Karen McCabe, IEEE Senior Director, Technology Policy and International Affairs
Among the world’s most serious economic and national-security challenges today is cyber-security, with implications across the many rights and civil liberties enjoyed by people throughout the world who engage in cyber-communications. Freedom of expression, freedom of association, economic opportunity and political discourse may be redefined by the course that bodies chart for cyber-security.
Cyber attacks on Internet commerce, vital business sectors and government agencies have grown exponentially. With such threats escalating in frequency and impact, security policy, technology and procedures need to evolve even more rapidly in order to stay ahead of the threats. Addressing such issues in a way that protects the tremendous economic and social value of the Internet—without stifling innovation, expansion to more users around the world and market growth—will demand globally open, transparent and inclusive approaches, especially in standards development.
The Internet is complex, both technologically and politically, and its stakeholders span technical disciplines and national borders. Furthermore, one of the peculiarities of the cyber-security challenge is that, while cyberspace is global, the freedoms that are protected by constitutional rights, human rights, cultural norms and legal institutions are defined by treaty or geographic boundaries. The distinction between the roles of technology standards and public policy must be better understood, and the goals and responsibilities of shapers of each must be more clearly delineated and defined.
In development of global technology standards for cyber-security, inclusivity and direct participation, broad consensus and transparency are particularly important characteristics—given that distrust and market fragmentation could so easily take root if the standards around, for example, encryption algorithms are developed via closed processes. Consequently, instead of standards developed for a particular set of stakeholders to address one industry or geographic region’s requirements and then exported for wider application, cyber-security demands a development environment aligned with the proven, core principles of global, open standardization:
- Inclusivity and direct participation—Stakeholders from organizations of any size, any industry and any nation must be able to engage directly and equitably in global, open standards development for cyber-security.
- Broad consensus—Standards development for cyber-security should engage a broad set of global stakeholders, without any single person or organization wielding undue power in the process.
- Transparency—Development activities for cyber-security standards must be globally transparent and accountable and broadly recognized as such.
Because of the unique complexities of the Internet and cyber-security especially, a global commitment to multi-stakeholder standards development is needed to both successfully counteract evolving threats and engender ongoing international trust in the Internet as a foundational platform of commerce and wellbeing. The multi-stakeholder process—drawing from businesses, consumers, academia and civil society, as well as from government—has been instrumental to the Internet’s remarkable growth to date, and, through global, open standards development through the IEEE and a number of other organizations, its role will be crucial in cyber-security.
Please visit OpenStand to access resources; videos, Infographics, Whitepapers, and to sign up in show of support for Open Standards. To get involved with developing and maintaining open standards please visit IAB, W3C, IETF, ISOC, and IEEE.