the main players in the country binds, but also several administrations in one place binds. (SIDN (Dutch .nl registree) underlines this with an example of how they, as an industry participant, within the Dutch national cyber security centre cooperate and have putted a part-time employee into the centre). An incident response plan prepares governments for incidents and clears up who with whom should be in contact. To successfully combat incidents, a 'level playing field' is necessary. Outreach and capacity building are necessary elements to accomplish this. The EU is working on this for years and will soon present a new strategy that should lead to a level playing field, then they have to work together. The Council of Europe notes that they offer these programs and perform under the regime of the Budapest Treaty on cyber crime.
From the perspective of a supervisor, CERT and botnet center cooperation in a structured manner is a must. Now this is still insufficient structural and too much focused on known, trusted people. That should and could be better.
eco, the German association of ISPs, announces a large, EU-wide project, ACDC, that should lead to a public - private partnership to detect botnets, disabling command and control servers and clean up PCs of end users. If everything goes according to plan, the project will start on February 1, 2013 with the establishment of pilot projects in 14 countries.
FIRST is an organization of computer incident response teams from public, private and academic world, which actively shares knowledge, for example about attacks and provides contacts to cooperate. FIRST also mentioned that they actively assist new countries and participants after registration as a member by sharing knowledge and experience.
The Dutch initiative, Abuse Information Exchange, is currently still a relatively closed circuit, but this may change after the startup phase. A unique feature is that ISPs cooperate with SIDN (the.nl registree) and collect and process information about botnet infections centrally. Finland has an active botnet center. The cooperation between FICORA and the Finnish telcos and ISPs is regulated by law. The collaboration was so successful, that Finland is one of the least affected countries in the world. It is striking that almost all data on infected PCs in Finland comes from abroad. In Asia / Pacific are some good CERTs, but there is still much work necessary like capacity building. Cooperation is also not common there.
Capacity building in Africa
An online question from Cameroon focuses the discussion on capacity building in the developing world. The adoption of the Convention on Cybercrime by Cameroon is a first step, but there is much work needed beyond that. The U.S. has organized sessions in parts of Africa. FIRST does this too, focused on training and awareness of possibilities.
The treaty or rather not?
There is no need for a new all comprehensive treaty. There is plenty of that already applies, online and offline, while the Budapest convention offers enough grip for (cross-border) cooperation. An important observation is that a treaty exists between states and on this topic everyone has a role. It is important to finance capacity building initiatives. Programs that help protect critical infrastructure and building resilience also brings legislative standards to developing countries. This builds the necessary level playing field. The industry noted that it is now tremendously trying to reach a higher standard of safety and that they continue to develop this. Regulation can lead that one is satisfied with the limit set by the government.
On the direct question "does the world need an all comprehensive web treaty?" voted the dived panel 8 ½ vs. ½. The finest ruling against a treaty was this: "It is a song of a siren." In other words, very beautiful but fatal.
Sharing information
In the area of ​​cooperation, SIDN suggests that standardization of information requests from investigative agenvies, would make it easier for his organization. The government can play a leading role in his. Google stated out that transparency and cooperation with the investigative agencies are delicate, because the correct information must be provided without delivering privacy-sensitive data, unless there is a court order to do so. Around the Cybercrime Convention a code for cooperation between ISPs and LEAs is drawn. In case of an incident it are the ISPs that report that. They do not have to seek actively for crime.
There was asked whether a digital 112 or 911 number for reporting online (security) incidents can help to make reporting as normal as in the offline world. It shows that in South Korea such a number already exists. The EU is providing a proposal, whereas in the U.S. there are features that make this possible. However, the reaction side needs more capacity and knowledge.


Conclusions and further comments: 

The main goals
- Enabling data sharing between public and private, also across borders, without violating privacy laws.
- Disposal of botnets.
- Report on responsible parties how urgent this subject is.
- Maintaining the use of the Internet and trust .
- Governments, do something now, because every year we wait, the more difficult is becomes for regulators to keep the problem manageable.
Recommendations for the mainsession "Managing Critical Internet Resources"
- Use the laws that are already there and work actively together.
- All countries have to establish an active cyber capacity.
- Develop a standard behavior on the Internet, without curtailing the openness.
- Establishing in a structural manner cooperation between industry, government and investigative agencies.
- Capacity building (repeated by many) in developing countries.
- Develop yourself into a "connector". Only by actively working within the imposed limits, someone can stop or change developments.
- Expand an organization like the G8 24/7 network, as well as other existing institutions.
- A new development is that the Internet threats have developed at the level of states. It is therefore political now.
- It is no longer just technical. Many issues must be resolved through policy.
- This can be through building a broad consensus on norms and values​​.
- Outreach is important. So look if Pan-EU projects are possible.
- "Capacity building" costs money and therefore requires resources. The Cybercrime Convention collaborates actively on this.
- Ensure that regulators and investigative agencies play an active role in Internet governance, because they are part of the solution.

Additional documents: