RIPE 90

Daily Archives

RIPE 90. Side room. 2pm. Co‑Operation Working Group.



DESIREE MILOSHEVIC: Hello everyone and welcome, a very warm welcome our Co‑Operation Working Group session this afternoon.

My name is Desiree and I am one of the co‑chairs of the working group together with my colleagues Achillies Kemos, who is online this time and Julf Helsingius. So I will briefly take you through the agenda that we have and then if you have any suggestions for any changes, please raise your hand and let us know.

We will have a first of all a session that is starting with the I don't see the agenda online, I am sure you have it in front of you. So the first speakers will be Christopher s and Ameedee Von Moltke from BEREC Open internet working group, both co‑chairs. They will tell us a little bit about the report that BEREC has done on the IP interconnection charges and how all the surveys they have done, this is a familiar topic to many of you that we have been covering and for some reason, my laptop seems to be stuck ‑‑ but then we will move on to the second part of the session that will be moderated and chaired and speakers will be introduced by Julf, will be joined by ol will I and a retired I think military person from Finland talking about some vulnerabilities in the ecosystem especially with a view on submarine cables and vulnerabilities and resilience. Then he will be joined by Emile from RIPE NCC and also David Belson from Cloudflare and after that we'll hear from the European Commission officials, Ruediger Martin, thank you, and Goran Milenkovic, and they will present their multistakeholder platform for internet standards development and share that with you and last but not least, we will hear from Chafic Chaya from RIPE NCC who is going to share with you some updates from the Middle East region and activities of RIPE NCC. And we might also have some time for the questions.

Yeah, so if, without further ado, I would also like to remind everyone that RIPE NCC election voting will close today at 1700, if you haven't voted yet and that you should also rate the talks. Thank you.

I believe our speakers, Christopher Mertens and Ameedee are online, if you could please start with your presentation, the floor is yours.

AMEEDEE VON MOLTKE: Hello, can you hear me?

DESIREE MILOSHEVIC: Yes, loud and clear, we still don't see, yes, we see you as well. Mock mock great, I am just waiting for a second for my colleague Christoph who is I think he is online, I am not sure he is having maybe difficulties speaking and being seen, Christoph?

DESIREE MILOSHEVIC: Let me ask her has he been promoted to speaker? So he has been promoted to speaker, he should be able. Mock mock sorry because I can see on the call there he is on participant mode right now there now he is in speaker mode, Christoph, can you unmute yourself?

Looks like a bit of difficulty on Christoph's end.

DESIREE MILOSHEVIC: Ameedee, do you have the slides or we can still ‑‑ mock mock yeah, I think I have the slides, I have control on the slides.

DESIREE MILOSHEVIC: It would be good if you would, to start and... mock mock OK, I will try and do my best on my own until Christoph can join us hopefully. So good afternoon everyone, thank you for having us, I am Ameedee Moltke, one of the co‑chairs of the BEREC working group. I am a legal adviser at the Belgian am telco regulator, and my colleague who I hope will be with us shortly is Christoph Mertens who works at the German regulatory authority, he has been there for many years and has been participating in BEREC as well for many, many years.

The idea that we wanted to do here is just to run down basically what we did last year on IP interconnection and the idea here is to give you basically snapshots of our findings. As you probably know, IP‑IC is a topical issue right now, it's something that we at BEREC have dealt with for numerous years, it's nothing new for us. We had a report back in 2012 and another one in 2017 and most recently, last year.

And of course one thing that one reason why this is a very topical issue right now becauses you are probably well aware, it basically dovetails with the so‑called fair share debate that has been heavily promoted by certain big ISPs asking for basically contribution, financial contributions, from content and application providers.

Now, to make things very clear from the outset, in the report we are not delving into the fair share debate. BEREC has provided already an assessment on the proposals by the large telcos in a separate opinion and so here the idea was to do a really fact‑based analysis of the situation in 2024, i.e., seven years after our last report, to see what has changed, if anything has changed and so what we did was we did a very thorough exercise, numerous workshops, pretty intensive data collection exercise, we went through the... inspection of stakeholders from academia, obviously CDN providers, ISPs, CAPs, the full gambit of stakeholders. And if I summarise the high‑level observations, it was basically a ping‑pong match between, on the one hand, large ISPs and basically everybody else, very large disagreements and very, very polar opposite positions.

But to summarise and make a long story short, I mean we find, broadly speaking, that IP interconnection, the ecosystem, the markets, basically they work well. I mean, the conclusion that we had in 2017 basically still holds today, so that's the long story short.

And if we delve into the issues quickly giving you the snapshots of the elements of the report, so these are the different topics that we explored and if we go through them very quickly one by one, firstly in terms of traffic developments, indeed we see that of course traffic rates have increased, they are still growing, there was a peak during the Covid 19 pandemic, but what we see is that things have stabilised, and more importantly we believe that even though traffic rates are still probably going to keep on rising, this is something that we believe the internet will continue to manage, just like it always has, basically, and basically due to technical, technological innovations and competition.

So that's regards traffic developments.

So on the other hand, when we look at pricing developments, so yes, traffic is increasing, but not as much as basically prices are going down. So when it comes to IP interconnection, whether it's transit, peering, what we see is that prices are continuing to go down drastically.

So when it comes to transit, and again here the same dynamic, i.e., technological innovations primarily with the development of on‑net CDNs, which are becoming more prevalent now versus when we looked at IP interconnection back in 2017. And so again, here in the nutshell the message is yes, traffic has been growing but pricing for interconnection has been decreasing massively.

And here I would maybe if Christoph ‑‑ Christoph, are you there?

Unfortunately, it seems like my colleague Christoph is having some continuing difficulties, so I will just keep on here. But in terms of market developments, what we have seen is on the one hand large CAPs have been making significant investments in the infrastructure, particularly the backbone struck and continue to exert competitive pressure on transit providers. We see an increase in traffic exchanged on on‑net CDNs as I mentioned previously with regard to pricing, one other reason why IP interconnection pricing has been decreasing.

What we see as well is that in terms of transit, transit is somehitng much more of a fallback option but less than substitution to peering if there's high latency and bandwidth requirements.

Now the next issue we looked at was to look at basically to the generic structure of IP‑IC issues. So here it's not that the we looked at specific cases, but based on different issues that came up during the consultation, based on our evidence gathering exercise, we tried to describe in a gentlemen generic way the structure of this that may occur in the context of IP‑IC and basically what we have here are ‑‑ is the idea idea that there's congestion and one side i.e., the CAPs have been basically saying there's artificial congestion, i.e., that ISPs manufacture this congestion on transit routes versus ISPs who basically say this is just purely technical issue on the other hand.

Now, what we found is that, indeed, artificial congestion of transit routes is a strategy which ISPs can indeed implement and that it's not something that they will implement only in the context where all routes are congested, so if an ISP has a tight traffic ratios requirement for resentment for peering for example, transit providers may not take on additional traffic if the settlement free paying relation turns into a paid relation.

And we also gathered evidence from the US for this, so the idea that ISPs can and do basically artificially manufacture congestion and that it can happen in cases where not all transit routes are congested, we have gathered evidence of this from the US but broadly speaking, what we find is that yes, this is strategy which can be implemented, that ISPs can also have the incentives for this but that when it does occur, these are basically edge cases, i.e., these are quite discrete issues in an otherwise broadly speaking fully functioning market.

Next thing that we looked at was bargaining, which is basically a prolonging ‑‑ when we look at disputes, basically what we find this is this is very much dependent on the bargaining relationship, the bargaining power relationship between ISPs and CAPs on the other hand. And again what we find here is that basically both sides have polar opposite views on the bargaining dynamics, so ISPs on the one hand they will claim that CAPs, they have they have must have contempt and that there's basic asymmetric regulation which favours them, versus on the other hand the CAPs who say that while well the it's the ISPs who have all the power because they have determination monopoly, they have access to the end users.

And what we find in this context is that in fact there is a sort of mutual interdependence between CAPs and ISPs and there are different factors that will go into the relative bargaining situation of the players involved, be it the degree of substituteability, of transit in peering, the cost structure which may he heavily secured towards variable costs or fixed costs, economies of scale and technological developments.

And again, here one thing that we should insist upon is that what we found is that ‑‑ so the current debates are basically focused on issues that involve the largest actors, the large CAPs versus the large ISPs, but, of course, small CAPs can and are also affected. So a small CAPs using transit providers, if the transit provider has to pay to the ISP, that transit provider may pass on the cost to the smaller CAPs who may be then placed at a competitive disadvantage.

Another aspect which we looked into which also impacts the bargaining situation between CAPs and ISPs is the amount of end users of the ISP.

So of course the bigger consumer base that the ISP has, the more relative bargaining power this ISP will have vis‑a‑vis CAPs.

But again overall, what we find is that in the context of IP‑IC the relative bargaining situation, is relatively balanced, even though for smaller players typically, they will bear higher costs and which obviously affects their bargaining situation vis‑a‑vis ISPs.

The last issue that we looked at was the more regulatory aspect of things. Namely, the relationship between IP interconnection and the open internet regulation. Now, the open internet regulation basically net neutrality rules in the EU, they only apply to internet access service. At least facially speaking, the value chains or the position in the value chain is at the very end basically and so formally speaking one could say IP‑IC is outside the scope of the regulation, and yet BEREC has stated in its open internet guidelines that bearing in mind the regulation cannot be circumvented in any way or form, then indirectly IP‑IC is, in fact, in scope and this is what we further clarified in the report i.e., IP‑IC cannot be used, an ISP cannot leverage its position in IP‑IC to indirectly violate the open internet regulation. And artificial manufacturing scarcity, can at the end of the day, impact end users rights. So, therefore, this is something that potentially could constitute a violation of the open internet regulation. But any such finding would basically require a case specific examination of all of the relevant circumstances.

So that's basically, in a nutshell, our report on IP‑IC. Again, to reiterate, the message that I mentioned early on, just like it was in 2012 and 2017, the IP‑IC ecosystem is one that BEREC finds is, broadly speaking, fully functional. There are clearly some issues, relatively edge cases which can and do actually occur. But at the end of the day, we feel that, and stakeholders broadly speaking, felt that no specific additional intervention was needed.

And I think my time is up and that is all of our presentation today. Thank you very much for your attention.

(APPLAUSE.)


DESIREE MILOSHEVIC: Thank you so much, Ameedee. I hope you heard the applause, so everybody was really appreciating your talk and covering for Christoph who we couldn't hear ‑‑ there was some difficulties. And so thank you so much.

I will just open the floor to see if there are any follow‑up questions on your report or findings.

It seems that everything has been clear. So again, thank you for being with us here today and thank you for your presentation. I know you have published an article as well about your report on labs and RIPE Labs so I think anyone online and here could also find more details in that.

And then for the sake of time we'll move to our infrastructure session and I will ask Julf to take care with that. Thank you.

JULF HELSINGIUS: Hello everybody. I am chairing this sub part of it about infrastructure and, we all are very proud about how the internet deals well self disturbance and conversation routes around and this and that but we have to remember that we are relying on the infrastructure that is very vulnerable and the internet can't always cope even though it has been coping very well.

So to start with, I am really happy to sort of have here, unfortunately only remotely, retired commander Olli Peltonen has a lot of experience about submarine cables. Go ahead Olli.

OLLI PELTONEN: Thank you, Julf, thank you for giving me this opportunity. Can you hear my voice?

JULF HELSINGIUS: Very well, thank you.

OLLI PELTONEN: In this presentation we focus on the sabotage targeted against submarine fibre optic cables in the Baltic sea and I am Olli Peltonen. I am an independent consultant and retired Finnìsh Navy Officer. I had a 30‑year career and served for 18 years in strategic level positions within the Finnish Defence Courses, Communications an Information Systems sector. And I also made two tours in Brussels representing both Finnìsh NATO and EU missions.

For some experience, I had also as a young officer I served as first officer and also a Commanding Officer on board the first petrol boat craft which provided me now valuable insight also operational details of anchor usage.

And the material for this presentation has been compiled from public sources, and the view points that I present are my own, my open observations.

Here we had three widely reported incidents in the Baltic sea that have occurred over the last two years.

On the night of October 7th to 8th 2023, Hong Kong vessel ... dragged its anchor for more than 180 kilometres in the gulf of Finland and ultimately the anchor broke rules after colliding with the Baltic connecter gas pipeline which runs between Finland and Estonia, the anchor also damaged the under sea communication linking Finland and Estonia and the EES1 telecommunications cable between Estonia and Sweden. Furthermore, the Russian Baltic submarine cable running from the... region to... was also damaged.

Later in November 17th, 2024, the vessel Yi Peng 3 damaged a submarine cable and left.

The following day on the November 18th the Sea Lion One cable owned by a Finnish company and linking Finland to Germany was also damaged.

Just one month later on December 25, the oil tanker. ..owned by UAE company and flying the Cook Island flag got four communication cables including Sea Lion 1 again, as well as the East link power cable between Finland and Estonia.

Experts widely agree that these acts are part of Russia's hyper influence strategies and it is anticipated that we may encounter more attempts to disturb telecommunications connections also in the future.

Hybrid influencing operates in a grey area between war and peace and these activities are typically carried out as covert situations. Submarine cables represent critical infrastructure and they can be targeted in military operations, including first strikes of war.

If we look closer to most demanding of these incidents, the Eagle S cut the four telecommunications cables in the gulf of Finland and December 25th, two of the... companies cables were repaired January 6th and the Sea Lion 1 was repaired the following day.

And Sea Lion 1 operators, seen yock stated and I quote the repair was completed faster than initially estimated, despite the need for special equipment to be brought in from outside the Baltic sea.

End of quotes.

The repair vessel cable vigilance was in France when it was called for the cable repair.

Most of the time required for repairs is spent in moving a vessel, vessels and spare parts to the damaged area.

And based on the Eagle S incident, it can be concluded that repair of the first submarine cables takes about two weeks from the moment of damage.

Also in a quite demanding winter conditions in the northern Baltic.

In all those incidents, the cable owner have used cable ships to repair the damage.

Very few cable laying vessels are available. For instance, in Finland, there is only one vessel dedicated to cable laying and repairs. The... which was responsible for repairing the cables between Finland and Estonia, that were damaged by the Eagle S primarily lays and repairs cables along the Finnìsh coastline and the archipelago and also in the lake regions, so it's relatively small vessel.

When multiple submarine cables are cut and require simultaneous repairs, it very fast creates resource bottleneck for cable owners. For example, Sinia has contracted a French shipping company to repair the damaged Sea Lion 1 cable already twice in the Baltic.

If we want to enhance the cable repair capacity acquiring equipment designated for repairing submarine cables, such as the robot equipment shown in the picture taken at the cable vigilance on the right‑hand side may be beneficial.

This type of equipment can also be installed on multiple purpose vessels such as ice breakers, which can be used as cable repair platforms when needed.

Network reliability hinges on redundancy and avoidance of single points of fail architecture. The situation in Baltic sea has notably improved in recent decades, resulting in several mutually supportive connections. And Samsung east it is unlikely all connections will be down simultaneously normally.

On December 25th, 2024, the Eagle S vessel cut off four submarine cables, although this cost some latency in the network, servers in Finland continued to function normally, almost normally.

The Finnìsh operators deserve credit for diligently ensuring that under sea connections effectively support redundancy among themselves, in... situations, services could be maintained with a few functioning offshore connections, however by cutting off her telecommunications connections, a country could be isolated from the rest of the continent for considerable period.

I stress there are... information of summary cables is publicly available. These images that I show here have appeared in newspapers. It can be assumed that professional intelligence organisations that are willing to target submarine cable connections possess the detailed information about the routes.

And we should also be prepared for such an unlikely scenario in which all connections with be out of order.

After rapid physical... the services have become entirely reliant on internet functioning.

A significant portion of cloud services is still operated or managed from data centres located overseas. The complexity and interdependency ‑‑ independence of these interdependence of these systems continue to grow without control, particularly with the introduction of new services. Even when services are provided from nearby data centre, much of the traffic is still route through Europe, often from countries like Germany or Ireland as well as the United States.

Disruption to all of these connections can significantly impact the daily lives of citizens. If one of the services within a service package fails, such as identification, for example, and there is no roteable connection to the... servers, many related services may cease to operate, for example, stores cannot function without banks connections, they shut down their cash registers until the connection is restored.

A service interruption lasting several days or even two weeks can have severe consequences. In modern society there's no real available alternative to the services. Ultimately submarine cable connections become an even more critical part of the infrastructure.

In summary, I would state that cable damage in the Baltic sea is caused by deliberate sabotage and large scale destruction to cable connections can have a profound impact on the daily lives of citizens. We should also prepare ourselves for the worst case scenario. To overcome such situations, it is crucial to practice a response against ‑‑ actions together in advance through exercises. Please consider the existing threat to physical infrastructure and plan comprehensively for the products and routing and management of services. Keep in mind also the regional perspective so that we can rely on these services in the time of crisis.

Thank you.

(APPLAUSE.)

JULF HELSINGIUS: Thank you Olli, or I have a big temptation to say: Sir, thank you, sir!

I hope you hang around so we can ‑‑ and Jim if you can actually hold your questions, we'll do the two next speakers and then we'll do a round of questions with all three presenters, answering the questions.

Next we have Emile from RIPE NCC looking at things from the IP perspective.

EMILE ABDEN: Yes, so quick five minutes and this is actually a very short version of a longer talk we are going to give tomorrow together with my student Joaquin in the back of the room here on how what RIPE Atlas actually saw about the specific events that were talked about earlier.

So a RIPE Atlas perspective of cable damage in the Baltic sea. So based on two things, we RIPE Labs, it's a collaborative work with Alan, Natasha, Jim and ‑‑ OK, better?

Okay, so timeline, we were going to talk about like three, these are three specific cable outages and restores we looked at in detail from the perspective of RIPE Atlas.

Much things in the media like the previous speaker said, a lot of news articles and otherwise suggesting sabotage, and there's also other voices we hear mostly from the submarine cable industry saying, yeah, but cable outages happen all the time. So ‑‑ and to maybe disappoint you, our data doesn't tell us anything, we just collect neutral data on effects.

So, this is a visualisation of the first cable outage that we saw and Joaquin will explain tomorrow in great detail what this visualisation actually shows. So latency shifts of a couple of paths with no packet loss that correlated with it. Second, C lion one on the day later, the 18th November, same thing, latency shift for some of the RIPE Atlas anchor pairs. But we didn't see any significant level shift, change shift in the packet loss levels, and so far as we saw it with RIPE Atlas, and we'll go into detail on like the possibilities and end possibilities of. So the orange nodes here or the orange points here are the places where we have RIPE Atlas anchors and they all measure in a mesh. And in these meshes, we see 30% of the path that saw latency shifts and not a lot of packet loss.

And most importantly, the packet loss that we see didn't seem to be correlated with the events happening for these cables. So in as far as we can see with RIPE Atlas, the internet routed around damage, it doesn't say there was no local effects that could be seen but the bigger picture is it worked and as a previous speaker also showed, there's a lot of cables running around the Baltic so that's probably the thing why this worked.

There's another interesting, with all of this the knowledge that we had on how to use the RIPE Atlas mesh, we went back and looked at another event that happened on /SHth March of 2024 ‑‑ the 14th March ‑‑ there was a submarine landslide off the coast of Africa so we have a RIPE Atlas anchors in South Africa and the UK, that's sort of like the physical path you would think these routes take and that what looks like. So do I have a... no, it doesn't. So

So what you see here actually and the most important thing is I am not that tall that I can point out the latency thing at the top there, so that's the most important thing here. So in the, you actually see a packet loss, that's the black line there and the scale which is really small, but I hope you can read it, it's up to 40% of packet loss whereas before the event, it was way, way way less so this actually is an event where you actually saw signs of congestion and increased latency so. Conclusions from and we'll go into some details tomorrow as well.

Internet routed around damage in this case. And what I am not talking about here, but ‑‑ is that we actually have also traceroute data and we saw multiple levels of redundancy at work there, so that's also like an important thing that there's, the layeredness of the internet really helps in ‑‑ if one thing fails, another thing can take over.

So, yeah, but it's not guaranteed, as you saw from the case of the land slides off the coast of Africa.

And yeah. I think we need to keep monitoring, measuring and better understanding how the IP layer connects to the physical layer, because there's actually quite a lot of complexity here that I have a sense that few people actually understand how like the full picture of all the way up and down the stack complete with sort of the width of where stuff is deployed and where it's not deployed.

So, that's it from me. And I hear we don't do questions now, so we'll skip this slide.

(APPLAUSE.)

JULF HELSINGIUS: Thank you Emile. And of course as we are here in Portugal, we also have to have at least touch upon the other things that can go wrong, like losing power in a massive way, so luckily we have David Belson from Cloudflare to give a little bit of input on that.

DAVID BELSON: Thank you. I apologise in advance for the brightness of this background, I didn't quite realise it was going to be up on the big screen and it would be quite so jarring.

I am David Belson. I am the product manager for Cloudflare Radar, it's a portal we make available for free that has basically data visualisations based on the dataexhaust largely from Cloudflare services. One of the things I do in that role is track internet disruption, outages, shutdowns, basically any unexpected events like that. And I definitely tracked the impact of our outages in other countries like Cuba, Puerto Rico. But in this particular case, I am perpetually online, started to see stuff on social media about Spain and Portugal, all losing power, all of a sudden discovering I couldn't get in touch with any of my Lisbon colleagues, they all fell off Google Chat. So clearly ‑‑ and I started checking the traffic graphs that we have and, okay, something is going on here. So I began to dig in and began to put together a blog post on what was going on.

So in covering the outages due to or the disruptions due to power outages in the past, I found that our traffic data, our connection quality data and routing data often gives the best pictures of the impact, what did we see happen. And to give credit where credit is due, the routing data is based on data we get from RIPE Ris and route views. I have broken it out by country, I will bounce back and forth between countries for the various metrics.

So looking at internet traffic, the impact to internet traffic in Spain, what I did was just took a look at what happened immediately. And in Spain, we saw traffic drop within the first 30 minutes, we saw it drop by two‑thirds, see that very clearly in the straight line down there. We also have as many of you may be familiar with the quad one DNS resolver, I was able to look at traffic from that as well, we saw resolver traffic fall by about 57%, a little bit over half in the first half hour. If I look at the biggest gap, in our overall traffic, that was down as much as 75%, over the previous week.

You can see in general the pattern is between weeks we tend to map fairly closely to each other.

If we dig in at a network level, you can see that very similar patterns when in terms of everything dropping. Vodaphone dropped by about half, Vodaphone is the lower left corner there, traffic dropped by about 50% right away. But in Digi, which is next to it right here, traffic dropped by about 85% right away, the other three autonomous systems were somewhere in between, and these were on radar at a country level, we showed the top five autonomous systems by using population, that's data we get from APNIC.

So looking for Spain and Portugal that way.

So in Portugal, right away traffic dropped by about 60%, and then resolver traffic fell by a little bit less than half, about 46%. But in Portugal the biggest gap there we saw was down 93% of the prior week, probably mid afternoon, early evening on UTC on April 28th.

Looking at it at a network level, one of the things I thought was really interesting when I first started investigating what was going on was that MEO Mobile, AS 4263, they were the only ones that saw traffic spike immediately, everybody else fell pretty significantly and quickly, MEO is residential, the broadband part dropped 92% almost immediately. People started saying I can still do some stuff on my phone, they flipped over to that, my understanding ‑‑ you can see it drop pretty quickly after that. My understanding from colleagues is that they actually turned off mobile data services pretty quickly in order to make sure that capacity was available for like first‑responders and folks like that.

And then the other ASNs that fell between 62 and 91% almost immediately.

We also do some quality measurements, looking at latency and bandwidth we measure around the world. So right away ‑‑ or, sorry, excuse me, over the course of the disruption, we saw the median download speeds fall by half and latency almost doubled, it grew from 22 milliseconds to about 40 milliseconds. A little more extreme in Portugal. The median download speeds fell from 14 megabits a second to as low as 15 megabits, you can see from the graph it fell fairly sharply and recovered pretty quickly as well. Similarly the median latency grew from about 20 milliseconds to a little more than double to about 50.

And then finally looking at the DNS IP address space, we get from RIPE Ris and route views, we looked at the amount of announced /24s for IPv4, that fell by about 9% overall and the amount of announced V6 fell by ultimately by about half, about 47%. However having said that, the initial IPv4 drop before it dipped was closer to 5% down and the V6 was closer to 18% down. And in digging a little bit, it looks like those two sort of massive drops were due to loss of space at Telefonica Espania. And in Portugal, they lost about 8% of the country's announced IPv4 space and 19% of the IPv6 space. And again you can see that they sort of start to fall slightly and there was more significant drops and digging in here, it it was draw to losses as across multiple ASNs, this is all data collected from the Cloudflare network. We are in 330 cities and 13,000 providers, including many of you, and have almost 400 Tbps of global capacity. So thank you.

(APPLAUSE.)

JULF HELSINGIUS: Thank you. So now feel free to... drop your laptop!

Questions, comments, opinions? And of course you guys if you want to come over, feel free and I hope we have all the online...

AUDIENCE SPEAKER: First of all, thank you for your talk.

Maynard from...

The graphs you showed recently, what I saw was that there was never a drop to zero so, have you looked into the regions that stayed connected and especially why?

DAVID BELSON: Yes, actually there's a blog post I published on this, where we actually go into the regional views on this as well, I didn't include those graphs in here for the sake of time, but I didn't look, so there definitely were some regions where we didn't see traffic fall to zero or close to zero. As far as why, I didn't dig too far but my suspicion is they were connected to the grid differently. So they weren't getting the power from the same places as other regions that were more affected.

AUDIENCE SPEAKER: Thank you.

AUDIENCE SPEAKER: ... Portuguese person in this case. One of the things that you mentioned was that you seen that cellular networks was not turning off but slowing down, right? So what operators said is they were turning off 5G because everybody was moving from the landlines to the mobile phones.

DAVID BELSON: OK, thank you.

AUDIENCE SPEAKER: Hello. My name is... from Barcelona, from Spain, living there when the black out happened. And of course not losing connection at any point because I was connected from home thanks to our generator, so the traffic didn't go down because power generators were running, with gas oil of course but they were running. And in my case that was very lucky. But I was connected through my phone and through, to my company through the network because the network was working, most of the operators were working. And from the point of view of danger at exchange, people ‑‑ not people, providers were up, the eyeballs were down. That was the point.

JIM REID: I have got a couple of naive and stupid questions for all of ‑‑ I find these presentations really fascinating.

But two questions: Why on earth are ships dropping anchors where they know cables are? Ships captains know not to drive the boats on to shallow water or where there are rocks, so why would they deliberately drop anchors in a region where they know there are physical cables on the sea bed?

And my second question is when they do that, are there any penalties? If an oil tanker spills oil, there's a penalty for that, you are fined. Were there any fines for damaging these cables?

OLLI PELTONEN: OK, thank you for those questions. First up, I must say that I am a trained naval officer, I I am basically ‑‑ have been working also as a first officer and also Commanding Officer on board a vessel and I must say that I don't see any reason for dragging, for example, 185 kilometres your anchor behind you. And so that you could do it so that you don't recognise that you are dragging anchor behind you, it's almost impossible.

If any of you have been on board maybe a passenger vessel and experienced what happens when anchor is dropped, it's actually quite violent happening when ‑‑ there's a lot of noise, and if you drag it behind you, it also affects on the steering of the vessel. It's actually something that no ship master can avoid noticing.

And so I think that the possibility that it's done by accident and no one notices, it's basically zero.

JIM REID: I am just making a cynical observation, you might remember there was an incident in the North Sea a couple of months ago, two ships crashed into each other and one of them ended up going on fire and the preliminary investigation of that turned out that neither ship had anybody watching what was going on. So maybe the ships' crews are not as confident as they should. Just an observation.

OLLI PELTONEN: And I think that it's almost impossible if you are conducting with a good seamanship habits. And the second part of the question that you asked, actually this Eagle S ship was actually seized and it was in Finland for two or three months and at the end of the day, they let it go, and I think the reason was more or less that they were uncertain if they can get more money of it or if it's going to end up in good way, so it was this kind of insurance policy, this is...

JULF HELSINGIUS: Thank you, next.

AUDIENCE SPEAKER: I don't know if you know that Cheetah was an out one month or two before Spain, we can access the same data, just to compare between the cases?

DAVID BELSON: Yes. We can select the date range and the country, you should be able to see the same thing. If not, feel free to contact me.

EMILE ABDEN: And also for RIPE Atlas, we have data for Spain and Portugal power out able, it shows in the core a lot of stuff was still functioning.

AUDIENCE SPEAKER: It was interesting to see how the physical actions like propagated in the networking but on the on car thing, wasn't it so sad that some of those ships disabled AI C as well (Wasn't it said).

OLLI PELTONEN: Yes, yes, yes. It's the way the shadow fleet operation. They take off the identification system.

RUDIGER VOLK: Kind of, as we have to assume that the dragging of anchors a couple of hundred miles is deliberate attack in some way, I wonder kind of an adversary that would actually want to do damage to the internet globally and has lots of time ‑‑ lots of peace time to prepare. Is there actually a possibility that they, such a potential adversary would place explosives or something like essentially on all of the relevant landing places, submarine of course, so that an adversary would have a chance of kind of cutting essentially all of the prepared redundancy that we operate and have put in place?

OLLI PELTONEN: Of course we can speculate on that and there is indications of this kind of intelligence done above the communications lifeline on for example Baltic Sea and as well North Sea. And of course I think it's possible. And the communication as, well as electricity, is actually quite a kind of an easy target. But on the other hand, well, we can always speculate that but I think that most important thing is to understand that this, they are part of critical infrastructure and also can be targeted.

EMILE ABDEN: Can I also maybe be more philosophical, but since we are adversaries and what not, but we all operate a single internet, as long as we faith‑share that single internet, that's hopefully would protect us as long as we keep faith‑sharing it. But maybe I am too much of a hippy.

AUDIENCE SPEAKER: I would like to apologise for your naming, we named the RIPE Atlas anchors anchors. To be fair, we did not anticipate the name collision when we named them.

My question to Cloudflare would be: Since you are serving multiple websites, or a lot of them, did you see where people went to, where were the increases of those traffic? Did anyone go ‑‑ did everybody go to Facebook or ‑‑

DAVID BELSON: That's a good question, I did not look at that. It would have been an interesting avenue of exploration I can do.

DESIREE MILOSHEVIC: I think there's good things to take away from your presentation about available capacity and what happens if there isn't that available capacity there. But also for David, you mentioned the differences for the IP address announcement fall. Can we learn something about the infrastructure because I think there's more IPv6 addresses that fell down or ‑‑

DAVID BELSON: I am sure if you, I didn't dig in in terms of what am it might say but I am sure that somebody I think with more experience in that area can probably figure out exactly what happened and where and I think you could get a better perspective on that.

DESIREE MILOSHEVIC: Thank you.

JULF HELSINGIUS: OK, I think we can wrap up now and move on so Desiree, if you want to take over again, I just want to thank our three panelists, this was a very, very interesting and ‑‑ how should I put it? Maybe not the most conducive to a good night's sleep. Thank you.

(APPLAUSE.)

DESIREE MILOSHEVIC: So our next set of speakers, or speaker, are Mr Ruediger Martin and Goran Milenkovic. They will do a joint presentation about Commission's latest internet development standards platform so ‑‑ standards deployment. So please come on stage, thank you.

RUEDIGER MARTIN: : OK. Good afternoon. My name is Ruediger Martin and I am here with my colleague Goran today. We are both from the European Commission, from different departments though. I am coming from the Director of Channel Content Communications Networks, Content and Technologies, a Director Channel in charge of several digital policies. And Goran is coming from our joint research centre, so if you want, so in‑house scientific research centre. But most importantly we are both European Commission.

And I am talking to you today on a multistakeholder forum on internet standards deployment, it's not about developing standards, it's really about deploying standards which are vitally accepted and available.

And what we are presenting today is a draft concept, so that basically means that this is not final, things can still change but it reflects our current thinking and that of course also means that there is room for feedback and we are also listening to feedback from the stakeholder community.

So my task given from which angle of the European Commission I come from is the regulatory background to give you an introduction into this and don't worry, I don't want to lose you here, I am very quickly zooming from a high‑level perspective in what we are really talking about and in last October; there was the so‑called Commission implementing regulation which has been adopted by the European Commission, it's always referred to as the NIS2 implementing act.

And this relates then of course to the so‑called network and information security 2 directive, NIS2 and what it does. It lays down rules for this NIS2 application and in what respect does it lay down rules for technical methlogical requirements of cyber security risk management measures.

So what does this mean.

It addresses the certain list of addresses like DNS service providers, TLD name registries, cloud computing supplieders, data centre supplieders, managed security service providers e prideers of online market places and search engines and social meet /KWR‑RBG service platforms and trust service providers, some of you here might be directly impacted by this, others might not be but it's very relevant also for all of you because I think everybody in the room has significant competence what we are talking here about. On what we are talking here about.

OK. So regarding the requirements. This implementing act has an annex and there are these technical and modlogical requirements referred to, security in network and information systems acquisition development and maintenance and now I am getting more tangible, point 6.7 talks about network security. And here 6.7.1 talks about a set of requirements that have been to be fulfilled by by the entities addressed by this legislation and these are:

Point J, adopt an implementation plan for the full transition towards latest generation network layer communication protocols in a secure appropriate and gradual way and establish measures to accelerate such transition.

So this somehow relates to IPv6.

Then measure K: Adopt an implementation plan for the deployment of internationally agreed and interoperable modern email communication standards to secure email communications to mitigate vulnerabilities linked to email related threats and establish measures to accelerate such deployment.

So this is about email security and also to increase this security past. And last but not least apply best practices for the security of the DNS and for internet routing security and routing hygiene of all traffic originating from and destined to the network.

Now there is, of course, a vast amount of existing knowledge of existing work done on these subjects and but this is not known to everybody and it also brings long challenges for the entities who have to fill fulfil these requirements and the question is also how exactly, what timelines, so what are the best available standards and what are the best deployment techniques to address all of that.

And in order to respect the multistakeholder environment and also to give support to entities which do not have maybe the resources as such to dig out all this information by themselves, the Commission set out or the legislature set out here to establish a multistakeholder forum ‑‑ multistakeholder, very important here, that's why it's relevant for all of us ‑‑ which would identify the best available standards and deployment techniques which help to fulfil these requirements. This, of course, wouldn't mean that this is the only way to fulfil something like that and that you have to do it like this but there's of course is a help and a support and also of course if there's a requirement and somebody has to assess how things work, this is kind of a state of the art which can be compared to what is actually done.

I will stop here with these aspects because I think now if my colleague takes over and gives you an insight into the draft concept, I think it will be clearer what this is all about and everything else we can still clarify in questions.

GORAN MILENKOVIC: Good afternoon, my name is Goran. As Ruediger said, I work for the European Commission for the JFC joint research centre, it's a department of the Commission that works in different locations. The location I work is in northwest of Italy, in Lago Maggiore. There's all kind of research happening there. What we focusing on our work is digital cyber technology and cyber security and when Ruediger gave the introduction of what actually is, what and why is this forum, I am going to say just a few words about where we are in this and how we plan to make this happen, because we in this other part of the Commission basically have a task to make this happen, to implement it.

So a little bit about objectives already. The main objective of this forum is to come up eventually with a guidance for relevant entities, relevant entities, remember those that are highlighted in the first slides, those guys who have to implement this, who have legal obligation to implement this requirements so to come up with a joint effort, with a guidance that can help them implement this if you want in in a simplest term by identifying best available standards where it's not clear. In some of these areas it would be pretty clear what standards we are talking about.

Identify best practices. Discuss and come up with reasonable guidance on deployment techniques because that's ‑‑ that might be challenging as we all know. And guidance on optimal timeframes, what is realistic, what are the realistic timeframes for implementation under each of these categories that Ruediger has mentioned.

We do hope that in addition to this main objective, all of the ‑‑ all initiatives we have, a little bit of what we mentioned here, a broader value, understand it as you wish, what broader value is, but the main point is not to only do it because it's regulatory obligation, but maybe we could all contribute through this forum, maybe it could be one additional way how we could all exchange technical expertise and finally move closer to a more secure and more robust internet infrastructure. Some of these that many of you are working and dedicated your careers to do that, maybe this could also have that benefit.

So I am not going to read the list of tasks, it's pretty self‑explanatory how you would imagine all kinds of individual things that this forum would have to undertake in order to at the end come up with outputs. And outputs ‑‑ I mean you want to say like in boring Brussels bureaucratic way, around four documents, but basically this should be four guidelines for each of these areas that should be ideally one‑stop shops for those and it is who need to implement that and would guide them through the best ways how to implement it.

Now, this forum ‑‑ all this is very preliminary, we are reaching out to communities, and this event is one of those attempts to reach out to you. So I am going to tell you a little bit, who do we see potentially wanting to join ‑‑ clearly this is optional ‑‑ wanting to join the ‑‑ or could contribute to the work of the forum. I listed here multiple communities, associations, organisations, clearly you recognise many of them or you can identify with one or more of them. By no means this is conclusive list, and by no means we already adjusted this, if we don't have a buy‑in or a formal acceptance from any of these communities. But we do hope that once the call is published, and I will tell you about that in a second, that these are the stakeholders that would like to join and to provide their expertise.

How do we plan to structure this forum? We are planning to establish four different work streams, one for each of these areas that are identified by the legal actor that Ruediger has mentioned. Each work stream to be chaired by chairs nominated by the Commission. And we envisage there will be a small technical editorial group holding the pen and actually doing drafting of the documents which would then be discussed at a work‑stream level.

Not at the top in the sense of governing, but we also envisage to have a co‑ordination group seeing it as a Chairs and co‑chairs meetings, just to align and make sure that there is no big gaps in the way how things go in the individual work streams.

Methods of working. As you could imagine, plenary meetings, work‑stream meetings, we are going to provide co‑ordination platforms, the usuals that you would imagine in terms of logistics, support, so that this could actually work.

When it comes to meetings, we plan that this work stream, we anticipate there will be experts and there will be members who would span across multiple work streams so we will also account for that and to Finnish with a little bit of where we are and where we are going because time is also running out, so this is the rough indicative time plan, I'm not going to read through all the activities, just highlight the milestones.

So three important milestones.

First when the forum is established, we hope by the end of this ‑‑ by the end of quarter 3, so in autumn that we have the kick‑off meeting kicked off and that the whole thing starts.

And then the second milestone we hope to have drafts, first drafts, the end of the subsequent year.

And if everything goes well, after consultations and any improvements, to have final version by the end of quarter 2, 2027.

Now there should be one slide which is for some mysterious reason is missing from here, this is what the next steps are but I will just conclude with that.

So we are now in the phase of conceptualisation, reaching out to communities establishing and promoting this idea. What will happen next is we are also working on actual terms of reference, what we expect to happen next hopefully soon, think about in a month's time, we hope to actually publish the call for participation, then we will reach out formally to you so to say. So when that happens, just to keep in your mind hopefully this helps you to understand what this is.

And if everything goes well in September, we hope to have first kick‑off meeting which will be held in Brussels in the European Commission headquarters. Again, this is all preliminary, but I will stop talking here because I see time runs out and I think we are ready to take questions. Thank you.

(APPLAUSE.)


AUDIENCE SPEAKER: So thank you, I am... and I have so many comments and so many questions.

The first one is that this it looks like not invented here ‑‑ I mean, I don't need another forum to go to to discuss standards and what not, I already have a good number on my list. I travel for more than one hundred days per year, to go to conferences and meetings regarding this. The standards are already there in place, there's also so much documentation, why don't you ride on the existing structures for this because they are already there in place go look for them please, we are happy to work with you on that.

Also the internet is not European Union. The internet is international. Some of us who operate internationally infrastructure, we work worldwide. If we start to see requirements from the European Union on the operations we have, that will immediately give other parts of the world the same right to both requirements on our international infrastructure and we will have competing requirements from different parts of the world which we'll be unable to fulfil.

And also will you pay the costs for making these implementations? Thank you.

DESIREE MILOSHEVIC: We need to cut the queue to just get quick to your points and I will ask when would you like to respond, to take all the questions and respond or ‑‑ yeah, maybe so just we'll listen to you and we need to hurry up because of the next speaker.

AUDIENCE SPEAKER: I am going to repeat his point but there already is a multistakeholder process, why don't you join? Why do you expect everybody else to join your multistakeholder process? Thank you.

AUDIENCE SPEAKER: Hello. We are... MANRS community now and we are meeting next week, so expect a message from me, I would like to ‑‑ I think it would be a good, if you are open and available, it's a bit of a short time notice but I will forward your message there, I have your email, if you want the MANRS community to be part of this, it's a good opportunity to present this. Thank you.



AUDIENCE SPEAKER: Perhaps more positive initiatives that encourage adoption of standards are good, if I look across the EU, levels of adoption are quite low in places for some standards, there's certainly room for improvement. But sort of my comment though for this community more so than for you guys is a lot of those standards are being developed mainly by software developers because there's very few people in this ecosystem that are represented in the standards fora, for example the IETF, so we can be ‑‑ if there's a greater push to do implementation, it will be fantastic to have more people at the operational end of the ecosystem to be involved in the standards development so we get better standards and you can then focus to ensure they are deployed. Thank you.

MARTIN RUEDIGER: Where to start and where to end.

First maybe let me say, yes, that's what we said, there are several bodies which are working on these different topics. But let's keep in mind that there's one important thing or the elephant in the room that precisely we have a lot of stakeholders who do not have the capacity to look around all over and who are depending on really comprehensive guidelines and then of course depending on the individual topics, the work might be simply referencing a whole set of already existing things, it might be referencing several other things which might be partly contradicting. And bringing them together and really help stakeholders who need to move ahead on all these aspects, to understand how they are supposed to do this. So I think you should not take our perspective of going to all these different meetings, but you should take the perspective of also stakeholders who need this guidance and who also do not have the capacity to put everything together since after all, I think we all do agree that there is a problem which we have seen over many, many, many years with deployment of certain cyber security relevant things and where not much is moving ahead than.

Then on to the topic of regulation or not regulation, I trust would really like to point to the text and simply say, for instance, it asks for implementation plan, so this doesn't regulate specifically, you have to do this and this and this, but it really asks to think about it and to get started as a requirement. And also again it is precisely multistakeholder because we are in a multistakeholder environment where indeed legislators should not go ahead and just impose precisely what is supposed to be done.

And then on the request of also presenting somewhere else at MANRS I think, yes, with pleasure, just get in contact with us and we can see what we can do.

And yeah, I think that was it.

GORAN MILENKOVIC: Very quickly, 30 seconds, just first thank you for all the questions, positive, negative comments, I invite you to write to us with all other further questions, including criticism, we are in the conceptisation and this will help us, including critical views. And finally on European versus non‑European, the broader value of ‑‑ broader nature of internet, if we could make this that Europe leads here, I want to consider myself as a true European, I would be very happy that Europe leads into making the internet more secure. Thank you.

(APPLAUSE.)

DESIREE MILOSHEVIC: Thank you very much.

You already gave a huge round of applause to Ruediger and Martin, and last but not least it's Chafic giving you an incite into RIPE NCC Middle East activities.

CHAFIE CHAYA: Good afternoon, I saw that we are running out of time so I will do my best. My name is Chafic Chaya, I am working for RIPE NCC at the regional office in Dubai, I am handling the public policy and govern affairs, so I try to share with you today some of our engagements and why we should have extra effort with governments and the impact of these engagements.

Zoom in to the Middle East countries in the RIPE NCC services, what we see in green is not one uniform geographic area. What we have there is a mosaic ofr governance models, economic scales, digital divides and escalating geopolitics. So RIPE NCC serves more than 75 countries in many regions including 11 countries in the Middle East, eleven Arab countries in the Middle East. What we should take into consideration is that while the internet governance in the western European countries are community driven, up, bottom. The internet governance in the Middle East region is government driven, bottom up. And that makes our engagement very challenging and it's more than technical expertise or capacity building; we need to collaborate to build relation with these governments and to have more presence there.

This slide shows our membership and here the categorisation you will say that it's normal categorisation, you have academic, you have banking, you have financial, the telecommunication operators, we have the ISPs and the list goes on. So what's the difference?

The difference that whenever we engage with these members, the governments are behind the scene.

What does that mean? That means that the majority of the governments in the region are funders, stakeholders, co‑owners and sometimes owners of the ISPs and mobile operators. So dealing with a member that means engaging with government influence and insight.

Let's see how our engagement was translated to impactful outcome.

Before I start just I want to emphasise that all our engagement are aligned with the RIPE NCC strategic objectives. I think Hans Petter went through it on Monday.

So what we are increasing the knowledge through the capacity ‑‑ whether we are working and foster our collaboration with members and governments, or whether we are ensurely the resilience of the internet or promoting ourselves as... all these engagements are designed and aligned with RIPE NCC standards.

This slide answers the question where, who and why. So we can see we have eleven countries but the difficult of that, these countries are subdivided into three sub groups, first group what you call the Gulf countries, we have UAE, Saudi Arabia, Bahrain, Qatar and Kuwait, these countries are well advanced in tech technology and digital transformation.

We have the second subgroup of countries, we have Lebanon, Iraq and we have Jordan. So these countries, we have the infrastructure but they are still in their journey to digital transformation and still struggling to reach the gulf countries.

And the last subgroup is the countries like Palestine, Yemen and Syria, these countries are facing challenges and we cannot reach them face to face.

What we are, what is our work, what is our engagement there, so we engage with all of the stakeholders group, governments, private sector, academic and civil society. We are contributing to the work for the at regional level, for the Arab state, with the regional and global organisations.

My engagements from meetings, capacity building, government round tables, so I will not go through the list.

But one of the most impactful engagements for us is the government round table. My colleague Hisham yesterday mentioned we have three government round tables in the service region, one in the Middle East one, what differentiates this round table, that this round table is always hosted by a regulator or policy maker. All our discussions are set and organised behind the closed doors. We can listen to the government concerns and we share the updates and positions of RIPE NCC on the different topics.

Where he started in Bahrain, we continue and last year was in December we were in Jordan in Amman.

All these engagements, the successful engagements, led to some MOUs, these MOUs formalise our engagements with government. Here we have two, one signed in 2017 with UAE regulator alongside the RIPE 75 and the other one was signed in 2019 with the Saudi regulator and it was signed online continuing our engagements especially in that challenging times.

Our efforts were not only recognised at a technical level; it was recognised at the highest political level in the Arab world. What we see here, we have a resolution in 2021 from the Arab ICT Minister's councils which is the highest authority there where they pushed for working with RIPE NCC and deploying the V6 and RPKI and lately this year in January, we have another resolution that was adopted at the Arab state this resolution was for implementing the measurement tools from RIPE NCC in the region.

To keep our members and community informed, we publish frequently some reports, and what's nice in this, that we translate these reports into Arabic so we can eliminate the language barriers.

Last year we reached a new milestone, the first time ever a technical community organised or co‑organised a session at the highest level at IGF with a government. So the RIPE NCC co‑organised a session with the Saudi regulator on IPv6 showing that governments and technical community can work hands on hand in a multistakeholder approach. And by the way, we contributed to another seven or eight workshops during the IGF last year.

To wrap up quickly, so the key message here is that our engagement in the region went far beyond capacity building and discussions and dialogue, we are delivering now results.

An example, if you look at the chart, the sharp spike in the RPKI deployment for Saudi, UAE and Syria wasn't ‑‑ didn't come from vacuum, it wasn't a coincidence, this happens when we had did three days face‑to‑face training, hosted by the regulators to achieve this result.

And once again, our engagement and achievement didn't stay at the technical level, we can see that at the internet governance and public... level, there is a big shift in the Arab countries' position. This is an example of where Saudi Arabia, Tunisia and UAE contributed last month to the WSIS /20 consultation where they openly endorsed the multistakeholder approach.

Final word that the all these engagements and achievements wasn't came from vacuum, this was an outcome of years of hard work and dedication of my colleagues, Hisham and Sandra, and the continuous support of the management team and colleagues in Amsterdam. Thank you.

(APPLAUSE.)

I did it, eight minutes any questions? Thank you.

DESIREE MILOSHEVIC: If there are no questions... we thank you everybody for your patience in running a little bit over the agenda. Thank you again and see you online and speak to you again.

(APPLAUSE.)