IGF 2017 - Day 3 - Room XXVII - WS182 What Are Future Scenarios for the Global Cooperation in Cybersecurity Field?

 

The following are the outputs of the real-time captioning taken during the Twelfth Annual Meeting of the Internet Governance Forum (IGF) in Geneva, Switzerland, from 17 to 21 December 2017. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 

***

 

In addition, we have really competent speakers who will cover the question of cybersecurity and precisely the title of future scenarios for global cooperation in cybersecurity.  Very well.  We'll go immediately into discussion in the following order, and I will introduce now first speakers.  We have ambassador Frank, head of the division of security policy, federal department of foreign affairs Switzerland. 

Next to me is Catherine Ge it, ao, ICT secretary for ministry of information and communication and technology of Kenya, 20162017. 

Unfortunately, Elina couldn't sit at the table.  She's over there.  She's the director of foreign policy and security studies, institute of strategic and international studies of Malaysia. 

Next to Elina is Alexander Klimburg, cybersecurity expert and head of global commission on stability of cyber space.  And next to me is basically Sario Contreras, who is cybersecurity program manager of organization of American states. 

I will conclude this discussion with introducing professor Adrien Perrig and he will kick off the discussion with one question which amazed me when I met him for the first time 3 or 4 years ago.  He's the professor of the ETH in Zurich and the conceptualizer of the system which has been developed for the last seven years.  He will give us more information on that. 

But basically a system that addresses quite a few cybersecurity challenges.  And Adrien was kind enough to join us from Zurich today to give us technological perspective and compliment our policy discussion when indication if we can have technological solutions for cybersecurity problems and issues. 

And when I met Adrien, three years ago, four, I gave a usual spiel that internet is so robust that basically nobody can sublet the internet communication.  And his reaction was that's a bit ideal of you.  There's a kill switch on the internet.  And that's a great discussion with Adrien if you can share the explanation you gave me about kill switch and the major risks that exist for the internet and how society or any other system can address it.

Kill switches are essentially ways to turn off the internet or a subset of the internet.  So for instance in a city or a country.  And we've actually already seen examples of these kill switches happening in reality where part of the internet becomes unavailable.  Unfortunately, it is easy to trigger such kill switches externally so an external entity can cut off the internet in some regions. 

A terrorist attack can be used to cutoff some of the links that lead into an area.  So researchers have shown that you can actually overload the links that go into a country or region in a way that region essentially cutoff from the rest of the internet. 

Another way is to use this little bit of technical term called a high Jacking attack, so using the routing protocols the internet is using in order to redirect traffic.  We've seen this often in reality there's in a lot of misconfigurations that can often times lead to this kind of outages.  For instance, this summer there was a mistake by Google a network administrator at Google made a mistake and half the internet in Japan was unavailable for 40 minutes.  So that shows the power of these type of kill switches as taken to occur on today's internet.

However, what is offered is to limit the scope of certificates.  So within an area, an area can define which certificates they want to mainly trust.  And in a way that no external certificate can then take over or be used to create attacks on entities inside that domain.  So it scopes the trust very cleanly and makes the internet very transparent.  So which roots of trust are used in which areas and essentially brings transparency and security as an effect.

This started as a research prototype, but recently we've implemented this to a point where it is usual and within Switzerland already we have some banks that use it for production traffic, so it is use in production networks. 

So it gets to the point where it becomes usable today.  It's quite easy to set up and connect to other entities.  We're getting to the point where we have some countries that tell us they're interested in deploying this infrastructure in their country to achieve these type of benefits from a security perspective mainly.

We'll move to the next presenter, ambassador Frank who will give us the survey, what are the new formats and societies?  And then we will be diving into chosing focus later. 

First of all, we're in a situation where cybersecurity gains importance and at the same time we do not have buddy at the moment, which is something unprecedented where we can discuss cybersecurity issues apart from conferences like the IGF

So this leaves us with the question of where should we discuss these issues?  At the moment and when we look at UN general assembly, what we did in October, it was putting the issue of cybersecurity just into the IGF of 2018 and 19.  That's what we did. 

What are the formats?  Maybe we should have another UN GGE.  That's a proven form at.  We know what they get.  And they've produced valuable reports in 2013 and 15.  Critics would say you haven't agreed on the report this year, so what would change in a year or two years time?  And GGE is not really a form at.  It's 25 experts and it's not an inclusive form at.  So it has some disadvantages. 

Another option would be to have just an expert committee which is also created under the UN general assembly.  Such a committee could have as a mandate for example to look at the implementation of the UN GGE reports and make recommendations how this implementation by member states can be improved.  It could be a body that is based on 20, 25 experts.  Could either by selected by secretary general or by being elected by the general assembly. 

Another option would be and that's what the chase 77 has suggested would be the creation of an open‑ended working group.  Has the advantage that of course every member state but also other stakeholders could take part in the discussions on cybersecurity.  Has a certain disadvantage that of course then you have 193, 94 UN member states sitting at the table with also different stakeholders that might be difficult to find area of common agreement. 

And you would need to make sure the experts sit at the table, and not just the interns at the missions in Geneva or New York. 

Then another option available would be the send cybersecurity issue to the conference on disarmament and have it discussed here in Geneva.  That's also a very good option for a Swiss dip lament.  And of course there's more exclusivity at 65 member states.  And we have being here in Geneva, we have already a lot of cyber knowledge.  We have many many diplomatic missions here which is good from a practical point of view.  A task of course the disadvantage that it's just governmentry presented tips and the CD has not been very successful in adopting a work program for quite sometime.  So that's the disadvantage. 

You could this morning of creating a special UN party for cybersecurity along the lines of what exists with the peaceful unity of outer space.  You could have the comity of peace use for cyber space where you can associate apart from governmental ‑‑ other stakeholders on a consensus basis and is ‑‑ which is an advantage on technical issues, such as this one. 

But of course setting up such a new body is an ambitious project. 

And then we have heard in some of the panels that the UN secretariat as well would like to strengthen its cyber capacities and capabilities and of course there you could nominate a special representative for cybersecurity for the UN secretary of general or you could have something that exists in the disarmament area that's an advisory board on ICT security.  So it exists already an advisory board on disarmament matters which make recommendations to the secretary general.  So you could also think of having something like that at the UN. 

So several options.  All have advantages and disadvantages and it will probably depend very much on demand you would like to give to such a body which will then define what exact formt you would like to choose.  One thing from the Swiss point of view that is clear, cybersecurity is a global issue, global concern.  Many states and stakeholders want to have a say and we think such discussions have to take place at the UN.

For instance, this architecture we're working on can be seen like penicillin.  You had back material infections.  Penicillin was invented, and a lot of problems went away.  And similarly, technical solutions can help to resolve a lot of issues that then become non‑issues and then we can make much more progress with the remaining issues.

It's a reoccurring discussion on internet governance if we need policy processes to meet the new challenges.  And outside of internet governance, we have of course we in the global commission and stability for cyber space, we concentrate more on the UN first committee processes, the group of governmental experts.  And the UN GGE has not been particularly known for innovation or evolution.  GGE has helped to expand stakeholder engagement across many different dimensions. 

It also points to whatever comes next, as was pointed out previously.  Whatever comes next, after the GGE, be that new form at on its own or standing side by side.  Expand and multi‑stakeholder engagement is going to be key. 

We look back at the 2013 UN GGE report, one of the most important things about that report is it empowered regional organizations, OSE to develop not only norms but confidence building measures.  CBMs are a very important tool in international security.  Those are the technical fixes that are there to help alleviate tensions between states. 

The most famous example is a hot line between Washington DC and Moscow that was invented during the cold war.  And indeed the 2013 GGE report kicked loose a very wide debate within the OCE as well as other organizations to help develop ‑‑

But in the 2015 report was also well‑known.  It went out with very suggestions on norms.  They went off and had for instance that states should not sneer with the critical intersection of other states in peacetime or states should not attack computer emergency response teams.  And that is what the 2015 report is mostly known for.  But there's an overlooked part.  While states have a primary responsibility for maintaining a secure and ‑‑ would benefit from identifying mechanisms for the participation as appropriate of the private sector academia and civil society organizations. 

So the 2015 report also openly acknowledges when it needs to wring non‑stakeholders into the discussion.  This is one of the mandates as a global commission.  GCSE is a ‑‑ would just build around a host of thought leaders from the wider cyber ecosystem.  So Joseph and I want to describe this ecosystem as being effectively a regime complex. 

Many institutions working together on different pects of the problem, but more often working alone to solve their own individual problems.  Sometimes they work side by side and sometimes on top of each other.  Therefore, that are the issues we seek to address.  Namely, sometimes we have norm collision. 

One example, what I said beforehand about hot line communication.  Hot line communication is a great topic.  Everybody want a hot line.  The European union has a hot line.  Russia, the United States, the meridian group has a hot line.  The international watch and warning has a hot line.  All of these exist side by side.  Which are you going to use in a crisis? 

The original was called INOCDBA.  You might know it because it gave birth to something called Skype.  This is effectively what most people will use if something really burns down.  But we do have a lot of different CBMs out the that will purport to do the same thing.  That the a good thing.  It's better to have more lines of communication than too few.  We don't want to have working across purposes. 

This is what we mean by norm.  Collision.  And this is one reason why the GCSC in particular aims to subscribe a informal coherence and not try to ascribe norm conversions, one single solution, one single idea that will solve all of them.  We don't think that will really work.  We think there's a lot of work happening in many different communities and be aware of the work in those communities. 

It's going to have to understand the complexity of the issue alone and not go for begun single one shot solution.  I think that answers part of your question. 

Have you started conducting technical stress test?  What is the interaction with technical community and how does it function and what could be a possible input of community like Idrene's community on cybersecurity? 

This is not a complete novel invention.  The idea of protecting a public core or what has been defined as a public core or critical internet infrastructure has come up again and again.  And I believe you've spoken about similar issues in the past.  It's not a complete novel idea.  We were able to draw on research that was previously done.  As part of our process, we have a research advisory group that I would encourage all of you to be involved in, which has helped deliver not only a host of the commission papers that we'll be putting up on the website, but will also help supply us with liberations that were done in previous years.  Effectively, those papers include a stress test ‑‑ a part of our commission includes people ‑‑ a lot of people have deep technical backwards and teams to support them.  Within the relative working groups that were run within our commission, they were able to go into much more detail than is currently in our very short norm. 

Bill woodcock ran a group that looked at critical infrastructure and how we would rank certain parts of the infrastructure as particularly critical and less critical. 

But more importantly, to answer further questions is what the community can do here.  And that is take the norm, which is a very very small paragraph and interpret it for your means.  Tell us what you think it means.  Because it will mean one thing in the GGE environment and it will mean something else perhaps in the cyber crime environment.  We just had a meeting that was an interesting discussion that also connects to the wider discussion about core internet values.  And we think there's a possibility here to commute for instance the call to protective public core of internet into actual global principle. 

So those are the aspect that we hope to address in dealing with this community.  We both want to advocate our norm and more importantly want to get ‑‑ on how to develop further. 

The question is not so much ‑‑ my point doesn't have as many holes as a whole new layer of security problems that were not addressed and not with DNS.  That's nature of security, you close one door and open another.  BGP, I'm not so familiar with that many holes.  There's process problems, as there are with public key infrastructure. 

So I think it helps address a number of issues without doing, in our point of view, the most grievance thing, which is to have the fallacy of inventing something completely new, which surpasses everything else and introduces a whole new host of problems we haven't thought about before. 

The only thing we know about working with the internet, there are two issues that will come up again and again.  There are going to be security holes that are not to be considered.  People focused on rooting have a hard time understanding the human dimension.  If you look at for instance the roots on roll over procedures, for instance, there are things addressed there that work perfectly from one security standpoint and fail dismally at another security standpoint. 

So we will always be opening up new doors when we close one door, and I think it's important therefore that the system remains resilient and that means there are different formats in play and not a single form at. 

I'm very interested to hear about your work.  It sounds like a VPN overlay.  That sounds interesting. 

We move to our next speaker who will answer the question, 2016‑2017, what is the inability to adopt the consensus report mean for international cybersecurity?  Simple question. 

And then the other two things I wanted to say as an introduction, cybersecurity is not just about the absence of conflict and crimism it's also about this focal existence and the reduction of ‑‑

And thirdly that governments are a very important part of the cybersecurity agenda because of their mandate, structures and resources. 

And of course they are also the issue of what somebody called earlier today fractured mandate because there are so many things about the internet and about this common resource that crossed borders and therefore we not only need individual governance to take part in the agenda, we also need forums where many governments come together to come up with a common policy.  And yes it needs technical support. 

But in UN GGE, we had many delegations had technical experts who were assisting them. 

We also had diplomats.  We had lawyers because there's a legal component.  There's a diplomatic component.  There's an organizational component and everyone needs to participate. 

What was some of the negative impacts of the break of the GGE?  For less powerful countries, we became increasing the answer because at least for us, the UN GGE was to better understand the international agenda and the postures of the most powerful actors.  We know who they are so I don't have to give them names.  I think there's also an increased possibility of divergence in state and regional cybersecurity agendas. 

The five sections of the UN GGE really helped to us come together and see what is important for all of us.  But when it's not there, each of us may choose for ourselves what our priorities are and what we're going to work on?  Another one, I expect I don't want to draw a dooms day scenario.  I don't think something so serious, I don't think there's an increase of texts from space.  I expect there will be increases from social ‑‑ and the aggressive ‑‑ related research and development in an increasing proportion of countries.  Because we are being set free to do what we like for some time. 

We are going to take advantage of that.  Some other impacts which I can't say whether they are positive or negative, but I believe one of the things at least I've seen IGF, we have quite a few topics on cybersecurity and I think Alex has just walked up.  But there's GCS, GFC, forums which are emerging in existing a new arenas.  And I think the developing countries and civil society are becoming increasingly vocal in the field of cybersecurity.  So this is giving them space. 

I think they're also emerging power shifts regarding who is the driver of the global cybersecurity as a result of maybe government taking our time out. 

And that this timeout should also give time to states to implement their 2013 and 2015 reports as well as other persuasive ideas which didn't make it into the report.  But we had them, we discussed them, and some of them are going to emerge in other documents, either at the level of individual countries or at the regional level because they percolated into the regional dialogue. 

You are concerned that possible anarchy in the system could damage the weakest part of it.  And growing awareness in developing countries in Africa and other developing countries, the cybersecurity is becoming essential development issues.  Those are a few takeaways from your excellent survey. 

Now we have a question of a potential anarchy, and I can see the few colleagues who are students of international relations I'm sure there will be inspiration for article or master appears that this is on this issue.  Elina, you will address the applicability of international law in cybersecurity.  Do we need more rules?  Is there anarchy or to what extent it exists?  Do we have a risk of a cyber anarchy or is it just perceived? 

I think there's been a lot of lamentation about the so‑called failure of the most recent GGE process, and I think some of that is ‑‑ a lot of that is unfair because if you go back to the 2015 GGE and the consensus document that was put out, it offered a lot of clarity on the applicability of international law.  And that, to my understanding, came at great concessions and compromised throughout the negotiation process on arriving at that conclusion. 

What is now debated is the applicability of the specifics of international law, and there are particularly troubling aspects of international law applying particularly to the less developed, less powerful countries. 

So for example you have contention on whether article 51 of the UN chart, the right to self‑defense, should apply, and how it should apply, if it should at all.  For example, some countries, the more powerful countries, for example, have argued that there should be almost strict liability type application of international law. 

And article 51 specifically so that if a third country is ‑‑ has an attack rooted through it, then it should be responsible, reliable for that attack being rooted through its systems and infrastructure.  Not all country that might play that role of the third country have the capability of even be aware of an attack being rooted through its infrastructure.  So there's concern about the technical aspects and also there's concern that there will be a politicization of interpretation of international law. 

And we've seen this time and time again in other domains in the more traditional domains, the use of preventive self‑defense for example which is contentious and international law, the use of preemptive self‑defense, how international law is going to be interpreted is a connect for concern of developing countries.  Also the fact that there are different priorities in the developing world.  So in my region, for example, southeast Asia, there is concern about content, about the information that is in cyber space, and how that might undermine political stability. 

In the past, I think what we've heard from more developed countries is that this is a freedom of expression issue.  And certainly it is, but it goes to a deeper sense of security and stability among the political elite because the idea that content can be manipulated, can be turned into misinformation or disinformation affects not only the regime stability of a country, but also affect the economic opportunities provided by cyber space for these developing countries.  So the idea of priorities and how international law might apply to these different priorities of developing countries is certainly in the forefront of regions like mine. 

Finally, I think what we'll see is that there will be a call for greater charity for the specific applicability of certain provisions of international law, particularly in the recourse to measures by states affected by cyber attacks.  But there will also I think be greater prominence on the issue of content or information security. 

How content may or may not be manipulated, what recourses are available to countries.  We're starting to see that play out now in countries like the U.S.  but this is always again been a concern for developing countries and it will be interesting for us to see how international law may or may not play a part on the issue of content in particular.  I'll just stop there.

The internet or cybersecurity is more than just Europe and North America.  If you want just to deal this, let's use ‑‑ and define this among yourself.  But we need to start that, if we really want to discuss about the free open and secure internet, the internet, if you want to believe that it's help everyone, okay, let's bring everyone to the discussion, of course. 

The member states that were participating at the GGE process, they really wanted to have an outcome and they really can upset them about what happened.  And one of the initiatives actually that were taken at the regional level was established a working group on cooperation and confidence with measures that was ‑‑ and the general assembly of the OES and the recent ‑‑ 

The first meeting is going to happen at the end of February, which all of us member states are going to start discussing a proposed document of CBNs that will be applicable to the   system.  What the member states are working on that will basically try to harmonize access to CBMs and another regions.  Basically to avoid remaining the will. 

The beauty of the inter American process, which is the oldest of the world, is that it's a very inclusive process.  All members are able to participate.  They open the door to all states, you name it.  Of course civil society, a private sector that are participating ‑‑ to participate. 

Again, the free about the free open and security net is other than the CBMs.  And we always ask ourselves and our governments if there is enough regional awareness and if not, if there isn't ‑‑ enough readiness to face cybersecurity threats.  Because we sometimes go to a member state and there is not even a basic literally cybersecurity awareness campaign.  They are giving access to the internet but not communicating how to make use of the ICTs. 

There is not even law enforcement or forensic unit that can handle cybersecurity incidents or crimes.  They are not serving place. 

It's very nice to hear about hot lines, but there are countries that they don't even know what is critical infrastructure that they don't have the fine to critical infrastructure that they need to bottle inside to give resources either to a hospital or cybersecurity. 

So before going to more in‑depth countries, there are more fundamental issues that needs to be discussed.  There are basic issues that needs to be discussed from the organization perspective, we are making a lot of bring to war with our member states.  Fortunately, our region in socioeconomic development process of growth.  We are working, promoting national strategies.  We are working, making sure that there is certain level of easier response.  ‑‑ 34 member states and out of those 21, there is still a gap. 

We are providing training for law enforcement and information sharing.  There is more need.  And I am just I think 5 or 6 ‑‑ five countries have our administration campaigns in place.  So we actually actively trying to bring all member states to political consensus.  So there are sometimes resolutions and declarations that are adopted I think the American system.  These working that was established for example was a political decision.  At the same time, member states have give us the mandate to provide capacity building and assistance in order to foster that free open and secure cyber space. 

Because without the proper tools, without the proper capacities in country, they will not be able to maintain proper changes to make sure and to warranty this cyber space to American cities. 

We started with Adrien with the kill switch and the infrastructure issues.  Then Frank gave us the survey of the menu of different options.  Then we have Alex input on the global commission.  And in particular interesting question of stress test which we should develop further about infrastructure because that could be one of the key issues.  Catherine giving us what the the life of the UN GGE. 

Then the next to speak has told us that there is quite an interesting life on regional level and there are some things that we can do in disposing the UN GGE dynamics.  And then we had Elina bringing international legal perspective states responsibility which is completely unclear and completely in the issue of the great controversies.  And then bringing Bellasario highlighted the need for capacity development, inclusive approach, and that's more or less what is the sort of zoom out here of our discussions so far. 

Now we will hear from our online participants who is a specialist for international relations.  And I was noticing when she was giving the indications about the risk of anarchy, that you got interesting.  Your dynamics was in your eyes.

Then another set of questions and comments focused on the remaining inequalities and the lack of capacities that we're still facing and it's specifically related to the UN GGE.  And here the comment and question was, the GGE has had over ‑‑ had 25 countries in the last year but in total over 35 countries have participated in the previous years.  Ten or more of those are developing countries.  Developed countries had big multi‑stakeholder litigations developing only a personal two.  To get other countries on board, we need more capacities of developing countries to level the playing field. 

And then the last set of questions and comments focused on the lack of coordination.  And here, the ideals that all countries have basic implemented measures that have a good rise to follow.  There's a lack of voluntarily accepted base line.  There are many agreements but still have countries that are not aligned.  Also, the response capabilities are not equal in these conditions. 

And then Gina Chark mentioned, the question remains, how do we get to this idea of coordination?  Capacity building?  New initiatives.

However, there is a lot of research on usability and security that has come up in the last decade to the point where also we're bringing in, designing technical solutions in a way that we are aware of the people behind and trying to create systems that are very easy to use and also tolerant and opposed to error. 

More recently, we started hooking at protocol verifications.  And a team has been modelling the whole system, including the people using it and creating automated systems to verify the whole system, including the humans.  So being able to show security of systems, even if the people make mistakes, if they lose their password or whatever happens, to ensure that the remaining system is actually secure. 

So even when you create your system that verifies humans, which humans?  Yeah.  And I think I heard a case of a tank that was created by the army of some powerful country and they guaranteed that it could not be overturned under any circumstance.  They brought it to Kenya and I think it took us only three days to overturn it. 

And they sent a very big delegation because they could not understand what happened.  So obviously their big data was not big enough. 

So I think the problem of inequality with a light touch is a problem for all of us.  Because if there are some people are excluded, then you cannot say you are cyber secure because for example in Kenya, we have just brought 1,000,006‑year‑olds into the digital conversation.  I have no idea what kind of cyber criminals will emerge in ten years ‑‑ or even maybe much sooner than that as a result of that intervention. 

And if we just create a world view which consists of I think Bellasario called it Europe and North America, you know, you won't have the whole picture.  So I think inequality is not just a matter of being nice and making sure everybody is not around the table.  I think it's a real issue of trying to get the complete picture so that we can really build robust products and services that take into account all human beings and what they're capable of as well as what they need.

For example, these technologies for offenses being doubled up could translate into scenarios where not only international offenses are done, but inter corporate cybersecurity offenses could become the norm.  And so rather than take a bleak picture and react offensively, is it possible that certain policies could be developed with a certain degree of goodness in spite of the provocations? 

I will bring another question and then pass the floor to panelists to comment further.  Peter.

And in the meantime, it just occurred to me that WSIS process itself created action laws and action laws C5 has nomated as action life facilitator on cybersecurity issues.  So I'm really perplexed that all of a sudden, this idea comes up to create something new whereas we do have existing mechanisms and the previous working group has already identified a lot of mechanisms which exist within the U.S. system which are dealing with issues including cyber security and of course it identifies gaps. 

But these gaps should be looked into.  So the real solution to me would be to make a big study of what should be expeneded and in case we find out we don't have anything, we can create something new.  So what is your view? 

Frank, would you like to start? 

So it is only one aspect of cybersecurity and I'm not ‑‑ of course the must be places in the UN system where cybersecurity is discussed more from the internet use of terrorists, for example ‑‑ we didn't try to address these.  We said there are other fora which deal with those and it's really a state behavior which can have athet to international peace and security.  But I'm sure we had certain overlaps. 

I agree that before you create something new, you better look what the out there and say, okay, what the thing that we have that also served a purpose. 

In terms of response, again, we have these platform for all the national certs.  It's called Americas.  We're trying to promote information sharing at the technical level.  Right now, we have 15 certs over there.  Actually, we're giving the lead technologies on incidents and we're trying to make sure that they share more information at a political level.  Actually, there is ‑‑ well, this working group was established.  We are working informally or sufficiently with all states, making sure that they change practices.  With inter pole, we also work very closely to capacity building projects or to trainings, make sure that there is a constant exchange of information and ‑‑ 

But this is still very difficult to have a constant and formal process for communication and information sharing.  If like everyone I think would like to have that sold very quickly and very easy, but both of the national level at the regional level, and at the international level is very difficult.  You will say that there are ‑‑ many photos would say they're doing great because we have the photo of the X, Y and Z and we have X number of certs and law enforcement or X number of crime sectors.

The reality is we participate in all of them and one thing is one thing and the other is a reality.

That's common problem even in the most advanced cybersecurity region or Latin America.  Concluding comment on any of these issues?  Quick one.  We are testing patience of our audience.  They are already ten‑minute over.

Second, there's a lack of expertise to address these questions.  So if there's any offer of coordination, capacity building in that area, I think that is very much warranted and needed in southeast Asia.  Thank you.

And so with the benefit of hindsight, we're able to use the last 30 years of research to really create something new that is fundamentally more secure and side steps a lot of these issues.  I'm hoping that people will look at our sound system and hopefully you'll see this is like penicillin that can actually kill the pugs and fundamentally change.