NOTE: A set of PowerPoint slides explaining Collaborative Securityis available for use in presentations.
People are what ultimately hold the Internet together. The Internets development has been based on voluntary cooperation and collaboration. Cooperation and collaboration remain the essential factors for the Internets prosperity and potential.
Collaborative Security is an approach that is characterized by five key elements:
Achieving security objectives, while preserving these fundamental properties, rights and values is the real challenge of cybersecurity strategy. The design and implementation of security solutions should be undertaken with consideration as to the potential effect they might have these fundamentals.
Everyone has a collective responsibility for the security of the Internet: multistakeholder cross-border collaboration is an essential component.
Commercial competition, politics and personal motivation play a role in how well collaboration happens. But, as collaborative efforts have demonstrated, differences can be overcome to cooperate against a threat. Such voluntary as-needed working for the benefit of everyone collaboration is remarkable for its scalability and its ability to adapt to changing conditions and evolving threats, yielding unprecedented efficacy.
Informed by these reflections, we introduce the term Collaborative Security to describe our approach for tackling Internet security issues.
Collaborative Security is an approach that is characterized by five key elements. These are described below.
1. Preserving opportunities and building confidence
The Internet enables opportunities for human, social and economic development on a global scale. Those opportunities will only be realized if Internet participants have confidence  that they can use the Internet for secure, reliable, private communication all across the world.
A security paradigm for the Internet should be premised on fostering confidence and protecting opportunities for economic and social prosperity, as opposed to a model that is based simply on preventing perceived harm. Moreover, security solutions should advance that objective in design, and in practice. Otherwise, security solutions may go too far, thereby jeopardizing the very infrastructure that ties together the global economy, and provides the engine for its growth.
2. Collective Responsibility
The Internet is a global interconnected network of networks. It is, in effect, a global common resource and a highly interdependent system. Participation on the Internet means global interdependency.
In an interconnected interdependent system, no one participant can achieve absolute security. And, no security solution exists in isolation. There will always be threats, so it is useful to consider security in terms of residual risks that are considered acceptable in a specific context.
Internet security depends not only on how well participants manage security risks they face, but also, importantly, how they manage security risks that they may pose to others (whether through their action or inaction) the outward risks.
These factors mean that Internet participants have:
Furthermore, if Internet participants act independently and solely in their own self-interest, not only will the security of the Internet be impacted: the overall pool of social and economic potential that the Internet offers the global community will also diminish. Therefore, Internet participants need to see this as a long-term investment for the benefit of everyone.
Note: The scope of collective responsibility extends to the system as a whole: it is not the same as asking everyone to be responsible for their part of the ecosystem. Therefore, collective responsibility requires a common understanding of the problem, shared solutions, common benefits, and open communication channels .
Multistakeholder cross-border collaboration is an important component of collective responsibility. Its success depends on trustful relationships between nations, between citizens and their government, between operators, service providers, and across all stakeholders.
3. Security solutions should be fully integrated with rights and the open Internet
Security solutions should be fully integrated with the important objectives of preserving the fundamental properties of the Internet (open standards, voluntary collaboration, reusable building blocks, integrity, permission-free innovation and global reach (also known as the Internet Invariants ) and fundamental human rights, values and expectations (e.g. privacy, freedom of expression).
Any security solution is likely to have an effect on the Internets operation and development, as well as users rights and expectations. Such effects may be positive or negative. From our perspective, it is important to find solutions that support the Internet Invariants and fundamental rights and values.
4. Security solutions need to be grounded in experience, developed by consensus and evolutionary in outlook
Security solutions need to be flexible enough to evolve over time. We know that technology is going to change and threats will adapt to take advantage of new platforms and protocols. Therefore, solutions need to be responsive to new challenges.
Like a human body that may suffer from viruses, but gets stronger and more resilient as a result, new technologies, solutions and cooperative efforts that build on lessons-learned make the Internet more resilient to threats.
Experience shows us that, in a quickly evolving system such as the Internet, an open consensus-based participatory approach is the most robust, flexible and agile.
Partial solutions and staged deployment are important and should be taken seriously. A collection of incremental solutions may be more effective in practice than a grand design. Even if an approach does not solve the problem completely, it might help to contain it, or to change the economic equation significantly enough, so as to make the vulnerability much less attractive to malicious actors.
The focus needs to be put on defining the agreed problem and finding the solution. We also need to make space for the new, the innovative and the odd. We need to be prepared to test disruptive or non-traditional ideas.
In the end a process, which draws upon the interests and expertise of a broad set of stakeholders is likely to be the surest path to success.
5. Targeting the point of maximum impact: think globally, act locally
Security is not achieved by a single treaty or piece of legislation; it is not solved by a single technical fix, nor can it come about because one company, government or actor decides security is important.
Creating security and trust in the Internet requires different players (within their different responsibilities and roles) to take action, closest to where the issues are occurring.
Typically, for greater effectiveness and efficiency, solutions should be defined and implemented by the smallest, lowest or least centralized competent community  at the point in the system where they can have the most impact.
Such communities are frequently spontaneously formed in a bottom-up, self-organizing fashion around specific issues (e.g. spam, or routing security) or a locality (e.g. protection of critical national infrastructure or security of an Internet exchange).
As much as possible, solutions should be based on interoperable building-blocks e.g. industry-accepted standards, best practices and approaches.
We believe that this Collaborative Security approach for addressing Internet security issues is critical for ensuring the future of the open Internet as a driver for social and economic innovation. As a network of networks without centralized control, the security of the Internet cannot be maintained by any single entity or organization. It is important that these issues be addressed by all stakeholders in a spirit of collaboration and shared responsibility in ways that do not undermine the global architecture of the Internet or curtail human rights. The Internet is for everyone: lets work together to realize its full potential.
See Internet Invariants: What Really Matters http://www.internetsociety.org/internet-invariants-what-really-matters
In this context, an Internet participants confidence is formed, among other things, taking into account the degree of perceived security risk associated with using the Internet and whether that degree of risk is acceptable while protecting opportunities for economic and social prosperity. A better understanding of actual risks and how to reduce them to an acceptable level are two main factors that build confidence.
Please refer to Understanding Security and Resilience of the Internet http://www.internetsociety.org/sites/default/files/bp-securityandresilience-20130711.pdf
See Internet Invariants: What Really Matters http://www.internetsociety.org/internet-invariants-what-really-matters
In politics, such approach is called a Subsidiarity principle: Solutions should be defined and implemented by smallest, lowest or least centralized competent authority. We feel that the word community better matches the sense of bottom-up development. http://en.wikipedia.org/wiki/Subsidiarity
Read more about specific examples: Introducing Collaborative Security, our approach to Internet security issues by Internet Society CITO Olaf Kolkmann
Collaborative Security: An approach to tackling Internet ...
- Global Internet Security Market Growth Opportunities & Factors and Profit Margin | Size, Share, Trends and CAGR Up To 2028 - The State News -... - December 5th, 2019
- Research center planned to help companies protect the Internet of Things more effectively - KU Today - December 5th, 2019
- NATO Should Count Spending on Secure 5G Towards Its 2% Goals - Defense One - December 5th, 2019
- Internet freedom and security challenges: notes from the IGF 2019 - Democracy Without Borders - December 5th, 2019
- A Sprint contractor left thousands of US cell phone bills on the internet by mistake - TechCrunch - December 5th, 2019
- Most recent Internet Security Threats of 2019 - OBN - December 5th, 2019
- 5,183 breaches in first nine months of 2019 exposed 7.9b data records - TEISS - December 5th, 2019
- Click Moment | 'Weak internet signals showed us our strong impact' - Livemint - December 5th, 2019
- What to Make of the Inaugural NetThing 2019 - CircleID - December 2nd, 2019
- cloudtamer.io Announces Availability of Compliance Jumpstarts for Cloud Governance Solution - PR Web - December 2nd, 2019
- 5G hackers: These eight groups will try to break into the networks of tomorrow - ZDNet - December 2nd, 2019
- Opinion | What Iran Did Not Want You to See - The New York Times - December 2nd, 2019
- Multi-domain operations: Like bringing Waze to the battlefield - FedScoop - December 2nd, 2019
- Can New Norms of Behavior Extend the Rules-Based Order Into Cyberspace? - World Politics Review - December 2nd, 2019
- With Brutal Crackdown, Iran Is Convulsed by Worst Unrest in 40 Years - The New York Times - December 2nd, 2019
- What is the Internet of Things? Your IoT roadmap - Ericsson - December 2nd, 2019
- Now even the FBI is warning about your smart TVs security - TechCrunch - December 2nd, 2019
- Cybersecurity: The web has a padlock problem - and your internet safety is at risk - ZDNet - December 2nd, 2019
- How To Secure The Internet: Troy Hunt Talks Breaches, Passwords And IoT - Forbes - December 2nd, 2019
- Chuck Todd challenges John Kennedy on Ukraine: Putin is only other person 'selling this argument' | TheHill - The Hill - December 2nd, 2019
- How Healthcare Organizations Use AI to Boost and Simplify Security - HealthTech Magazine - December 2nd, 2019
- How do I add a Trusted Site in Windows 10 - TWCN Tech News - December 2nd, 2019
- Bargain alert: there's up to $300 off MacBooks right now - Louder - December 2nd, 2019
- 'Restore Internet in J&K without compromising national security' - The Hindu - December 2nd, 2019
- Understanding Biometric Security: The Growing Threats and How to Beat Them - Techopedia - December 2nd, 2019
- Cyber crime: Hackers could gain access to your new internet connected car in seconds - Express - December 2nd, 2019
- Podcast: Digital Trust in the Age of Deepfakes - insideHPC - December 2nd, 2019
- The Debate Over How to Encrypt the Internet of Things - WIRED - November 25th, 2019
- The EU says security is not the only concern when it comes to 5G - CNBC - November 25th, 2019
- Perimeter 81 raises $10M to texpand its Network as a Service platform - Help Net Security - November 25th, 2019
- Recent Research: Internet Of Things (IOT) Security Market Comprehensive SWOT Analysis and Competitive Insight Report 2019-2028 - Daily Criticism - November 25th, 2019
- Windows 10 Upgrades Blocked if Using Old Versions of AVG, Avast - BleepingComputer - November 25th, 2019
- Global and Regional IT Security Spending Market 2019 by Manufacturers, Countries, Type and Application, Forecast to 2025 - Daily Industry News Journal - November 25th, 2019
- DDoS Protection Market Witness an Unsold Story - The Market Journal - November 25th, 2019
- Six reasons for organisations to take control of their orphaned encryption keys before it triggers the next security breach - CSO Australia - November 25th, 2019
- Through Its YubiKey, Yubico Provides a Hardware Solution that Maximizes Online Security and Usability while Moving Beyond Passwords - CardRates.com - November 23rd, 2019
- 110 Nursing Homes Cut Off from Health Records in Ransomware Attack - Krebs on Security - November 23rd, 2019
- 'Tool of repression': Iran and regimes from Ethiopia to Venezuela limit Internet, go dark online - USA TODAY - November 23rd, 2019
- Organisations Join Forces To Fight Off Stalkerware And Domestic Violence - Women Love Tech - November 23rd, 2019
- How did Iran's government pull the plug on the Internet? - Euronews - November 22nd, 2019
- Expert: Education industry ranks one of the worst when it comes to cyber security - FOX 59 Indianapolis - November 22nd, 2019
- Putin: 'Thank God' election interference accusations have stopped amid US 'political battles' | TheHill - The Hill - November 22nd, 2019
- The internet as we know it is off in Iran. Heres why this shutdown is different - WGNO New Orleans - November 22nd, 2019
- The eyes have it - Telegraph India - November 22nd, 2019
- The internet loved Fiona Hill blasting sexism in impeachment testimony - INSIDER - November 22nd, 2019
- What is Google Authenticator?: How to set up Googles two-step verification software to secure all of your Google apps - Business Insider - November 22nd, 2019
- Cybersecurity perils: What CISOs must bear in mind - Elets - November 22nd, 2019
- Symantec | Internet Security Threat Report 2019 - November 21st, 2019
- Evaluating Internet Isolation Clouds: Must-Have Features - Security Boulevard - November 21st, 2019
- Perimeter 81 Announces $10 Million Funding Round to Expand its Network as a Service Platform; Partners with SonicWall to Add Unified Security Services... - November 21st, 2019
- Iranians Struggle Without the Internet - VOA News - November 21st, 2019
- 1.19 billion confidential medical images available on the internet - Help Net Security - November 21st, 2019
- AI, cyberbullying, probably the hot topics at the security workshop - Mash Viral - November 21st, 2019
- Senate Democrats urge DHS to fund cyber threat information-sharing programs | TheHill - The Hill - November 21st, 2019
- What is Google Authenticator? How to set up the app - Business Insider - November 21st, 2019
- LINE Antivirus 2.0.2 Update is Now Live with Enhanced Internet Security and New Features - Feed Ride - November 21st, 2019
- Cybercrime Support Network Awarded $1 Million Cooperative Agreement from the US Department of Homeland Security to Create a Uniform Cybercrime... - November 21st, 2019
- Hillicon Valley: Progressives oppose funding bill over surveillance authority | Senators call for 5G security coordinator | Facebook gets questions... - November 21st, 2019
- The 7 'creepiest' smart gadgets people give as holiday gifts, according to experts - Business Insider - November 21st, 2019
- Election Security: How 3 Local Counties Are Preparing For 2020 - Houston Public Media - November 21st, 2019
- Iran: More than 100 protesters believed to be killed as top officials give green light to crush protests - Amnesty International - November 21st, 2019
- Embedded Security For Internet Of Things Market 2019 Global Analysis by Growth, Size, Share, Trend and Forecast 2025 - Eastlake Times - November 21st, 2019
- #InfosecNA: The Benefits of Training Employees to Hack - Infosecurity Magazine - November 21st, 2019
- The Internet: Looking Back and Forward 50 Years - Security Boulevard - November 18th, 2019
- Internet security Market Outlook 2019: Business Overview And Top Company Analysis Forecast By 2026 - The Market Publicist - November 18th, 2019
- Cybersecurity and digital trade: What role for international trade rules? - Brookings Institution - November 18th, 2019
- The American Internet Sucks. The Alternative Is China. - BuzzFeed News - November 18th, 2019
- 3 types of email you should never open - AndroidPIT - November 18th, 2019
- When will 5G arrive? - Verizon Communications - November 18th, 2019
- New Bytecode Alliance Brings the Security, Ubiquity, and Interoperability of the Web to the World of Pervasive Computing - Mozilla & Firefox - November 18th, 2019
- Kaspersky Internet Security 2021 184.108.40.2067 - 60% OFF ... - October 23rd, 2019
- Securing Your Wireless Network | FTC Consumer Information - October 14th, 2019
- Amazon.com: Kaspersky Internet Security | 1 Device | 1 ... - October 1st, 2019
- Download ESET Internet Security | ESET - September 30th, 2019
- VPN Publishes Forbes Internet Security Guide for Law Firms - September 18th, 2019
- Avast Internet Security 2019 v19.7.2388 Activation Code ... - September 18th, 2019
- Trend Micro - Simply Security News, Views and Opinions from ... - May 30th, 2019
- Kaspersky Internet Security - Wikipedia - May 13th, 2019
- Anti-Virus Web Protection & Spyware Removal | StopSign ... - May 13th, 2019
- Internet security Great-West Life - ssl.grsaccess.com - March 22nd, 2019