IGF 2020 Second Open Consultations and MAG Meeting - BPF Cybersecurity

The following are the outputs of the captioning taken during an IGF virtual intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record. 

***

 >>BEN WALLIS:   Hello.  My name is Ben Wallis.  I work for Microsoft.  I am the MAG member who acts as the facilitator for the Best Practice Forum on Cybersecurity, and I'm going to provide an overview of the work of the BPF in 2020.
 Now, as you may know, Best Practice Forums, or BPFs, are working groups that anyone can join, and which work between the annual IGF meetings to develop outcome documents.  These outcomes, in the form of reports compiling good practices, are intended to help inform policy debates and serve as inputs into relevant decision-making forums and processes.
 Stakeholders interested in contributing to BPF activities are encouraged to subscribe to the dedicated mailing lists where online meetings and other activities are announced.  You can find out more, including where to sign up, at the link on this slide.
 Turning specifically to the BPF on Cybersecurity, I am going to recap last year's work and provide an overview of this year's work, and I will also explain about different ways that you can contribute to the work of the BPF, and I'll close with some relevant links and some contact information.
 Now, in order to describe the BPF's work in 2020, it is helpful to first explain the work that was done last year.
 In 2019, the BPF explored best practices in relation to international cybersecurity agreements and initiatives.  Examples include the Paris Call for Trust and Security in Cyberspace, the norms package adopted by the U.N. Group of Governmental Experts, the UNGGE, and the Global Forum for Security in Cyberspace, the GCSC, and many others.  The report identified best practices related to the implementation of different principles, norms, and policy approaches that were contained in these international agreements.
 As well as being presented at the IGF's 2019 meeting and published on the IGF website, the report was presented as an input to the U.N.'s ongoing OEWG exercises, the Open-Ended Working Group on development in the field of information and telecommunications in the context of international security.
 The 2020 BPF on Cybersecurity will continue and expand the 2019 work on exploring best practices in relation to recent international cybersecurity initiatives.  This includes reviewing new agreements as well as going into more depth on a few specific agreements in order to identify further best practices for implementing the commitments that are made and the norms that are set out in these agreements.
 The BPF will also create a new workstream this year to look at norms assessment; that is to say, how can you assess whether norms are being adhered to by states and nonstate actors?  And does the act of assessing whether norms are being respected itself contribute to an increasing takeup of the norms?  For this we will incorporate a multidisciplinary angle by bringing in experts from other strands of social science where norms have been dominant forms of rulemaking to see what learnings could be applied in the areas of cybersecurity.
 Finally, we have created a dedicated workstream this year to think about how we can increase our outreach to hopefully engage more stakeholders, particularly those representing governments, youth, and the Global South.
 I want to also note that we are reflecting whether and how to take account of the COVID-19 pandemic in the BPF's work this year.  We are seeing targeted cyberattacks on hospitals and research institutions, for example, and that only further underlines the need to equip organizations with good practices to enhance their security.  So this is something that the workstreams will reflect on in their work over the next six weeks.
 So let me explain about the sequencing and flow of work for this year.  Last month we activated the three workstreams, which have now started work.  In the second half of July, we will publish a research paper covering these two topics and will seek the input of stakeholders.  
 A draft report will then be published in the second half of September which incorporates the feedback from our consultation.  This will then be presented and discussed as part of this year's annual IGF meeting.  And then a final version, incorporating any comments received during the annual meeting, will be published by the end of the year.
 This slide lists the various people leading the work this year.  Each BPF needs to have a facilitator who is serving on the Multistakeholder Advisory Group, the MAG.  That's me.  I have a co-facilitator, Markus Kummer, who has been involved in the IGF in different roles over the years, including currently as Chairman of the Internet Governance Forum Support Association, the IGFSA.  We have a lead expert, Maarten Van Horenbeeck, who is a board member of FIRST, the Forum of Incident Response and Security Teams Forum of Incident Response and Security Teams.  
 Our three workstreams this year are led by John Hering from Microsoft, Mallory Knodel from the Center for Democracy and Technology, and Sheetal Kumar from Global Partners Digital.  And we're supported by consultant to the IGF Secretariat, Wim Degezelle.
 And to close, this final slide provides links to the BPF's home page as well as a link where you can subscribe to the mailing list, and an address if you want to contact the BPF Cybersecurity's coordination team, which includes me.
 Thank you very much.