IGF 2018 WS #101 Cybercrime, cyberattack, cyberwar: from buzzwords to clarity


Organizer 1: John Hering, Microsoft
Organizer 2: Kaja Ciglic, Microsoft

Speaker 1: Lucy Purdon, Civil Society, Western European and Others Group (WEOG)
Speaker 2: Elina Noor, Civil Society, Asia-Pacific Group
Speaker 3: Max Smeets, Civil Society, Western European and Others Group (WEOG)


Lea Kaspar, Global Partners Digital

Online Moderator

Daniela Schnidrig, Global Partners Digital


John Hering


Panel - 90 Min


The speakers have been chosen based on their expertise with regards to offensive cyber capabilities and developments in cyberwarfare, as well as for their engagement with civil society. The moderator will ensure that each is given the space and time to share their perspective through opening statements and scripted questions. All the speakers will be initially given 5 minutes to share their experience and perspective about the developing nature of cyber threats and cyberwarfare, and the importance of promoting resiliency, to familiarize workshop participants with key concepts and state of affairs. The moderator will work to ensure that the workshop facilitates authentic engagement with participants following the panel’s remarks.


This workshop aims to gather a variety of stakeholders to raise awareness of the importance of the multistakeholder dialogue and engagement on issues surrounding cyberwarfare that often are reserved to states and large private companies. To this end, we will seek to ensure that civil society is represented, as is academia and industry, as well as participants that bring different government perspectives to the table. Gender balance has been encouraged through speaker choices and each speaker will bring unique expertise and experience to the topics discussed.

Issues to be discussed: Today’s cyber threat landscape is characterized by a broad spectrum of malicious activities employed by many different actors – including criminal groups, civil-disobedience hackers, and state-sponsored cyberwarfare units – using different methodologies. As we seek to promote a free and secure internet, with clearly-defined norms for behavior and informed security policies, it is important to understand these respective activities, why they are employed, and how organizations should understand the associated risk and response options. It is not enough to simply pursue security, leaders around the world need to be engaged in the strategic planning that comes alongside cyber resiliency. This means understanding the nature of threats online, becoming familiar with risk levels, and preparing for how to persist before, during and after an incident occurs. Agenda: The session will open with a moderated panel discussion that will explain the key concepts for understanding the cyber threat landscape and the capabilities of advanced nation states developing offensive cyberweapons. This is critical for establishing well-informed policies, as well as for preparing resilience strategies for any organization. (30 min) Panelists will be asked to provide an overview of: The state of affairs with regard to the cyber threat landscape, including where and how attacks originate; whether from states, criminal groups, or third parties. In particular shedding light on which states are leading the way in this space. The spectrum of malicious cyber activities, differentiating what constitutes a “cyber-attack,” in terms of international law, from other actions online and the associated responses. The impact and cost of cyberattacks to organizations and regions. Including the attacks on SWIFT, Maersk, WannaCry, the attack on South Korean banks and others, and how they are linked to the resources dedicated to cyberwarfare by nation states. Distinguish between the secure/unsecure concept of “security” versus the broader range of postures inherent in “cyber resiliency” as well as the intersection between cyber resiliency and civil society Following the initial statements and responses from the panel, participants will be encouraged to engage in an interactive discussion that focuses on the following (50 min): Who are the actors responsible for malicious activities online, and to what extent are threats from those groups likely to grow? What are the distinguishing characteristics of different malicious cyber activities, and how great can their impact be? What would help stem the escalation of state-sponsored cyberweapon development? Innovative ideas and probing questions about how civil society can engage with resiliency efforts. The moderator will have 10 minutes to sum-up discussion and close the session.

The panelists selected have experience as practitioners and academics preparing for and navigating the consequences of cyber incidents. Following the panel’s initial statements and responses, the moderator will facilitate discussion with workshop participants and ask probing questions to stir the thinking of those in attendance. To facilitate an engaging discussion, the following will be ensured: - Reading materials on cyberattacks and cyber resiliency will be provided for participants ahead of time, and handouts will be available at the outset of the session that provide additional information to contextualize the discussion for those attending. - An online discussion will be moderated by the organizers in the weeks before the event to stimulate interest and solicit questions and input of particular interest - While the workshop will be in English, PowerPoint slides summarizing positions and insights of panelists will be projected to support the engagement of those for whom English is not native. - The moderator selected will be an expert not only in the topic, but well versed in leading multi-stakeholder discussions and will actively encourage participation from the audience. He or she will work closely with the online moderator to ensure those audiences are equally brought into the debate.

Recent years have witnessed an abundance of new high-water marks for malicious activities online and made common parlance of new language to describe these activities, including cybercrime, cyber-attack, cyberespionage, hacking, cyberwarfare… the list goes on. However, what is often unclear are the boundaries of these terms, the actors associated with them, and how they should be conceptualized by those working in civil society. This workshop and its panel will break-down the nature of online threats for participants and explore what is known and unknown about the escalating nature and scale of state-sponsored offensive capabilities in cyberspace. It will also discuss the concept of cyber resiliency in the context of a modern threat landscape and how it intersects with the work of civil society.

Online Participation

Online moderator will work closely with the on-site moderator to prepare the session ahead of time, ensuring that they are aware of the questions and the topic areas that will be raised in the room. The online moderator will also facilitate discussion ahead of the event, requesting questions and driving engagement and interest in the session on social media platforms, such as Twitter and LinkedIn, as well as on the websites of the co-organizers. During the session itself, the moderator will facilitate the discussion online, highlighting the key points raised, as well as responding to questions received online and ensuring that they are raised in the room. Online attendees will have a separate queue and microphone, which will rotate equally with the mics in the room. Following the session, the speakers will all be available for a moderated Q&A on Twitter.