Time
    Friday, 10th December, 2021 (08:30 UTC) - Friday, 10th December, 2021 (10:00 UTC)
    Room
    Plenary Room
    About this Session
    Onsite moderator: Chris Dispain, Online moderator: Amrita Choudhury & Lucien Castex

     

    The session will build on the preparatory session. The inputs from the preparatory session will help to map the cyber security situation based on how the community perceives and prioritizes threats, identifies measures and instruments, which stakeholders presently address these issues, identify which are threats that possibly have no measures or instruments, what needs to be done, etc.

    It will then highlight the main trends and use cases from select communities and then it will be followed by an open discussion where speakers would share their take on the main trends, highlight the different approaches, share what measures are required, discuss what can be the role of different stakeholders and what can be the role of IGF. Lastly there would be an audience interaction followed by summarization of the session.

    Policy Questions

    • What are the Cybersecurity practices and mechanisms
    • How to ensure a safe digital space
    • What are the International standards available
    • What should be the roles and responsibilities in protecting against cyber-attacks
    • What should be the framework of International rules and state accountability
    • Private sector accountability

    Session Agenda

    Initial Opening - 5 mins

    Summary of preparatory session - 10 mins

    This will include mapping the inputs from the preparatory session to share a map of the cyber security situation. This includes how the community perceives and prioritizes threats, identify measures and instruments and stakeholders that presently address some of these issues, which are the threats which possibly have no measures or instruments, what needs to be done

    Main trends - 10 mins

    Use cases - 10 mins

    Open discussion:

    1) Youth organisation that works on these issues

    2) Journalist/ tech who discovered a breach

    Open discussion - 35 mins

    Speakers would share their take on the main trends, highlight the different approaches, share what measures are required, discuss what can be the role of different stakeholders and what can be the role of IGF.

    Audience interaction - 20 mins

    Summarising the key takeaway - 5 mins

     

    Plan for participant engagement/interaction:

    Chat, Questions, perhaps using Menti.com
     

    Onsite moderator: Chris Dispain
    Online moderator 1: Amrita Choudhury
    Online moderator 2: Lucien Castex
    Rapporteur 1: Julien Rossi
    Rapporteur 2: Hariniombonana Andriamampionona
    Speaker 1: Sheetal Kumar, Global Partners Digital
    Speaker 2: Henri Verdier, French Ambassador, TBC
    Speaker 3: Josephine Ballon, Hate Aid
    Speaker 4: Rasha Abdul Rahim, Director Amnesty Tech
    Speaker 5: Bart Groothuis, Rapporteur NIS2, TBC
    Speaker 6Anastasiya Kazakova, Senior Public Affairs Manager
    Speaker 7Latha Reddy, Co-Chair of the Global Commission on the Stability of Cyberspace
    Speaker 8: Dr. Katherine Getao
    Speaker 9: Liesyl Franz, U.S. State Department
    Speaker 10: Craig Jones, Cybercrime Director, Interpol

    Session Report (* deadline Monday 20 December) - click on the ? symbol for instructions

     

    Key messages from the session

    Cybersecurity norms must be implemented. This must be done in a way that follows the lines of multi-stakeholder involvement, and in a way that protects the decentralised model that has ensured several decades of innovation on the Internet. Cybersecurity norms must be implemented and translated into Security by Design. In Europe, several initiatives, including NIS 2, aim at reaching this goal.

    There is agreement between participants that CERTs and law enforcement authorities must improve cooperation, which should not be limited to information sharing. It should also include capacity building and joint operations. This must be done in a way that respects human rights. Therefore, new agreements should focus on cooperation, not on shifting definitions that may criminalise the exercise of fundamental rights like freedom of expression. Targeted surveillance of activists and politicians, including heads of state, should be addressed. They constitute a fundamental threat to global security.

    With regards to effective implementation of cybersecurity norms, participants insisted on the need to improve mechanisms for responsibility, liability and attribution. There should be a focus on who benefits from cybercrime, including online hate and including the growing number of ransomware attacks which have targeted hospitals during the Covid crisis. States should take responsibility for cybercrime originating from their territory, even when victims are abroad. The IGF was mentioned by several participants as an appropriate forum to engage with all stakeholders, including lawmakers. Young people and people from developing countries must be represented, as they are a critical part of regulating the online space so that it works for them.

    Agreement should be reached on investing in cybersecurity research, including in agreeing on a framework for responsible vulnerability disclosure. Some participants discussed the topic of zero-day hoarding and the necessity to regulate zero-day disclosures, enhance transparency on this topic, and implement export controls on surveillance tools in line with the Wassemaar Agreement.

    Funding is another topic that was mentioned. This topic is especially sensitive for developing countries where governments may not have the resources to commit sufficient resources to combat cybercrime.

    Finally, the matter of support provided to victims was raised by several participants.

    Calls to action:

    • Improve work on responsibility, liability and attribution and provide support for victims in the shaping of cybersecurity norms in a way that respects human rights
    • Ensure effective implementation of cybersecurity norms through Security by Design, achieved through cooperation and multi-stakeholder dialogue, in line with the core basic principles such as openness and decentralisation that have made the success of the Internet