IGF 2017 - Day 3 - Room XXIV - OF69 A Global Agenda On Cyber Capacity Building: Outcome Gccs2017

 

The following are the outputs of the real-time captioning taken during the Twelfth Annual Meeting of the Internet Governance Forum (IGF) in Geneva, Switzerland, from 17 to 21 December 2017. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 

***

 

>> MODERATOR: Ladies and gentlemen.  Good afternoon.  I'm the deputy head of the Global Forum on Cyber Expertise.  Welcome to "A Global Agenda on Cyber Capacity Building: outcome GCCS2017.”

Before I will introduce the panel, we will present you with a short introductory video of the GFCE and the Global Agenda process.

>> Digitalization is transforming the world at a rapid pace.  We cope with these ongoing changes and challenges by building our cyber capacities.  The Global Forum on Cyber Expertise collaborates Cyber Capacity Building initiatives.  Consisting from countries, international organizations and private companies.  The GFCE works pragmatic and action oriented.  GFCE members aim to identify successful policies, practices, and ideas.  In doing so, they work together with partners from NGOs the tech community, and academic institutions.  This way best practices and expertise in Cyber Capacity Building are exchanged and multiplied to strengthen cyber capacity on a global level.  The GFCE community continues to find smarter ways to work together, build new partnerships, establish best practices, and provide assistance at the national ask global level.  To achieve this the GFCE community is developing a Global Agenda for Cyber Capacity Building.  It has a shared set of principles and prioritized Cyber Capacity Building topics.  The agenda serves as a guide for the GFCE and beyond to strengthen international cooperation and create a common global focus.  Through identifying existing gaps in knowledge, technology, and expertise, the Global Agenda matches stakeholders' needs to available resources.  Putting principles into practice.

I am accompanied at the table from your right to left by Vladimir Radunovic, the director of e-diplomacy and cybersecurity education and training programs of the DIplo Foundation. 

Lea Kaspar, the Executive Director of Global Partners Digital.

Next to her is Robert Collett.  He's a diplomat of the Foreign and Commonwealth Office of the UK.  Head of International Cybersecurity Policies at the Ministry of the Foreign Affairs of the Netherlands.

Then I have on my right, Paul Nicholas, Senior Director of Global Security Strategy and Diplomacy of Microsoft.  David Duren, head of the GFCE Secretariat.

Arnold van Rhijn, Senior Policy Advisory at the Ministry of Economic Affairs and Climate Policy of the Netherlands.

The panel members will now elaborate on different aspects of the Global Agenda and next steps in their respective fields.

Depending on time, we will take questions from the audience and online.  After the deliberations of the panel members.  So David, may I ask you to take the floor?

>> DAVID DUREN: Thank you.  Ladies and gentlemen, welcome.  As head of the GFCE Secretariat, I would like to welcome you.  I think the next hour we will discuss the latest developments within the Global Forum on Cyber Expertise and in particular the GFCE Global Agenda for Cyber Capacity Building and the GFCE global best practices that were discussed at the GFCE in 2017, like one month ago.

I would like to take this moment to look back on the development of the GFCE.  We are here.  The GFCE was launched about two and a half years ago.  And also to look a little bit forward with you.

Looking back on the development of the GFCE so far, I think the foundation of the GFCE was already laid down in 2013.  Cyber Capacity Building for the first time was put as a key priority on the political agenda.  This was the first time at a high level raised awareness for this important topic of Cyber Capacity Building.

And then at the global conference of cyberspace 2015, the GFCE community developed a structure building on this, and the structure was the GFCE.

The GFCE was the main deliverable of the GCCS in 2015.  To characterize the GFCE for people here who are not a member, I think it's an informal, neutral, and action-oriented platform.  And its members and partners aim to exchange best practices, knowledge, and expertise of Cyber Capacity Building.

The main focus in 2015 and 2016 was to establish a trusted network within the GFCE where members know each other personally, can find each other and can reach out for collaboration.

And that takes time to establish a network.  We've grown from 42 members when we started in 2015, countries international organizations and private companies.

In a steady pace, about 10 members a year, towards 65 members today.

And also we increased the amount of initiatives within the GFCE.  Now we have 17 initiatives.  And in the end it's our aim to cover the most relevant cyber topics for Cyber Capacity Building.

And I think that in my opinion at least, that the participation and international collaboration among GFCE members within initiatives is the core of how the GFCE works.

We installed an advisory board to include academia, Civil Society and the tech community to the core activities of the GFCE.  I remember two years ago at the IGF when we had a workshop on the GFCE, explaining what it was.  We were just launched, that this was one of the questions.

Like how is Civil Society, the tech community, how are they involved in the GFCE.  This is one of the elements we took up.

And in 2017, the focus of the GFCE on the development of Global Agenda for Cyber Capacity Building.  And those global best practices.

This Global Agenda is an instrument.  And I think for the GFCE, it's not a goal in itself.  By this agenda, we will strengthen international cooperation, because we have a common focus.

Also, I hope we are able to make more efficient use of available resources by reducing overlapping global activities.  Because there's a lot going on around.

The fifth global conference on cyberspace in India provided great momentum to give a political impulse to the importance of Cyber Capacity Building and to reaffirm the position of the governance as a global platform for Cyber Capacity Building.  The Global Agenda was shared in 2015 with a wider community by means of the deli communicate.

You can find this document on the GFCE website.  The structural priorities of the Global Agenda represented.

The GFCE 2017 I think marks the transition to the next phase of the GFCE.  A shift in focus from awareness to implementation.

For the next half a year, the GFCE community will develop an action plan as part of this Global Agenda.  And this action plan gives answer regarding the question what will the GFCE community do to implement the important topics that are highlighted in this agenda.  And for 2019, I hope we can take stock on the progress of the implementation of the Global Agenda.  Showing results.  Making a real difference.  I think that's what the GFCE is about.

Maybe in the next meeting at the IGF, we can say something about the outcome.  That would be nice.  Thank you.

>> MODERATOR: David Duren can I ask you in your capacity as Co-chair to elaborate.

(No audible dialogue).

>> Good afternoon.  Thank you Mario and thank you David for introducing the topic of this afternoon already in such an excellent manner.  Thank you for joining us.  Some of you were in New Delhi where we together launched the communique, David already referred to, that will help us, that will guide us when implementing the agenda.

And I would just like to briefly add to David's excellent introduction by going a bit more into detail about the agenda and our plans over the next half year.

Indeed, let me first underscore that indeed the GFCE has developed over the last two and a half years into a repository and a place, vibrant place to exchange ideas.  And I definitely hope that we will continue to be as enthusiastic as we have been until now as a community.  And I'm very confident that we will do.

I think the success of the launch of our communique in New Delhi, forms an excellent basis to take the next step.

The GFCE is not only a coordination mechanism.  I think it has the potential to become a clearing-house where members are actively sharing ideas and good practices, and together, conceiving new strategies for capacity building worldwide.  And then subsequently undertake steps, take initiatives to implement those projects and host projects in their respective countries.

It's a very collaborative effort at GFCE.  It really depends on the efforts of every member of its community.  And that's definitely I think the strength and added value of the GFCE.

After the launch of the GFCE in 2015, we sense that in order to enhance capacity building worldwide and to ensure that all countries and all stakeholders can reap the benefits of the Internet, it is important that we define a Global Agenda.  A Global Agenda on capacity building that will guide our work.

This year -- sorry, to be honest, in 2016, with that goal in mind, we presented a road map for the GFCE on the development of such a global capacity agenda.  During the GFCE annual meeting in May this year, we gathered input from the GFCE community and incorporated this input in the agenda.

So that's just active input from all the stakeholders, from private sector, participants from academia, tech community, international organizations.

That's the result of the input found its way into the agenda, which we have de facto endorsed over the last month.

The five things that define the work in the agenda, defined in the agenda as focal points for our work are cybersecurity policy and strategy, which includes the assessment of current national practices, threats and vulnerabilities.  And the development and implementation of a comprehensive national security strategy.

That's one of the pillars of work.  To help members to design a comprehensive cybersecurity strategy and policy.

The next focus of work on the agenda is to ensure that every country puts in place the right adequate incident management and infrastructure protection.  For example, developing national incident response systems to prevent, detect, deter, respond to and recover from cyber incidents.

Subsequently, the next pillar of work on the agenda rotates around the combating cybercrime.  It's about the enactment, enforcement of comprehensive sets of laws, guidelines, policies and programs relating to cybercrime in line with existing international standards.

And the last pillar of our work identified in the agenda is about cybersecurity culture and skills.  Meaning the promotion of comprehensive awareness across government and private sector and empowering the population with knowledge, skills and in the sense of shared responsibility in order to ensure safe practice and inform behavior in use of ICTs.  These themes together provide all stakeholders in the field with a comprehensive network, framework in which to develop cyber capacities.  At the same time it gives focus to the capacity building initiatives of the GFCE.

In order to implement the agenda worldwide, GFCE members and partners who set up GFCE initiatives have defined good practices over the last year, since 2015.

And this inventory of good practices, which are available on the website of the GFCE and accessible to everyone, help countries potential -- I think the capacity to help countries to learn from each other and not to reinvent the wheel.  To look to how others have taken up capacity building efforts in different chapters of our work.

So I would like to invite you to consult the website and the catalog of good practices there.  Because it definitely is a very hands-on and accessible resource of knowledge.

As has already been mentioned by David, our meeting in New Delhi gave us the opportunity to draw up together, as GFCE community, a communique that will help us to steer our work on the agenda in the coming years.

This communique also gives us a framework based on the principles and themes of the Global Agenda.  Principles such as the applicability of international law and agreed voluntary norms and confidence building measures were highlighted as parameters for our work within the GFCE community.

Moreover, shared international commitments on Human Rights, decent work and gender equality were highlighted as being guiding principles for capacity building in the framework of GFCE.

And with over 60 members of the GFCE community present in New Delhi, representing, if you calculate, roughly 66% of the world's population, the presentation of the Delhi communique has been a milestone in aligning our joint capacity building effort in cyberspace.  And it will enable us to take new steps towards strengthening our coordinated -- one of our goals to increase cyber capacities worldwide.  And in doing so, ensure that we provide for synergy and coherence in our work.  Because we want to spread our effort and our investments as effectively as possible.

The only way to do so is by engaging in a constant coordination effort to ensure that we definitely strengthen each other's efforts.  So what are we going to do next year?  2018 will be just as important for worldwide capacity building in our view as 2017 has been.

Next year we will start to work on the implementation of the Global Agenda on capacity building.  We will try to work hard and our aim is to deliver during the GFCE annual meeting in the late spring of 2018, an action plan, a detailed action plan defining the next steps for the implementation of the agendas.

Evidently the GFCE community is invited to be involved actively in the integration of this action plan.  We will ensure that there are ample possibilities for you to provide input in the action plan.  I would like to invite all of you today, the panelists and all of you in the room to contribute to the discussion.  To start the discussion on the action plan here and now.

Because we are definitely very interested in hearing you views on where we should go next.  Thank you very much.

>> MODERATOR: (?)

>> So you heard quite much about GFCE, but you might have the same question I had when I joined the advisory board at the beginning of the GFCE existence is what do we actually do?

It took me some time to see there is a lot of work, which actually exists within the GFCE as an umbrella.  And one of the probably breaking points was the mandate within the GFCE to produce global good practices.

And we have different foundation.  We have sort of a partnership with the GFC to help shaping the good global practice of the GFCE.  What does that mean?  It means actually looking into what is very practical that was done by the GFCE initiative members that anyone can implement or join.

That was when I must say, my eyes were also additionally opened to what GFC has to offer.

Imagine the world with all the insecurities of the new products and systems, where systems are actually set based on the highest possible standards to avoid vulnerabilities.  Is that possible?  Probably if you do have someone who actually tells you what are your website, your e-mail or whatever is up to certain standards, which are agreed.

Imagine one of the initiatives within the GFCE, Internet infrastructure and standards, actually provides not only an idea of how the multi-stakeholder manner, different partners on a national level can agree to implement certain standards.  It also offers a website with a tool, very simple one, where you can test your own e-mail and websites based on the standards.

I must say, and we've seen that, that the GFCE website, imagine that, who fulfills all the standards.  The flaw is like 90%.  We're working on that.  I encourage you to look at the same tool and test yourself.

I'll tell you where you can find all of that.  So that's one thing.

Then as we said, the system is full of vulnerabilities, and there are many companies and technical community which is working on finding these vulnerabilities.  Mainly trying to put them in their own (?).  There is no system which connects the dots and takes a look comprehensively at the health status of the network.  Saying these are the gaps, this is what these gaps are doing to mitigated gaps.  This is what you can do as well.  This is the progress.

And let alone, actually shaping all these technical information in a form that policymakers can understand.  To be able to create a situational awareness or better policies and so on.  Again, GFCE has an initiative which is called Cyber Green which has working with different technical community partners around the world to have the data of the network.  But also presenting the findings to the policymakers in quite a comprehensive language.  So there is something that you can also benefit or simply sort of copy the idea or join them in the efforts.

Then imagine the world in which we could possibly have law enforcement agencies fully skilled with combating cybercrime.  Then it's possible a lot of efforts.

There are a lot of problems when it comes to commitments of governments, resources and so on.  So within GFCE there is an initiative IC plus, driven by the council here.  And they have a couple of good practices and two are very specific.  One is that in order to make a country committed to due capacity building of law enforcement in cybercrime, you have to actually ask the government to approach you and say we need help.

And that means that if they're doing that, they need to form a competent and powerful national team to deal with that.

And then once you start building capacities in certain country, you can actually use that country as a regional hub.

And just assist them to assist other countries.  Bearing in mind all the political sensitivities in the regions and so on.  With GFCE and other partners.  That's an interesting approach.  But it's an interesting, very practical practice that the GFC can offer.  So take a look at that one.

And then from a national level, if you want to start working on policies, strategies, operational mechanisms, one thing you need to do is to see what existing capacities you actually have in the country.  That's probably the smart way to start.

That's where GFCE can also assist.  There's an initiative which deals with maturity models.  Particularly with the Oxford Center, which offers a model for assessing the maturity of capacities in the country.  You can get the full assessment and know where to start from.  It's also quite a practical example.

A couple more practical examples that you can imagine.  Some of those, imagine that you have certs which know how to communicate, how to work, know how to -- even act as intermediaries in conveying the knowledge about vulnerabilities.  You have a hackers which do a bit of trying here and there finding vulnerabilities.  And some which are actually ethical hackers.  But when they have to submit a vulnerability to the company, the company may be putting a charge to them, because they're messing up their system.

You need an intermediary that can normalize one person and help another and extend this relation and then a policy framework on a national level.

How do you do that?  How do you create environment in which certs can do that and which the ethical hackers can feel comfortable to do that, to have the whole environment more secure.

Then full set of things about confidence building measures and others.  This is just a snapshot of some of the very practical global good practices we manage in cooperation with initiatives.  With some of those.  Some are still new and don't have practices we can say are global and good yet.

That we compile in a report.  The report is big.  About 60 pages.  The point is you don't have to go through all of them.  You can simply pick those that target your stakeholder group or your area of interest.  Capacity building, cybercrime incident response, assessment and so on.  And to help that, we tried to make a visualization where you can easily, like in a game, pick a stakeholder illustration and then pick a topic which you wish and line directly to the global good practice of your interest.

I invite you to visit the GFCE website.  It's quite clear.  I don't think you'll get lost.  Go to the global good practices and find what is of your interest and see how you can benefit from GFCE.  I'm sure you can.  Whatever stakeholder you are.  And how you might possibly join the efforts that GFCE already does within existing initiatives or maybe a future one.  I think I'll shut up now.

>> Thank you.  Paul, as a representative of the GFCE private sector, to share your view?

>> PAUL: First of all, thank you very much to the Dutch government.  I think a vision and leadership that you have demonstrated with the creation of GFCE and your commitment to it is just astounding.

It's easy to talk about capacity building.  It is in fact very hard to do it.

My team at Microsoft or the years, we have developed papers and synthesized best practices that we've either had internally or from others and tried to deliver them in workshops, we've partnered in the past with people like the organization of American states.

And that's really exciting and terrific, but we always sort of felt like we're still a technology company and if people look at it as oh, that's a Microsoft perspective.  I think what's so exciting about the GFCE is it gives us a platform for people to share things that come in a way that is politically neutral and technology neutral.

I think that is tremendously exciting.  The other thing I think is really exciting is sometimes people come into capacity building thinking it's about sharing what you know.

And I would just like to say, it's about learning from others.  Because when you work with countries who are trying to implement a critical infrastructure protection strategy, you find out that they have unique risks and then unique functions and unique challenges that maybe you haven't seen.  And what you come away from that is as valuable as what you're able to share.  I'm super excited about the agenda in the GFCE has put together.

Helping countries with standards and security baseline or critical infrastructure or cybercrime or national strategies.  That they actually have a framework that puts these assets and investments together.  Is so, so very important.  We live in a challenging world, and I think the GFCE is just a very important thing.  I'm super excited for Microsoft to continue with the commitment as we move forward with the new agenda.  And really look forward to doing more work.  Thank you.

>> Thank you.  Looking forward to working with Microsoft on this.  Robert, could you please elaborate on how to further the process of the Global Agenda from your perspective?

>> ROBERT COLLETT: Easy one.

(Laughter)

Can I say a bit more about what we're doing, or what the room is doing.

I think sometimes when we talk about capacity building and the processes, it sounds quite high level.  Whereas what I do every day is talk to governments, (?) in the room, which is great, and implementing partners who are out in offices around the world helping each other in multi-stakeholder ways to make the Internet a little bit more secure every day.

I don't think those projects get enough attention.  I'm just going to talk about a couple of them, which shows to me what capacity building is all about.

When the WannaCry attack occurred, it was really important to our ministers, people going to our hospitals at life and death situations occurring because of this attack.

And they wanted to know how does capacity building help with that.  I was quite pleased to say it really does.

We had a partner in India who had a honey pot, which was monitoring the Internet in realtime.  They picked up the incidents immediately and they were able to talk to the local state government and law enforcement and to us and say this is what we're detecting and this is the information we can share.

We then had a phone call from the OAS saying you've helped us set up the search America network, joining up with Latin America.  They want to have a conference Monday.  Can you dial in so we can share cert to cert information.  To speed up our response.  Afterwards, we have a project in the international association of prosecutors who are now training prosecutors around the world in how you prosecute ransomware.

So from one end to the other.  I would say to our ministers, capacity building does practical things which helps the wider international community.  But also helps the UK, because we share the same vulnerabilities as they do.  Then another example if I may, in Delhi, India hosted an event with the commonwealth from government, Civil Society, private sector, were able to come together and talk about how they could build on the Global Agenda and talk about how they could build on the ideas which were coming up in the commonwealth.  Those ideas will be taken forth to the commonwealth heads of government meeting in April.  Even sooner than that, our implementing partners are setting up projects which respond to the needs identified in that working group.  For me it's a practical thing that happens day to day.

And we think it's brilliant.  Finding a forum which can take those thousands of projects, group them into five different themes, and now to answer the question finally, what do we do next.  I think for us it's about having communities.  There are already communities, but structuring the communities that already exist around those five themes.  There can be other communities throughout the structures, but this is one format in which they can meet.

And using those groups to say, what is the extent of the problem, how do we measure the problem, how do we then identify what needs to be done in a very practical way.  This year, next year.  And getting together the groups of people who want to work together to find those solutions.

And I know that work is being done already.  But having these themes agreed in a nonpolitical, nontechnology way, helps us put behind the initiatives.  It's people in this room and other rooms like this, which are going to make that happen.  The UK government is completely committed to it.  It's great to know there are people from all of the other communities who find this usable too and want to put their weight behind it.  Thank you to the Dutch government and all those in the room.

It's really a partnership that equals, and I can see everyone pulling their weight in different ways.  I'm proud of what we've achieved and what everyone in this room has achieved.  So thank you.

>> MODERATOR: Thank you Robert.  As the (?) Co-chair, can you please elaborates from the Global Agenda process?

>> Thank you and good afternoon.  Here I'm speaking, my capacity as Co-chair of the GFCE advisory board.  Before I kind of give you a bit of what advisory board is what we do and what we'll do next.  I was inspired by something that Rob just said.  The partnership of equals.

But as a lot of you will know, when it comes to cybersecurity, even though we like to say that, if you want to paraphrase, all stakeholders are equal, but some stakeholders are more equal than others.  Coming from a Civil Society perspective, that might seem more relevant than to others.  And I'm saying that specifically because when the GFCE was first launched in 2015, there was criticism from the community of it's not involving -- we weren't able to join as a member of the GFCE if you were a Civil Society organization.

And this is still the case, however GFCE has progressed.  I think part of the process that was establishing the advisory board, which I'm co-chair of.  Now you can join as a partner.  I think there's also been an evolution in the governance model of the GFCE.

I'm going to come back to where I see the value of the GFCEs for nongovernmental stakeholder holders.  That's important for those of you in the room who might not be able to join as members.

The advisory board is in our 18th month more or less.  So in place for a year and a half.  Similar to the GFCE itself, we have experienced some growing pains, if I could put it like that.  Vladimir is a fellow member.

Just to give you an idea that some of the deficiencies perhaps of the model are a reflection of the fact we're all learning together how some of these things work.

Over the past year, year and a half, I think we've asked the GFCE itself -- we've done quite a lot and the advisory board has provided number on the global forum on cyber expertise including road map and strategy.  And then finally most recently, we provide an input into the Delhi communique and the global agendas that were just described.

In terms of what we're going to do next, we have another six months to go in kind of our first two years term.  We will be supporting the members in the development of the action plans to implement the Global Agenda, which we very much are looking forward to.

And I think as part of that, and this is where I would like to mention where the value lies, especially from the Civil Society perspective.  All engaging in the GFCE.

If you read the Delhi communique, I know many of you have.  But what it states is, some of the underpinning principles that should guide Cyber Capacity Building.  One of those principles among others is the inclusive partnerships and the importance of it involving different stakeholders in the process of Cyber Capacity Building.

I think that's a real asset and something that as nongovernmental stakeholders, we value to have these commitments, because then we can say hey government, you said you were going to do this in an inclusive and multi-stakeholder way.  So when there's something in line of accountability, this is important.

Just one example of how the GFCE has contributed to that in practice.  I think over the last year and a half what the GFCE has created is really a hub that facilitates exchange of ideas between different stakeholders.

For instance, my organization, global partners, has had the opportunity through the GFCE to work and engage with the OAS, and this has led to a partnership through which we have then supported the OAS initiatives in developing national cybersecurity strategies and bringing nongovernmental stakeholders to that process at the national level.

I'm not saying the GFCE is the only reason that happened.  I think a lot of this has to do with the OAS itself and the good work they're doing.  Had it not been for that hub and exchange I don't think it would have happened to that extent.  Now having a case study of doing that in Mexico and developing national security strategy in Chile and they're looking to do that next in Argentina.  That's a great example of some of the potential and value the GFCE can produce going forward.  As the advisory board, that we're excited to be part of.

Last but not least.  Just to note that the new call for members of the advisory board is going to be launched shortly.  I think it will be GFCE Secretariat.  I invite anyone interested to apply.

>> MODERATOR: Thank you.  Last but not least.

>> Thank you very much, chairwoman.  I'll keep it relatively short because there's lots of ingredients in my intervention has been said already.  And we mentioned -- I can't resist mentioning this great example again.  No, later on.

Let me first stress that where would we be online if there were no standards?  Can you imagine very dangerous environment where there's a lack of justified trust.  So we owe a lot of thanks to those people working very hard on those open standards.

Those from the (?) organizations.  ETF, IEEE, ISAW, and you can go on.

You don't see those people working very hard.  It's far beyond our sight.  But we owe them a lot, because that's why we jumped in as a government to support this initiative.

Initiative, which is part of the 17 initiatives of the GFCE.  It's all about Internet infrastructure initiative.

And from the implementation of open standards, security standards like (?) 56, like HTTPS, and so forth, justifies trust in e-mail connections.  And achieve local awareness and accessible events.  Building a global good practices.

So thinking globally, but acting locally.

And talking about a good practice.  You mentioned it, but I will say it again, you can write it down.  Internet.nl.  Very interesting and useful tool to test, for example whether the Internet connections of your organization or government is secure enough.

Whether they apply ICTP6 standards.  So it's in English available.  You can apply it anywhere in the world and it has been done a lot.  You can even enter the whole thing.

To keep it short, what's next now?  Because it's all about implementation, and we have to go out and interview.  We had to go out to the local places.

Whenever in the world.  So we and the GFCE and the tech community and our government, the Netherlands Ministry of Economic Affairs have set up a plan to roll out workshops in the coming years.  We'll start in 2018.  And we will work in the tech community and local authorities to exchange views of best practices and to set up the plan and to stress the importance of implementing open standards.

So hopefully this will spread out throughout the world, we hope it's successful.  I'm very positive that it will be.  Then we can expand it.  Our government is more than happy to support this also financially.  The participants are those who are working already with the Internet and who will bring this further.  We will then of course seek this cooperation and we're looking forward to a concrete action plan in this respect.  Thank you.

>> On behalf of seven Internet organizations on the Netherlands I hosted a section cooperating (?) one of the things came out, perhaps not totally mentioned by your esteemed panel is that how cross pollination between existing organizations really take place.  Because here within the ICF there are several recommendations coming out that come up with best practices.  You are developing best practices also and disseminating within your own communities.

But what would be the extra benefit if you bring two communities together.  For example, at the GFCE a half year later, the IGF happens in 2018, bring your best practices to the IGF.  That needs to be organized and there will be a role for who institutes the whole content of the -- meet and disseminate their ideas to others.  And here just now I ran in here from the best practice forum of cybersecurity and the whole concept of protecting the inner core of the Internet was put on the table there, coming fresh from Delhi, and as one of the potential things to discuss with the best practice forum on cybersecurity.  So how can we assist each other in reaching out and making people better.  Perhaps that is one of the topics actually discussed this year and will definitely be in my report that I'm writing very soon.  And that I hope (?) more about.  So thank you for that.

>> MODERATOR: Thank you.  David, would you like to react on that?

>> DAVID DUREN: Yes.  I think the GFCE is a network of networks.  And what we do -- one example that we started in 2015 is with the Oxford Cyber Capacity Building Center, which is a portal to see what's around there.  Around the world in Cyber Capacity Building initiatives.

To know what is around there, and also to analyze what are needs around the world.  But maybe also -- to get on overview.

And also to see what are initiatives that could be of use for the GFCE and to approach.  I think the GFCE is an open forum.

We're looking for best practices.  And then we try to set up some sort of cooperation.  It can be like a membership, a partnership.  And if needed, we will seek for another way to connect relevant parties.

One example, and this initiative right now, a community already for ten years in CRIP.  The meridian conference like the IGF conference once a year.  They have a steering committee and there were a lot of countries in the steering committee, and a few of them or a lot of them are also member of the GFCE.  Then said OK, we will not reinvent the wheel.  Your community has the knowledge on the critical infrastructure protections.  So they started initiative and it helped the GFCE community to bring in this knowledge about CIIP and experts and tell them.  Because they are once a year, they have a conference, and in between nothing happen.  And they want to have real implementation.  And on this initiative, also during the year (?).  So it's a win-win situation.

Sort of things I'm looking for, and within IGF you have the best practice forum.

And we're looking for best practices within the GFCE.

I hope we can find a way to really connect this in a smart way.

>> MODERATOR: Thank you.

>> Thank you.  Just to follow up on that, on the personal (?) I'm a member of the multi-stakeholder advisory group of the IGF and we are as a mag, working very hard to get more international organization relevant international organizations, to come to the IGF.  So glad to see the GFCE joins the IGF and that we are building a stronger cooperation, whether it is through the best practice forum on cybersecurity or having a booth or a forum like this one.  I think this is a clear example of how it should work as a response to your request to work a bit on that.

Hopefully this will be followed up by many more.  The GFCE, an example of an organization or institute that is here, available for questions and to build a better relationship.  Thank you.

>> MODERATOR: Which leaves us with about five minutes.  We can take questions from the audience.  If you have any questions, please step forward.

>> Thank you, Catherine from the government of Kenya.  I've been very pleased to attend the IGF each time because I can see some topics like cybersecurity are coming up, and that's good.  But one of the things that came up, especially today in some of the sessions I attended is in this very broad program, there are different choices being made by policymakers and by technical people depending on the title.  Today I attended a technical session on IPV6 just because a colleague asked me to support them.

While I was there, I heard something which has actually influenced me to edit policy, which were developing in Kenya.

So in the multi-stakeholder approach, what can we do to bring policymakers and very technical people together to converse in such a way that they understand each other and they begin to understand the effects of either their technical choices or their policy drafting.

Because I think, especially for us in Developing Countries, this is very useful.  Because we do draft policies and sometimes we don't have the full understanding of a certain technology, and this influences the way we make policy.  Maybe we create gaps in the policy.

>> MODERATOR: Thank you.  Anyone from the panel?

>> Thank you so much for raising that issue.  If anything, I'd like to say that in cybersecurity there's a lot of talk, well, here at the IGF there's a lot of talk about multi-stakeholders and when it comes to implementation we're still quite thin in the field of cybersecurity, especially at the international level.

One of the ways the GFCE can play a role in this is to build on the repository of good practices that we can look at at the national level.  There are some -- at least that I know of.  I'm sure there are more as well that we can gather and build upon that would be certainly relevant for Developing Countries.

The couple examples that I'm familiar with in mostly in Latin America.  But I know that Kenya has a constitutional provision for very strong consulting processes, locally as well.  I think that's really offered a good opportunity and already there's the (?) model as well.  So there is a basis to build on that locally.

I think there are best practices in other countries that can then be merged and brought in countries like Kenya and bring people together around the same table on issues related to cybersecurity that can beneficial for all stakeholders.

>> MODERATOR: Thank you.  Paul?

>> It was a terrific question.  We have to do more to get technology people and policy people in the same room.  One of the exciting opportunities with GFCE is that operational exchange.  When a policy maker gets to see what happened, how their policy (?) in operation.  What's on paper actually solidifies and understands.  I think the more we can try to bridge that gap, the better we're going to be at operational risk management.  But it's a great thing and something we should pursue.

>> In India, the view on the panel, and I was listening to you, and now we (?) I think this is -- the answer to your question is this meeting, and it is the GFCE.

The mend of the GFCE should be able to say this is the issue I want help with or I want to be in a community of people discussing.  Can you please organize something which serves my needs either to contribute or to learn from.

So without committing to anything, I think the answer would be something like a workshop in Kenya bringing together people from government, industry, Civil Society, academia, to discuss the questions which are most on your mind.

And the GFCE community can play a role in helping bring the right people to that event.  And helping with logistics or funding for travel.  And if it's not helping you answer that question, then the GFCE isn't working.  I think the fact we're having this conversation, you can say what you're interested in and the GFCE can bring together that community's hope.  So it is working and should be able to work.

And I think you'll see a lot more of those meetings happening during the next year.  And I think having defined themes helps to structure those requests.  You can say which themes they fall under, and that helps get the right communities to come together.

>> MODERATOR: Thank you.  We have one minute left.  Last comment.

>> Thank you.  Great point, and now I'm thinking about the models within the GFCE and from the hat of the advisory board.  Our role is in a way to bring more technical community, Civil Society and so on.  So two options.  One is there's an annual meeting of the GFCE every year.  GFCE 2.  And there's a bunch of events there.  And there we can probably put more efforts to bring other stakeholders into discussions.  When it comes to continuous processary intercession, as we like to call it, usually the advisory board brings inputs from Civil Society tech community, but not about the challenges of nations on a local level. 

That might be an idea that the advisory board has more role even when the government like yours, has an issue that you need more consultations with technical community.  We help with that.  Finding technical communities from other countries that can help you.  And if the technical committee Civil Society need a government, GFCE helps that.  Not only within the scope of what GFCE works on initiatives but other needs related to that.  Maybe that's an idea for us to consider.  Thank you.

>> MODERATOR: The final, final word for carmine.  I just wanted to briefly just add one element into discussion about how we can ensure we complement each other and that all these different capacity building initiatives are combined or complementary and synergy is assured.  I wanted to add that apart from the fact that the GFCE is a network of networks, and I think that helps to position the GFCE as a pivotal place and role in ensuring this coordination.  I would like to point out the fact that among the members of the GFCE, there are not only countries and private actors, but also international organizations and worldwide membership.  But also regional organizations like the organization of American states.  The African union.

So that helps also to ensure that there is more coordination and cooperation within these different regions of the world.  And the GFCE played a very useful role there with OAS, et cetera.  Also helps to bring some order and coherence.  In this field.  Hopefully that adds to the big goal of helping all.  Thank you.

>> MODERATOR: This will conclude our session.  Thank you and appreciation for my panel.  Thank you audience.  Contact details are on the screen to continue the conversation.  Heap to see you soon.  Thank you.

(Applause)

(Session ended at 5:17 p.m.)