NOTE: A set of PowerPoint slides explaining Collaborative Securityis available for use in presentations.
People are what ultimately hold the Internet together. The Internets development has been based on voluntary cooperation and collaboration. Cooperation and collaboration remain the essential factors for the Internets prosperity and potential.
Collaborative Security is an approach that is characterized by five key elements:
Achieving security objectives, while preserving these fundamental properties, rights and values is the real challenge of cybersecurity strategy. The design and implementation of security solutions should be undertaken with consideration as to the potential effect they might have these fundamentals.
Everyone has a collective responsibility for the security of the Internet: multistakeholder cross-border collaboration is an essential component.
Commercial competition, politics and personal motivation play a role in how well collaboration happens. But, as collaborative efforts have demonstrated, differences can be overcome to cooperate against a threat. Such voluntary as-needed working for the benefit of everyone collaboration is remarkable for its scalability and its ability to adapt to changing conditions and evolving threats, yielding unprecedented efficacy.
Informed by these reflections, we introduce the term Collaborative Security to describe our approach for tackling Internet security issues.
Collaborative Security is an approach that is characterized by five key elements. These are described below.
1. Preserving opportunities and building confidence
The Internet enables opportunities for human, social and economic development on a global scale. Those opportunities will only be realized if Internet participants have confidence  that they can use the Internet for secure, reliable, private communication all across the world.
A security paradigm for the Internet should be premised on fostering confidence and protecting opportunities for economic and social prosperity, as opposed to a model that is based simply on preventing perceived harm. Moreover, security solutions should advance that objective in design, and in practice. Otherwise, security solutions may go too far, thereby jeopardizing the very infrastructure that ties together the global economy, and provides the engine for its growth.
2. Collective Responsibility
The Internet is a global interconnected network of networks. It is, in effect, a global common resource and a highly interdependent system. Participation on the Internet means global interdependency.
In an interconnected interdependent system, no one participant can achieve absolute security. And, no security solution exists in isolation. There will always be threats, so it is useful to consider security in terms of residual risks that are considered acceptable in a specific context.
Internet security depends not only on how well participants manage security risks they face, but also, importantly, how they manage security risks that they may pose to others (whether through their action or inaction) the outward risks.
These factors mean that Internet participants have:
Furthermore, if Internet participants act independently and solely in their own self-interest, not only will the security of the Internet be impacted: the overall pool of social and economic potential that the Internet offers the global community will also diminish. Therefore, Internet participants need to see this as a long-term investment for the benefit of everyone.
Note: The scope of collective responsibility extends to the system as a whole: it is not the same as asking everyone to be responsible for their part of the ecosystem. Therefore, collective responsibility requires a common understanding of the problem, shared solutions, common benefits, and open communication channels .
Multistakeholder cross-border collaboration is an important component of collective responsibility. Its success depends on trustful relationships between nations, between citizens and their government, between operators, service providers, and across all stakeholders.
3. Security solutions should be fully integrated with rights and the open Internet
Security solutions should be fully integrated with the important objectives of preserving the fundamental properties of the Internet (open standards, voluntary collaboration, reusable building blocks, integrity, permission-free innovation and global reach (also known as the Internet Invariants ) and fundamental human rights, values and expectations (e.g. privacy, freedom of expression).
Any security solution is likely to have an effect on the Internets operation and development, as well as users rights and expectations. Such effects may be positive or negative. From our perspective, it is important to find solutions that support the Internet Invariants and fundamental rights and values.
4. Security solutions need to be grounded in experience, developed by consensus and evolutionary in outlook
Security solutions need to be flexible enough to evolve over time. We know that technology is going to change and threats will adapt to take advantage of new platforms and protocols. Therefore, solutions need to be responsive to new challenges.
Like a human body that may suffer from viruses, but gets stronger and more resilient as a result, new technologies, solutions and cooperative efforts that build on lessons-learned make the Internet more resilient to threats.
Experience shows us that, in a quickly evolving system such as the Internet, an open consensus-based participatory approach is the most robust, flexible and agile.
Partial solutions and staged deployment are important and should be taken seriously. A collection of incremental solutions may be more effective in practice than a grand design. Even if an approach does not solve the problem completely, it might help to contain it, or to change the economic equation significantly enough, so as to make the vulnerability much less attractive to malicious actors.
The focus needs to be put on defining the agreed problem and finding the solution. We also need to make space for the new, the innovative and the odd. We need to be prepared to test disruptive or non-traditional ideas.
In the end a process, which draws upon the interests and expertise of a broad set of stakeholders is likely to be the surest path to success.
5. Targeting the point of maximum impact: think globally, act locally
Security is not achieved by a single treaty or piece of legislation; it is not solved by a single technical fix, nor can it come about because one company, government or actor decides security is important.
Creating security and trust in the Internet requires different players (within their different responsibilities and roles) to take action, closest to where the issues are occurring.
Typically, for greater effectiveness and efficiency, solutions should be defined and implemented by the smallest, lowest or least centralized competent community  at the point in the system where they can have the most impact.
Such communities are frequently spontaneously formed in a bottom-up, self-organizing fashion around specific issues (e.g. spam, or routing security) or a locality (e.g. protection of critical national infrastructure or security of an Internet exchange).
As much as possible, solutions should be based on interoperable building-blocks e.g. industry-accepted standards, best practices and approaches.
We believe that this Collaborative Security approach for addressing Internet security issues is critical for ensuring the future of the open Internet as a driver for social and economic innovation. As a network of networks without centralized control, the security of the Internet cannot be maintained by any single entity or organization. It is important that these issues be addressed by all stakeholders in a spirit of collaboration and shared responsibility in ways that do not undermine the global architecture of the Internet or curtail human rights. The Internet is for everyone: lets work together to realize its full potential.
See Internet Invariants: What Really Matters http://www.internetsociety.org/internet-invariants-what-really-matters
In this context, an Internet participants confidence is formed, among other things, taking into account the degree of perceived security risk associated with using the Internet and whether that degree of risk is acceptable while protecting opportunities for economic and social prosperity. A better understanding of actual risks and how to reduce them to an acceptable level are two main factors that build confidence.
Please refer to Understanding Security and Resilience of the Internet http://www.internetsociety.org/sites/default/files/bp-securityandresilience-20130711.pdf
See Internet Invariants: What Really Matters http://www.internetsociety.org/internet-invariants-what-really-matters
In politics, such approach is called a Subsidiarity principle: Solutions should be defined and implemented by smallest, lowest or least centralized competent authority. We feel that the word community better matches the sense of bottom-up development. http://en.wikipedia.org/wiki/Subsidiarity
Read more about specific examples: Introducing Collaborative Security, our approach to Internet security issues by Internet Society CITO Olaf Kolkmann
Collaborative Security: An approach to tackling Internet ...
- Voice recordings from domestic violence alerting app exposed on the internet - Security Boulevard - June 30th, 2020
- The lack of women in cybersecurity puts us all at greater risk - The Next Web - June 30th, 2020
- Cascading Security Through the Internet of Things Supply Chain - Lawfare - June 30th, 2020
- How to Build the Right Security Assessment - Security Boulevard - June 30th, 2020
- Apple may have just changed a key part of how the internet works - TechRadar - June 30th, 2020
- Indians most concerned about identity theft - Fortune India - June 30th, 2020
- Deeper Connect Mini: Decentralized, Private and Secure Internet for the People, launching June 30th on Indiegogo. - Yahoo Finance - June 30th, 2020
- Internet of Things (IoT) Security: Technologies and Global Markets - Yahoo Finance - June 30th, 2020
- Could Donald Trump claim a national security threat to shut down the internet? - Brookings Institution - June 30th, 2020
- Internet of Things Security Market Strategic Insights 2020 with analysis of Leading players: Check Point Security Software Technologies, Cisco... - June 30th, 2020
- Global IT Security Market is accounted for xx USD million in 2019 and is expected to reach xx USD million by 2025 growing at a CAGR of xx% : Blue... - June 30th, 2020
- Internet of Things (IoT) Security Market Size, Share, Growth, Revenue, Global Industry Analysis and Future Demand |Globalmarketers.biz - Cole of Duty - June 30th, 2020
- Surge in encrypted malware prompts warning about detection strategies - SecurityBrief Europe - June 30th, 2020
- NexTech AR to supply its video conferencing and virtual events platform to Dallas Independent School District - Proactive Investors UK - June 30th, 2020
- Dutch people are least concerned about safety, survey reveals - IamExpat in the Netherlands - June 30th, 2020
- Only 31% of Americans concerned with data security, despite 400% rise in cyberattacks - TechRepublic - June 24th, 2020
- WatchGuard Technologies Report Finds Two-Thirds of Malware is Encrypted, Invisible Without HTTPS Inspection - GlobeNewswire - June 24th, 2020
- How To Turn Off Firewall In Windows And Mac - Ubergizmo - June 24th, 2020
- OTF's Work Is Vital for a Free and Open Internet - EFF - June 24th, 2020
- Microsoft acquires CyberX to bolster Azure IoT security - Internet of Things News - IoT Tech News - June 24th, 2020
- Partner Content: ESET and Spire Technology on why you need a Password Manager - PCR-online.biz - June 24th, 2020
- Internet of Things (IoT) Security Market to Witness Robust Expansion Throughout the Forecast Period 2020 2025 - 3rd Watch News - June 24th, 2020
- Google is on a mission to stop you from reusing passwords - The Verge - June 24th, 2020
- Marking the 30th Anniversary of the Internet and Cybersecurity Treaty - CircleID - June 24th, 2020
- The Cyberlaw Podcast: Using the Internet to Cause Emotional Distress is a Felony? - Lawfare - June 24th, 2020
- DDoS Protection Market 2020 | How The Industry Will Witness Substantial Growth In The Upcoming Years | Exclusive Report By MRE - Cole of Duty - June 24th, 2020
- Julian Assange Extradition and the Freedom of Bitcoin Bitcoin... - Bitcoin Magazine - June 24th, 2020
- How to become a web developer? - The Tribune - June 24th, 2020
- Frost & Sullivan Report Finds BlackBerry Solutions Address 96% of the Enterprise Threat Landscape - PRNewswire - June 24th, 2020
- EAC to evaluate testing and certification of non-voting equipment - Politico - June 24th, 2020
- Global IT Security Spending Market Projected to Reach USD XX.XX billion by 2025- Check Point Software Technologies, Cisco Systems, EMC, Fortinet,... - June 24th, 2020
- OPAQ Webinar to Share Lessons Learned and Best Practices from Zero Trust Migration Project with TTX Company - Business Wire - June 24th, 2020
- Global Internet of Things (IoT) Security Technology Market 2020 Analysis, Types, Applications, Forecast and COVID-19 Impact Analysis 2025 - NJ MMA... - June 24th, 2020
- Put Your Risk on Mute: Using PKI to Simplify Remote Workforce Security - Hashed Out by The SSL Store - Hashed Out by The SSL Store - June 24th, 2020
- NetNumber Expands Industry Recognized Signaling Firewall to Protect SIP Connections - GlobeNewswire - June 24th, 2020
- How to fight back against Covid-19 scams - Global Banking And Finance Review - June 24th, 2020
- What Will The Crypto Market Look Like In A Post COVID-19 Economy? | Coin Insider - Coin Insider - June 24th, 2020
- US: Congress Should Back Open Technology Fund - Human Rights Watch - June 21st, 2020
- David Pratt: Will the next global pandemic take place online? - The National - June 21st, 2020
- Global Internet of Things (IoT) Security Industry Market Insights, Opportunity, Analysis, Market Shares & Forecast 2020 2027 - 3rd Watch News - June 21st, 2020
- Facial recognition to play key role in travel reopening as biometrics industry weighs social responsibility - Biometric Update - June 21st, 2020
- 'IT Act does not protect freedom of speech' - The Sunday Guardian - June 21st, 2020
- In Depth Analysis and Survey of COVID-19 Pandemic Impact on Global Distributed Denial Of Service (DDoS) Protection Market 2020 Key Players A10... - June 21st, 2020
- Cyber Liability Insurance Market (USD 4.6 Billion) Will Grow At A CAGR of 11.12% During Forecast Period 2020-2025 (Impact Analysis of COVID-19) - 3rd... - June 21st, 2020
- Internet of Things Security Market research report presents a thorough study on the overall market by Application Forecast To 2020 - Surfacing... - June 21st, 2020
- Global Internet of Things (IoT) Security Product Market 2020 SWOT Analysis & Key Business Strategies by Leading Industry Players and Forecast 2025... - June 21st, 2020
- Knoxville still quiet on ransomware attack and what's being done to fix it - Knoxville News Sentinel - June 21st, 2020
- Indias digital workforce needs secure software. Testing, not banning apps, is the answer - ThePrint - June 21st, 2020
- Bolton book can be released, but conduct 'raises grave national security concerns' - ABC News - June 21st, 2020
- Broadband Connection Disconnected: Things You Can Do To Fix It - TelecomTalk - June 21st, 2020
- Former Google CEO Eric Schmidt says there's 'no question' Huawei routed data to Beijing - CNBC - June 21st, 2020
- Dating Apps Exposed 845 GB of Explicit Photos, Chats, and More - WIRED - June 21st, 2020
- Internet Security Software Market: Qualitative Analysis of the Leading Players - News by aeresearch - June 11th, 2020
- Global Internet Security Market 2020 by Manufacturers, Size, Development Analysis, Applications and Forecast to 2025 - Cole of Duty - June 11th, 2020
- Internet Security Software Market 2019 Break Down by Top Companies, Countries, Applications, Challenges, Opportunities and Forecast 2026 - Cole of... - June 11th, 2020
- Internet Security Software Market Impact Of Covid-19 And Benchmarking. - Personal Injury Bureau UK - June 11th, 2020
- Drivers is Responsible to for Increasing Internet Security Software Market Share, Forecast 2027 - Cole of Duty - June 11th, 2020
- Webroot Internet Security with Antivirus Protection Software | 3 Device | 1 Year Subscription | PC Download - The Report - June 11th, 2020
- Endpoint Security Market to Cross US$ 10,026 MN by 2026, Growing Adoption of Work from Home Services to Favor Growth: Fortune Business Insights -... - June 11th, 2020
- Internet of Things (IoT) Security Market 2019 Break Down by Top Companies, Countries, Applications, Challenges, Opportunities and Forecast 2026 - Cole... - June 11th, 2020
- Yukon's Gurdeep Pandher tries to spread some joy on social media - Lindsay Advocate - June 11th, 2020
- Microsoft Windows users in UAE advised to install security updates - Khaleej Times - June 11th, 2020
- Clear guidelines for remote work will boost security and control access - TechRepublic - June 5th, 2020
- Mozilla Funds Meething to Help Fix the Internet - GlobeNewswire - June 5th, 2020
- The Internet of Bodies is here. This is how it will change our lives - World Economic Forum - June 5th, 2020
- Crowdstrike CEO explains how the future of remote work and security will look - CNBC - June 5th, 2020
- Mocana Recognized as Industry Leader in Cybersecurity and the Industrial Internet of Things - GlobeNewswire - June 5th, 2020
- SC Awards Europe 2020 - CISO/CSO of the Year - SC Magazine UK - June 5th, 2020
- Spike in cryptojacking attempts on devices here, says cyber-security firm - The Straits Times - June 5th, 2020
- The impact of spycraft on how we secure our data - ComputerWeekly.com - June 5th, 2020
- 4 Common Online Frauds That You Need to Know - Techjaja - June 5th, 2020
- This $350 "Anti-5G" Device Is Apparently Just a USB Stick - WIRED - June 5th, 2020
- Cloud DDoS Mitigation Software Market Potential Growth, Share, Demand And Analysis Of Key Players- Analysis Forecasts To 2026 - Cole of Duty - June 5th, 2020
- India wants to be a 'partner of the global economy' in its manufacturing push, minister says - CNBC - June 5th, 2020
- Amid the COVID-19 crisis and the looming economic recession, the Web Content Filtering market worldwide will grow by a projected US$3 Billion, during... - June 5th, 2020
- Mozilla VP of IT: How to stay secure while remote working - BusinessCloud - June 5th, 2020
- 6 ways to delete yourself from the internet - CNET - June 5th, 2020
- Is COVID-19 Making the Internet Sick? - Government Technology - May 27th, 2020
- Thanks to Physics, This Chocolate Is Iridescentand Safe to Eat - Smithsonian.com - May 27th, 2020
- $100 million in bounties paid by HackerOne to ethical hackers - BleepingComputer - May 27th, 2020