The Need for Trust Framework in Healthcare Technologies

By Bill Ash, Strategic Technology Program Director, IEEE Standards Association

After attending the Mobile World Congress last month and anticipating the HIMSS this month, I am fascinated by the latest technology that is being discussed. Most exciting to me is the potential of IoT to help with remote patient monitoring to better track the needs/trends of the patient.

Electronic Medical Records

Even with all the excitement surrounding this technology, there are questions around trust that will arise from points both external and internal to healthcare providers. In some cases, there will be distinct technological solutions or process improvements to be implemented; in others, comfort level with the new environment of healthcare will have to build among providers and/or patients over time.

As an example, let’s look at wellness monitoring and care, one of the most promising areas of application for eHealth. By enabling patients via the “on-the-go” technology of mobile devices to take certain types of readings themselves (blood pressure, oxygen saturation, glucose levels, etc.) and allowing providers to monitor that data remotely and intervene as needed, providers would be able to maintain more accurate, real-time assessments of their patients’ conditions. This would not only result in improved care, but would cut costs for both providers and patients by eliminating the need for office visits.

But what are the ramifications of the shift from having trained professionals perform measurements in a medical office to patients taking readings wherever they may be? How does the global healthcare industry manage questions around the accuracy of the data? How can it be ensured that the equipment used to take and transmit the readings is working correctly? How can it be ensured that the patient performing the measurements is doing so correctly? How does one account for the security and reliability of the connectivity from the patient to the medical professionals who analyze or interpolate the data? Who has access to the data? And who owns the data?

Risk is something that comes with the development of new technology and the integration of personal health devices (PHDs) is no different. The risks are not solely tied to the use of smart devices that were not traditionally meant to function as medical devices, but they are also tied to how the PHD is used and whether the patient uses the device in the manner it is intended. There are many articles that discuss patients with chronic diseases and the elderly. These articles indicate that many of these patients do not have smart devices or cannot read the user interfaces on the PHD. How does the patient know if he or she took the measurement correctly? The manufacturers of these devices need to keep it simple. Understanding how the user will interact with the device becomes extremely important to how the device gets used and what data will get captured.

Another part of the risk is the security and privacy of the patient data. The ability to protect patient privacy and the data that the remote monitoring device is exchanging is critical to allow for full integration.

Additional risks exist by way of calibration of the applications themselves, such as the accuracy of mobile applications versus regulated medical devices, and the integrity of transmitted data to the care provider’s systems.

There is work across the healthcare industry to look at these risks. It is also worth noting that the challenges that may be facing digital health are not only limited to mobile health or the healthcare industry alone; rather, they may receive greater spotlight due to the topical focus and the sensitivity of the data.

Extending care beyond hospital and doctor’s office walls via standards-based eHealth will demand rethinking information trust inside those walls, and accounting for complex issues around greater sharing of sensitive information by building a robust trust framework figures to be a prime factor in eHealth’s ultimate success.

Stay informed on healthcare applications, devices, initiatives, standards and projects with IEEE Standards Association.

Download IEEE’s complimentary white papers on eHealth.

Why An NESC Summit?

By Sue Vogel, Senior Manager, National Electrical Safety Code

With the 100-year anniversary milestone of the NESC still in the rear-view, it is time for the NESC to examine what the future may hold for this important national code as it enters its second century. A summit seems to be the logical venue to convene interested parties to begin a dialogue and examination of issues facing the NESC today and in the future for the industry it serves. However, let’s take a look back before moving forward.

In 1915, the first summit-like meeting took place: The New York Conference on the National Electrical Safety Code was held at the headquarters of the American Institute of Electrical Engineers (AIEE), the predecessor of the IEEE, and lasted two weeks. The object of this conference was to “enable a thorough study of the code to be made in conjunction with the representatives of the Bureau of Standards, by representatives from various parts of the country of the electric light and power companies, the steam and electric railways, the telephone and telegraph companies, and the manufacturers.” Delegates attending at that time were many of those same stakeholders that participate in the NESC today, albeit some by another name: “American Institute of Electrical Engineers, the National Electric Light Association, the American Electric Railway Association, the telephone interests, the state industrial and public service commissions, several of the larger cities, the International Brotherhood of Electrical Workers, the National Safety Council, and a considerable number of engineers representing groups of utility companies.”

The significance of convening a national effort with many stakeholders to develop a code that would protect workers and the public, with some industry group participants still in their infancy, cannot be underestimated. After all, the document produced was a first-time effort to write down rules for safety, encompassing many different perspectives and needs, with the ultimate goal of saving lives. The discussions held at the New York conference were critical for the time; persuasion was very much the name of the game, for development and existence of a national code with the cooperation of all affected interests, rather than local or state codes, or codes prepared by various societies.

B. Rosa, author of the article on the New York conference published in the January 1916 Proceedings of the A.I.E.E., notes that “such a safety code…is far-reaching in its influence, amounting in many respects to a standardization of electrical construction and operation, and as such comprehensive rules cannot be expected to apply generally without exception in special cases, they should not be enforced in an arbitrary or mechanical fashion.”

Fast-forward 100 years and we are looking at the second time in its history that the broad NESC community is coming together, this time to ensure that the NESC, a trusted code in the industry, remains relevant to those that it serves. The NESC leadership has identified a need to consider the future of the NESC from both a technical and a procedural perspective. The IEEE-Standards Association (IEEE-SA) is also committed to provide users with a code that is also viable from a usability perspective. What should the NESC look like three, four, or five editions into the future? What should the code address that it currently does not? Who else needs to be involved? How can younger power engineers become engaged? How can the NESC ensure agility and timely responsiveness in the midst of a rapidly changing landscape? How can the current NESC structure reach out to ensure that the NESC is proactive in addressing industry needs? These and many other questions will be entertained during the NESC Summit.

Rosa further states: “The conference was characterized by good feeling and the spirit of cooperation. Naturally there was much difference of opinion among the delegates on some rules, due to so many different interests and so many parts of the country being represented, and also to the fact that individual experiences differ greatly even in the same industry and in the same locality.” It sounds like he is discussing a current-day NESC Technical Subcommittee meeting! Perhaps the more things change, the more they stay the same? And lest we forget, we should acknowledge the many hard-working and knowledgeable individuals who, over decades, as members of the NESC Main Committee, Executive Subcommittee, and Technical Subcommittees, have given their time and expertise over many years to bring each edition of the NESC to fruition, with incomparable integrity.

Actually, the words “characterized by good feeling and the spirit of cooperation” should be the mantra for the NESC Summit being held in 2015. This is a great opportunity at hand for the community that supports the NESC and the NESC that supports the industry to come together in a spirit of cooperation to examine all that the NESC is, and all that the NESC can be, so that the next 100 years continue to be governed by a safety code that continues to be trusted, viable, and relevant. Everyone who participates should feel good about making a contribution. However, we should not wait another century to convene another NESC industry-wide conference with the opportunity for all stakeholders to be present. NESC Summit II, anyone?

Getting Serious About Cybersecurity

By Oleg Logvinov and Greg Shannon

Innovation in connectivity is so rapidly paced and multi-dimensional across integrated technology spaces today that there is a tendency to be overwhelmed with the concomitant risk of hacking. But this situation is definitively not hopeless. Critical advances in cybersecurity, in fact, are being achieved around the world, and there are clear indications that the world is getting serious about addressing the threat on multiple fronts.

New risks naturally present themselves with each new technology innovation. Consider, for example, the challenges introduced by the Internet of Things (IoT).

IoT deployment is intensifying around the world, bringing perhaps billions of devices globally into the cyberdomain for the first time through Internet Protocol (IP) interfaces. The associated cybersecurity threat is rapidly evolving. In the IoT, systems that were once largely self-contained—their components connected only to one another—are now being interlinked through an IP backbone, introducing challenging new questions for the global technology community to consider. For example, how likely is a scenario in which a breach at one “thing” on the global IoT opens whole systems or even enterprises to vulnerability through interconnectedness, and what steps must be taken to manage such a multi-faceted threat?

It is an encouraging sign that the severity and dimensions of the threat are coming to be understood even beyond technologists—and that cybersecurity, in turn, is rising in the public consciousness as a matter of “social good” to be enforced and preserved. The 13 February 2015 White House Summit on Cybersecurity and Consumer Protection engaged far-reaching stakeholders from across the United States “to collaborate and explore partnerships that will help develop the best ways to bolster our cybersecurity.”1

What is the role of the professional organization in grappling with the globally shared cybersecurity challenge?

As a globally scoped professional organization spanning an unmatched range of technology areas, IEEE is uniquely positioned to help facilitate collaborative progress in multiple ways.

For example, the IEEE Computer Society, the leading association for computing professionals, in 2014 launched the IEEE Cybersecurity Initiative with the aim of expanding and escalating its ongoing involvement in cybersecurity. The first step was to establish the IEEE Center for Secure Design, which is working to shift some of the focus in security from finding bugs to identifying common design flaws in the hope that software architects can learn from others’ mistakes. A report released by the center, “Avoiding the Top Ten Software Security Design Flaws,” delivers a valuable resource based on real-world data.

Also in 2014,with the launch of the IEEE Internet Initiative, IEEE expanded beyond its traditional scope and positioned itself as a bridge between the technical and political communities. The initiative is working to amplify the voice of the technical community in global technology policy-making in the areas of Internet governance, cybersecurity and privacy, in order to inform and influence debate and decisions and help ensure trustworthy technology solutions and best practices. By providing a consensus of sound technical and scientific knowledge and guidance to the process, the IEEE Internet Initiative seeks to pursue a vision of public policy informed by technology for the benefit of society.

Furthermore, the IEEE Standards Association (IEEE-SA) has a long heritage of enabling trustworthy exchange of sensitive data via technology. Through education and open, interoperable standards, the IEEE-SA helps foster a trustworthy framework for connectivity. IEEE P2413™, IEEE Draft Standard for an Architectural Framework for the Internet of Things (IoT), for example, is currently in development to define an architectural framework to promote cross-domain interaction and aid system interoperability for the IoT. The standard is intended to provide a blueprint for data abstraction and the quality “quadruple” trust: protection, security, privacy and safety.

The IEEE-SA facilitates global collaboration in cybersecurity at earlier stages of technology development, as well. For example, out of the desire by many in the security industry to more efficiently address growing cyber threats in a coordinated fashion, the IEEE-SA Industry Connections Security Group formed in 2009 as a global effort to pool experience and resources in combating the systematic and rapid rise in threats to computer security. IEEE-SA Industry Connections provided the much-needed collaborative environment for technologists in the computer-security industry to come together quickly and tackle the most pressing issues as they arise. The IEEE Anti-Malware Support Service (AMSS) that the group created is a set of shared support services that enables the individual security companies and the industry as a whole to respond more effectively and efficiently to the rapidly mutating universe of contemporary malware threats.

There is a growing range of ways for you and/or your organization to engage in the global cybersecurity effort through IEEE. Your unique perspectives on the challenge and lessons learned are needed at the table. You can learn more about how to get involved at

Nothing less than the global technology community’s best, combined efforts to manage security risks are required in today’s quickly evolving cyber age. IEEE provides a proven, globally open collaborative environment through which to marshal those efforts for the benefit of humanity.

Oleg Logvinov is chair of the IEEE Internet Initiative and IEEE P2413 Draft Standard for an Architectural Framework for the Internet of Things Working Group and Director of Special Assignments in STMicroelectronics’ Industrial & Power Conversion Division.

Greg Shannon is chair of IEEE’s Cybersecurity Initiative and chief scientist at the CERT Division of the Carnegie Mellon University Software Engineering Institute.


INTELECT – A New Forum to Drive Innovation in Smart Cities

Everywhere in India, you feel the atmosphere charged with bullishness. Much of the optimism stems from Prime Minister Narendra Modi’s focus on an empowered India. This is not just hyperbole. A great example is the recent 100 Smart Cities initiative in India, whereby infrastructure, information and communication technologies (ICT), and standardization and interoperability are some of the key points of consideration. This, too, was among the topics discussed at the first ever INTELECT event held in Mumbai, India in January 2015.  Organized by IEEE in collaboration with the Indian Electrical and Electronics Manufacturing Association (IEEMA), INTELECT strongly aligned with “100 Smart Cities” program and “Digital India”. As a panelist and judge of one of the technical tracks, it was great for me to see such a high level of interest in Smart Cities during INTELECT 2015.

This multi-day event brought together more than 100,000 experts from both the Power and ICT technology sectors, industry practitioners, students, and policy makers to debate and discuss issues surrounding the key topic of “Smart Electricity for Emerging Markets”. It also provided the opportunity for next generation technologies in the areas of power, telecommunications, and IT to be showcased. As a native of India, it was important for me to see that the participants and panelists understood that the implementation of Smart Cities technologies presented challenges–not only of convergence, but also of change management–and recognized the need to ensure smooth rollouts, adoptions, and adaptations of new technology.

By the end of this three-day event, I felt that the core issues of Smart Cities implementation had been conveyed and received. Even the student participants displayed their understanding of the challenges. Moderator Alpesh Shah (IEEE-SA Director of Global Intelligence and Strategy) asked, “Should Smart Cities be considered a social investment?” of which many respondents agreed. A Smart City is not solely an investment in digital infrastructure; rather, it is a platform for social innovations, as well as the opportunity for commercially viable results. The high level challenges—beyond implementation—discussed included the need for appropriate policies around privacy, security, access, and usage. Privacy and security policies are hot topics of conversations in IoT as well as an interconnected and digital world; and are certainly not easily resolved. Access presents an interesting challenge, and many innovative minds discussed at the conference. Conversations on the last mile, micro-grids, and creative methods for roll out in rural areas—all made for exciting and enticing propositions in the march towards 100 Smart Cities in India.

Many of the challenges faced in India are common to any country considering Smart City rollouts. As the panelists pointed out, the implementation is where the rubber meets the road. For Japan, the panelists talked about energy surplus being a key challenge, whereas in India, it resides on the demand side.  Thus, while it is important to ensure a global perspective—it is imperative that countries considering Smart City investments understand there is no “one size fits all”. Given the cost of investment and size of the projects as frameworks and architecture are developed, appropriate factors required for creating a Smart City should be given serious thought and attention.

The Indian government provided strong support to the 2015 Intelect event through its Ministry of Power (MoP), Department of Telecom (DoT), and Department of Electronics and IT (DEITY). This demonstrates their commitment to ensuring that the technology, implementation, adoption, and policy developments are addressed in order to carry India into the next generation. INTELECT also had a “Humanitarian Track,” which showcased some of the key social entrepreneurship projects for taking rural implementation of technology beyond the cities to remote areas in India.

I look forward to participation at the next INTELECT event in 2017. If you are interested in learning about how your organization can participate, please feel free to contact me at —to keep your company informed about the event.

January 28th is Data Privacy Day – A very public celebration of personal data privacy awareness and education

As more organizations and companies collect and access user’s digital information, the details on just how that data is handled and where it is distributed becomes extremely important—especially as we become an increasingly global hyper-connected community with the Internet of Things (and people) entering our daily lives, and data flowing through and among devices, the Internet and the cloud.

On January 28th get connected to Data Privacy Day 2015 by sharing best practices, events, or your own personal data privacy story via social channels using the hashtag #DPD15. To join the IEEE Standards Association (IEEE-SA) conversations add the tag #IEEEPriv. Take a moment to review your own personal data protection strategies and habits or discuss data privacy practices within your organizations, your peers, and your family and friends.

What is Data Privacy Day?
An annual international celebration held on January 28 to raise awareness, educate, and promote best practices around data privacy and protection throughout the world, Data Privacy Day is dedicated to helping people understand how to manage the flow of their data online and in digital products, such as mobile apps.

Why is Data Privacy Day Important?
Data Privacy Day seeks to raise the collective awareness of our experiences in a more connected life. As we use more and more devices enabled with apps the collect more and more personal information, concerns around personal data privacy are growing exponentially. Technology deployment and market adoption rely upon a basic trust in the tools and systems developed. Data Privacy is a critical consideration when seeking to innovate technology for the benefit of humanity. Everyday users are more likely to embrace technology that performs in a predictable way. These types of users instill a basic trust in adopted technologies. The same users are likely to move away from technologies that do not demonstrate predictably trustworthy behavior. General confidence is a key to user engagement and this confidence is part of what makes Data Privacy Day important.

How to Participate in Data Privacy Day?
It’s easy to participate. No financial commitment is required. While information sharing is actually part of the growing data privacy protection challenge, social tools also enable learning opportunities. One of the best ways to participate is by sharing best practices and stories via social networking, blogging or via peer networks. These resources provide strategic insights that may apply to a company, a social organization, and even one’s daily life.

Opportunities for Organizational Collaboration
Recognizing a day of global Data Privacy awareness provides a unique opportunity to connect individuals, groups, and communities toward information sharing and potential collaborations.

How is IEEE Community of Organizations Participating?
The mission of the IEEE is to foster technological innovation and excellence for the benefit of humanity. The IEEE collaborative global community of members and technical communities houses an impressive depth of technical expertise and knowledge on privacy-related topics. Below are some resources for your reference and use.

  • The IEEE Security and Privacy Symposium takes place from May 18-20 in San Jose California. The event provides great opportunities to learn and share privacy and security experiences with peers and industry experts.
  • The IEEE Security and Privacy Magazine brings the work and research of privacy and security professionals to the forefront providing an innovative educational resource.
  • The IEEE has major technology initiatives touching the topics of privacy, big data and IoT.
  • In 2014 IEEE-SA hosted a series of Privacy virtual hangouts, including a Data Privacy Day hangout bringing together respected privacy professionals from around the world including Dr Ann Cavoukian who is the author of Privacy by Design.
  • The founders and signatories of OpenStand continue to focus around issues regarding a paradigm of principles for open standards development. This collaboration plays a key role as the development of industry standards with alignment to OpenStand principles helps to foster industry, partner, and user engagement and confidence.
  • The IEEE-SA participates as a Trustee of the Kantara Initiative where they share experiences, leverage industry knowledge, and convene industry professionals with a specific focus on open-standards paradigm aligned digital identity technologies and policy.

Future Outlook
As technologies become more intertwined in our daily lives and relationships, personal data collection becomes pervasive. Technology and service innovations bring exciting opportunities for humanity. Governance continues to evolve, seeking to appropriately address new scenarios in alignment with local and global cultures and contexts. Significant innovations pose an array of new risks, but the same innovations offers many opportunities to improve human experiences, relationships and lives. We invite all to take a moment to think about personal data privacy, share stories, and become more educated about data privacy issues so that we can work together to foster a better tomorrow.

About the Author:
Joni Brennan is the IEEE-SA Technology Evangelist for Internet Identity and Trust focusing on issues of governance, policy, and technology development that touch digital Identity, Personally Identifiable Information, and Trust Services. Joni is a regular speaker and facilitator at premier identity and privacy events including: RSA, European Identity and Cloud Conference, IRM Summit, Privacy Identity Innovation, TSCP Symposium, Cloud Identity Summit, and more.

With over a decade of experience in the fields of identity and privacy Joni participates in international organizations and industry standards committees, including: IEEE, OECD ITAC, ISOC, OASIS SSTC, ISO SC27 WG5, and ITU-T SG17 Q6. She previously served as the US NSTIC IDESG Trust Framework WG Chair and has provided testimony for Trusted Identity and Access Management systems to the US ONC HITSP.

The Augmented Reality and the Evolution of Expectations

By Shuang Yu, Senior Manager, Solutions Marketing, IEEE Standards Association

I was introduced to the eye-opening film, Augmented City 3D, in October 2014 at the InsideAR Conference in Munich. Designer and film-maker Keiichi Matsuda shows us a not-too-distant future enabled by augmented reality (AR), in which, as he describes it, “the architecture of the contemporary city is no longer simply about the physical space of buildings and landscape, more and more it is about the synthetic spaces created by the digital information that we collect, consume and organize.”

What initially struck me about the movie is how data follows people and they interact with that as an immersive human-computer interface and how simply it all existed in the physical realm without prompts from a handheld device. The film’s characters interacted with digital information as though it was an everyday experience; it just “lived and breathed” around their reality. It was expected to be available as they moved through life.

And then it was weeks later, back home in the United States, that I had another revelation about the movie. My friend’s 2-year-old daughter for some time has been using an iPad to play games, so she has grown accustomed to swiping the touchscreen to move things around. One day, the little girl tried to interact with the TV in the same way she would with an iPad—by swiping the screen. Of course, nothing happened. Again, she touched the TV screen and swiped. Still, nothing happened.

“Mommy,” she said, finally giving up, “the TV is broken.”

This is how today’s younger generation interacts with things in a world where everything—stuff and humans—more and more frequently is interconnected. It is a very different reality, a very different set of expectations for how the world works from the one that my and previous generations were born into. And, so, while I find mind-blowing most everything about Keiichi Matsuda’s augmented-reality vision, the technology innovations upon which AR is taking shape are already evolving our children’s expectations to those of the characters in the film.

The IEEE white paper “A Day in 2020: An AR market development and community engagement project” describes today’s AR technology and delivery methods:

Projection AR uses fixed or mobile projectors to superimpose light on the target. This is highly suitable for performing arts, manufacturing, and public art installations. Unlike projection alone, the experience of the user must change when the physical world changes.

Desktop or console AR is stationary and the user seems to see a mirror of the physical world in which additional digital assets are overlaid.

Mobile displays can be optical see-through or video see-through. Smartphones and tablets are not transparent, so they can only be video see-through. Transparent or semi-transparent materials, such as lenses in glasses or contact lenses, permit optical see-through AR in which the user sees the real world (not a video of it).

That’s today, but the technology for AR delivery will become more complex and enhanced. Plus, the concept and capabilities of augmented reality are quickly spilling across all of our senses. AR is not only about sight and touch; innovations today are already showing how AR will also envelop sound, smell and taste.

As we begin to see AR and its associated technologies permeate the world in such ways, what near-term and long-term change might be in store for travel, food and gaming industries? How might they change education and entertainment? And where else can you imagine these innovations transforming our ways of life and our expectations?

For example, if we can change a façade of a building and broadcast our mood, who says we can’t create our own “face” or “shape” the world around us as we see it? Soon people could wear “faces” based on the mood and the occasion—just as some people already change facial makeup daily. This could take the meaning of self expression to a whole new level, using all the body’s senses to engage with reality (and one that’s heavily augmented).

Plus, AR is not only about humans but also things. For example, could sensors be embedded in furniture so that it can “feel” and “see” and have “memory,” and how might such an innovation impact, say, crime investigations?

Perhaps, even our whole understanding of what the “real world” is will be redefined by the augmented-reality revolution and the crystalizing reality of the connected person. Instead of being confined to the physical world, our understanding of the real world might be informed by a combination of the physical and no-less-real, digital world.

I’m excited to be working for an organization that is at the forefront of AR innovation. The IEEE Standards Association (IEEE-SA) offers a platform for developers and users worldwide to innovate for open and interoperable augmented reality. Development and adoption of market-driven standards for AR stands to spur innovation and grow markets through economies of scale and wider market acceptance and uptake. Even today, IEEE has dozens of standards and standards-development projects to support the advancement of AR. And IEEE-SA Industry Connections is leading campaigns and projects to encourage AR toward its full potential as an enhancement to human life and information use.

The IEEE-SA is the connection fabric for technologists globally. Through the IEEE-SA, the world’s technologists tap into unmatched access to cross-disciplinary expertise across and beyond IEEE to work together to enable the connected person and all of its associated applications and capabilities such as augmented reality, “e-health,” the Internet of Things (Iot), cloud computing and the smart grid.

How do you see technologies are transforming our ways of life and our expectations? Send me an email, or leave a comment below.

Global, Open Standards for Cyber-security

Karen McCabe, IEEE Senior Director, Technology Policy and International Affairs

Among the world’s most serious economic and national-security challenges today is cyber-security, with implications across the many rights and civil liberties enjoyed by people throughout the world who engage in cyber-communications. Freedom of expression, freedom of association, economic opportunity and political discourse may be redefined by the course that bodies chart for cyber-security.

Cyber attacks on Internet commerce, vital business sectors and government agencies have grown exponentially. With such threats escalating in frequency and impact, security policy, technology and procedures need to evolve even more rapidly in order to stay ahead of the threats. Addressing such issues in a way that protects the tremendous economic and social value of the Internet—without stifling innovation, expansion to more users around the world and market growth—will demand globally open, transparent and inclusive approaches, especially in standards development.

The Internet is complex, both technologically and politically, and its stakeholders span technical disciplines and national borders. Furthermore, one of the peculiarities of the cyber-security challenge is that, while cyberspace is global, the freedoms that are protected by constitutional rights, human rights, cultural norms and legal institutions are defined by treaty or geographic boundaries. The distinction between the roles of technology standards and public policy must be better understood, and the goals and responsibilities of shapers of each must be more clearly delineated and defined.

In development of global technology standards for cyber-security, inclusivity and direct participation, broad consensus and transparency are particularly important characteristics—given that distrust and market fragmentation could so easily take root if the standards around, for example, encryption algorithms are developed via closed processes. Consequently, instead of standards developed for a particular set of stakeholders to address one industry or geographic region’s requirements and then exported for wider application, cyber-security demands a development environment aligned with the proven, core principles of global, open standardization:

  • Inclusivity and direct participation—Stakeholders from organizations of any size, any industry and any nation must be able to engage directly and equitably in global, open standards development for cyber-security.
  • Broad consensus—Standards development for cyber-security should engage a broad set of global stakeholders, without any single person or organization wielding undue power in the process.
  • Transparency—Development activities for cyber-security standards must be globally transparent and accountable and broadly recognized as such.

Because of the unique complexities of the Internet and cyber-security especially, a global commitment to multi-stakeholder standards development is needed to both successfully counteract evolving threats and engender ongoing international trust in the Internet as a foundational platform of commerce and wellbeing. The multi-stakeholder process—drawing from businesses, consumers, academia and civil society, as well as from government—has been instrumental to the Internet’s remarkable growth to date, and, through global, open standards development through the IEEE and a number of other organizations, its role will be crucial in cyber-security.

Please visit OpenStand to access resources; videos, Infographics, Whitepapers, and to sign up in show of support for Open Standards. To get involved with developing and maintaining open standards please visit IAB, W3C, IETF, ISOC, and IEEE.