2016 IGF Best Practice Forum (BPF) Cybersecurity: ‘Building Confidence and Security in the use of Information and Communications Technologies (ICTs) through Enhanced Cooperation and Collaboration’
Substantive Session
IGF Day 3: Thursday, 8 December 2016, 9:00 - 10:30am - WS Room #9
Title and Date/Length of the Session:
2016 IGF Best Practice Forum (BPF) Cybersecurity: ‘Building Confidence and Security in the use of Information and Communications Technologies (ICTs) through Enhanced Cooperation and Collaboration’
IGF Day 3: Thursday, 8 December 2016, 09:00 - 10:30am (90 Minutes)
Brief Description/Objective:
The ongoing work and draft output of the 2016 IGF Best Practice Forum on Cybersecurity emerged based on the general consensus from the community that the BPF might most benefit from addressing cooperation and collaboration between stakeholder groups as a topic.There was agreement that the community would benefit from having a multistakeholder discussion, including each of the major IGF stakeholder groups, on how to engage and communicate with each other on cybersecurity issues and that this work was uniquely fit for an IGF BPF. There was also agreement that the BPF for 2016 should not be seen in isolation, but should rather be seen in a long-term perspective and that capacity building would be an integral component for the work.
This session will present the draft output paper and provide the broader community with an overview of the work that the BPF has carried out over the past 6 months since the BPF was formally initiated in May of 2016. The session will also invite all contributors to the BPF to present and discuss their views on the subject matter and to comment on the contributions of others as reflected in the output. Finally, the discussion will aim to find a way forward for the work of the BPF cybersecurity.
During the meeting, we'll cover the work done so far and comments provided in the review platform.
Next, we'll have about one hour of discussion on the topic. Each of the speakers will have a few minutes to make a short opening statement. After that, we'll roughly try to cover the following areas, and any others raised by attendees or speakers:
- Definition: We identified that Cybersecurity has different meaning to different stakeholder groups. Do you believe we need a universal definition, perhaps some type of document that covers areas, roles and responsibilities? Or is the lack of formal and agreed-upon definition an opportunity for ongoing conversation and improving each other's understanding of the space?
- Situational awareness: One of the areas which was touched in the initial definition of work for the BPF was that of "situational awareness", a "knowing and influencing of risks and applied mitigations".
One interesting example raised in the contributions was that of Nigeria, where Whatsapp was used to rapidly disseminate cybersecurity related news across a community of influencers. How do we see this working at an international level? Should each community share amongst themselves, or is there room for a multi-stakeholder body that aids in generating this level of awareness? Would it help address some of the communications issues we've identified around what it is that "cybersecurity" really means?
- Inclusive spaces of engagement: Several contributors referred to a study by the Freedom Online Coalition, which showed that most cybersecurity policy making spaces are not open to civil society. What are some concrete steps these bodies could take to become more inclusive to other stakeholder groups? Do you believe there are reasons why these spaces are more closed, and what could we expect if they were more open?
- Unnecessary contradiction: several contributors raised that there is a perceived gap between privacy and cyber security, while other indicators show that there is mutual reinforcement. This leads to the hotly contested debate spaces around encryption and anonymity. What is our way out?
- Tech vs Diplomacy: Quite often there appears to be a lack of engagement between the technical community and policy makers. At times it can even be dismissive of each other's contribution -- to engineers, code is often law. To policy makers, law helps define what the code should do or look like. A key outcome of the BPF is that stakeholders must understand, respect and trust each other's expertise and competences. When the issues are that basic and black and white, what can be done to meet these goals?
- Outcomes and next steps: As an outcome this year, we have a set of 10 guiding statements, which may be augmented after this meeting. Should this BPF take a proactive role in defining and implementing solutions for these problems in the future, or can we come up with a concrete set of actions for each stakeholder community, or perhaps even an owner to tackle some of these hard issues?
Agenda:
- Introduce the BPF/Overview of the work and introduce draft output (15 minutes)
- Presentation of BPF work/output (15 mins)
- Interactive discussion with panelists, discussants and other contributors to the work of the BPF on the draft output and way forward for the BPF (1 hour)
Chair(s) and/or Moderator(s) and Speakers/Discussants:
-
Markus Kummer, Coordinator for 2016 IGF BPF Cybersecurity (Chair)
-
Segun Olugbile, Co-Coordinator for 2016 IGF BPF Cybersecurity
-
Maarten Van Horenbeeck, Fastly, FIRST (Moderator)
Panel:
- Richard Leaning, RIPE NCC (Speaker)
- Isabel Skierka, Digital Society Institute (DSI) (Speaker)
-
Kerry-Ann Barrett and Barbara Marchiori, Organization of American States (OAS) (Speakers)
- Grace Githaiga, KICTANet (Speaker)
- Matthew Shears, Freedom Online Coalition (FOC) (Speaker)
-
Hiroshi Esaki, Graduate School of Information Science and Technology, The University of Tokyo (Speaker)
