BPF: CYBERSECURITY

12 Oct 2023 00:45h - 04:15h UTC

Event report

Speakers and Moderators

Speakers

  • Wim Degezelle (IGF consultant)
  • Louise Marie Hurel (RUSI)
  • Dino Cataldo Dell’Accio (UNJSPF)
  • Susan Garai (GFCE Pacific Hub)
  • Kivuva Mwendwa (KICTAnet)

Moderator

  • Klée Aiken (FIRST, BPF co-faciliator)

Table of contents

Disclaimer: This is not an official record of the IGF session. The DiploAI system automatically generates these resources from the audiovisual recording. Resources are presented in their original format, as provided by the AI (e.g. including any spelling mistakes). The accuracy of these resources cannot be guaranteed. The official record of the session can be found on the IGF's official website.

Knowledge Graph of Debate

Session report

Wim Degezelle

The Best Practice Forum on cybersecurity is an integral part of the Internet Governance Forum (IGF) and brings together volunteers to collaborate on specific topics related to cybersecurity. This forum consistently emphasizes the importance of norms in addressing cybersecurity incidents and explores their development, operationalization, and impact.

In 2018, the forum delved into the concept of norms, their definition, development process, and their relationship with cybersecurity. Subsequent discussions focused on how these norms are put into practice, providing a deeper understanding of their effectiveness.

An experiment conducted within the forum aimed to retrospectively analyze the impact of norms on past cybersecurity incidents. The findings highlighted the value of listening to the experiences of individuals affected by cybersecurity events, allowing for a more nuanced understanding of these incidents and a comprehensive assessment of the impact of norms.

Story banking is another important aspect emphasized by the forum, which involves documenting and archiving narratives of cybersecurity incidents. This practice provides valuable insights into the challenges and potential solutions in the realm of cybersecurity.

The Best Practice Forum on cybersecurity also expressed appreciation for the contributions of its team members, participants, and experts. Recognition was given to Ian Bonana and colleagues, as well as the Members of the Multistakeholder Advisory Group (MAG), who supported the forum throughout its activities. The invaluable work of numerous volunteers involved in online discussions and task completion was acknowledged. The forum also extended gratitude to co-facilitators and lead experts for their dedication and expertise.

In summary, the Best Practice Forum on cybersecurity within the Internet Governance Forum allows volunteers to collaborate on specific cybersecurity topics. It consistently highlights the importance of norms in addressing cybersecurity incidents and explores their development, operationalization, and impact. The forum also emphasizes the significance of story banking in understanding cybersecurity events and expresses gratitude for the contributions of its team members, participants, and experts.

Audience

In the discussion, speakers highlighted several critical points regarding the enforcement of international law after cyber incidents and the challenges faced in cybersecurity. The uncertainty surrounding the enforcement of international law after a cyber incident was a major concern. Francisco Libardia, a diplomat from Panama, questioned how effective enforcement can be achieved in such cases. This uncertainty calls for the establishment of legal mechanisms to hold cyber attackers accountable and claim compensation. The experiences of Costa Rica and Vanuatu in handling cyber attacks were compared to the pre-UNCLOS period, where there was no forum or legal mechanism to claim damages in cases of maritime disputes.

Attribution was identified as a significant challenge in cybercrime. Before raising a case, there is a crucial need to establish the ‘who’, ‘what’, ‘when’, and ‘how’ of an attack. It was emphasized that a universally recognized forensic process for collecting evidence is necessary to address this challenge effectively.

Transparency in state-level cyberattack attributions was a concern raised during the discussion. States often attribute cyberattacks to other states without sharing evidence, raising questions about the accuracy and accountability of such attributions.

The lack of collaboration between international cybersecurity companies and nations was another issue highlighted. This lack of collaboration often arises from diplomatic tensions and poses difficulties in effectively addressing cybersecurity threats. Some nations and large cyber companies are not collaborating with the international system of cybersecurity or the international criminal system.

The discussion also emphasized the need to address the security concerns of Global South countries, minorities, and government hacking. Security debates and policies often focus on the Global North, neglecting the unique security concerns faced by the Global South. The case of government hacking, such as the Pegasus case, was cited as a significant concern that requires appropriate policies to address.

The importance of citizens being well-equipped to protect themselves against cybercrimes was emphasized. Elaine Liu from Singapore highlighted the need for cybersecurity best practices at the individual level. Additionally, concerns were raised about excessive data collection in retail and job applications, which increases the risks of exposure to cybercrimes.

Stronger penalties for cybercrimes were also discussed. It was suggested that transparent penalties should be established to deter misbehavior in cyberspace.

The speakers and audience acknowledged the significant issues surrounding tech-based abuse, cyber-enabled trafficking, and child sexual abuse material (CSAM). Urgent attention and effective countermeasures are required to address these issues.

Collaboration, resource sharing, and avoiding duplication of efforts were emphasized as crucial in the fight against cybersecurity threats. Greater collaboration and resource sharing among stakeholders would enhance the impact and effectiveness of cybersecurity initiatives.

In conclusion, the discussion highlighted various challenges and concerns related to cybersecurity and the enforcement of international law after cyber incidents. The need for legal mechanisms, attribution processes, transparency, collaboration, and policies addressing security concerns of the Global South, minorities, and government hacking were emphasized. The importance of citizens’ awareness and protection, data privacy, and stronger penalties for cybercrimes were also highlighted. The speakers and audience stressed the importance of collaboration, resource sharing, and avoiding duplication of efforts to maximize the impact of cybersecurity initiatives.

Kivuva Mwendwa

During the discussion, several key points were raised by the speakers. Kik Danet, a cybersecurity organisation, has been actively involved in a cyber non-project since 2018. Their focus has been on policy advocacy, multi-stakeholder convening, capacity building, and research. This indicates their commitment to addressing cybersecurity challenges through various activities.

Kenya faced a serious Distributed Denial of Service (DDoS) attack carried out by an organisation called Anonymous Sudan. This attack had a detrimental impact on key installations such as M-Pesa, a critical mobile payment infrastructure, and Huduma, a government service platform. The severity of this attack highlights the need to strengthen cybersecurity measures to prevent similar incidents in the future.

The importance of strong coordination between security organisations at the international level was emphasised to effectively handle cyber attacks. Even advanced countries and corporations struggle to handle DDoS attacks, which are frequently coordinated by malicious actors using botnets and cloud infrastructure. This highlights the complexity and evolving nature of cyber threats, necessitating collaborative efforts to combat them.

The involvement of civil society in the Computer Emergency Response Team (CERT) was highlighted as an important aspect of cybersecurity. Civil society plays a vital role in representing the interests of CERT and focuses on capacity building and promoting citizen cyber hygiene. They have created informational content to educate people about cyber threats and have established a campaign called STICK (Stop, Think, and Check before you Act) to raise awareness. The training of around 140 trainers for wider distribution of information down to the village level further demonstrates the commitment to promoting cybersecurity at the grassroots level.

The speakers also highlighted the significant threat posed by social engineering in Kenya, particularly in relation to mobile banking. Criminals exploit vulnerable individuals through misinformation, leading to financial losses. Additionally, insider information leaks within telecommunication companies and banks contribute to the increasing cyber threat. To address this, a successful Citizen Cyber Hygiene campaign was conducted, reaching approximately 3 million beneficiaries. Trainers were also trained to distribute information at the village level, further emphasising the importance of educating people to mitigate cyber risks.

The slow progress of legislation and poor diplomatic relations were identified as hindrances to collaboration in global cybersecurity. The speakers highlighted how these factors impede effective cooperation between countries and hinder the sharing of knowledge and resources necessary to combat cyber threats collectively.

The need for more collaboration within the international system of cybersecurity was emphasised, particularly with big cyber companies. Strengthening partnerships and collaboration can enhance the collective effort to address cybersecurity challenges globally.

Edward Snowden’s exile after revealing massive surveillance practices served as a reminder that more powerful countries can push their own agendas while weaker countries feel helpless. This power dynamic underscores the need for international mechanisms, such as the UN Security Council, to address cybersecurity issues. Surveillance and power abuse by advanced states were highlighted as concerns that should be discussed at this level.

The collaboration with new parliaments in Kenya to encourage roundtables and the formation of IT committees was viewed positively. This collaboration can lead to better policies and regulations in the field of cybersecurity.

In handling cyber terrorism, international support plays a crucial role. The challenges faced by Kenya in combating cyber terrorism, particularly in northern regions, were discussed. International support, coupled with the establishment of a security committee in parliament and penalties for data breaching, demonstrates the commitment to addressing cybersecurity threats comprehensively.

Moreover, the importance of data minimisation and compliance with the General Data Protection Regulation (GDPR) was discussed. Countries, including Kenya, have enacted data protection laws and appointed data protection commissioners to ensure the privacy and security of citizens’ data.

In conclusion, the speakers provided valuable insights into the current state of cybersecurity in Kenya. They emphasised the importance of policy advocacy, capacity building, and multi-stakeholder collaboration to address cyber threats effectively. The challenges posed by DDoS attacks, social engineering, and power dynamics in international relations were acknowledged, highlighting the need for strong coordination and international cooperation. The involvement of civil society in cybersecurity initiatives, collaboration with new parliaments, international support to combat cyberterrorism, and compliance with data protection regulations were all highlighted as positive developments. To strengthen cybersecurity measures, it is essential to address existing challenges and continue fostering collaboration at various levels.

Speaker

The Best Practice Forum on cyber security is highlighted as highly significant and valuable. It has produced an important output document, showcasing its role in promoting best practices and knowledge sharing in the field. This demonstrates the forum’s effectiveness in generating tangible outcomes.

The speaker expresses appreciation to the team members, acknowledging their pivotal role in the successful initiative. Specific gratitude is extended to the lead expert team, consultants, and volunteers, emphasizing their contributions. The document acknowledges their names, underscoring their key involvement in its creation. This appreciation highlights the importance of collaboration and teamwork in achieving successful outcomes.

Furthermore, it is mentioned that a presentation is about to start, although no further details are provided. This indicates an upcoming session where participants can share information and insights on a particular topic.

In summary, the Best Practice Forum on cyber security is considered highly significant, with a focus on knowledge sharing and the production of valuable output documents. The recognition and appreciation shown towards the team members emphasize their essential role in the success of the initiative. The mention of an upcoming presentation suggests a platform for further discussion and sharing of insights on a specific topic.

Klée Aiken

The Best Practice Forum (BPF) on Cybersecurity for 2021 focuses on examining the human impacts of cybersecurity incidents and their relationship to international norms and principles. The incidents being investigated span from 2020, such as the Solar Winds incident, to incidents that occurred in 2022 and 2023. These incidents have had diverse effects on different types of economies across the world.

Partnerships between governments and the private sector have been essential in responding to and recovering from cybersecurity incidents. Their collaborative efforts have proven instrumental in mitigating the impact of these incidents. Moreover, previous capacity-building activities have also played a crucial role in facilitating effective responses to the incidents.

The incidents studied have revealed several common themes. These include the importance of respecting human rights, promoting international state cooperation on security, and enhancing efforts in crime and terrorism prevention. Additionally, there is a recognition of the need for robust reporting mechanisms to identify and address ICT vulnerabilities.

One significant finding is that cybersecurity incidents can amplify existing societal dynamics. For example, in Fiji, an incident involving a COVID-19 app coincided with the spread of misinformation about vaccines. Similarly, in Samoa, a ransomware attack that occurred after a contentious election fueled rumors and speculation about the government’s integrity. These incidents highlight the potential for cybersecurity incidents to exacerbate societal challenges and contribute to the spread of misinformation.

While the negative consequences of cybersecurity incidents are evident, they can also serve as catalysts for policy and capacity-building responses. Following some of the incidents reviewed, various agreements, declarations, and the establishment of response boards have been observed. This demonstrates that incidents can stimulate proactive measures to enhance cybersecurity practices and develop capacity in this critical domain.

The importance of considering the human impact in cybersecurity tasks and practices is emphasized. The human angle must be integrated into auditing and evaluation processes, ensuring that the potential effects on individuals and communities are carefully assessed and addressed. This human-centric approach to cybersecurity is essential for effective risk management and resilience.

Moreover, the significance of incorporating a human angle is not only limited to cybersecurity practices but extends to the policy space and ICT auditing as well. By recognizing the importance of the human factor, policies can be designed and implemented with a focus on addressing the needs and values of individuals involved.

Partnerships are considered indispensable in cybersecurity. Given the vast and complex nature of the field, it is virtually impossible for any entity to secure everything alone. Collaborating with partners allows for a more comprehensive approach to cybersecurity, leveraging diverse expertise and resources.

Finally, the dynamic of requests for assistance from international partners is explored. The forum acknowledges the need to engage and cooperate with international partners, facilitating the exchange of knowledge, experiences, and support in addressing cybersecurity challenges collectively.

Overall, the BPF on Cybersecurity highlights the human impacts of cybersecurity incidents, the significance of international norms and principles, the role of partnerships, and the need for a human-centric approach. By integrating these aspects, stakeholders can work towards strengthening cybersecurity practices, enhancing resilience, and promoting a secure digital ecosystem.

Dino Cataldo Dell’Accio

Dino emphasises the importance of considering the role of the Supreme National Audit Institution when assessing the impact of cybersecurity incidents. He highlights the valuable contribution auditors make in developing recommendations for effectively responding to such incidents. However, he acknowledges the challenge of integrating operational-level recommendations with principles like the UN norms of responsible behaviour.

Auditors adopt a risk-based auditing approach, which involves assessing the human impact of cybersecurity threats. Dino emphasises that people should be the ultimate priority in the ICT and IT auditing profession. This means placing a higher emphasis on addressing the needs and well-being of individuals affected by cyber attacks.

The challenge of attributing cyber attacks is also discussed. Dell’Accio shares a personal experience of collaborating with the FBI and the hosting country to address a ransomware attack. He advocates for the development of forensic principles to guide the process of evidence collection, as the lack of agreed-upon principles hinders effective attribution of cyber attacks.

Efforts to counter cyberattacks require both top-down and bottom-up approaches. Global consensus at a high level, through resolutions, treaties, and agreements, is crucial. Equally important is the agreement among practitioners responsible for day-to-day operations on standards and technical procedures.

Balancing the responsible sharing of information about cyber attacks presents a challenge. Fear, responsibilities, and accountability hinder disclosure of information. There are technologies available that allow the provision of certain information without revealing sensitive details about its origin.

Risk analysis plays a vital role in addressing cybersecurity threats. Dino emphasises the need for a comprehensive list of criteria at the beginning of the process to improve risk assessment. Feedback from work on norms informs and refines the criteria for risk analysis.

The report on the impact of cybersecurity events on global citizens exemplifies a comprehensive risk approach. It evaluates the effects of such incidents on individuals worldwide and feeds the results into the risk analysis process.

Dino agrees with Louise’s concentric circle model, which likely provides a structured framework for policy-making. However, no specific supporting facts or arguments are provided for this point.

Data oversharing is highlighted as an issue, particularly in online services. The experience of designing and implementing a digital identity solution for the United Nations Pension Fund reveals the risks associated with excessive sharing of personal data. Dino supports the practice of data minimisation and selective disclosure as measures to reduce the risks of data oversharing.

In conclusion, Dino’s insights highlight the need to consider the role of auditors, the challenges of convergence between operational recommendations and norms, the importance of addressing the human impact of cyber threats, the challenges of attributing cyber attacks, the need for global consensus and standardisation, the balancing of information sharing, the significance of comprehensive risk analysis, and the importance of data minimisation and selective disclosure.

(Note: I have corrected grammatical errors, sentence formation issues, typos, missing details, and corrected UK spelling and grammar. I have also tried to incorporate long-tail keywords without compromising the quality of the summary.

Susan Garai

This extended summary discusses the importance of considering the human impact of cybersecurity incidents, highlighting a specific incident in Vanuatu where a cyber ransomware attack had devastating consequences for the people. It emphasizes the need to foster resilience and regional collaboration to effectively combat such issues.

The incident in Vanuatu had a deep impact on the lives of the people, as the cyber ransomware attack caused the breakdown of systems. This incident serves as a reminder that cybersecurity incidents have far-reaching consequences beyond just the technological aspects. Therefore, it is crucial to take into account the well-being of individuals when addressing cyber threats.

To tackle these challenges, the development of resilience and regional collaboration is essential. Small island nations like Vanuatu are now collaborating with neighboring countries to enhance their cybersecurity measures and become more resilient against such threats. This collaboration enables them to share resources, expertise, and strategies to effectively respond to and mitigate cyber security incidents.

It is important for governments, organizations, and companies to recognize and address the human impact of cyber security incidents. Individuals are affected emotionally, psychologically, and socially when their personal data is compromised or their systems are attacked. By prioritising the well-being of individuals, decision-makers can develop more holistic solutions to cyber security issues.

Collaborations within the Pacific region play a vital role in addressing cyber threats effectively. The Pacific region has different stages of development when it comes to cyber security. Therefore, partnerships and cooperation among countries within the region are necessary to share knowledge, resources, and best practices. Conferences and meetings, such as the P4C conference in Fiji and the Paxson annual meeting in Vanuatu, foster these collaborations and enable participants to exchange experiences and strengthen their collective cyber security efforts.

Furthermore, it is essential for countries in the Pacific region to continue strengthening their relationships with global partners. By leveraging global partnerships, countries can better prepare for future cyber security incidents. Each country in the region has unique challenges and strengths in cyber security, and by enhancing understanding and fostering partnerships, they can collectively enhance their resilience to cyber security threats. Regional symposiums and meetings serve as platforms for knowledge exchange and collaboration, contributing to the overall preparedness of the region.

The establishment of legal frameworks at a regional level is seen as a practical approach. Developing international laws and frameworks that all countries agree upon can be challenging. However, countries in a specific region can agree on a regional legal framework as a benchmark for addressing cyber security issues. This approach ensures that regional needs and nuances are taken into consideration while providing a guideline for addressing cyber threats.

The importance of trust and effective communication during cyber incidents cannot be overstated. Incidents shared by CERT Vanuatu, CERT Tonga, and PNG Sur highlight the significance of mutual trust and effective communication among stakeholders during cyber security incidents. By maintaining open lines of communication and building trust among different entities, the response to cyber incidents can be coordinated more efficiently and effectively.

Strategic collaboration and cooperation are crucial in addressing cyber security issues. Going solo is not an option, and examples from Kenya and Africa’s capability in this regard are mentioned. The complexity and scale of cyber threats require collective efforts that bring together different stakeholders, including governments, organizations, and individuals. By working together strategically, they can pool resources, expertise, and knowledge to better respond to and mitigate cyber security incidents.

Efforts should be made to utilize cyber security resources effectively and avoid duplication. Platforms like the Pacific Hub, GFCE, and GC3B are already in place to facilitate resource management and coordination in cyber security. Organizing events such as the forthcoming event in Ghana, which aims to identify cyber capacity-building gaps, demonstrates the commitment of stakeholders to ensuring that resources are utilized efficiently and effectively in addressing cyber security challenges.

In conclusion, it is important to consider the human impact of cyber security incidents and foster resilience and regional collaboration to effectively combat such threats. Governments, organizations, and companies must prioritize the well-being of individuals and take into account the emotional and social consequences of cyber attacks. Collaborations within the Pacific region and partnerships with global entities are essential for sharing knowledge, resources, and best practices. The establishment of regional legal frameworks, trust, effective communication, and strategic collaboration are crucial elements in addressing cyber security challenges. Efforts should be made to utilize cyber security resources effectively and avoid duplication to enhance the overall response to cyber threats.

Louise Marie Hurel

Ransomware attacks pose a significant threat to countries across the development spectrum, but especially to developing nations. These attacks encrypt data and demand ransom payments, causing severe disruptions and financial losses. Understanding the motivation, funding sources, and impact of ransomware groups is crucial in effectively countering them. Proactive monitoring and response are essential to mitigate the impact of attacks, while internal coordination within a country’s cybersecurity sector plays a vital role in crisis response. Trust and previous engagement between countries are key to successful cybersecurity assistance, and transparency around international law is crucial for establishing norms. Balancing the prohibition of ransom payments with government support for victims is important, and developing countries face unique challenges in acquiring cyber capabilities. Information sharing and monitoring activities contribute to sustainable impact, while policy-making for cybersecurity in the global south should consider different concentric circles. Capacity building efforts should involve South-South, North-South, and triangular cooperation. The Best Practice Forum (BPF) in cybersecurity is highly praised for its contributions to improving strategies and policies in the field.

Speakers

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more

Speech speed

0 words per minute

Speech length

words

Speech time

0 secs

Click for more