IGF 2023 Best Practice Forum on Cybersecurity

 
The IGF 2023 Best Practice Forum on Cybersecurity focuses on storybanking cybersecurity incidents to present the voices of those most affected to those developing policies. By collecting and evaluating cybersecurity events to present first-person narratives from those most affected as victims or first responders to policy and norms developing deliberations, the high-level policy decisions can be grounded in reality.
 

Best Practice Forum Cybersecurity - 2023 output report

IGF 2023 BPF Cybersecurity - Summary

IGF 2023 BPF Cybersecurity - Report

 
BPF 2023 draft Output and Session at IGF 2023
 

 

BPF Objective for 2023

To collect and evaluate cybersecurity events to present first-person narratives from those most affected as victims or first responders to inform policy and norms developing deliberations, so that high-level policy decisions are grounded in reality.

BPF 2023 Analysis - Shortlisted Cybersecurity incidents

Shortlisted cybersecurity events for BPF analysis
Ransomware operations causing state of emergecy in Costa Rica Data breach and  personal data release in Australian (Medibank investigation) Ransomware incidents Tonga and Vanuatu. Criminal Black Axe network (Africa, Europe, Middle East, Asia, US) Colonial Pipeline, Solarwinds breach (2020) Incidents affecting elections or key democratic instittions (Estonia, France)

Research questions

  1. What was the impact on people?
  2. What was the impact on CI/CII?
  3. What was the impact on government services?
  4. What was the impact on technical (infra)structure?
  5. What was the impact on incident responders?
  6. How did the incident affect international peace and stability, relations between states?

-> Join one of teams analysing the events or share relevant informaton: mail [email protected] .

BPF Work Plan

1. collect high-profile cases and select +/- 1 incident per georgraphical region. (BPF community survey)

2. analyse the incidents for their impact on: a) people, b) CI/CII, c) government services, d) technical (infra)structures and e) incident responders **

3. assess the effect of the observation of norms and their implementation

 ( ** The UN norms on responsible state behaviour touch on effect on people, CI/CII (#6/7), essential services (#6), technical infrastructure (#9,10) and CERTs (#11).)

BPF Activities & Updates
  • BPF Cybersecurity call, 22 June 2023, Summary, recording (Passcode: &cSD1B@V)
  • Review the survey results and volunteer to help research and assess cybersecurity incidents: by 18 June  - closed.
  • BPF Survey What cybersecurity incidents are of concern to you ?  Propose cybersecurity incidents for a deep dive analysis - answer by 16 May - closed
  • BPF Cybersecurity kick-off, 2 May 2023, Summary, slide deck, recording (passcode  Rj@6BhD7 )

*

BPF Coordinating team
  • MAG BPF co-facilitators
    • Ms Hariniombonana Andriamampionona
    • Ms Carina Birarda
    • Ms Josephine Miliza
  • BPF Lead experts and co-facilitators
    • Mr Bart Hogeveen
    • Mr Klee Aiken
    • Ms Sheetal Kumar
  • Consultant IGF Secretariat
    • Mr Wim Degezelle

 

Participate

Join the BPF Cybersecurity mailing list (subscribe here) and the BPF calls (details below).  The BPF welcomes community volunteers to help with the collection of information, analysis and drafting. Contact  [email protected] if interested in joining the work .

 

 Learn more about the 2022 BPF Cybersecurity at www.intgovforum.org/en/content/bpf-cybersecurity-2022

 

Related BPF work on cyber norms agreements

 

 

 

Paragraph