At the Internet Governance Forum (IGF) 2024 in Riyadh, the Internet Standards, Security and Safety Coalition (IS3C) released a new tool: ‘To deploy or not to deploy, that’s the question. How to convince your boss to deploy DNSSEC and RPKI’. In this report, IS3C advocates mass deployment of these two newer generation, security-related internet standards, as their deployment contributes significantly to the safety and security of all internet users. This new tool provides a set of arguments that assist employees to convince decision-takers within their organisations to deploy internet standards.

IS3C

IS3C is an IGF Dynamic Coalition that brings together key stakeholders from the technical community, civil society, government policymakers, regulators, and corporate and individual adopters, with the shared goal of making online activity and interaction more secure and safer by achieving more widespread and rapid deployment of existing, security-related internet standards and ICT best practices. In the past three years it has published reports on security by design - Internet of Things, the skills gap in tertiary cyber security education, government ICT procurement policy, and published a tool containing a list of the most urgent interoperability-related internet standards to deploy, including DNSSEC and RPKI. You can find our reports and future work on our website, www.is3coalition.org.

The tool

Under the leadership of David Huberman (ICANN) and Bastiaan Goslings (SIDN, formerly RIPE NCC) a team of international experts developed a compelling narrative to help decision-takers understand the value of implementing two internet standards within their organisations: DNSSEC (Domain Name System Security Extensions) and RPKI (Resource Public Key Infrastructure). The resulting tool is a narrative that persuades decision-takers to direct their organisation to implement DNSSEC and RPKI or to include them in their ICT procurement policy. This narrative serves as a model for encouraging adoption of other security standards and ICT best practices across the industry.

Why is this tool important?

Technical teams often focus solely on technical merits when advocating for security standards implementation. This narrow approach has led to limited adoption. The report presents several of these arguments and shows why they often fail, despite the fact that deploying these standards creates inherent security benefits for an organisation’s entire ecosystem - protecting customers, suppliers, employees, and internet users by safeguarding their vital information, including its own.

This tool provides decision-takers with essential arguments for implementing security standards. It covers security requirements, regulatory compliance, data protection controls, commercial benefits, and ethical considerations. These insights support both internal deployment decisions and ICT procurement processes. For a more detailed description, I refer you to the tool.

Tool availability

This tool is freely available on IS3C’s website and can be used by anyone desiring to do so. In fact, we would welcome feedback on what works well and what does not work well, so the tool can be improved if necessary.

Join IS3C

IS3C continues its work in 2025 on a range of topics. You can join and support IS3C by joining our mailing list here.

This project was made possible through the support of ICANN and RIPE NCC.