Leaders TalkX: Securing the Digital Realm: Collaborative Strategies for Trust and Resilience

WSIS Forum Panel Discusses Collaborative Strategies for Securing the Digital Realm

At the World Summit on the Information Society (WSIS) forum, a panel titled “Leaders Talk 5, Securing the Digital Realm, Collaborative Strategies for Trust and Resilience,” moderated by Moira Whelan of the National Democratic Institute, convened to address the pressing challenges of cybersecurity and the collaborative efforts needed to foster trust and resilience in the digital sphere.

Preetam Maloor from the ITU presented a sobering comparison between the digital landscape in 2005 and 2024. He pointed out the exponential growth in internet users from 1 billion to 5.4 billion and the alarming 80% yearly increase in cyberattacks. Maloor highlighted the astronomical rise in cybercrime costs from $400 billion to $8 to $11 trillion and the evolution of cyber threats, including AI-driven and post-quantum challenges. Despite these daunting figures, he noted a positive trend in member states’ responses, with significant improvements in national cybersecurity standards and strategies.

Namibia’s Minister of Information and Communications Technology, Emma Theophilus, discussed the essential role of governments in cultivating trust with citizens to safeguard digital rights and interests. Reflecting on the trust deficit during the COVID-19 pandemic, she underscored the need for transparent communication and education to enable citizens to protect themselves online. Theophilus also described Namibia’s inclusive approach in developing legislative frameworks, such as data protection and cybercrime bills, through extensive stakeholder consultations.

Marash Dukaj, Montenegro’s Minister of Public Administration, explored the opportunities and hazards of artificial intelligence (AI). He outlined Montenegro’s strategy to harness AI, focusing on data openness, education, and investment in digitalisation and innovation. Dukaj emphasised the necessity for an innovative and efficient approach to tackle global challenges, including financial instability, political unrest, and climate change.

Dick Christophe Ng Sui Wa, Chairman of the Information and Communications Technologies Authority in Mauritius, spoke about the pivotal role of ICT regulators in ensuring confidence and security. He mentioned Mauritius’s innovative blockchain-based licence verification system and the importance of regulators being technologically informed to make decisions on emerging technologies. Ng Sui Wa also highlighted the delicate balance between regulation and innovation.

Jacek Oko, President of the Office of Electronic Communications in Poland, stressed the importance of knowledge acquisition, direct technical contact, and support for SMEs in ensuring network trust and resilience. He described Poland’s swift and successful response in providing network support for over a million Ukrainian refugees, demonstrating the country’s capacity for rapid adaptation in crises. Oko also highlighted Poland’s participation in R&D projects, such as the 5G tactics programme, aimed at securing 5G networks.

Dan Sjoblom, Director General of the Swedish Post and Telecom Authority, outlined efforts to combat spoofing and fraud, including blocking certain phone numbers and developing legally binding rules for telecom operators. Sjoblom mentioned PTS’s broader assignment from the government to map the use of electronic communication services in fraud and to propose comprehensive actions to prevent such attempts.

Andrew Sullivan, President and CEO of the Internet Society, highlighted collaborative initiatives like MANRS for routing security and the importance of peering and exchange points for network resilience. He emphasised the need for all networks to participate and depend on open protocols for security and reliability.

In conclusion, the panellists concurred on the need for multi-stakeholder cooperation and international collaboration to tackle cybersecurity challenges and ensure digital network resilience. They underscored the importance of empowering citizens and SMEs to protect themselves and contribute to a secure digital environment. The insights from the discussion are to be summarised and submitted to the WSIS chair, reinforcing the WSIS forum’s role in promoting collaboration and trust in the digital realm.

Moira Whelan:
I think we’re ready to go. My name is Moira Whalen. I am the Director of Democracy and Technology at the National Democratic Institute, an NGO based in Washington, DC. And I’m happy today to be moderating this panel. This is Leaders Talk 5, Securing the Digital Realm, Collaborative Strategies for Trust and Resilience. And with our panelists today, that will be especially true in the internet regulation and cybersecurity space as regulators, all of our panelists really like to make rules. So we will see if they can follow them, which is three minutes for each of our panelists will then be summarized at the end of the WSIS forum. So I’d like to start today with Preetam Mallur, who is the Head of Emerging Technologies at the ITU. Where is Preetam?

Preetam Maloor:
Thank you very much. And I’ll just hopefully take two minutes. And I’ll use some statistics to hopefully frame some of the key points. And I’ll contrast between 2005, when we had the summit, World Summit on Information Society, and the status right now. So 2005, only 1 billion people were online. Mobile phones were primarily used to make phone calls and text. Mobile payments were just starting out. And the cost of cyber crime to the global economy then was already $400 billion, and which is pretty significant for that time. And the threat vectors, even though sophisticated for that era, probably is very different from what we see right now. So fast forward to 2024, 5.4 billion people are online. The cyber attacks are increasing by 80% year on year. An attack happens every 36 seconds on the web. And the cost of cyber crime has also skyrocketed more than 20 times to $8 to $11 trillion. And that’s a significant increase. And clearly, with the growing dependence on digital, concerns about privacy, concerns about human rights, have all exponentially increased. And we’re seeing new waves of cyber threats, from AI-driven cyber threats to being ready for the, or at least scrambling to be ready for a post-quantum world. Resilience also includes not just your cyber security, but also when you’re looking at physical security of subsea cables, of satellite communications, of terrestrial communications. But what is also heartening in this story is that we are seeing an accelerated response from member states. Probably not fast enough, but at least there’s clear willingness to respond. Just as examples, we have the ITU Global Cyber Security Index and a few statistics. 128 countries in 2017 lacked standards at the national level. And now it’s declined to 88 countries. 110 countries didn’t have a national cyber security strategy 2017, 67 countries. So this tells us that cyber security is increasing in complexity, targets, technologies, but we are also seeing willingness of stakeholders to come together. And we believe that ITU as the Action Line C5 facilitator has had a facilitating role to play in this. Thank you.

Moira Whelan:
Thank you, Preetam, and thank you for the ITU’s leadership in this space. I now wanna turn to our panelists and start with Emma Theophilus, who is the Minister of Information and Communications Technology in Namibia. And I wanted to ask you, just to kick off our conversation, the subject of our panel here today is about trust. And what can governments do to help secure, to develop trust in securing the digital rights and interests of citizens?

Emma Inamutila Theofelus:
Thank you so much. And I’m very happy to discuss one government’s leading role in actually having citizens trust them to secure the digital rights and interests. And I think this has been a conversation, especially particularly in the last four years, coming from the COVID-19 pandemic, with a lot of trust was lost in governments because either certain strata of society felt governments didn’t communicate well enough, others felt the government didn’t react and respond good enough in times of crisis. And I think particularly even for issues around digital rights and securing people’s digital rights, there is some level of crisis because as Mr. Preetam just spoke about, the cybersecurity concerns are very quite high in many countries. In a country like Namibia, we experienced about 2.7 million cyber attacks per annum, which means there are a lot of people in society, whether it’s the ordinary citizen, businesses that have operations online who feel very unsecured where cybersecurity is concerned. So I feel the first thing is to develop a relationship of communication between the ordinary person and the government, the business community and the public sector. There has to be continuous communication, what government is grappling with, what interventions would like to put in place, how they want the citizens to respond to some of the initiatives they’re embarking on. There will be trial and error and people should feel confident that something is being done. Secondly, when that comes with education, the ordinary citizen doesn’t necessarily always know how to protect themselves online. They cannot tell between fake information and real information. They sometimes don’t know how to verify information that they get. There must be some level through the communication, some level of education, knowledge transfer on how they’re able to protect themselves before government can step in and redress if any damage was done in that instance. And I think thirdly, once that relationship has been put in place, there’s communication, there’s knowledge transfer, government needs to find a way to start allowing citizens to take that responsibility themselves because governments are unable to be in every corner to try to protect citizens against either cybersecurity risks or mitigate them in that instance. Sometimes they only are able to respond and after the fact when the damage has already been done. So to empower citizens to be at the forefront of that protection, for citizens to really feel like, one, there is some legislative strategies, policies put in place that they can lean on when that time comes. And in Namibia, we are developing our data protection bill and we took time to consult and we thought it was important. Same for our cybercrime bill, same for our cybersecurity strategy. Time to consult so that when we actually come up with the legislation together, it’s not only government that owns it, but everybody owns it. Thank you.

Moira Whelan:
Thank you very much. And I’d like to turn now to Marash Dukaj, who is the Minister of Public Administration of Montenegro. It is not a technology panel unless we talk about the emerging threat of artificial intelligence. And so I’d like to turn to you and ask what Montenegro, how you’re viewing the benefits and the risks of the emerging technology.

Marash Dukaj:
Thank you for this exciting question. First of all, their colleagues, ministers, ladies and gentlemen, I am very happy to be here. Artificial intelligence is becoming a key factor in the transformation of the entire global society at a time when we are facing a series of simultaneous crisis, financial instability, political unrest, climate change, migration, pandemic, as well as the aging of Western civilization require innovative and efficient approach in order to better analyze the current situation and create an environment for proactive response. New technologies, including artificial intelligence, give such a comprehensive process a chance. Artificial intelligence is rapidly transforming our lives, offering technological advances in learning, product and service designing and task automation. In 2024, AI, especially, generative AI has become a key component of everyday life. It contributed to improving productivity, spending up and improving work processes, both in the public administration and in the private sector. First of all, AI plays a key role in improving IT security through analyzes on large amounts of data to detect and prevent security threats. The prevent or present day, say, let risks management and ethical use of AI is a priority. Montenegro, for relatively small country, must not lag behind in the field of artificial intelligence and challenges such as an inefficient number of experts and finances must not remain an obstacle. With the right policies and strategies, Montenegro intends to become part of the global progress in managing artificial intelligence. This includes the promotion of data openness, big data, metadata cooperation with international partners, education, as well as increased investment in digitalization, innovation, motivation, IT stuff and attacking investment. Therefore, the next steps will be aimed at further establishing the inter-probability of the system, improving the quality of data and increasing the digital literacy of the entire society. And a formership requires the improvement of education through the integration of relevant IT topics, the creation of an environment that is attractive for digital nomads and IT companies. Also, it is important to establish sustainable links between the IT sector and within in the use of AI and other areas such as environment protection, healthcare, art, education, because by integrating them, we can contribute to sustainable development and improve the standard of living of the citizen around the world. Thank you for your attention.

Moira Whelan:
Thank you very much, Minister. And I’d like to now turn to Mr. Dick Sui Wa, who is the Chairman of Information and Communications Technologies Authority in Mauritius, and ask you the role of ICT regulators, especially in Mauritius have played a collaborative role in creating the framework required to ensure confidence and security. Tell us a little bit about it.

Dick Christophe Ng Sui Wa:
Thank you very much for the question, which is very relevant. I would like to say hello to you all. Bonjour a tous. Good morning, ladies and gentlemen. The main concern for every country and authority that we are here today, government, to ensure confidence and especially security. Security is a major issue for all authority, regulatory authority in the world and all that are here today. Within this collaborative framework, we, the ICT, the Mauritian regulator, we play a central role in ensuring confidence and security in the use of digital technology. We understand emerging cybersecurity challenges and collaborate with its stakeholders to develop policies and regulations that help build trust in cyberspace and in the use of digital technologies. All cyber incidents in the ICT sector represent a global challenge because of an intrinsic cross-border nature. The lack of harmonization across different jurisdictions and the rapid development of emerging technologies should be tackled by the regulator to contribute to the strengthening of national cyber resilience, which with effective measures, which can be replicated at the international level through collaborative platforms. Another important aspect for us, the regulator, is that in order to keep pace with emerging technologies, we, the ICT regulators, must first become technologically savvy in adopting new technologies. It is only then that we will be able to take informed decisions on the regulatory framework required for these new technologies. We have to bear in mind that regulation should not also stifle innovation. In Mauritius, we took… this practical approach. We recently came up with an innovative blockchain-based license verification system, as the risk of forged, fake or invalid ICTA licenses which can be used fraudulently is a reality. To address this problem, we launched this new verification service so as to give added assurance to the different stakeholders and the public using licenses issued by the regulator. Verification systems make use of the smart contracts on the Ethereum blockchain to store cryptographic proof of the ICTA license on the blockchain. These digital documents are tamper-proof documents which prove who issued it. They are the electronic equivalent of what we have, physical documents like passport, ID, driving license and so on. In so doing, we have not only set an example in the use of emerging technology, which is the blockchain one, but with its practical understanding of blockchain technology, it took an informed stand to recommend to the policymaker the necessary relevant legal and regulatory updates to be incorporated in the Electronic Transactions Act of Mauritius with respect to smart contracts. Such an example, which is related to the strengthening of the cybersecurity framework of a country, if escalated and discussed at the level of a collaborative platform, can eventually be considered for adoption in other countries as one standardised cybersecurity best practice measure for emerging technologies. We have also passed many laws. My friend from Namibia has been talking about data protection. We have the Data Protection Act, which dates from 2017. We have passed the Cybercrime and Cybersecurity Act of 2021. We have institutions like most of you in your own countries. We have established the National Cybersecurity Committee, which is a board with all high-level people dealing with cybersecurity to ensure the security of our system. And recently, we have passed a law where we have set up a Mauritius Emerging Technology Council, and we held a conference on a regional level in Mauritius, which, as you know, we are part of the African Union. Thank you very much.

Moira Whelan:
Thank you very much, Chairman. And I’ll turn now to Dr. Jacek Oko, who is the President of the Office of Electronic Communications in Poland. We’ve talked a little bit about the structures and collaboration, and I wonder if you can talk to us a bit about the trust and resilience of these networks in Poland.

Jacek Oko:
Thank you for this question. There are several important aspects of this issue that are relevant. None of them individually is a sufficient condition, but together they are a prerequisite for success in ensuring the operation for a trustworthy and resilient network. First of all, the regulator needs to acquire knowledge. It needs to have a team of people who not only understand the challenges, but they also work closely with the other teams responsible for cybercrisis operations at home, in missing country, on the country level, and in the international, around the world level. Secondly, the very important thing is to have close and direct contact with the network operators at the working level. Not with the people, typical cooperation with a regulator, but contacts with engineers, IT specialists, and system administrations. We managed to build such a team almost four years ago as a part of our ISACS initiative. A team in which we trust each other is very important, trust each other, and where our participants benefit from its activities. Practically, when we test it, when they broke up the war in Ukraine, the network operators, with the assistance of a regulator, organized a very good network for the over a million people, the refugees from Ukraine, when they came to Poland during seven, ten days. We rapidly organized a very good existing network for them. The third is important for the regulator to be an activity in R&D projects related to the security and resilience of the telecommunications network. An example is the 5G tactics program with a budget over 5 million euros, where we are focusing on the issue of cyber security and trusting 5G networks together with colleagues from several countries, from several organizations, small and medium enterprises, network operators, vendors, and regulators. We together prepare the environment for our open-run security and equipment services, secure and be secure in the 5G network, based on open-run, very important for small companies and I think for the people, solution. The fourth, the last but not least, of course, is we should remember about the fact that the larger operators have the budgets for dealing with streets and outages in their own network. But what about with SMEs, small and medium enterprises as operators? We cannot forget about this kind of organization and the role of a regulator is to help these operators, small and medium operators, to provide recommendations, historical experience, exams, and the way how to create a successful way to mitigation of risk. Thank you for your attention.

Moira Whelan:
Thank you very much. And I’ll move now to Mr. Dan Sjöblom, who is the Director General of the Swedish Post and Telecom Authority. We’ve heard about some specific examples so far of threats and challenges, but I’m wondering if you can talk to us a bit about spoofing, which is one way to commit cyber crimes such as fraud. What is the Swedish Post and Telecom Authority doing to prevent this type of cyber crime?

Dan Sjoblom:
Good morning and thank you for the question. Yes, PTS has recently put in place some recommendations for the Swedish telecom operators regarding spoofing, and the recommendation is to block fixed Swedish phone numbers used from abroad as a means to commit fraud. And we are also working to take the recommendation into legally binding rules for the telecom operators on the issue. The telecom operators are very positive to having these recommendations to have clarity. We have seen them since they put the recommendations in place. A lot of numbers and thereby attempts of fraud have been blocked. Now turning to mobile numbers used abroad for roaming, which is legitimate. They are also used to commit fraud from abroad, and there it’s a little bit more technically challenging. We are working with the operators on implementing new technology to be able to block also those attempts. I should say that PTS has an assignment from government on a wider perspective of fraud issues. We are now currently mapping how electronic communication services are being used to commit fraud, and we are going by the end of the year to propose actions on a broader scale to prevent such attempts. One issue in particular that we are looking at is regarding SMS, the alphanumeric sender ID, which as most of you probably know can be altered quite easily and can and is being used to mislead recipients about the source of the SMS, where it can fraudulently indicate that it has been sent by your bank or by an authority. And of course ensuring confidence and security in the use of digital technologies is really important. We have to make sure that everyone has the trust in the systems to take part in the digital society, and we’re doing this not alone, but as a societal multi-stakeholder cooperation. No one can make everything, but everyone has a place to collaborate, and I wanted to mention that we at PTS from this year host a collaborative platform, Digital Today, and the goal of this platform is to inspire everyone to be willing and able to take part in the digital society. Last year we had 375 partners from all sectors of society, and our goal for this year is to ensure that 1 million out of 10 million Swedes get some at some development of the digital skills, and that we have events taking place in all of our 290 municipalities. Thank you.

Moira Whelan:
Thank you very much. And I think that last element of participation of people leads us to our final panelist, Andrew Sullivan, who’s the President and CEO of the Internet Society, as our representative here on the panel of the CSO community, and I’m wondering if you can talk to us about those real-life examples of collaboration and how you see, as the regulators have said, we can bolster trust and resilience in the Internet.

Andrew Sullivan:
Sure, thanks very much. I think one of the critical things about this is that the Internet is made up of so many different networks, and so you have to get everybody to participate. And I was going to talk, first of all, about one particular example that has been quite important, is the Mutually Agreed Norms for Routing Security, or MANRS, which was an initiative that was originally fostered by the Internet Society about 10 years ago. We started with, I believe, nine participants. We’ve got like a thousand who ended up working in this effort. And what it really comes down to is the means by which the different networks agree to the ways in which they’re going to interoperate, agree in which the ways that they’re going to increase the security, and then everybody becomes more able to depend on the fundamental routing security of the Internet. And this is, you know, a mysterious underlying bit of routing stuff that most people don’t need to know about. It would be very boring for an ordinary person to get into understanding all of the details of the routing system. But what was good for them is to know, hey, this is actually a system that people rely on with one another. It depends on open protocols that everybody can depend on, so you can validate these kinds of things. And that validation then allows the various routing systems to do these things automatically, and that’s how we get security on the Internet, you know, that these systems depend on one another. But there is another one that has occurred to me as people were speaking this morning that I wanted to mention, and that is actually the resilience of the network, which is another piece of trust, right? You can only trust the network if you can also depend on it. And the topic of cable cuts has come up several times today, and I just wanted to note that one of the things that has happened is that the systems are able to rely on one another when they do good peering, and they do that good peering because they can depend on this kind of mutually agreed norms like MANRS produces. So we have the pattern that we should be building upon, which is getting all of the various kinds of people who are operating on the Internet involved in those decisions, involved in making sure that the system is fundamentally reliable with one another, get the good peering at Internet exchange points and so on, and then you have a much more resilient and much more reliable network that we can all depend upon.

Moira Whelan:
That’s great. Thank you very much. And I think we have, I think we potentially have a WSIS first, which is two minutes left for additional comments by anyone on our panel if they would like to weigh in with other examples. Anyone? Okay. I’m being told we’re actually going to stop, but thank you very much to everyone. I think, just thank you to WSIS. Resilience and trust is really the intangible thing at the core of the technology and the mechanisms that we speak about in our everyday life, so that’s what WSIS brings us is this collaboration. So thank you to panelists. This will be summarized and submitted to the chair at the end of WSIS on Thursday. Thank you very much.