Development of Cyber capacities in emerging economies | IGF 2023 Open Forum #6

9 Oct 2023 06:15h - 07:15h UTC

Event report

Speakers and Moderators

Speakers:
  • Christopher Painter, GFCE Director – United States of America (on site)
  • José Cepeda, Senator – Government of Spain – Europe (on site)
  • Sandy Palma, Honduras Cibersegura – Civil Society (remote)
  • Cláudio Lucena, Universidad Estadual de Paraíba- Academy – Brasil – (on site)
  • Mark Datysgeld, GNSO Council Member – Brasil – (on site)
Moderators:
  • Olga Cavalli, Argentina National Cybersecurity Director – Government – Latin America and the Caribbean (on site)
  • Raitme Citterio, South School on Internet Governance – Academia

Table of contents

Disclaimer: This is not an official record of the IGF session. The DiploAI system automatically generates these resources from the audiovisual recording. Resources are presented in their original format, as provided by the AI (e.g. including any spelling mistakes). The accuracy of these resources cannot be guaranteed. The official record of the session can be found on the IGF's official website.

Knowledge Graph of Debate

Session report

Audience

During the discussion, several crucial topics were brought up, including digital diplomacy, cyber diplomacy, cyber capacity building, digital education, administrative risk, cyber security, DNS, OTT, CEO awareness, investment in cybersecurity tools in developing countries, AI in cyber intelligence, cyber certification, and cybersecurity education.

One of the main points emphasized was the need to differentiate between digital diplomacy and cyber diplomacy. A curious audience member posed the question to the speaker, highlighting the audience’s interest in understanding the distinction between these two terms.

Another key point was the importance of cyber capacity building in achieving broader development goals. It was argued that cyberspace is an integral part of a country’s development, and investment in securing cyberspace significantly affects the success rate of other policy initiatives. Academia and policymakers have stressed the need to integrate cyber capacity building and development policies.

The significant contribution of digital education in dealing with cyberspace issues and developing cybernetics was also highlighted. Digital education involves utilizing the internet critically and reflectively, and it was argued that long-term digital education can prepare a society for life in a cybernetic context.

The critical role of cyber security in economic development was another focal point of the discussion. Evidence from a research program sponsored by UNECA demonstrated that an increase in cyber security maturity could lead to a substantial increase in GDP per capita. The research incorporated data from Africa, Asia, and Latin America, providing a broader perspective on the impact of cyber security on economic growth.

The need for leadership and policymakers to recognize the connection between cyber security and economic development was emphasized. The results of the research program sponsored by UNECA were seen as a persuasive tool for promoting this understanding among decision-makers.

Concerns regarding the affordability and sustainability of investing in cybersecurity tools in developing countries were also raised. A concerned individual highlighted the challenges of providing affordable and sustainable cybersecurity solutions in countries with limited resources.

The discussion also touched on the challenges of balancing the use of AI in cyber intelligence and preventing its malicious misuse. It was noted that AI can be a powerful tool for cyber intelligence, but precautions must be taken to avoid its misuse for malicious purposes.

The deficit of cyber security experts and the expensive nature of cyber certification were also mentioned. It was argued that cyber certification is an expensive process, and there is a scarcity of skilled cyber security professionals, highlighting the need for more investment in cybersecurity education.

In terms of cybersecurity education, the level of education required was brought into question. The audience member wanted to know whether cybersecurity education should be basic or advanced, underscoring the importance of understanding the appropriate level of training needed in this field.

Overall, the discussion covered a wide range of topics related to digital diplomacy, cyber diplomacy, cyber capacity building, digital education, administrative risk, cyber security, DNS, OTT, CEO awareness, investment in cybersecurity tools in developing countries, AI in cyber intelligence, cyber certification, and cybersecurity education. The arguments and evidence presented shed light on the critical role these areas play in today’s digital world.

Sandy Palma

Central America is facing significant challenges in the field of cybersecurity. The region is underdeveloped in terms of cybersecurity, with a shortage of trained professionals in the field and limited availability of universities offering education in cybersecurity. This lack of expertise and education contributes to the vulnerability of Central America’s digital infrastructure.

One key issue is the underreporting of cybersecurity attacks in the region. Due to the absence of policies and laws around cybersecurity and the non-disclosure of cyber attacks, incidents often go unreported. It is only when individuals are personally affected and voice their experiences on social media that the wider public becomes aware of these violations. The low reporting rate hinders efforts to effectively address and mitigate cyber threats.

The exponential growth of cyberattacks in Central America has necessitated resilience in all sectors. The switch to virtualization as a response to the pandemic has made several academic centres, from preschools to high schools, victims of cyberattacks. To combat these threats, schools and universities have had to implement internal policies, rules, and protocols. This demonstrates the urgent need for increased resilience and cybersecurity measures in the region.

Another concern is the lack of participation from government authorities in platforms like the Internet Governance Forum (IGF). Over the past five years, only one decision-maker or government representative from Central America has taken part in the IGF. This lack of participation hampers the region’s ability to shape policies and strategies related to cybersecurity on a global scale.

Creating awareness through education and training is seen as essential in addressing cybersecurity issues. It is suggested that cybersecurity should be included in the curriculum, covering areas such as laws and computer rights. This would help to equip individuals with the necessary knowledge and skills to protect themselves and contribute to cybersecurity efforts. Furthermore, policymakers, who are mainly government authorities, should prioritize cybersecurity education within the region.

In conclusion, Central America faces significant challenges in cybersecurity. The region has a shortage of trained professionals and limited educational opportunities in the field, leading to vulnerabilities in its digital infrastructure. Cybersecurity attacks often go unreported due to the lack of policies and public awareness. The region must focus on building resilience and increasing participation in platforms like the IGF. Creating awareness through education and training is crucial in combating cybersecurity threats. By including cybersecurity in the educational curriculum and prioritising it as a policy agenda, Central America can address these challenges and enhance its cybersecurity capabilities.

Cláudio Lucena

Universities have faced criticism for their slow integration of cybersecurity into their formal curricula, resulting in a shortage of cybersecurity professionals. This has become a pressing issue as the scale and nature of cybersecurity threats have evolved with the increasing reliance on online activities. Traditional approaches to education may no longer be adequate to address the demand for skilled professionals in the field.

Furthermore, the importance of cybersecurity extends beyond just technical expertise. It is essential for universities, particularly those in the Global South, to play a significant role in promoting cybersecurity awareness. By understanding the importance of the digital ecosystem and cybersecurity, universities can adapt their curricula accordingly. Public universities in the Global South have the potential to effectively reach out and raise awareness about cybersecurity among their communities.

In addressing the digital transformation, it is crucial to consider the elderly population, who are often neglected in cybersecurity initiatives. Elderly individuals may lack the instinctive ability to navigate online activities safely and protect themselves from threats. However, initiatives like the UAMA program implemented by Paraíba State University in Brazil have shown promise in educating elderly people about cybersecurity. The results of the program’s first semester demonstrated a significant increase in awareness and participants’ ability to protect themselves online.

On the other hand, allowing elderly individuals to manage their own digital transformation without proper guidance can have negative consequences. It highlights the importance of providing targeted education and resources to ensure that the elderly are equipped with the necessary skills to navigate the online world safely.

Overall, academia in the Global South has tremendous potential for community engagement in cybersecurity awareness. Universities such as Paraíba State University have harnessed this power by implementing programs like UAMA. By actively engaging with communities, universities can contribute to reducing the cybersecurity skills gap and promoting a safer digital ecosystem.

In conclusion, universities need to restructure their cybersecurity education to keep pace with the evolving threat landscape. The integration of cybersecurity into formal curricula, especially in the Global South, is vital in creating awareness and bridging the skills gap. Additionally, targeted programs that focus on educating the elderly about cybersecurity are essential to ensure that everyone can participate safely in the digital transformation. To maximize their impact, universities in the Global South should leverage their potential for community engagement and work towards building a more secure online environment.

Christopher Painter

Capacity building in cybersecurity is highlighted as crucial for combatting threats and driving economic growth. It enables countries to navigate the challenges of digitisation and the digital economy effectively. The COVID-19 pandemic has further emphasized the reliance on technology, leading to the recognition of the necessity for robust cybersecurity measures.

Political buy-in is seen as essential for the long-term sustainability of cybersecurity objectives. Without political support, capacity-building efforts in cybersecurity would not be sustainable. Capacity building should be integrated into a country’s economic priorities to ensure commitment and success.

Cybersecurity has a tangible impact on creating trustworthy systems and facilitating economic success. Progress has been made in several countries in establishing reliable systems to counter various threats, demonstrating the positive potential of cybersecurity in enhancing economic growth.

The integration of cybersecurity into political and economic priorities is crucial, as it is not solely a technical issue but also a geopolitical and economic concern. Handling cybersecurity issues is compared to nuclear matters, underscoring its multifaceted nature and broader implications.

Efforts are being made to improve policymakers’ understanding of cybersecurity to address the evolving cyber threat landscape. There is growing recognition of the importance of cybersecurity among policymakers, as evidenced by increased awareness and prioritization of cybersecurity issues under various administrations.

The Department of Homeland Security has established an action board to review major cyber incidents. This board includes renowned experts like Jeff Moss and focuses on investigating and learning from cyber incidents while preparing reports.

There is a shift in how cybersecurity breaches are handled, with increasing requirements for disclosure due to changing laws and regulations. The Securities and Exchange Commission mandates publicly traded companies to disclose significant breach events, and Europe is introducing laws that compel companies to disclose cybersecurity breaches.

Digital diplomacy and cyber diplomacy are considered similar, focusing on economic aspects, telecommunications, cyber security, and geopolitical issues. The convergence of the development community and the cyber community is seen as critical, aiming to bring together different perspectives and expertise.

In summary, capacity building, political buy-in, and a multidimensional understanding of cybersecurity are central to addressing threats and driving economic growth. Efforts to educate policymakers and establish clear protocols and mechanisms are necessary to address cyber incidents. The evolving regulatory landscape and emphasis on transparency shape the future of cybersecurity.

Mark Datysgeld

The Domain Name System (DNS) is a crucial component of the internet, responsible for managing the translation of domain names into IP addresses. It operates most of the internet, enabling users to access websites, send emails, and use various applications. However, the security of the DNS has not always been given the necessary attention, leaving it vulnerable to abuse and exploitation by cybercriminals.

Neglecting DNS security can have severe consequences for the integrity and reliability of the internet. Cybercriminals can exploit weaknesses in the DNS to launch devastating attacks, such as phishing, botnets, malware distribution, and malicious spam. This not only puts users at risk but also undermines trust in online platforms and services.

To tackle these issues, there is an ongoing initiative to combat different forms of DNS abuse. The initiative focuses on specific use cases and recommends that registrars and registries, who operate the DNS, adopt measures to block these harmful practices. By implementing these measures, it aims to strengthen DNS security and safeguard the internet ecosystem.

Mark, who presided over the working group dedicated to DNS security, advocates for increased DNS security and the broad implementation of the proposed measures. His optimism stems from the belief that rules blocking the malicious use of DNS will be adopted worldwide within the next year. His advocacy highlights the importance of prioritising DNS security and taking proactive steps to mitigate the risks associated with DNS abuse.

Another aspect being emphasised is the need for operators to include reporting mechanisms in their contact forms. Users play a critical role in identifying and reporting DNS abuse. With an increased requirement for operators to include reporting options, users will have an easier way to directly report instances of abuse. This not only facilitates the reporting process but also enhances interaction between users and operators, ensuring prompt action is taken against malicious activities.

Moreover, educating people about the wide-ranging roles and importance of the DNS is crucial. Many individuals perceive the DNS as only relevant when they have a URL in their address bar. However, the DNS is integral to the functioning of most apps and devices, powering the entire internet infrastructure. By raising awareness and providing education on the significance of the DNS, users can develop a better understanding and appreciate its vital role in supporting online activities.

In conclusion, prioritising DNS security is essential for maintaining the integrity and reliability of the internet. The ongoing initiative to combat DNS abuse, along with the advocacy for increased security measures and reporting mechanisms, showcases the collective effort to address these issues. By raising awareness and educating people about the importance of the DNS, we can build a safer and more secure internet ecosystem for all users.

Olga Cavalli

The discussion focuses on the topic of cybersecurity in Latin America, particularly in relation to its importance, capacity building, resilient infrastructure, and the impact of immigration. One key argument raised is that cybersecurity is not seen as a primary concern in the region, as it is overshadowed by economic and security issues.

However, there is increasing recognition of the need for resilient infrastructure to effectively cope with cyber threats. Recent events related to ransomware attacks have highlighted the value of having a solid and resilient infrastructure. It is argued that without such infrastructure, economic development cannot occur. This positive link between resilient infrastructure and economic development is seen as crucial for the region.

One concern raised is the scarcity of specialized cybersecurity education programs in the region. It is noted that only a few universities offer programs or careers focused on cybersecurity. This lack of specialized education is seen as a significant obstacle in developing a strong cybersecurity workforce.

The lack of transparency and open discussion surrounding cyber attacks is also a concern. It is pointed out that the only way people get to know about these attacks is through individuals sharing their experiences on social media. This lack of transparency and open discussion is seen as a problem that needs to be addressed.

Another significant observation is the loss of cybersecurity professionals from developing economies to countries with higher demand. It is argued that the demand for cybersecurity professionals in other countries is causing a brain drain, depleting the talent pool in developing economies. This loss of professionals is seen as a challenge that needs to be addressed to ensure the cybersecurity capabilities and resilience of these economies.

The role of universities in generating cybersecurity experts is emphasized, and it is suggested that universities should play a vital role in offering cybersecurity education. Specifically, it is advocated that cybersecurity should be included as part of the formal curriculum in universities. This inclusion is seen as essential for developing a skilled workforce to meet the growing demand for cybersecurity professionals.

Furthermore, attention is drawn to the vulnerability of older adults in the digital world and the need for cybersecurity education that includes them. It is highlighted that older adults often lack digital literacy and are therefore more susceptible to online risks. This vulnerability underscores the importance of including all demographic groups, including the elderly, in cybersecurity measures and education.

In conclusion, the discussion underscores the importance of cybersecurity in Latin America and highlights various challenges and areas that need to be addressed. These include the lack of prioritization of cybersecurity, the scarcity of specialized education programs, the need for resilient infrastructure, and the vulnerability of older adults. The role of universities in generating cybersecurity experts and the importance of transparency and inclusion in cybersecurity initiatives are also emphasized.

José Cepeda

Spain is taking steps to enhance its understanding and awareness of critical infrastructures, with a particular emphasis on parliaments. The country is evaluating the critical nature of all parliaments in order to develop a comprehensive understanding of the potential risks and vulnerabilities they face. This signifies a positive development in Spain’s approach to safeguarding essential entities.

However, there exists a significant gap between the technical understanding of cybersecurity and the realm of politics. Many politicians lack the necessary technical knowledge to effectively make informed decisions regarding cybersecurity. This knowledge deficit often hinders the policymaking process and can lead to suboptimal outcomes. Therefore, it is crucial to bridge this gap to enable more effective decision-making in matters of cybersecurity.

To address this issue, Spain is collaborating with the Interparliamentary Union to formulate resolutions that define critical infrastructure. The focus of these resolutions is on parliaments, recognizing their indispensable role in the functioning of the state. By establishing clear definitions and guidelines, Spain aims to strengthen the protection of parliaments as essential entities within the broader critical infrastructure framework.

Local institutions in Spain, due to their limited security infrastructure, are particularly vulnerable to cyber attacks. The majority of attacks in Spain occur on Fridays at 5 p.m. This timing allows cyber attackers to operate throughout the weekend, when there are typically fewer personnel available to detect and respond to such incidents. This vulnerability highlights the urgent need to enhance the security measures and resources available to local institutions.

In response, the Spanish government is developing a hierarchical security infrastructure that caters to institutions at all levels. This initiative ensures that designated individuals at both the national level and in each autonomous region are responsible for the security of municipalities and corporations. Establishing a comprehensive security infrastructure is a positive step towards bolstering cybersecurity across various institutions in Spain.

Furthermore, there is a proposal to create an institutional shield aimed at safeguarding critical infrastructures. This shield would enable institutions, companies, and even citizens to connect with public administrations and governments for enhanced protection. It offers a coordinated and collaborative approach to cybersecurity, ensuring that all stakeholders have direct access to a network of resources and support.

Moreover, Spain is actively involved in developing a global report for the Interparliamentary Union, focusing on cybercrime. The report is currently being analyzed and debated in meetings at the Department of Communications. Additionally, there are plans for a world summit on cybersecurity at the United Nations, demonstrating Spain’s commitment to addressing this pressing issue at an international level.

Recognizing the United Nations’ potential to lead in cybersecurity, there is a proposal to leverage the organization’s resources to establish it as a paradigm of cybersecurity. This would involve utilizing the U.N.’s expertise and infrastructure to provide cybersecurity resources to regions, such as remote parts of Asia and Africa, that are particularly in need of support.

Lastly, an interesting proposition is being considered to create a technological branch called ‘Cyber Blue Helmets’ within the United Nations. Inspired by the current Blue Helmets body, this branch would be dedicated to providing worldwide cybersecurity coverage. This idea holds promise in enhancing global cybersecurity efforts and demonstrates a forward-thinking approach towards addressing cybersecurity challenges.

In conclusion, Spain is taking significant steps to improve its understanding of critical infrastructures, particularly in relation to parliaments. While there is a need to bridge the gap between technical cybersecurity understanding and politics, Spain’s collaboration with the Interparliamentary Union in formulating resolutions for defining critical infrastructure is a positive development. Enhancing the security infrastructure for local institutions and proposing an institutional shield to protect critical infrastructures further demonstrates Spain’s commitment to cybersecurity. Participation in the development of a global report and the proposal to make the United Nations a paradigm of cybersecurity showcases Spain’s international engagement in addressing cybercrime. Additionally, the prospect of ‘Cyber Blue Helmets’ within the U.N. highlights innovative thinking in providing worldwide cybersecurity coverage.

Speakers

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more