Olaf Kolkman

Author Archives: Olaf Kolkman

Starting Today: NDSS Highlights the Best in Internet Security Research

You’ve undoubtedly heard about all sorts of Internet security vulnerabilities and incidents causing harm around the world, but the flip side of all that doom and gloom is all the promising efforts underway to create a more secure, private, and trusted Internet. Starting today and going through Wednesday (18-21 February), the Network and Distributed Systems Security (NDSS) Symposium takes place to present groundbreaking research in the world of Internet security.

This year marks the 25th anniversary of NDSS, and the Internet Society is proud to have been associated with it for over 20 years now. A key focus of the Internet Society has long been improving trust in the global open Internet. In order to promote this trust, we need new and innovative ideas and research on the security and privacy of our connected devices and the Internet that brings them together. NDSS is a top tier forum for highlighting this research.

NDSS 2018 is four full days featuring:

Call for Nominations now open for Rob Blokzijl Award

In remembrance of Internet Pioneer, founder and Chair of RIPE for 25 years, Postel Award recipient, and friend, Rob Blokzijl the RIPE NCC set up the “Rob Blokzijl Foundation”. The foundation recognises those who made substantial and sustained technical and operational contributions to the development of the Internet in the RIPE NCC service region, or supported or enabled others with the development of the Internet in the RIPE NCC service region.

The Rob Blokzijl Award will be awarded for the first time during RIPE 76 in May 2018. This is a Good Thing on so many levels.

The call for nominations is now open. The deadline is 16 March 2018 23:59 UTC.


Image credit: Olaf Kolkman

The post Call for Nominations now open for Rob Blokzijl Award appeared first on Internet Society.

Reflections from the Global Commission on the Stability of Cyberspace

Two weeks ago, a small delegation from the Internet Society was in Delhi for a series of meetings. (See yesterday’s post about GCCS and GFCE.) In this post, I’ll pick up with the Global Commission on the Stability of Cyberspace (GCSC).

The international community has been trying to develop cybernorms for international behaviour for over a decade. This has been happening through UN processes, through the GCCS, through international law discourse, and other fora. And, some progress has been made. For instance, the Tallin manuals provide some insights on how international law applies to cyber war and cyber operations, while the UN GGE, among others, recognized the applicability of international law on the digital space and has provided some protection to cybersecurity incident response teams (CIRTs) and critical infrastructure.

However, these processes are slow, and certainly not without roadblocks. The 5th UN Group of Governmental Experts on Information Security (GGE), for example, failed to reach consensus on whether certain aspects of international law, in particular the right to self-defence, apply to cyberspace as well as issues related to attribution. During a panel at GCCS, five participants in the 5th UN GGE shared their perspectives. To me Continue reading

Reflections on a Global and Cyber heavy week at GCCS and GFCE

Two weeks ago, a small Internet Society delegation was in Delhi to participate in a number of events that contained the word ‘Global’ and ‘Cyber’. In this post, I’ll share some of our perspectives on the first two events – the GCCS and the GFCE.

GCCS – The Global Conference on Cyberspace

The first meeting of the week was the Global Conference on Cyberspace. This was originally a government-initiated conference series and is also commonly known as the London Process.

Part of the strength of these meetings is that they create a trusted environment for governments to discuss global issues that are usually state-centric, such as international aspects of security and stability. Over time, these meetings have opened up to other stakeholders, with the 2015 meeting in The Hague being the most inclusive so far. However, inclusive participation is not a given. Inclusion is important because these types of meetings ultimately are where norms for inter-state behaviour emerge, not necessarily in writing but through the development of a common narrative. But such narratives are only strong and impactful if those who implement and are impacted by those norms have a seat at the table. Although inclusive, multi-stakeholder participation has historically Continue reading

Rough Guide to IETF 100 – Slinging Standards in Singapore

It’s time for the third and final IETF meeting of 2017. Starting on Sunday, 12 November, the Internet Engineering Task Force will be in Singapore for IETF 100, where about 1000 engineers will discuss the latest issues in open internet standards and protocols. All this week, we’re providing our usual Internet Society Rough Guide to the IETF via a series of blog posts on topics of mutual interest:

  • Internet of Things (IoT)
  • Routing Infrastructure Security Resilience
  • IPv6
  • DNSSEC, DANE and DNS Security
  • Identity, Privacy, and Encryption

All these posts can be found on our blog and will be archived through our Rough Guide to IETF 100 overview page.

Here are some of the activities that the Internet Society is involved in and some of my personal highlights.

IETF Journal

Catch up on highlights from IETF 99 in Prague by reading the IETF Journal. You can read all the articles online at https://www.ietfjournal.org, or pick up a hardcopy in Singapore.

This issue marks the final hardcopy version; starting in 2018, we’ll be shifting our focus to longer-form articles online and via our Twitter and Facebook channels. In the meantime, this issue has articles on the Human Rights Continue reading

On Approaches to Internet Security, Cybersecurity, and the Path Forward

On 5 October, I had the pleasure of speaking at the New York Metro Joint Cyber Security Conference, which brings together a community of security practitioners from the New York Metro area. Two talks stood out for me. First, the keynote by Maria Vullo, Superintendent Financial Services for the state of New York, who explained her drivers for regulating cybersecurity requirements for the Financial Sector [link to the presentation]. Second, a presentation by Pete Lindstrom from IDC, who, in a presentation on how perimeter security needs a thorough rethink, kept returning to the economics of security.

The reason I refer to these two talks is because I can appreciate them for their own, almost diametrical approaches for improving security. Pete Lindstrom making a strong economic and risk-based approach, questioning whether patching every vulnerability that comes along makes any sense from an economic risk and scale analysis. Maria Vullo, on the other hand, using capacity-based regulation to incentivise stronger security controls.

Those two points resonate strongly with what I was trying to get across: There is no magic security bullet, there is no security czar, and maintaining trust needs an active approach from all stakeholders.

Starting off with how our Continue reading