Markdown Version | Session Recording

Session Date/Time: 07 Nov 2023 14:30

iabopen

Summary

The IAB Open meeting included status updates on IAB programs and activities, liaison reports, and an invited talk from Leslie Kim Kipling of Microsoft on nation-state and organized crime threats. The meeting covered IAB's ongoing efforts in areas like environmental impact, identity management, and barriers to internet access. A key focus was the presentation on cybersecurity threats, generating a robust discussion on the balance between privacy and security, and the role of the IETF in addressing emerging threats.

Key Discussion Points

• IAB Program Updates:
  • M10 workshop report is awaiting RFC publication.
  • Environmental impact workshop report and privacy petitioning document are in community review.
  • EDM program is working on a new document about greasing.
  • E Impact program had its first meeting with significant interest.
  • Who-Does program on identity management is not proceeding due to existing work in other forums (WIMC, SPICE).
• Liaison Updates:
  • New manager assigned for ITU SG.15 (Deborah).
  • New W3C coordination group established.
  • Upcoming workshop on barriers to internet access in January.
• ISO TC46 Liaison Report (Peter Kope):
  • Overview of ISO and its structure.
  • TC46 focuses on archiving, identifiers, and related standards (e.g., Dublin Core, ISBN, ISSN, ISO 3166 country codes).
  • No comments were submitted for recent ballots as none were relevant to IETF work.
  • Document access is controlled due to copyright restrictions. Liaison managers can distribute documents on a need-to-know basis.
• IAB Outreach Coordinator Update (Dhruv):
  • New role created for planning, coordination, and tracking of outreach activities.
  • Town hall hosted at the IGF in Kyoto to highlight the importance of interoperable infrastructure standards.
• Invited Talk (Leslie Kim Kipling, Microsoft): Nation-State and Organized Crime Threats
  • Discussion on the blurring lines between nation-state actors and organized crime.
  • Emphasis on identity-first security approaches.
  • Overview of the Microsoft Digital Defense Report (MDDR) and key trends.
  • Impact of ransomware on small and medium businesses.
  • Importance of focusing on critical infrastructure.
  • Use of the diamond model for intrusion analysis.
  • The key difference between cyber security & privacy, the speaker indicated that you can have security without privacy, but cannot have privacy without security.
  • Suggestions for raising the total cost of ownership for attackers.
  • Recommendations for minimum viable company security and return on mitigation framework.
• Open Discussion:
  • Challenges in balancing privacy with defensive technologies.
  • The role of encryption and its limitations in combating ransomware.
  • The need for building security into the platform.
  • Addressing data at rest security.
  • The point that all backdoors are front doors and all third parties are third parties.
  • How to address the network perimeter for security purposes.

Decisions and Action Items

• Action Item: IAB liaison managers to continue providing access to ISO documents on a need-to-know basis, consulting with the IAB as needed.
• Action Item: Explore how to better inform IETF work with insights from threat intelligence, possibly through briefings or other forms of information sharing.
• Action Item: IAB to take insights from presentation on Cyber Security and Privacy to form future efforts.

Next Steps

• Publish the M10 workshop report.
• Address community feedback on the environmental impact workshop report and privacy petitioning document.
• Continue discussions on cybersecurity and privacy on relevant mailing lists (architecture discuss, etc.).
• Plan and execute the upcoming workshop on barriers to internet access.