When the .POST Group (DPG) was launched back in 2012, partnerships were at the heart of its business model.
The group set out to work closely with stakeholders from the public and private sector and with academia to ensure postal operators had access to the tools and procedures needed to keep them safe in a world where digital transformation was gaining pace, and fast.
Nearly 10 years on, the group has worked with 10 private sector companies to collaborate on innovative secure digital services. “.POST is the UPU-led postal industry cybersecurity initiative,” says Paul Donohoe, Manager of the UPU’s Digital Economy and Trade Programme and DPG Secretary.
“It is based on the safe and secure .POST top-level domain, which is the result of an agreement between the UPU and ICANN (Internet Corporation for Assigned Names and Numbers). .POST provides posts with security protection on the internet for things like hijacking, phishing, and spoofing. Private sector partners have become a really critical element of the DPG’s success.”
The .POST initiative was initially created and supported by some of the leading industrialized countries, including France, Sweden, Canada, and Australia, who were driving the need for posts to prepare themselves for the digital economy in the 2000s. The DPG was established in 2012 thanks to funding from Italy, Malaysia, and Morocco to oversee its growth. Today, 37 countries and two private sector members support the project financially from across the globe.
The DPG is governed by a seven-member governance board within the UPU, which is led by Massimiliano Aschi from Italy with Oussama Rouatbi from Tunisia as Vice-Chair. The other elected representatives are from the US, China, Nigeria, Namibia, and Turkey.
“All of the regions of the world are covered in this board and guiding DPG’s development,” adds Donohoe. “The 37 member countries composing the DPG General Assembly meet every six months to decide on what the future holds for the initiative.”
Alongside the .POST domain names registration services, the DPG provides its members with postal sector policies on cybersecurity, technical assistance for digital capacity building, training courses on cybersecurity, and IT tools to implement those policies.
“The UPU has an approved cybersecurity policy for email, for example, which includes recommendations on how posts can protect themselves against things like phishing and spam using .POST,” Donohoe explains.
New Congress proposals
According to Donohoe, cybersecurity has become even more important due to Covid-19. “The global pandemic has accelerated digital transformation,” he says. “More and more customers now want access to digital channels for services and as a result we have seen an increased interest from posts in the .POST initiative. Cybersecurity has also been thrust into the spotlight as a number of bad actors have taken advantage of any online vulnerabilities.”
At the 27th Universal Postal Congress in Abidjan, the importance of the cybersecurity element of DPG was reinforced. “With this in mind, two new proposals were adopted,” explains Donohoe. “One was for new IT support services and the other for increasing innovation and business development.”
The latter is where partnerships will become very beneficial, notes Donohoe. “We are, for example, working with the Global Cyber Alliance to give our members access to new cyber security tools, services and training programs,” he explains. “We also have a number of startups who have recently joined the DPG and they are collaborating with DPG members to explore implementation of cutting edge new technologies by the posts, such as STAMPSDAQ’s blockchain-based digital marketplace to host, trade and track crypto-stamps, and Ship2myID’s digital addressing and digital marketing platform, which will utilize the security features of .POST.”
Speaking about the crypto-stamps initiative, Andrii Shapovalov, CEO of STAMPSDAQ and Associate Member of the DPG since November 2020, says, “We hope to build a NFT [non-fungible token] philately blockchain ecosystem, which would create a common global marketplace for all postal operators to issue postage stamps in NFT format. Currently, we are in the process of discussions to find the right formula to have an operation agreement with the UPU to open up the collective benefit for the bureau and all its members.”
The STAMPSDAQ marketplace is currently in a ready-to-launch stage. The team is fine-tuning all the elements of the blockchain and marketplace infrastructure on a testnet and will be migrating to the mainnet by the end of October. “In January 2021 we signed our first exclusive license agreement with La Poste de Côte d’Ivoire, which gave us the grounds to start the production of the blockchain and marketplace,” Shapovalov explains. “The launch of sales on STAMPSDAQ marketplace is expected to commence in December 2021.”
According to Shapovalov, the postal sector’s cooperation with private sector companies brings flexibility and speed-to-market. “Private players are willing to invest immediately in bringing to life the ideas to develop and transform the postal industry to its new heights,” he adds. “All they need in return is the willingness of posts to engage in discovering these new offers and for them to be brave and test them. We intend to develop our cooperation with UPU in the coming years and increase our efforts to create one common NFT philately ecosystem.”
Looking at the key benefits the STAMPSDAQ/DPG partnership will bring to UPU members, Shapovalov adds, “By partnering with STAMPSDAQ, UPU member countries have the possibility to establish themselves successfully on the extremely fast growing NFT market and to monetize their existing philatelic collections. In addition, our business model, which is focused on collector engagement and entertainment, serves as a unique marketing opportunity to promote the countries’ values to the global NFT collector community via common NFT philately platform.”
As DPG approaches its 10-year anniversary, the board is looking to build even more capabilities into the group’s offering. “We will soon be releasing a new compliance self-assessment tool, for example, so members can assess their level of compliance with UPU cybersecurity policies,” explains Donohoe. “Members can use this tool for all their domains – not just their .POST ones. We hope, however, that the tool will show them the security benefit of using .POST domains.
“The other area we will be looking at is building a partnership to help posts develop new secure identity services,” he adds. “This is a very important issue currently and posts have a key role here, especially if they want to be successful in offering government services.”
“We will explore this issue with private sector partnerships, and we are also planning to launch a hackathon to encourage collaborative problem solving between the private, public, and academic sectors. This will be part of our aim to continue to accelerate digital transformation in a safe and secure way.”