[ncdnhc-discuss] Re: [ga] ICP-4 Internet Security and Stability Protection

Jefsey Morfin jefsey at wanadoo.fr
Sat Oct 6 16:30:02 CEST 2001 

To prepare the "ICP-4 Internet Security and Stability Protection" document 
I set up an informal WG. Consensus is to be open to all the ICANN groups 
and constituencies as suggested by Chun Eung Hwi and supported by JW. I 
thank those who responded directly. I apologize for my Frenglish, specially 
to the icann-fra French speaking list.

The methodology we proposed is to establish the list the generic areas 
interrelating with the datasystem interconnections under TCP/IP (the 
extended Internet). Then to list the different generic types of thread. 
This will permit us to define a grid of the Internet risks. This might be 
defined further  with a list of their possible reasons towards a prevention 
policy definition.

Each box of such a grid should then be worked on:
- to better define the specifics of the menace in that area
- to asses the level of risks in a pragmatic way and in a subjective way
- to determine the parties involved
- to establish a WG on the matter with the mission to asses the current 
situation, the immediate and mid term security oriented actions, a specific 
preventive policy, the recommended joint efforts towards a global 
preventive policy and the area of possible innovations to reduce protect 
the area's stability.

It could then serve, and that would be the basis of the ICP-4 Internet 
Security and Stability Protection document, for the establishment of an 
Permanent ISSP Advisory Committee, keeping that grid updated from 
observations and adapted from experience, to animate a parmanent 
security/stability concern among the governance.

The grid of the risk levels should permit to determine the priorities from 
real risks, from the expectable impact on the public and  from the 
resulting chaining showing the core targets.

As a first attempt we have categorized 20 generic areas, 25 type of menace 
and 18 reasons. I list them here below. We thank you to add any area we 
might overlooked. We have not structured these lists nor detailed them in 
order to leave room to your imagination (several highly debated issues 
don't show up because they are part of generic areas, please feel free to 
comment them as we have now to extend this list a layer below).

Generic interrelated areas:
- interconnection structure
- structural lines
- governance
- centralized services (DNS, IP, ...)
- Internet industry (ISP, ASP, Communication Agency)
- interconnected computer systems - stations, immotic - teleurbanism
- interconnected operators (webmasters, staff, ...)
- generic services (e-mail, ftp, online payment, etc)
- servicing computers
- users
- public and social/community area
- market - economy
- impacted industries
- consumer organizations
- communicating structures - organization, management
- equipment manufacturers, content, services providers
- access lines and Telcos - telecom services
- regulation and standards
- states relations and law
- applications - innovation
- protocols

The types of menace we identified:
- single point of failure / weakness
- military action - war, civil war, invasion
- terrorist action
- acts of God
- blocus
- lack of supply
- technical failures
- intelligence action
- economic crisis - local/general
- DoS
- hacking
- vandalism
- disclosure
- cybersquatting
- public/management/technical distrust - disinterest
- negative press campaign
- alternative offerings - new technologies/solutions
- complexity
- overload
- technology level
- management instability
- unfair practices
- ignorance - incompetence - lack of education
- misunderstanding (lexical or linguistic)
- governance feud set-up

Among the reasons for these threads we have noted:
- misunderstanding of the Internet nature and social model
- strategic interests of leading partners - states, commercial
- financial greed
- political objections
- fanatism (regligious, professional)
- personal interest - employee retaliation
- fun
- private or political agenda
- attempts to dominance - lack of mutual coordination
- cultural conflicts
- financial, lingual and digital divide
- lack of local financing
- lack of local means
- national exclusion
- national policy
- feuds
- ignorance
- History

Jefsey

More information about the Ncuc-discuss mailing list