Use or explain
The standards referred to above have been on the Standardisation Forum's use-or-explain list for some years. The list is intended to promote use of the relevant standards by government bodies (and hopefully more generally). Although progress is being made at the national government level, there is insufficient awareness, particularly within lower tiers of government (municipalities), of the importance of new, open standards and the requirement to adopt them.
Between the presentations, knowledge session participants had the opportunity to talk and exchange experiences. It was striking that almost everyone had been confronted by problems such as phishing mail purporting to come from them. A number of municipalities had therefore started looking into the use of SPF, DKIM and DMARC to enhance security. Additional knowledge and arguments in favour of the standards added momentum to that development.
Explain (to the press)
One recurring theme was how effective the use-or-explain list was as a means of enforcing adoption and what sanctions the government could impose if the standards weren't adopted. Although enforcement regulations are increasingly commonplace in this field, adoption remains largely dependent on persuasion, the Standardisation Forum's representative said. Or, as one participant correctly pointed out, 'if something goes wrong and you have been dragging your heels on the adoption of security standards, you will at least have some explaining to do to the media.'
With a good number of participants from a variety of backgrounds, and plenty of interaction, the event can certainly be regarded as a success.
Would you like to know whether your internet connection, website and e-mail comply with modern internet standards? Test your set-up on https://internet.nl/ and make sure that you're up to date!