By David Hoffman, Intel's director of security policy and global privacy officerToday, Intel is releasing a strategic vision paper outlining our recommendations for policies needed to further the development of the Global Digital Infrastructure (GDI). Intel is committed to advocating for policies that further the development of the GDI. We look forward to hearing your comments on our vision paper and these important issues.
Executive Summary
In 2010, 6 million young scientists competed to show how they intend to invent the future. Intel’s International Science and Engineering Fair (ISEF), the world’s largest pre-college science competition, brought over 1600 finalists from 59 countries and regions to San Jose, California, to compete for over 4 million US dollars in prizes and scholarships. The ISEF event helps demonstrate the global nature of technology innovation, and the tremendous value that can be gained by allowing the world’s brightest young minds to work together. Many of the participants’ projects were focused on Internet technology, at least in part because the Internet has become synonymous with innovation and global connectivity. Intel believes it is critical to foster continued Internet technology innovation, such as embodied by the ISEF, to continue to enable the world to make dramatic advancements rooted in the global connectivity provided by the network.
However, with all of the focus on the global nature of the Internet, an important development has been largely overlooked. The Internet is not only global, but predominantly operates via interoperable hardware and software products which are not varied significantly amongst individual countries and are deployed worldwide. These foundational information and communications technology (ICT) products make up a global digital infrastructure (GDI) that is the central nervous system of not only innovation, but economic development and social interaction. As reliance by individuals and businesses on the GDI increases, there is a corresponding increase in the value users place upon the security of the network and the protection of data traversing the network, including personal data that relates to identifiable individuals. Yet this need for trust in the security and privacy provided by the GDI is increasingly challenged by the rapid increase of malicious threats to the network and data. It is critical that the GDI continue to promote innovation of security and privacy measures at a pace equal to the development of these threats.
To help provide for the innovation of new security and privacy technologies needed to ensure that the GDI continues to thrive, another type of innovation is necessary: policy innovation and the development of a global digital infrastructure policy (GDI-Policy). A unified GDI-Policy informed by cross-border policy cooperation provides an opportunity to help nurture the GDI. This paper lays out the components that have driven the success of the GDI, describes the necessary mechanism of a GDI-Policy; and provides concrete recommendations to help achieve the GDI-Policy.
A successful GDI-Policy should build off of the following common components that have helped make the GDI ubiquitous and flourishing:
· openness,
· interoperability, and
· enabled economic growth
The three components noted above point to the policy environment that is necessary for the GDI to continue to evolve and prosper. Our recommendation is that this policy environment should include the following mechanisms:
· A “Triangle of Trust” model,
· Flexible technology neutral laws and regulations,
· International cooperation and global standards, and
· Accountability systems.
We realize Intel cannot achieve this vision of a GDI-Policy alone. So we invite policymakers to join a constructive dialogue around the following specific recommendations which we believe will help make this policy vision a reality:
· Putting an end to import, export and use restrictions on cryptography for COTS and public research.
· Holding international discussions involving all stakeholders in the Triangle of Trust on the topic of decreasing cyber attacks, with the goal of reaching agreement on mechanisms for limiting the proliferation of such attacks.
· Increasing understanding and implementation of accountability practices amongst public and private sector organizations to an accepted global framework or standard, increased international government funding of NGOs as certifying agencies, and the development of robust, harmonized, coordinated and predictable enforcement mechanisms against noncompliant entities.
· Deepening government/private sector partnerships and international collaboration on cybersecurity research.
· Promoting the widespread adoption of a unified certification process and global standards for product assurance and product security to ensure a secure platform for the GDI. More specifically, we recommend improving the reliability and cost effectiveness of the Common Criteria evaluation and certification scheme by adopting a tiered approach to certifications (allowing companies to attest to compliance with an accepted global standard for certain levels of products, and for third parties to verify company attestations), expanding Common Criteria to development processes, and broadening the international mutual recognition of Common Criteria.
Download the full text of Vision Paper:
Global Digital Infrastructure Policy Merged.FINAL.PDF
Again, we look forward to hearing your comments on our vision and these important issues.