{"id":276,"date":"2010-06-17T08:49:54","date_gmt":"2010-06-17T08:49:54","guid":{"rendered":"http:\/\/rigf.asia\/?page_id=276"},"modified":"2024-01-25T06:49:59","modified_gmt":"2024-01-25T06:49:59","slug":"aprigf-roundtable-june-15th-2010-session-2","status":"publish","type":"page","link":"https:\/\/event.rigf.asia\/2010\/aprigf-roundtable-june-15th-2010-session-2\/","title":{"rendered":"APrIGF Roundtable &#8211; June 15th, 2010: Session 2"},"content":{"rendered":"<p><span class=\"highlight\">Security: Cyber-Security and Network Confidence<\/span><br \/>\n________________________________________________________________________<\/p>\n<p>REAL TIME TRANSCRIPT:  Security: Cyber-Security and Network Confidence<br \/>\nAPrIGF<br \/>\n11:00-12:30, Tuesday 15 June 2010<br \/>\nHong Kong<\/p>\n<p>DISCLAIMER: Due to the inherent difficulties in capturing a live<br \/>\nspeaker&#8217;s words, it is possible this realtime transcript may<br \/>\ncontain errors and mistranslations. An edited version of the<br \/>\nrealtime transcript which amends the inherent errors, will<br \/>\nbe posted later. LLOYD MICHAUX and APrIGF accept no<br \/>\nliability for any event or action resulting from the<br \/>\ncontents of this transcript.<\/p>\n<p>________________________________________________________________________<\/p>\n<p>&gt;&gt; :\u00a0 Now may I have Mr Mohamed Sharil Tarmizi, chief officer<br \/>\nof MCMC, to introduce the panel speakers for us.<\/p>\n<p>Please.<\/p>\n<p>&gt;&gt; Dato Mohamed Sharil Tarmizi:\u00a0 Good morning, everyone.<\/p>\n<p>Very happy to be here in Hong Kong.\u00a0 Thank you very<br \/>\nmuch for the introduction.<\/p>\n<p>Thank you to Edmon, Bianca, the guys from DotAsia.<br \/>\nYou have made my life a lot easier by helping in<br \/>\nplanning for this session.<\/p>\n<p>We are running a bit behind time, so I was advised<br \/>\nby the organisers to try to catch up.<\/p>\n<p>We have five, including myself, and I&#8217;ll explain<br \/>\nwhy.<\/p>\n<p>We have about six presentations to share with you.<\/p>\n<p>They are very brief presentations about security.<\/p>\n<p>Maybe as a sort of a prelude to that, I just wanted<br \/>\nto say that as we have heard this morning, the internet<br \/>\nhas become a critical infrastructure for most of us and<br \/>\nwhether you&#8217;re a developed country or a adopting<br \/>\ncountry, the internet has become very important.<\/p>\n<p>As with many other critical infrastructures, it is<br \/>\nalso susceptible to threats.<\/p>\n<p>If in the past we all looked at physical threats,<br \/>\nnow the threats we are talking about are of a cyber<br \/>\nnature.<\/p>\n<p>The risks that come up and the potential harm that<br \/>\nthey can cause is huge.<\/p>\n<p>I am joined by a panel of distinguished people.<br \/>\nI won&#8217;t read you their VCs in the interests of time, but<br \/>\nfrom the far right, we have Mr Michael Mudd who will be<br \/>\ntalking a lot about the education side, Mr Thomas<br \/>\nParenty is talking about the issues concerning cyber<br \/>\nsecurity.<\/p>\n<p>We have an antivirus man there by the name of<br \/>\nMr Matthew Chan.<\/p>\n<p>We have Christine, who is and we have ram.<\/p>\n<p>I am in a challenging position, because this<br \/>\nmorning, I represent the convergent of interests.\u00a0 My<br \/>\nday job, I&#8217;m a regulator in Malaysia.\u00a0 So I regulate the<br \/>\nbroadcasting broadband internet telecoms industry.<\/p>\n<p>But I have a dual role.\u00a0 I&#8217;m also a board member of<br \/>\nimpact.<\/p>\n<p>I have a third role later this afternoon, where I&#8217;ll<br \/>\nbe speaking on behalf of the ITU.<\/p>\n<p>So multiple heads, convergence or confluence of<br \/>\ninflicts, not conflicts.<\/p>\n<p>Very quickly, let me just share with you, to<br \/>\nkick-off, what impact is doing.<\/p>\n<p>We&#8217;ll go down the presentation this way.\u00a0 Some of<br \/>\nyou, anyone in the room who has heard of impact?<\/p>\n<p>Yeah.\u00a0 One.<\/p>\n<p>We are doing very well.<\/p>\n<p>Basically, impact stands for the International<br \/>\nMultilateral Partnership Against Cyber Threats.<\/p>\n<p>What is it?<\/p>\n<p>It&#8217;s non-profit.\u00a0 It looks at creating a team of<br \/>\nexperts on cyber threats.\u00a0 It looks at the high level<br \/>\ncyber threats, not national level, but international<br \/>\ncooperation level.<\/p>\n<p>Basically, based on a global partnership environment<br \/>\nand it&#8217;s supposed to be multilateral.<\/p>\n<p>All of us are going to be less than five minutes to<br \/>\nspeak, in the interests of time,.<\/p>\n<p>We launched impact.\u00a0 Impact is now the physical home<br \/>\nfor the global cyber security agenda of the ITU.\u00a0 It<br \/>\nhappens to be in Kuala Lumpur.<\/p>\n<p>What the coalition actually tries to do is to try to<br \/>\nbring together the industry experts, academia,<br \/>\ninternational bodies and think tanks into one place,<br \/>\na virtual place, called impact, where countries of the<br \/>\nITU membership can get together and essentially compare<br \/>\nnotes, share resources and capabilities.<\/p>\n<p>This is because these are some of the countries<br \/>\nwhere impact has already deployed some cyber security<br \/>\nservices.<\/p>\n<p>What it is that impact does is largely capacity<br \/>\nbuilding, particularly for the developing and lesser<br \/>\ndeveloped countries.<\/p>\n<p>Less are some of the advisory board members of<br \/>\nimpact, as you can tell, they are people in the industry<br \/>\nwho have been involved in a lot of the cyber threat type<br \/>\ninitiatives.<\/p>\n<p>They have a partnership with the ITU.\u00a0 They are not<br \/>\nan agency of the ITU, let me just be very clear.<\/p>\n<p>They are in their own.\u00a0 They have about 45 country<br \/>\nmembers right now, building up, but they have tied up<br \/>\nwith the ITU and also Interpol to look at cyber crime,<br \/>\ncyber threats.<\/p>\n<p>Recently, they signed up with the ITU, to be the<br \/>\nphysical home of the global cyber security agenda of the<br \/>\nITU.<\/p>\n<p>I must stress this because at the same time, they<br \/>\nare working with the UN.<\/p>\n<p>There&#8217;s a lot of hype floating around about what<br \/>\nimpact is, what impact does and so on, so I can tell you<br \/>\nthat they are quite independent of all of that.<\/p>\n<p>I&#8217;m going to basically skip this and focus on one of<br \/>\nthe areas that impact is working with the ITU and that<br \/>\nis protecting children on-line.<\/p>\n<p>This has become a major agenda, I think for many<br \/>\ncountries and many governments and impact is help<br \/>\nprogress viding capability and capacity.<\/p>\n<p>The final few slides I have is that the facilities<br \/>\nthat impact provides is actually a global response<br \/>\ncentre, a platform for experts to collaborate, in terms<br \/>\nof the cyber threats.<\/p>\n<p>Training and skills development centre, where they<br \/>\nwork with institutes and other people, counsels and the<br \/>\nrest.<\/p>\n<p>They have also this capacity building environment<br \/>\nfor government, where if governments want to know how<br \/>\nwell they faired, in terms of their readiness against<br \/>\ncyber attacks or cyber threats, you can have<br \/>\na benchmark.<\/p>\n<p>Last but not least, they have a centre for policy<br \/>\nand international cooperation.<\/p>\n<p>The partners you can see, I would invite you to go<br \/>\nand see impact&#8217;s website for who the partners are, but<br \/>\nbasically it&#8217;s intended to be an all uncollusive<br \/>\ncollaborative platform for governments particularly, but<br \/>\nalso multi-stakeholders to get together and discuss<br \/>\nabout cyber security and cyber threat issues.<\/p>\n<p>So that&#8217;s the presentation on impact.<\/p>\n<p>Let me switch back hats to becoming the moderator.<\/p>\n<p>That is only one slice of cyber security that I&#8217;m<br \/>\ntalking about.<\/p>\n<p>Maybe more on the slice where governments have some<br \/>\nconcerns, physical security, infrastructure security,<br \/>\nbut there are other aspects, such as the on-line<br \/>\nprotection initiative for children and my fellow<br \/>\ncolleagues here on this panel will be bringing to you<br \/>\nthe various aspects.<\/p>\n<p>The whole idea here is that we intend to try and<br \/>\nprovide the kaleidoscope of security issues for your<br \/>\nconsideration as a thought piece for the Asian Pacific<br \/>\nRegional Internet Governance Forum to think about.<\/p>\n<p>We can then, after this, perhaps, in the discussion<br \/>\nsession, if we have a bit of time, try and look at<br \/>\npriorities, areas of prioritisation, because the<br \/>\npriorities will be different for each one.<\/p>\n<p>Enough from me.<\/p>\n<p>Can I now invite my colleague, Ram Mohan, to do his<br \/>\npresentation.\u00a0 Thank you.<\/p>\n<p>&gt;&gt; Ram Mohan:\u00a0 Thank you very much.<\/p>\n<p>I&#8217;m delighted to be here in Hong Kong.\u00a0 It&#8217;s one of<br \/>\nmy favourite places in the world, with a great cultural<br \/>\ntradition and certainly a leader in the creation of an<br \/>\nAsian Pacific digital culture.<\/p>\n<p>I wanted to spend a few minutes in providing my<br \/>\nobservations on where we are when it comes to cyber<br \/>\nsecurity and cyber threats and provide some thoughts.<\/p>\n<p>We meet at a time of significant focus on internet<br \/>\nsecurity.\u00a0 In my travels over the world, I have seen the<br \/>\ndirect and sometimes indirect results of this signal<br \/>\nglobal event.<\/p>\n<p>In Estonia, which boasts one of the world&#8217;s most<br \/>\nconnected economies, the country&#8217;s democratic<br \/>\ninstitutions, commercial organisations and news media<br \/>\nwere shut down for almost one week, due to a concerted<br \/>\ncyber attack.<\/p>\n<p>In China, the country&#8217;s major search engine,<br \/>\nBaidu.com, was shut down by the simple expedient of<br \/>\nhacking the DNS of the core domain name baidu.com.<\/p>\n<p>In other parts of Asia, it has been reported in the<br \/>\nnewspapers that about 30 per cent of official government<br \/>\nwebsites were infected with scripts that captured<br \/>\ninformation without the knowledge of the users.<\/p>\n<p>The Twitter service has been repeatedly hacked.<br \/>\nBoth on the site itself and most recently, through their<br \/>\nmanaged DNS provider.<\/p>\n<p>In countries in the Asian Pacific region and other<br \/>\nparts of the world, more user names and passwords were<br \/>\nstolen or compromised in 2009 than ever.<\/p>\n<p>I&#8217;m sure none of this has been lost on all of you<br \/>\ngathered here in Hong Kong.\u00a0 After all, you realise that<br \/>\nwhen a digital system weakens in one part of the world,<br \/>\nsecurity and credibility is hurt everywhere.<\/p>\n<p>My own company has been forged in the useable of<br \/>\nincreasing security threats.<\/p>\n<p>We manage critical internet structure, we manage<br \/>\ntechnology for about 10 per cent of all domains on the<br \/>\ninternet and respond to tens of billions of DNS queries<br \/>\nevery day.<\/p>\n<p>As a result, we are a constant target of cyber<br \/>\nattacks.\u00a0 Each day, we encounter takes and some days, we<br \/>\nencounter a combination of cyber attacks that wake some<br \/>\nof us up in 2 in the morning and keep up up thereafter.<\/p>\n<p>We work to endure the shock to our systems, learn to<br \/>\nanticipate more and growth in the teeth of ever<br \/>\nincreasing cyber storms.\u00a0 As we continue into this<br \/>\ndecade of the 2010s, I think we need to be careful in<br \/>\nhow we, as a global community, interested in the<br \/>\nsecurity of the DNS, marshall our resources and how we<br \/>\nspend our time and money.<\/p>\n<p>If you look at today&#8217;s threats, you hear a lot of<br \/>\nwords.\u00a0 Bot nets, mail ware, cyber terrorism,DDOS cyber<br \/>\nterrorism, clouds, a lot of different words and in some<br \/>\ncases, it&#8217;s almost an alphabet soup.<\/p>\n<p>In our changing internet, our first line of defence<br \/>\nmust be timely, accurate data that is shared,<br \/>\nintegrated, analysed and acted upon quickly and<br \/>\neffectively.<\/p>\n<p>Now, this generation on the internet faces a great<br \/>\ntest in the area of security.<\/p>\n<p>Unlike earlier digital security threats, we cannot<br \/>\ncount on an anti virus programme to bring this trouble<br \/>\nto a close.<\/p>\n<p>Right now, in distributed networks, and hidden<br \/>\nmessage boards, there are people planning to run massive<br \/>\nattacks on your systems.<\/p>\n<p>That is likely to be the case not just now, but 10<br \/>\nyears from now.<\/p>\n<p>In just the past few months, we have been reminded<br \/>\nagain of the challenge we face in protecting DNS users<br \/>\nagainst an enemy that is bent on hijacking them.<\/p>\n<p>While fragmented policy, fractious politics and<br \/>\nfragile protocols can often on security the hard work,<br \/>\nI think we need to be clear about what this moment<br \/>\ndemands.\u00a0 The internet as we know it can be affected<br \/>\nquickly, rapidly and comprehensively by focused and<br \/>\nunwanted attention on just a few problem areas.<\/p>\n<p>To respond to this, we need to come together to<br \/>\nbuild what I think is international cooperation against<br \/>\ncyber threats, based on the broad principles of<br \/>\nprotecting the consumer interest, preserving security<br \/>\nwithout compromising privacy and maintaining the<br \/>\ndemocratic principles of the internet.<\/p>\n<p>This responsibility is only magnified in an era<br \/>\nwhere governments are waking up to the power and<br \/>\npotential of the internet and technology gives a handful<br \/>\nof criminals the potential to do the great majority of<br \/>\nthe world tremendous harm.<\/p>\n<p>Let me be blunt.<\/p>\n<p>There are no neat or easy answers for some of these<br \/>\nproblems that I have raised in front of you.\u00a0 I wish<br \/>\nthere were.<\/p>\n<p>But I can tell you that the wrong answer is to<br \/>\npretend that this problem will go away if you maintain<br \/>\nwhat I believe is right now an unsustainable status quo.<\/p>\n<p>Internet security requires a delicate balance.\u00a0 On<br \/>\nthe one hand, a democratic internet depends on<br \/>\ntransparency.<\/p>\n<p>On the other hand, some information and techniques<br \/>\nmust be protected from public disclosure.\u00a0 For the sake<br \/>\nof security.<\/p>\n<p>Some information must be shared with appropriate<br \/>\nauthorities on an as needed basis.<\/p>\n<p>In many of these cases, money, freedom and sometimes<br \/>\neven lives are at stake.<\/p>\n<p>A decade into the new century, the internet is now<br \/>\ntaken for granted.<\/p>\n<p>Your children no longer are in awe of this<br \/>\ntechnology the way some of you were when it first came<br \/>\nabout.<\/p>\n<p>They just expect the internet to just work.<\/p>\n<p>This expectation has become one of the key drivers<br \/>\nof the global economy.<\/p>\n<p>To make the part of the internet system that we are<br \/>\nresponsible for, not just work, butt work well, you are<br \/>\nnow part of the human mesh that keeps this critical<br \/>\ninternet infrastructure viable and vibrant and each one<br \/>\nof us who is here is a member of a team that helps keep<br \/>\na big part of the internet up and running.<\/p>\n<p>Somewhere today, a relief worker is registering and<br \/>\nusing a DotAsia domain name, so that people can donate<br \/>\nto respond to an earthquake and help save lives a .IN<br \/>\ndomain name to appeal to customers using the somewhere<br \/>\ntoday a computer programmer is registering a dot info<br \/>\ndomain name to fulfil his dream.<\/p>\n<p>Somewhere today a tourism organisation is<br \/>\nregistering a .hk domain to showcase the beauty and<br \/>\nattractiveness of this low call region.<\/p>\n<p>That .in business, that .info entrepreneur and .hk<br \/>\norganisation depend upon all of us to keep the<br \/>\ninternet&#8217;s core, the foundation of the internet, running<br \/>\nwithout trouble, today, tomorrow and every day.<\/p>\n<p>Everywhere I go, there is now a great expectation<br \/>\nthat if you see technology on the internet, it will just<br \/>\nwork.<\/p>\n<p>And it will just work in a way that is more open,<br \/>\nmore secure and more accessible than any other system<br \/>\npreviously built.<\/p>\n<p>This expectation places upon us a great<br \/>\nresponsibility, a responsibility to strengthen our<br \/>\ndefences, to adopt safer computer security protocols, to<br \/>\nbuild strong alliances that foster open information<br \/>\nexchange.<\/p>\n<p>We cannot sacrifice the open internet and the values<br \/>\nand liberties that it entails in light of increasing<br \/>\nsecurity concerns, interoperability and accessibility,<br \/>\nin my opinion, must remain very high priorities, while<br \/>\nat the same time protecting security.<\/p>\n<p>As we gather here to share our thoughts on the<br \/>\ngovernance of the internet, the domain name system, and<br \/>\nto tomorrow&#8217;s computer systems and the internet, let us<br \/>\nreach for the same vision, high principles, hard work<br \/>\nand persistence that has brought us so far.<\/p>\n<p>Let us join hands across Hong Kong, across Beijing,<br \/>\nacross New Delhi, Dhaka, Singapore and Tokyo, as we go<br \/>\nabout building the future of the internet as we know it.<\/p>\n<p>The safety and security of tomorrow&#8217;s internet is<br \/>\nthreatened by more than just hacking and phishing<br \/>\nattempts.<\/p>\n<p>We need to first agree on common principles we<br \/>\nbelieve in.<\/p>\n<p>Principles that we promise to adopt and techniques<br \/>\nthat allow us to share, integrate, analyse and act on<br \/>\ntimely and accurate data.<\/p>\n<p>Speaking together on security, not getting scared<br \/>\nabout cyber threats, cyber war or cyber terror and<br \/>\nagreeing on common principles will ensure that there is<br \/>\na bright future ahead.<\/p>\n<p>I believe together we can security this future.<\/p>\n<p>Thank you.<\/p>\n<p>&gt;&gt; Dato Mohamed Sharil Tarmizi:\u00a0 Thank you.<\/p>\n<p>I think Christine.<\/p>\n<p>I&#8217;m just going to go, in the interests of time, run<br \/>\nthrough the speakers, then we can have a more<br \/>\ninteractive session at the end of the five<br \/>\npresentations.<\/p>\n<p>&gt;&gt; Christine Runnegar:\u00a0 Thank you very much.\u00a0 It&#8217;s a pleasure<br \/>\nto be here in Hong Kong and I would like to thank<br \/>\nDotAsia and our Hong Kong chapter for inviting me here<br \/>\nto speak to everyone.<\/p>\n<p>So thank you.<\/p>\n<p>The first step of today&#8217;s talk is mastering the<br \/>\ntechnology, so let&#8217;s see if I can get the slides to<br \/>\nwork.<\/p>\n<p>I&#8217;m going to be speaking about network confidence<br \/>\nand the Internet Society&#8217;s trust and Identity Initiative<br \/>\nand here is my first test on the technology.<\/p>\n<p>So let&#8217;s begin with a definition.<\/p>\n<p>What is confidence?<\/p>\n<p>Confidence is the belief that one can have faith in<br \/>\nor rely on someone or something.<\/p>\n<p>It&#8217;s a self-assurance arising from an appreciation<br \/>\nof one&#8217;s abilities.<\/p>\n<p>It&#8217;s also the telling of private matters or secrets<br \/>\nwith mutual trust.<\/p>\n<p>Such as you might have in a business partnership.<\/p>\n<p>It&#8217;s also a secret or private matter told to someone<br \/>\nunder a condition of trust.<\/p>\n<p>Such as your lawyer or your doctor.<\/p>\n<p>One of our strategic objectives for 2010 is to<br \/>\nactively promote and support the development of open<br \/>\nstandards, technologies, applications and policies that<br \/>\nengender trust in networked environments, to provide<br \/>\neducation and guidance on methods for ensuring full<br \/>\nparticipation from internet stakeholders and enabling<br \/>\nindividual accountability.<\/p>\n<p>Under our Trust and Identity Initiative, we have<br \/>\nthree major activities.\u00a0 They are understanding the<br \/>\ntrust ecosystem, which I will be speaking about,<br \/>\nsupporting open trust enabling solutions and stakeholder<br \/>\noutreach and support.<\/p>\n<p>So how do we achieve confidence?<\/p>\n<p>Confidence results from trust developed through<br \/>\npositive interactions experienced over time.<\/p>\n<p>If we go back to the definition of confidence, trust<br \/>\nis trust in oneself, trust in someone else or trust in<br \/>\nsomething.<\/p>\n<p>To increase network confidence, we must build upon<br \/>\nthe sesses of the internet model, including global<br \/>\nopenness and accessibility.<\/p>\n<p>We must support technologies that enable trust from<br \/>\nthe network layer to the application layer.<\/p>\n<p>We must encourage policies that take steps to<br \/>\nenable, extend, strengthen confidence with a chain of<br \/>\ntrust.<\/p>\n<p>And encourage the economics of innovation to support<br \/>\nvalue for all stakeholders.<\/p>\n<p>What are the components in the trust ecosystem?<\/p>\n<p>The components are technology, so things such as<br \/>\nprotocols, applications and hardware.\u00a0 There is also the<br \/>\nregulatory component and you&#8217;ll notice that under the<br \/>\nregulatory component, there is enterprise.\u00a0 Because<br \/>\nenterprise does play a role, for example, through self<br \/>\nregulation and coregulation.<\/p>\n<p>Then if we look at the third component, society,<br \/>\nit&#8217;s important to remember that there are not only on<br \/>\nline interactions, but off line interactions as well.<\/p>\n<p>What is trust?\u00a0 Trust is reliance on the integrity,<br \/>\nstrength, ability, et cetera of a person or thing.<\/p>\n<p>What contributes to that trust?\u00a0 What are some of<br \/>\nthe things?<\/p>\n<p>One of these things is authentication.\u00a0 Who are you?<br \/>\nWhat is the identity of the user and the device?<\/p>\n<p>Note there that I have used the word authentication.<br \/>\nIt&#8217;s important to remember that there is a distinction<br \/>\nbetween authentication and identification.\u00a0 Take, for<br \/>\nexample, a person who wishes to vote on an on-line<br \/>\nvoting system.\u00a0 It&#8217;s important that the system<br \/>\nauthenticate the person, but the person would want to<br \/>\nvote without revealing their identity, without being<br \/>\nidentified.<\/p>\n<p>Another factor which can contribute to trust is<br \/>\nauthorisation.\u00a0 Are you permitted?\u00a0 What privileges,<br \/>\nwhat access is allowed to the user?<\/p>\n<p>A third factor is encryption.\u00a0 Can others hear or<br \/>\nsee what you&#8217;re doing?<\/p>\n<p>Keep private that which should be kept private.<\/p>\n<p>Looking at the intersections and tensions, trust<br \/>\nencompasses several key components.<\/p>\n<p>It&#8217;s a willingness to take a risk based on shared<br \/>\ninformation.<\/p>\n<p>It&#8217;s the ability to judge and accept the level of<br \/>\nrisk in a given exchange.<\/p>\n<p>It&#8217;s also the ability to share sensitive information<br \/>\nwithin an agreed context.<\/p>\n<p>In on-line transactions, enabling a trusted<br \/>\ninteraction depends on a combination of security,<br \/>\nprivacy protection and importantly, useability.<\/p>\n<p>Looking at the constituent building blocks, then,<br \/>\nwhat are the buildk blocks of trust?\u00a0 They are security,<br \/>\naccountability, value enhancing and the evolving system.<\/p>\n<p>Just highlighting a couple of these items, if you<br \/>\nlook at accountability, for example, it&#8217;s important that<br \/>\nthe system be verifiable.<\/p>\n<p>If you think about it in terms of scientific<br \/>\nexperiment, we are all very familiar with the importance<br \/>\nof being able to reproduce the results of scientific<br \/>\nexperiment and the value that that provides to the<br \/>\nscientific community.<\/p>\n<p>Similarly, the system needs to be evolving.\u00a0 It<br \/>\nneeds to have provision for feedback, flexibility.\u00a0 It<br \/>\nneeds to be adaptive and evolving.<\/p>\n<p>It&#8217;s a balancing act in the trust ecosystem.<\/p>\n<p>A healthy solution includes all the components.<br \/>\nEach with varying weight according to their constituent<br \/>\nbuilding blocks.<\/p>\n<p>Consider two things.<\/p>\n<p>Suppose you have a healthcare advice forum.\u00a0 That is<br \/>\na place where you can go to obtain information about<br \/>\ndiseases or injuries.<\/p>\n<p>If you look at what components you would expect,<br \/>\nyou&#8217;d would expect a fairly sort of low tech solution,<br \/>\nrelatively low regulation and you&#8217;d have a lot of<br \/>\npersonal and community involvement.<\/p>\n<p>So what building blocks might you want for that sort<br \/>\nof system?<\/p>\n<p>You would probably want moderate security, several<br \/>\nreporting and you would want something that&#8217;s highly<br \/>\nflexible.<\/p>\n<p>By contrast, consider a healthcare records manager.<\/p>\n<p>That is a place where that records and stores and<br \/>\nmanages your personal medical records.<\/p>\n<p>In that situation, you would want a hi-tech<br \/>\nsolution, you want it to be highly regulated and you<br \/>\nwant to have high personal involvement, assuming you<br \/>\nhave some control over those records.<\/p>\n<p>In such circumstances, for trust, you want to have<br \/>\nhigh security, you would want to have regulated<br \/>\nreporting system, you want to make sure that the system<br \/>\nis stable and so forth.<\/p>\n<p>It&#8217;s also about maintaining the balance.<\/p>\n<p>Maintaining the balance or maintaining the balancing<br \/>\nof the blocks is as much an art as it is a science.<\/p>\n<p>The important thing to remember here is that there<br \/>\nare many possible successful configurations, not just<br \/>\none.<\/p>\n<p>Some blocks are going to be covariant and some are<br \/>\ngoing to be orthogonal.\u00a0 What do I mean by that.\u00a0 I mean<br \/>\nsometimes when you change one of the blocks it will<br \/>\naffect the others, whereas in other cases, there won&#8217;t<br \/>\nbe any need for change at all.<\/p>\n<p>Very importantly too, don&#8217;t forget, perceptions can<br \/>\nbe deceiving and they can become reality.<\/p>\n<p>The trust ecosystem also has a linked evolution.<br \/>\nConsider this example.\u00a0 Imagine a regulatory<br \/>\nenvironment, you have a new law and it necessitates<br \/>\na change in business practices, further accountability.<\/p>\n<p>This has a flow on effect to the technology<br \/>\ncomponent.<\/p>\n<p>To ensure compliance, we would require a change in<br \/>\na security mechanism and perhaps some modification of<br \/>\nsome functionality.<\/p>\n<p>This feeds down to the society component.<\/p>\n<p>The end result of the regulatory and technology<br \/>\nchanges may lead to a shift in the overall value in the<br \/>\nuser community affecting behaviour and also<br \/>\nexpectations.<\/p>\n<p>So the keys to building confidence, therefore, are<br \/>\na strong foundation built on open technology, best<br \/>\ncommon practices and proven methodologies, all<br \/>\nparticipants cooperating as valued stakeholders,<br \/>\noperational transparency with integrated feedback loops<br \/>\nempowering coordinated responses to emerging issues from<br \/>\nall participants in the ecosystem, functional frameworks<br \/>\nthat support deployments in various markets and<br \/>\njurisdictions, effective expectation management.<\/p>\n<p>What is expected and what is delivered must be<br \/>\nmatched?<\/p>\n<p>A mismatch in either direction can be disaster.<\/p>\n<p>So let&#8217;s turn to the internet ecosystem.<\/p>\n<p>Something which all of you would be very fact<br \/>\nfamiliar with.<\/p>\n<p>Now I will take you to the stakeholders in the trust<br \/>\nenabled ecosystem.<\/p>\n<p>They&#8217;re the same individuals, organisation and other<br \/>\nentities.<\/p>\n<p>Thank you.<\/p>\n<p>&gt;&gt; Dato Mohamed Sharil Tarmizi:\u00a0 Da thank you, Christine.<br \/>\nRemember when I started, I said that there were many<br \/>\nfacets, one facet came from Ram.\u00a0 He was talking about<br \/>\nbot nets, compromises to websites, hacking attacks,<br \/>\nDDOS, then we have Christine talking about trust,<br \/>\nauthentication, thoughts.<\/p>\n<p>Now for the third one, let&#8217;s see another perspective<br \/>\nof when you talk about security and governance of the<br \/>\ninternet.\u00a0 Please, Matthew.<\/p>\n<p>&gt;&gt; Matthew Chan:\u00a0 Thank you organisers to invite me to join<br \/>\nthe event.<\/p>\n<p>Everybody knows we are the antivirus company, but<br \/>\nactually our vision is absolutely provide the absolutely<br \/>\nsafe environment to the customer, to exchange data.<\/p>\n<p>Everybody knows the word virus.<\/p>\n<p>In the past, virus is damage the computer and the<br \/>\nnetworks, but now today, the virus is changed to botnet.<\/p>\n<p>Botnet, you can think about the network, one&#8217;s master<br \/>\ncan handle over a thousand computers to hit one of the<br \/>\ntarget customer.<\/p>\n<p>So on the other hand, the botnet is stealing the<br \/>\ndata and information like credit card information,<br \/>\nsocial security number, financial information,<br \/>\net cetera.<\/p>\n<p>Business and consumer, like inundated with data.<br \/>\nThe amount of the data running through today global<br \/>\nnetwork is currently being measured in petabytes.<\/p>\n<p>Not only there&#8217;s a lot of data, but it&#8217;s now mobile.<\/p>\n<p>I saw everybody have a notebook here, net book,<br \/>\nsmart phone, all is mobile device are there.<\/p>\n<p>All capable of receiving data and using applications<br \/>\nthat reside in a cloud.<\/p>\n<p>Data is no longer reside on just one server or<br \/>\ndevice.<\/p>\n<p>So how can we ensure that such vast amounts of<br \/>\ninformation are secure?<\/p>\n<p>We believe the answer is in the cloud.\u00a0 That is<br \/>\ninternet cloud or we can say the public cloud.<\/p>\n<p>To protect against threats coming from the cloud,<br \/>\nTrend Micro turn to the cloud itself to deliver the<br \/>\ntrend microsmart protection network.<\/p>\n<p>Some of the industry argue the cloud computing will<br \/>\nresult in security consolidation, but I don&#8217;t see this<br \/>\nhappening.<\/p>\n<p>Whenever there is the computing, how can security be<br \/>\npossibly consolidated.\u00a0 Security needs to be at every<br \/>\nlayer to be effective.<\/p>\n<p>What matters most is the protection of the data.<\/p>\n<p>Don&#8217;t care where the data is coming from, but they<br \/>\ndo care how it is protected.<\/p>\n<p>Most of the businesses or stakeholders thinking<br \/>\nabout where is my data?\u00a0 Who is accessing my data?\u00a0 Is<br \/>\nmy data being modified?<\/p>\n<p>This is a new environment requires security<br \/>\ninnovation.<\/p>\n<p>Solutions will need to address the issue of<br \/>\nprotecting the cloud infrastructure itself.<\/p>\n<p>Trend Micro, our understanding, understands that<br \/>\ninnovation has to be evolution rather than revolution.<\/p>\n<p>IT firms want to leverage the cloud, but need.<\/p>\n<p>They also realise that if they don&#8217;t make a secure<br \/>\ncloud available to their internal customer, that<br \/>\ncustomer will go around them and get access to the cloud<br \/>\nwithout them and perhaps without security that requires<br \/>\nto ensure the great protection.<\/p>\n<p>I thinks this Trend Micro position, within 2<br \/>\nminutes.<\/p>\n<p>&gt;&gt; Dato Mohamed Sharil Tarmizi:\u00a0 Thank you, Matthew.\u00a0 That&#8217;s<br \/>\nvery kind of you.<\/p>\n<p>Thomas?<\/p>\n<p>&gt;&gt; Thomas Parenty:\u00a0 I would also like the thank the<br \/>\nconference organisers for the opportunity to talk to you<br \/>\nthis morning and also as one of the few Hong Kong people<br \/>\non the panel, to welcome the rest of you to the city and<br \/>\nyes, the food is very good.<\/p>\n<p>What I would like to talk about is security,<br \/>\ninformation from a slightly different perspective, not<br \/>\nso much from the perspective of issues with respect to<br \/>\nthe underlying infrastructure, but more from an<br \/>\norganisational perspective, specifically not how to<br \/>\norganise things, but rather from the perspective of<br \/>\norganisations.<\/p>\n<p>I&#8217;m going to be talking about sort of trends in the<br \/>\nkinds of security threat, security crimes that are<br \/>\nexisting and that I see showing up in the near future.<\/p>\n<p>One of the cautions I want to say is that whenever<br \/>\npeople talk about computer crime or computer dangers,<br \/>\nthere&#8217;s this tendency to be somewhat alarmist.<\/p>\n<p>I&#8217;m simply going to be describing what I see as<br \/>\nhappening and what is possible, but not something that<br \/>\nyou should necessarily lose sleep over.<\/p>\n<p>Also, to put things in context, there is a story<\/p>\n<p>I heard a while back, I can&#8217;t remember the origin of the<br \/>\nstory, but if you and a friend are walking in the woods<br \/>\nand you happen to run into a bear, it&#8217;s not necessary<br \/>\nthat you actually run father than the bear, just faster<br \/>\nthan your friend.<\/p>\n<p>With respect to certain internet issues, you just<br \/>\nwant to make sure you&#8217;re a little faster.<\/p>\n<p>To simplify the world, in terms of threats, one can<br \/>\ntalk about insider threats and outsider threats.<\/p>\n<p>The particular kinds of attacks up until now that<br \/>\nyou&#8217;ve been subject to, either inside or outside depend<br \/>\nvery much on what the target of the attack is.\u00a0 For<br \/>\ninstance, if the attacker wants something that is easily<br \/>\nidentifiable, such as a credit card number, a social<br \/>\nsecurity number, that&#8217;s a relatively easy thing to do<br \/>\nfrom the outside.<\/p>\n<p>Actually, newspapers are full of stories of people<br \/>\nfrom the forger Soviet union hacking into computers<br \/>\nhalfway around the world to harvest credit numbers that<br \/>\nare then sold to other people who then sell them to<br \/>\nsomebody else who then actually commit the crime.<\/p>\n<p>If you look on the other side, let&#8217;s say concern<br \/>\nabout intellectual property, trade secrets, corporate<br \/>\ninformation, that has, up until now, tended to be more<br \/>\nof an insider crime.<\/p>\n<p>Part of the reason is that to be able to identify<br \/>\nwhat&#8217;s important versus what isn&#8217;t, requires a lot of<br \/>\ncontextual information that somebody halfway around the<br \/>\nworld isn&#8217;t necessarily going to know.<\/p>\n<p>What I&#8217;ve noticed recently is there&#8217;s starting to be<br \/>\na merging of these two sort of sources of attack, where<br \/>\nyou have the actual attack coming from outside using<br \/>\nvarious forms of mail ware or phishing or traditional<br \/>\nattacks that have come from the outside that tools from<br \/>\nmy panellist can help address.<\/p>\n<p>But it&#8217;s those attacks are being guided by insider<br \/>\ninformation in order to know where is the specific<br \/>\ntarget within an organisation that I should look for.<\/p>\n<p>The recent hacking attacks on Google and other<br \/>\ncompanies actually are examples of this sort of merging<br \/>\nof the insider and outsider.<\/p>\n<p>So it&#8217;s something that for an organisational<br \/>\nperspective, it used to be some simple.\u00a0 We had outsider<br \/>\nattacks, we had insider attacks, but now we have this<br \/>\nmerging of them.<\/p>\n<p>So that&#8217;s one trend that I have seen that is &#8212; that<br \/>\nactually is in practice today.<\/p>\n<p>The second thing that I would like to talk about are<br \/>\nthreats that we can anticipate.<\/p>\n<p>It&#8217;s something that historically, there has been<br \/>\na division between the physical security world and the<br \/>\ndigital or information security world.<\/p>\n<p>Being in the information security world, I sort of<br \/>\nlook down at the people who look at CCTVs and if the<br \/>\nguard is in the right place and things like that, though<br \/>\nI do recognise the importance of them.<\/p>\n<p>However, with the emergence of IPV6 plus very low<br \/>\ncost, low computational or I should say computationally<br \/>\nefficient wireless technologies that distinctions<br \/>\nbetween the physical world and the digital world is<br \/>\ngoing away.<\/p>\n<p>Specifically, one particular instance of technology<br \/>\nthat I&#8217;m talking about is a wireless protocol that goes<br \/>\nby the name Zigby.<\/p>\n<p>Think of WiFi, the WiFi alliance, but now think of<br \/>\nit in terms of wireless devices that are very, very<br \/>\nsmall.<\/p>\n<p>Ones that you can put in very small devices like the<br \/>\nlock to your front door into your fire alarm, into your<br \/>\nrefrigerator if you wanted it.<\/p>\n<p>But also more significantly, into critical parts of<br \/>\ncritical infrastructure, such as controllers for<br \/>\nfloodgates for hydro electric dams, in controllers for<br \/>\nelectric metres.<\/p>\n<p>What we&#8217;re going to find going forward is that the<br \/>\ncontrol over physical devices is now being controlled<br \/>\nand enabled through the internet that we have &#8212; I was<br \/>\ngoing to say that we have grown to love, I&#8217;m not sure<br \/>\nthat is quite the characterisation, but that we have<br \/>\ngrown to rely on.<\/p>\n<p>So there will be a whole new host of security issues<br \/>\nthat we&#8217;ll have to deal with that very, very much affect<br \/>\nthe physical world in which we live.<\/p>\n<p>Again, looking at sort of categorisation of the<br \/>\nkinds of threats that we&#8217;ll look at, I would say look at<br \/>\nthe motivations of those that might be perpetrating the<br \/>\nattacks.<\/p>\n<p>I&#8217;ll just make two sort of choices.<\/p>\n<p>One of which is, if there is somebody who has<br \/>\na criminal intent, then in terms of location of the<br \/>\nattacker and location of the attack, I think actually<br \/>\nthey could be sort of fairly close.<\/p>\n<p>Not that I would do this and not that I would<br \/>\nrecommend this for you, but if in the future, you would<br \/>\nlike to get into the burglary business, then looking at<br \/>\ncompromising wireless networks that control physical<br \/>\nlocks is actually a good way of going about it, much<br \/>\neasier than dealing with old lock picks, although they<br \/>\ndo have their charm.<\/p>\n<p>If on the other hand I am looking from the<br \/>\nperspective of somebody who is trying to engage in some<br \/>\nsort of extortion or terrorist attack, where the goal is<br \/>\nnot to open a door into some physical environment into<br \/>\nwhich I want to steal something, but rather that I want<br \/>\nto disrupt some critical infrastructure, they can be<br \/>\ncompletely on the other side of the world.<\/p>\n<p>I would say that, again, not meaning to be alarmist,<br \/>\nbut rather to simply provide another perspective of<br \/>\nthings that we&#8217;ll have to look forward to, is the<br \/>\nmerging of insider and outsider threats and the merging<br \/>\nof physical and digital security issues.<\/p>\n<p>With that, thank you very much.\u00a0 And, Michael.<\/p>\n<p>&gt;&gt; Michael Mudd:\u00a0 Thank you very much, Thomas.<\/p>\n<p>Again, thanks very much for giving us the<br \/>\nopportunity to be here.<\/p>\n<p>I&#8217;m the industry association guy, so that&#8217;s why I&#8217;m<br \/>\ncoming from.<\/p>\n<p>I would like to address very quickly, because I know<br \/>\nit&#8217;s only myself separating you from lunch.<\/p>\n<p>Threats, authentication and network confidence.<\/p>\n<p>The concentration of criminals into transnational<br \/>\ngangs is not unusual.\u00a0 We have seen the mafia before.<br \/>\nWe have seen triads.\u00a0 What we now have is about<br \/>\ntransnational gangs who make it a business from separate<br \/>\nyou, the internet user, from your money or from your<br \/>\nidentity, which is then used to separate you from your<br \/>\nmoney.<\/p>\n<p>So money is the underlying motive for this from the<br \/>\npoint of view of regularly organised criminals.<\/p>\n<p>I shan&#8217;t talk about cyber terrorism.\u00a0 That&#8217;s<br \/>\ncompletely different.<\/p>\n<p>With ID theft now topping about 9 million in the<br \/>\nUnited States, this is very costly.<\/p>\n<p>It takes on average nine months and about $5,000 to<br \/>\nfix a stolen identity.<\/p>\n<p>So this is very important.\u00a0 This is where education<br \/>\ncomes into play.<\/p>\n<p>That is really what I think is part of the softer<br \/>\nissue, the nontechnical issue, which needs to be<br \/>\naddressed as we move towards IPV6 and the internet of<br \/>\nthing, as Thomas mentioned.<\/p>\n<p>New technology, Zigby, et cetera, will change just<br \/>\nabout everything and everything that we do.<\/p>\n<p>Clearly, there needs to be close coordination<br \/>\nbetween industry, industry groups, regulators and law<br \/>\nenforcement at all levels, in particular in Asia,<br \/>\nI believe that the multilateral organisations such as<br \/>\nAPEC, ASEAN which all have working groups which are<br \/>\naddressing various things are very important and not the<br \/>\nleast of which is working with the banking system.<\/p>\n<p>The FATF which was the legislation on terrorist<br \/>\nfunds transfers, money laundering, has been very<br \/>\nsuccessful in closing off this, also for drug smugglers<br \/>\nand other criminals in the real world.<\/p>\n<p>I believe that this can be extended to the cyber<br \/>\nworld, because again elicit funds do have to be moved<br \/>\narticled the world, although the sums are generally<br \/>\na lot smaller.<\/p>\n<p>Continued collaboration, working with the ISPs and<br \/>\non-line security companies is also vital.<\/p>\n<p>We also have to look at some of the other issues<br \/>\nwhich are coming across on cross-border and not just the<br \/>\ntheft I have name, but also such areas as libel, the<br \/>\ncreation of fake identities on-line, the rise in crimes<br \/>\nwhich actually have been brought forward from the<br \/>\nincrease in social media.<\/p>\n<p>We have seen and this is going to be addressed later<br \/>\non, social media on line bullying, these types of things<br \/>\nwhich are very important to address.<\/p>\n<p>In particular, the education of children for social<br \/>\nmedia.<\/p>\n<p>When you look at the fact that the advice on face<br \/>\nbook is that nobody under the age of 13 should register,<br \/>\nalthough of course there&#8217;s no reason that anybody can&#8217;t,<br \/>\nit is clear that education should start at 12.<\/p>\n<p>Education should be very important with respect to<br \/>\nthe parent as well.<\/p>\n<p>I&#8217;m a parent.\u00a0 I educated my kids at a very early<br \/>\nage not to go and play in the road.\u00a0 This is not a good<br \/>\nidea.<\/p>\n<p>There is danger there.<\/p>\n<p>I think that today, this has to be extended into the<br \/>\non-line world as well and that a lot of parents are<br \/>\nabrogating their responsibilities.<\/p>\n<p>This brings me down to the final thing, which is<br \/>\nnetwork confidence.<\/p>\n<p>It&#8217;s the same as any trust reliance service.\u00a0 For<br \/>\nthose of you that threw to Hong Kong, you made<br \/>\na decision to fly on an airline that you trust.<\/p>\n<p>There are airlines that you don&#8217;t trust and ones<br \/>\nthat you do and I&#8217;m pleased to see that you all made it.<\/p>\n<p>This is based on their experience.<\/p>\n<p>When we start to look at the growth of the internet,<br \/>\nthe fact that it came out of government programmes,<br \/>\nacademic programmes, to where we have today, the private<br \/>\nsector has played a major role in the development of the<br \/>\ninfrastructure, the regulatory frameworks that were<br \/>\nadopted by governments.<\/p>\n<p>Indeed, the formation of the IGF itself is very<br \/>\nimportant with the support of the commercial sponsors<br \/>\nthat we see here today.<\/p>\n<p>Therefore, the system of governance, of the IGF, of<br \/>\nthe internet, and as put forward through the IGF, we<br \/>\nbelieve is the very important, that the<br \/>\nmulti-stakeholder basis of governance should be<br \/>\nmaintained and that indeed, the funding which is put<br \/>\nforward should be also contributed by the public sector,<br \/>\nas well as the private sector, but considering that most<br \/>\npublic sector funds are strained today, that the private<br \/>\nsector perhaps has a greater role to play.<\/p>\n<p>With that, I think I better stop.\u00a0 Thank you.<\/p>\n<p>&gt;&gt; Dato Mohamed Sharil Tarmizi:\u00a0 Thank you very much,<br \/>\nMichael.<\/p>\n<p>So there you have it, ladies and gentlemen.<\/p>\n<p>Five different people on the panel and five<br \/>\ndifferent perspectives when we are talking about<br \/>\nsecurity.<\/p>\n<p>I think that shows the complexity of the issue, as<br \/>\nwell as the challenge that faces all of us who are<br \/>\nlooking at it.<\/p>\n<p>I think I would like to use this opportunity just to<br \/>\nrefresh some of the points, the highlights that each<br \/>\nspeaker has brought out and invite you to engage the<br \/>\npanel in the usual manner and form.<\/p>\n<p>We have approximately &#8212; I will try and stop by<br \/>\n12.30.\u00a0 We have 15 minutes to go.<\/p>\n<p>Thank you to all the speakers for your cooperation<br \/>\nin speeding up the presentations.<\/p>\n<p>I am going to stand up.<\/p>\n<p>What is interesting is I started talking about<br \/>\ninfrastructure, Ram started talking about applications,<br \/>\nChristine was talking about confidence in the network.<\/p>\n<p>So we move from physical security to things that we<br \/>\nuse on the net, to our reliance on the systems.<\/p>\n<p>Matthew talked about where they think the threats<br \/>\nwill be, cloud computing and how to manage viruses.<\/p>\n<p>Thomas talked about something interesting.\u00a0 Looking<br \/>\nat the future possibility, thinking about security from<br \/>\nan inside versus outside perspective and combining it<br \/>\nwith the ral digital and real world.<\/p>\n<p>Of course, Michael was talking about the education.<\/p>\n<p>So many facets, many perspectives, many layers.<\/p>\n<p>It&#8217;s almost like when you go to your physical world,<br \/>\nwhen you talk about security, you enter your house, you<br \/>\nprobably have your electronic gate.\u00a0 That&#8217;s one level of<br \/>\nsecurity.<\/p>\n<p>You move into your front door.\u00a0 That&#8217;s another level<br \/>\nof security.<\/p>\n<p>Then you move into the house, there&#8217;s probably<br \/>\nanother level of security, camera or something in the<br \/>\nhouse.<\/p>\n<p>So that seems to be what&#8217;s coming.<\/p>\n<p>So any questions down at the back on the right-hand<br \/>\nside, left-hand side?\u00a0 Feel free.\u00a0 You have an eminent<br \/>\ngroup of panel its here.<\/p>\n<p>Any insights, concerns, thoughts that you might want<br \/>\nto pick up from this panel?\u00a0 Or ask in.<\/p>\n<p>&gt;&gt; Stephen Lau:\u00a0 I have a specific question to the panellists<br \/>\nand a general one to the entire panel.<\/p>\n<p>The first one is to Thomas.\u00a0 When we talk about<br \/>\ninternet of thing, of the trend moving towards, even<br \/>\nlooming, not danger, looming phenomena is internet of<br \/>\npeople, through people talking about instead of being &#8212;<br \/>\nsort of invasive of kind in plants and all that.<\/p>\n<p>How do you see in terms of security protection, with<br \/>\nthis sort of trend, do you see any sort of new phenomena<br \/>\nand how do we protect ourselves with respect to that?<br \/>\nThat&#8217;s my specific question.<\/p>\n<p>On a general question is this.\u00a0 In global IGF, in<br \/>\na lot of forums, we talk about global issues, obviously<br \/>\nwe do actually using cases with respect to particular<br \/>\nincident or economy or even a region.\u00a0 This is<br \/>\na regional IGF for Asian Pacific.\u00a0 We are talking about<br \/>\nregional issues.<\/p>\n<p>I was wondering from the panel whether in fact are<br \/>\nthere anything, any specific issues in Asian Pacific<br \/>\nrelating to cyber security which are unique or which are<br \/>\nmore sensitive which are more prominent upon which we<br \/>\ncan understand and can focus ourselves in our future<br \/>\nendeavourses?<\/p>\n<p>Thank you.<\/p>\n<p>&gt;&gt; Thomas Parenty:\u00a0 First off, I would have to say, thank you<br \/>\nvery much for asking an incredibly hard question.<\/p>\n<p>See if I accept another panel invitation.<\/p>\n<p>Basically, when I say a hard question, the solution<br \/>\nto this problem is incredibly hard.\u00a0 To put this in sort<br \/>\nof a more concrete example, something that people are<br \/>\ndealing with right now is a lot of implanted medical<br \/>\ndevices are accessible via wireless.\u00a0 Pacemakers would<br \/>\nbe one example.\u00a0 You have a very, very real problem of<br \/>\nhow can doctors under the proper circumstances access<br \/>\nand cross this device so as to &#8212; as part of providing<br \/>\nmedical care, while preventing sort of bad guys from<br \/>\nessentially remotely killing somebody by turning off<br \/>\ntheir pacemaker.<\/p>\n<p>Unfortunately, there are no good solutions right<br \/>\nnow.\u00a0 Actually, one proposed solution and I think this<br \/>\ncame out of France, although I couldn&#8217;t say exactly, was<br \/>\nto basically tatoo on somebody&#8217;s body in an ink that<br \/>\ncould only be seen under ultraviolet light the password<br \/>\nto the device, to try to balance the fact that you don&#8217;t<br \/>\nwant to have a device that&#8217;s completely unprotected,<br \/>\nbecause then bad things can happen, but you don&#8217;t want<br \/>\nit to secure that when somebody is needing medical care,<br \/>\nthat the doctors are saying, like, how do we get in<br \/>\nhere?<\/p>\n<p>It&#8217;s something, speaking as a technologist, this is<br \/>\nan incredibly hard problem.\u00a0 I&#8217;m at a loss as to what<br \/>\na sort of good solution is.<\/p>\n<p>Ultraviolet tatoos, well, it&#8217;s something that it<br \/>\ndoes have some appeal, but it&#8217;s not really a long-term<br \/>\nsolution.<\/p>\n<p>So I would say that for any of you people who are<br \/>\nlooking at areas in which you could actually do work in<br \/>\nthe information security field, that would have very,<br \/>\nvery prominent sort of social benefit, here is a problem<br \/>\nfor you to look at.<\/p>\n<p>&gt;&gt; Dato Mohamed Sharil Tarmizi:\u00a0 Thanks, Thomas.<\/p>\n<p>&gt;&gt; Ram Mohan:\u00a0 Thank you.\u00a0 This is to address the question<br \/>\nabout, you know, potential unique things that are<br \/>\nhappening here in the Asian Pacific region.<\/p>\n<p>At least from my perspective, there are two things<br \/>\nI see and I know there are people here in the audience<br \/>\nwho may bring their unique perspective and add their<br \/>\nexperience here as well.\u00a0 There are ISP folks and folks<br \/>\nfrom cyber cafes, other areas.<\/p>\n<p>One things that I see that seems pretty unique is<br \/>\nthat in recent times, if you look at the origin of DDOS<br \/>\nattacks or the origin of where the botnets are coming<br \/>\nfrom, often you find the alleged source of it tends to<br \/>\nbe from the Asia region, a lot of it, and what happens<br \/>\nis that in the global press, that gets converted into,<br \/>\nyou know, this country or this region is the source of<br \/>\nthis problem with internet security worldwide.<\/p>\n<p>Asia then gets probably the biggest amount of<br \/>\nburden, if you will, in that area than any other part of<br \/>\nthe world.<\/p>\n<p>I think that&#8217;s somewhat significant.<\/p>\n<p>I do know that there are others here in the<br \/>\naudiences who might have a different perspective.<\/p>\n<p>&gt;&gt; Dato Mohamed Sharil Tarmizi:\u00a0 Switching hats, speaking as<br \/>\na board member of IMPACT, what IMPACT does is it gets<br \/>\nfeeds from all its private sector members, Kaspersky,<br \/>\nTrend Micro and all of that, in terms of the latest<br \/>\nbotnet attack, the patterns and profiles of signatures<br \/>\nof viruses and all and also the attacks and the<br \/>\nincidents of attacks.<\/p>\n<p>Statistically what we have seen, is Asia has become<br \/>\na hub or confluence point where attacks emanate from.<\/p>\n<p>That is going to have other consequences on us,<br \/>\npeople who operate ISPs, services, in Asia, because we<br \/>\nare going to be eventually, if we don&#8217;t do something<br \/>\nabout it, labelled as a potential security risk, it&#8217;s<br \/>\ngoing to cost us more to connect with perhaps networks<br \/>\nin Europe, in America and so on.<\/p>\n<p>That is one area which I think really needs to be<br \/>\nlooked at.<\/p>\n<p>Maybe from a business continuity standpoint.<\/p>\n<p>Anyone else on the panel?<\/p>\n<p>Charles, you had a question?<\/p>\n<p>&gt;&gt; Charles Mok:\u00a0 .\u00a0 I just have a very quick question about<br \/>\nwhat do you see as the most urgent issue in the AP<br \/>\nregion that you see has to be dealt with in this<br \/>\nparticular concept about security.<\/p>\n<p>&gt;&gt; Dato Mohamed Sharil Tarmizi:\u00a0 The most urgent issue for<br \/>\nthe AP region, one each.<\/p>\n<p>Since the panel thinks so, we have maybe about five<br \/>\nmore minutes.\u00a0 Summary question, one of the panellist<br \/>\nsays.<\/p>\n<p>Any other questions before we come to that?<\/p>\n<p>&gt;&gt; :\u00a0 My name is Robert Cara, I&#8217;m with Freedom House.\u00a0 It&#8217;s<br \/>\ngreat that all the panellists are speaking on different<br \/>\nperspectives and the thing I found nice at the beginning<br \/>\nwas the talk about multi-stakeholder approach in regards<br \/>\nto security and what I&#8217;m struck in some of the comments<br \/>\nyou just made, Ram, in regards to some of the perceived<br \/>\nthreats are coming from Asia, but also a variety of<br \/>\nactors in Asia are also being particularly targeted.\u00a0 So<br \/>\nwhat I&#8217;m interested in hearing is to what extent the<br \/>\ngovernments and business sector seems to have a place<br \/>\nwhere they can go to for sharing the information about<br \/>\nattacks, getting trained.\u00a0 I didn&#8217;t hear civil society<br \/>\nand there are a lot of commands from that type of group<br \/>\nin the region and I&#8217;m just curious what efforts are<br \/>\nbeing done, what IMPACT is doing and if not, is that<br \/>\nsomething that they could do, doing forward, working<br \/>\ntogether, because I think the threats, whoever gets<br \/>\nattacked first, might be an early sign of other actors<br \/>\nbeing attacked as well and then ISPs having to deal with<br \/>\ngigabit attacks will cause all the sites hosted there<br \/>\ngoing down as well.<\/p>\n<p>So I&#8217;m just curious as to the civil society aspect<br \/>\nand what that could be done going forward.<\/p>\n<p>&gt;&gt; Dato Mohamed Sharil Tarmizi:\u00a0 Thank you, Robert.<\/p>\n<p>Sorry, you wanted to respond, Paul?<\/p>\n<p>&gt;&gt; Paul Wilson:\u00a0 I wanted to make a comment.<\/p>\n<p>&gt;&gt; Dato Mohamed Sharil Tarmizi:\u00a0 Who was the second in line?<br \/>\nJust very quickly, I think we&#8217;ll take the question.<\/p>\n<p>&gt;&gt; :\u00a0 I&#8217;m Atit Sri Unkun? or advertise sir from Bangkok<\/p>\n<p>Thailand, working for a Thai network.<\/p>\n<p>I just wonder from the panel, I see something<br \/>\ncontradicting, like, for example, Ram say that to<br \/>\nprotect the security of the internet, for example, we<br \/>\nhave to make it like protect it to be like sort of<br \/>\na secret, but at the same time, Christine from Internet<br \/>\nSociety say we are all to making trust equal system, we<br \/>\nhave to go for open standards, open technology.\u00a0 Does<br \/>\nthat contradicting to each other?<\/p>\n<p>&gt;&gt; Ram Mohan:\u00a0 Let me quickly respond.\u00a0 I actually think that<br \/>\nthat is the fundamental balance that has to be struck in<br \/>\ndoing internet security.\u00a0 In some cases, as you find out<br \/>\ninformation about an attack, you want to keep some of<br \/>\nthat private, so that you don&#8217;t give away everything.<\/p>\n<p>But the really important thing and one of the points<br \/>\nI was making was that that has to be totally balanced<br \/>\nagainst internet democracy and openness and that piece<br \/>\nof trust.\u00a0 Without one, the other becomes basically an<br \/>\ninternet dictatorship.<\/p>\n<p>&gt;&gt; Thomas Parenty:\u00a0 I was going to say, to reply to that from<br \/>\na slightly different perspective, more of if you are<br \/>\ndesigning a system that needs to be secure, you want to<br \/>\nminimise the number of things that need to be protected<br \/>\nin order for that security to hold true.<\/p>\n<p>So, for example, in the area of encryption, you want<br \/>\nit to be that all of your security is based on the<br \/>\nstrength of the &#8212; the secrecy of the key, not on the<br \/>\nsecrecy of the algorithm, because if you&#8217;re relying on<br \/>\nthe secrecy of the algorithm, that is a much more<br \/>\ndifficult task because all these people know about it<br \/>\nand nobody can keep their mouth shut.\u00a0 In terms of<br \/>\nopenness versus secrecy, in order to protect yourself,<br \/>\nthere are some things that need to be secret.\u00a0 You<br \/>\nabsolutely want to minimise what those are, minimising<br \/>\nthose dramatically increases the level of protection you<br \/>\nhave.<\/p>\n<p>&gt;&gt; Dato Mohamed Sharil Tarmizi:\u00a0 Thank you.\u00a0 I&#8217;ll just very<br \/>\nquickly respond.<\/p>\n<p>There are other organisations at the moment which<br \/>\nI think engage the civil society a lot closely, IMPACT<br \/>\nat the moment is focusing on, because of the limited<br \/>\nresources, is focusing on dealing with governmental<br \/>\nissues for the moment.<\/p>\n<p>I think the last thing you want is governments going<br \/>\naround trying to do things themselves without any<br \/>\neducation and that&#8217;s one of the reasons why IMPACT came<br \/>\nout very quickly, to try and at least help fill that<br \/>\nvoid, because in the government system, I think you<br \/>\nwould have heard from Markus this morning, that it&#8217;s<br \/>\na very complex set of layers and layers of governance.<\/p>\n<p>Paul, you had a question.<\/p>\n<p>&gt;&gt; Paul Wilson:\u00a0 I just wanted to make a point again about<br \/>\nthe stakeholders who we need to address here and there&#8217;s<br \/>\none group of stakeholders who are the internet operators<br \/>\nan engineers.<\/p>\n<p>The internet is not created by policy analysts, not<br \/>\ncreated by an IP address registry, it&#8217;s not created by<br \/>\nsecurity experts.\u00a0 It&#8217;s created by a group of foot<br \/>\nsoldiers or coalface workers who are the engineers who<br \/>\nactually make the network that we all use.<\/p>\n<p>The different between a network that is well run by<br \/>\nfully trained expert engineers and one that is not is<br \/>\na difference in cost, efficiency, critically it&#8217;s<br \/>\na difference in security as well.<\/p>\n<p>The training and education challenge of getting to<br \/>\nevery one of those engineers, the foot soldiers in whose<br \/>\nhands are the routers, the DNS servers, even are you<br \/>\npiece of equipment that we rely on is a really huge<br \/>\nchallenge and I think that simply the task of training<br \/>\nis one that needs to be really emphasised and rolled<br \/>\nout.\u00a0 It&#8217;s one that&#8217;s been going on for many years<br \/>\nthrough on in profit and voluntary activities, such as<br \/>\nrun by the Internet Society, such as the Apricot<br \/>\nconference, but it really must not be forgotten, because<br \/>\nwe can talk about policy and analysis and all sorts of<br \/>\nthing, but on the ground there really is a big<br \/>\nchallenge.<\/p>\n<p>In my experience, in this region, the pace of growth<br \/>\nof the internet is so rapid, the dearth of trained human<br \/>\nresource is so severe, the mobility of professionals to<br \/>\nmove from one job to the next, one company will train<br \/>\nand then lose those trained experts to others and it&#8217;s<br \/>\na real challenge.\u00a0 It&#8217;s something that we really mustn&#8217;t<br \/>\nforget.<\/p>\n<p>Thanks.<\/p>\n<p>&gt;&gt; Dato Mohamed Sharil Tarmizi:\u00a0 Thank you, Paul.<\/p>\n<p>There were a few others.<\/p>\n<p>&gt;&gt; :\u00a0 I&#8217;m Sue Ng from Malaysia.<\/p>\n<p>I&#8217;m just want to draw attention to the fact that who<br \/>\ndefines cyber threats?\u00a0 What is the definition?\u00a0 Because<br \/>\nthere are some repressive governments that use that term<br \/>\nto silence dissent and it&#8217;s interesting that the chair<br \/>\nbrought up the issue of educating the government,<br \/>\nbecause I don&#8217;t know why the MCMC is going after an<br \/>\non-line news site for reporting, for doing its job of<br \/>\nreporting something that could be sensitive to the<br \/>\ngovernment of the day and the tie example as well.<br \/>\nThanks.<\/p>\n<p>&gt;&gt; Dato Mohamed Sharil Tarmizi:\u00a0 That is interesting.<\/p>\n<p>Thank you.<\/p>\n<p>And you know who is the guy?\u00a0 Me.<\/p>\n<p>I&#8217;ll respond to that bilaterally.<\/p>\n<p>That goes to show that, you know, when you talk<br \/>\nabout security, everyone has their own take of what is<br \/>\nsecurity.<\/p>\n<p>I think just sort of coming back to the issue at<br \/>\nhand, some will look at content issues as relating to<br \/>\nsecurity as well.\u00a0 I mean, I&#8217;m, for example, I just came<br \/>\nback from Geneva, the protection initiative by the ITU.<br \/>\nThat was a whole debate by governments there was about<br \/>\nwe need to protect children on-line.<\/p>\n<p>I don&#8217;t deny the fact that the point she raised,<br \/>\nthere were some people in government who felt that<br \/>\ncontrol over information is a security issue.<\/p>\n<p>But there are others who felt that that was not the<br \/>\ncase.<\/p>\n<p>I think more to the point of this AP region, perhaps<br \/>\nnow is an opportune time to come to Charles question.<br \/>\nIf we were to try and, you know, with all that that&#8217;s<br \/>\nbeen floating about in the last half an hour or so in<br \/>\nthe dialogue, if we were to try and look at the priority<br \/>\nareas for this region, in relation to security, what<br \/>\nwould it be?<\/p>\n<p>Would it be training and education that Paul talked<br \/>\nabout?<\/p>\n<p>Would it be what Stephen talked about?\u00a0 Shall we be<br \/>\nfocusing there, because this particular region also<br \/>\nmanufactures a lot of products, applications services.<\/p>\n<p>Most of the devices that come up with V6 capability<br \/>\nis probably going to be manufactured in this region.<\/p>\n<p>Or would it be something a along the lines of<br \/>\nbuilding trust and confidence in the system, because we<br \/>\nhave a lot of people coming on line with many<br \/>\ngovernments in this region trying to push broadband<br \/>\npenetration up and yet not having the right people with<br \/>\nthe right skill sets managing these networks.<\/p>\n<p>So everywhere, as you keep growing these networks,<br \/>\nyou find that vulnerabilities increase, because people<br \/>\njust don&#8217;t know how to handle it.<\/p>\n<p>Where would that be?\u00a0 I just like to invite maybe<br \/>\na few immediate reactions from the floor and then go to<br \/>\nthe panellists before I sum up.<\/p>\n<p>&gt;&gt; :\u00a0 My name is yap sue sing.\u00a0 I&#8217;m representing Asian Forum<br \/>\nfor Human Rights and Development, based in Bangkok.<\/p>\n<p>It was very interesting to listen to some of the<br \/>\npanellists talking about this cyber threats and cyber<br \/>\nattacks and how to strike a balance.<\/p>\n<p>Ram talks about striking a balance between this<br \/>\nsecurity and also democratic control of these tools.<\/p>\n<p>But I agree to that point, but I would just like to<br \/>\nalso add that it is also important to strike a balance<br \/>\nbetween security and fundamental human rights.<\/p>\n<p>Because I think a lot of times we are seeing is is<br \/>\nthat a lot of time governments are using the pretext of<br \/>\nsecurity to undermine human rights, the rights to<br \/>\nprivacy, the right to freedom of expression and freedom<br \/>\nof information to cover up corruption, scandals.<br \/>\nI think this is very fundamental and so in terms of<br \/>\nI think when we talk about internet management and<br \/>\ngovernance, this is one of the key principles that<br \/>\nshouldn&#8217;t be left out when we think about the management<br \/>\nof internet.<\/p>\n<p>So it is important I think democratic control and<br \/>\nhuman rights is two different concepts and it has to be<br \/>\ndifferentiated, because democratic control talks about<br \/>\nprocesses, it talks about decision making and democratic<br \/>\ncontrol sometimes can be contradicting with human<br \/>\nrights, because a lot of times, the rule of majority<br \/>\noverrule the rights of the minority or individual, very<br \/>\nbasic human rights.<\/p>\n<p>So I think it is very key and important to also<br \/>\nemphasise the principles of human rights.<\/p>\n<p>The other point is about cyber threats.\u00a0 From the<br \/>\npanel, from the discussion I gather that the paradigm of<br \/>\ntalking about cyber threats and attacks is more from the<br \/>\nstate perspective, to control, to minimise security.<\/p>\n<p>But there is also a lot of threats that is sponsored<br \/>\nby states or even initiated by states to a threat of<br \/>\nuser of internet, especially when it comes to very<br \/>\nfundamental rights of the people.<\/p>\n<p>How do we address that kind of cyber threats?<br \/>\nBecause for governments, it seems there is a platform<br \/>\nfor them to address these issues through complaint about<br \/>\nthese issues and to discuss how to have a global<br \/>\nstructure to address this issue, but when it comes to<br \/>\nthreats that is created by governments, where is the<br \/>\nplatform or what is the mechanism to address this issue?<\/p>\n<p>Thank you.<\/p>\n<p>&gt;&gt; Dato Mohamed Sharil Tarmizi:\u00a0 I don&#8217;t think anyone is<br \/>\nresponding to that one.<\/p>\n<p>Any other comments?\u00a0 Sorry, I have two more.<\/p>\n<p>I&#8217;m just trying to take up notes and sum up.<\/p>\n<p>&gt;&gt; :\u00a0 This was in response to the comment made by the speaker<br \/>\nwho spoke.<\/p>\n<p>Earlier, this initiative in Brazil &#8212;<\/p>\n<p>&gt;&gt; Dato Mohamed Sharil Tarmizi:\u00a0 Where are you from?<\/p>\n<p>Parminder:\u00a0 Parminder from an NGO IT For Change in India.<\/p>\n<p>The Brazil, there is an initiative by government and<br \/>\ncivil society to start looking at internet governance,<br \/>\nnot from a control and security point of view, but civil<br \/>\nrights point of view and address the same set of issues<br \/>\nand they have come up with a draft and what is<br \/>\nsurprising and good is that the same kind of issues do<br \/>\nget addressed even from a rights basis, even the right<br \/>\nto security is a right and they have come up with<br \/>\na draft which looks at security issues from a rights<br \/>\npoint of view and I thought that could be something<br \/>\nwhich people can take note of.<\/p>\n<p>Thank you.<\/p>\n<p>&gt;&gt; Dato Mohamed Sharil Tarmizi:\u00a0 Thank you.\u00a0 I see a trend<br \/>\ncoming up.<\/p>\n<p>&gt;&gt; :\u00a0 Dale Johnson from Hong Kong.<\/p>\n<p>I want to thank you the panellist, I think they<br \/>\nraised some very good points in their presentations from<br \/>\na diverse range of perspectives.<\/p>\n<p>A couple of points I want to raise is, the topic of<br \/>\nsecurity in itself.\u00a0 It means so many things to so many<br \/>\ndifferent people.\u00a0 We will never solve the problem<br \/>\nwhilst we&#8217;re taking it in such a broad specifictive.\u00a0 We<br \/>\nhave got child on line protection down here, we have<br \/>\nhardware infrastructure protection over here.\u00a0 What<br \/>\nmakes it even more complicated is all the volunteer<br \/>\nevents versus the standards efforts versus the private<br \/>\nefforts and it&#8217;s very, very challenging.<\/p>\n<p>Going back to some of the points the panel itself<br \/>\nmade, what are the fundamental principles upon which we<br \/>\nare working here?\u00a0 What are the actual assets that we<br \/>\nare going to protect?\u00a0 Let&#8217;s get the facts down on the<br \/>\nproblem, because I don&#8217;t think we have solved anything<br \/>\nhere.<\/p>\n<p>We can come back here in five years&#8217; time and we<br \/>\nwill be in the same position and having the same<br \/>\nconversation and not being any more advanced apart from<br \/>\nDNS may be in place.<\/p>\n<p>The other thing is, solving the problems of today,<br \/>\nthe pace everything is moving, the problems of today are<br \/>\nprobably already gone by the time we get around to<br \/>\nsolving them.\u00a0 Why don&#8217;t we start thinking about<br \/>\narchitecting security into whatever is going to be<br \/>\ncoming in the future, which is part of what we&#8217;re doing.<\/p>\n<p>The example of running faster than the bear.\u00a0 That&#8217;s<br \/>\na very good example.\u00a0 How can we security an environment<br \/>\nwhere security is only as strong as the weakest link?<br \/>\nSo all these big ISPs, for example, are doing really<br \/>\nwell, but all the small ones are doing very poorly, so<br \/>\nthe back door infrastructure are coming into the weakest<br \/>\nlink is what&#8217;s called compromising the efforts of the<br \/>\ngood people.<\/p>\n<p>The other aspect is how do we develop all these<br \/>\nprinciples and everything when we have to take into<br \/>\nconsideration developed nations and undeveloped nations,<br \/>\nbecause olof them are all using this infrastructure more<br \/>\nand more commonly.<\/p>\n<p>I just want to put all those thoughts on the table,<br \/>\nbecause it is a very big challenge and I think we need<br \/>\nto need to start narrowing down the challenge into<br \/>\ncategories of security rather than tackling the concept<br \/>\nof security.<\/p>\n<p>Thank you.<\/p>\n<p>&gt;&gt; Dato Mohamed Sharil Tarmizi:\u00a0 Absolutely.\u00a0 Thank you,<br \/>\nMr Johnson.\u00a0 I don&#8217;t think there&#8217;s anyone who is going<br \/>\nto be agreeing with you there.\u00a0 The question is: where<br \/>\ndo we start?<\/p>\n<p>Any other comments or reactions?<\/p>\n<p>Then I would just like to come back to Charles&#8217;<br \/>\nquestion and then after that, respond to one or two<br \/>\nobservations I have.<\/p>\n<p>I think one of the things that I&#8217;ll be honest,<br \/>\nI didn&#8217;t see coming, on this panel as we were preparing,<br \/>\nwas looking at the issue from a civil liberties or civil<br \/>\nrights standpoint or human rights standpoint.<\/p>\n<p>I think when we were preparing for the panel, a lot<br \/>\nof the questions we were thinking of were physical<br \/>\ninfrastructure, physical security, application security,<br \/>\nmachine to machine communications and all of that.\u00a0 So<br \/>\nthank you for your inputs.\u00a0 I think that is quite<br \/>\nuseful.<\/p>\n<p>You are quite right, the Brazilian delegation<br \/>\nI think in many of their iterations,\u00a0 did start from<br \/>\nthat environment.<\/p>\n<p>If we were to look back at the whole plethora of<br \/>\nissues that have come up, we are not going to solve this<br \/>\nissue of security in one day, nor are we going to solve<br \/>\nthis issue of security in one meeting, but I think it<br \/>\nhas sparked off quite a bit of debate, quite a bit of<br \/>\ndiscussion.<\/p>\n<p>What the point of the exercise is now that we have<br \/>\nstarted the engagement, we have to continue to engage in<br \/>\nthis bottom up process that I think Markus is talking<br \/>\nabout.\u00a0 This is the very first time we are doing it in<br \/>\nAsian Pacific.<\/p>\n<p>But if I could just quickly ask each one, if each<br \/>\none of the panellists just want to put forward a prior<br \/>\nto issue for consideration, not necessarily for<br \/>\nrecommendation, but just for consideration of people in<br \/>\nthis room, in terms of what may be a prior to coming<br \/>\nforward in the next couple of years, what would it be,<br \/>\nfrom this region?\u00a0 Let&#8217;s start with Michael.<\/p>\n<p>&gt;&gt; Michael Mudd:\u00a0 Thank you very much.\u00a0 I look at it from the<br \/>\npoint of view of another infrastructure that we trust<br \/>\nimplicitly or at least we did, the banking system.<\/p>\n<p>There are two areas of security in the banking<br \/>\nsystem.\u00a0 The individual security and the physical<br \/>\ninfrastructure, the bank, their computer systems<br \/>\nthemselves.<\/p>\n<p>Then there is the security of the governance system<br \/>\nof the banking system.<\/p>\n<p>We have seen that that has failed in several areas<br \/>\nrecently.<\/p>\n<p>So for me, it is quite simply the governance of the<br \/>\ninternet which is the most important area to examine and<br \/>\nto make sure that we do have a multi-stakeholder<br \/>\napproach to ensure the security of the governance<br \/>\nsystem.<\/p>\n<p>&gt;&gt; Thomas Parenty:\u00a0 Even though I would like to think of<br \/>\nmyself as a technologist, if I were to pick one area<br \/>\nthat we would need to work on in Asia, it would be<br \/>\neducation and not so much just in the sense of learning<br \/>\nabout this technology or that, but rather more broadly<br \/>\nhaving discussions about what security actually does<br \/>\nmean.<\/p>\n<p>One thing this panel demonstrated is that there are<br \/>\nas many different perspectives on security as there are<br \/>\npanellists, actually for some of us, we probably have<br \/>\nmore than one.\u00a0 Sort of a schizophrenic panel.<\/p>\n<p>But it is something that from the time that I have<br \/>\nspent in Asia and I have been here just seven years, the<br \/>\nlevel of sophistication with respect to the dialogue on<br \/>\nsecurity, it&#8217;s something that there just needs to be<br \/>\nmore discussion.\u00a0 In the absence of that discussion, any<br \/>\ntechnological decisions we make are not going to be<br \/>\nparticularly relevant.<\/p>\n<p>Actually, I would say I&#8217;m sort of reiterating<br \/>\nMichael&#8217;s comments from his primary, from his initial<br \/>\npresentation, is that education.<\/p>\n<p>&gt;&gt; Matthew Chan:\u00a0 We started doing the threat management to<br \/>\nour customer, because everybody have a lot of security<br \/>\ndevice or application control, everything is there, but<br \/>\nnobody can say it is secure.<\/p>\n<p>In the past, the company is working the local<br \/>\nnetwork infrastructure.\u00a0 Last few years, it is global<br \/>\nnetworking structure.\u00a0 Now day, it is cloud<br \/>\ninfrastructure.\u00a0 That is a different perspective on the<br \/>\nsecurity concept.<\/p>\n<p>Trend Micro is now starting the work with the<br \/>\ncustomer about the threat management.\u00a0 Whatever this is<br \/>\napplication, network security and all different kinds of<br \/>\nplatform, we are working on that.<\/p>\n<p>&gt;&gt; Christine Runnegar:\u00a0 I would just like to start with an<br \/>\nobservation, that the Asian Pacific region is a very<br \/>\ndiverse region with different issues in the internet<br \/>\nspace, not just in security.\u00a0 So my one area to mention<br \/>\nat the moment is to continue the multi-stakeholder<br \/>\ndialogue locally, subregionally and regionally, share<br \/>\nyour experiences, your knowledge and work together in an<br \/>\nopen, transparent and inclusive process to try and solve<br \/>\nthese issues.<\/p>\n<p>&gt;&gt; Ram Mohan:\u00a0 To me, that fundamental human rights that our<br \/>\nown institutions could become a threat to the internet<br \/>\nor to ourselves ourselves is an interesting perspective,<br \/>\nsomething that I have gained simply out of being here.<br \/>\nSo thank you for your point of view on that.<\/p>\n<p>My summary here would be to achieve a vision for<br \/>\na safer internet that is also more accessible,<br \/>\ninteroperable and open.\u00a0 If you want to achieve that<br \/>\nvision, then I think we first need to agree on common<br \/>\nvalues and principles.<\/p>\n<p>Bringing together consensus on common values and<br \/>\nprinciples on internet security is arguably the most<br \/>\nimportant challenge and action for this APRIGF and for<br \/>\nthat to continue forward into the global IGF.<\/p>\n<p>After all, if we don&#8217;t agree on why we are trying to<br \/>\nsolve the issue, we cannot expect to bring together all<br \/>\nthe different perspectives on security into convergence.<\/p>\n<p>&gt;&gt; Dato Mohamed Sharil Tarmizi:\u00a0 Thank you, Ram.<\/p>\n<p>I think for myself, not so much as the moderator,<br \/>\nbut as also a panellist, one of the things that I think<br \/>\nwould be of value that we can bring, particularly for<br \/>\nthis region, is because of our diversity, because of our<br \/>\nmultifaceted and multiracial, cultural environment that<br \/>\nwe have here, it&#8217;s going to be very, very challenging to<br \/>\nfind commonality of views, I would say.<\/p>\n<p>That&#8217;s because we have also various levels of<br \/>\nsystems, various systems of governance, various types of<br \/>\ngovernments, various types of administrations in the<br \/>\nregion.<\/p>\n<p>But that said, notwithstanding the political<br \/>\nchallenges, I would think it is still very, very<br \/>\nimportant, despite the diversity, for us to continue to<br \/>\nengage in a multi-stakeholder environment such as this,<br \/>\nto try and find that common value, perhaps it&#8217;s<br \/>\ninteroperability of internet, something that sounds<br \/>\nbasic like that, or perhaps it&#8217;s the continued &#8212; for<br \/>\nus, security could be interoperability or continued<br \/>\noperations of the internet and that may be the one<br \/>\ncommon thing we can agree on in this region.<\/p>\n<p>Going into other aspects could be too difficult for<br \/>\nsome, but I think if we build on the commonalities that<br \/>\nwe can find hopefully after these two days or three days<br \/>\nwe have here in Hong Kong, that should be a useful<br \/>\ncontribution I think into the IGF process.<\/p>\n<p>With that, wearing my hat as the moderator, I would<br \/>\nlike to thank all of you for being a very participative<br \/>\naudience.\u00a0 I think it was very good.\u00a0 Hopefully the<br \/>\ndiscussion doesn&#8217;t end here, we will be meeting each<br \/>\nother for coffee, tea and lunch.\u00a0 You can continue with<br \/>\nthe panellists.<\/p>\n<p>May I also request and invite that you thank the<br \/>\npanellists in the usual manner.<\/p>\n<p>Ladies and gentlemen, thank you for your time.<br \/>\nThank you for your participation.\u00a0 Thank you very much.<\/p>\n<p>&gt;&gt; Thomas Parenty:\u00a0 Now it is the lunchtime.\u00a0 Lunch will be<br \/>\nserved for all registered participants.\u00a0 Please proceed<br \/>\nto your right-hand side to enjoy your lunch.<\/p>\n<p>Moreover, dinner tickets are to be collected at the<br \/>\nregistration table.\u00a0 So if you wish to go but do not<br \/>\nhave one, please go to the registration desk to ask for<br \/>\none, because tickets are given out on first come, first<br \/>\nserve basis.<\/p>\n<p>We will be back at 2 o&#8217;clock, so enjoy your lunch.<\/p>\n<p>(Lunch Break)<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Security: Cyber-Security and Network Confidence ________________________________________________________________________ REAL TIME TRANSCRIPT: Security: Cyber-Security and Network Confidence APrIGF 11:00-12:30, Tuesday 15 June 2010 Hong Kong DISCLAIMER: Due to the inherent difficulties in capturing a live speaker&#8217;s words, it is possible this realtime transcript may contain errors and mistranslations. An edited version of the realtime transcript which amends the &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/event.rigf.asia\/2010\/aprigf-roundtable-june-15th-2010-session-2\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;APrIGF Roundtable &#8211; June 15th, 2010: Session 2&#8221;<\/span><\/a><\/p>\n","protected":false},"author":3,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"footnotes":"","_links_to":"","_links_to_target":""},"class_list":["post-276","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/event.rigf.asia\/2010\/wp-json\/wp\/v2\/pages\/276","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/event.rigf.asia\/2010\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/event.rigf.asia\/2010\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/event.rigf.asia\/2010\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/event.rigf.asia\/2010\/wp-json\/wp\/v2\/comments?post=276"}],"version-history":[{"count":1,"href":"https:\/\/event.rigf.asia\/2010\/wp-json\/wp\/v2\/pages\/276\/revisions"}],"predecessor-version":[{"id":550,"href":"https:\/\/event.rigf.asia\/2010\/wp-json\/wp\/v2\/pages\/276\/revisions\/550"}],"wp:attachment":[{"href":"https:\/\/event.rigf.asia\/2010\/wp-json\/wp\/v2\/media?parent=276"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}