Session
The session will build on the preparatory session. The inputs from the preparatory session will help to map the cyber security situation based on how the community perceives and prioritizes threats, identifies measures and instruments, which stakeholders presently address these issues, identify which are threats that possibly have no measures or instruments, what needs to be done, etc.
It will then highlight the main trends and use cases from select communities and then it will be followed by an open discussion where speakers would share their take on the main trends, highlight the different approaches, share what measures are required, discuss what can be the role of different stakeholders and what can be the role of IGF. Lastly there would be an audience interaction followed by summarization of the session.
Policy Questions
- What are the Cybersecurity practices and mechanisms
- How to ensure a safe digital space
- What are the International standards available
- What should be the roles and responsibilities in protecting against cyber-attacks
- What should be the framework of International rules and state accountability
- Private sector accountability
Session Agenda
Initial Opening - 5 mins
Summary of preparatory session - 10 mins
This will include mapping the inputs from the preparatory session to share a map of the cyber security situation. This includes how the community perceives and prioritizes threats, identify measures and instruments and stakeholders that presently address some of these issues, which are the threats which possibly have no measures or instruments, what needs to be done
Main trends - 10 mins
Use cases - 10 mins
Open discussion:
1) Youth organisation that works on these issues
2) Journalist/ tech who discovered a breach
Open discussion - 35 mins
Speakers would share their take on the main trends, highlight the different approaches, share what measures are required, discuss what can be the role of different stakeholders and what can be the role of IGF.
Audience interaction - 20 mins
Summarising the key takeaway - 5 mins
Plan for participant engagement/interaction:
Chat, Questions, perhaps using Menti.com
Onsite moderator: Chris Dispain
Online moderator 1: Amrita Choudhury
Online moderator 2: Lucien Castex
Rapporteur 1: Julien Rossi
Rapporteur 2: Hariniombonana Andriamampionona
Speaker 1: Sheetal Kumar, Global Partners Digital
Speaker 2: Henri Verdier, French Ambassador, TBC
Speaker 3: Josephine Ballon, Hate Aid
Speaker 4: Rasha Abdul Rahim, Director Amnesty Tech
Speaker 5: Bart Groothuis, Rapporteur NIS2, TBC
Speaker 6: Anastasiya Kazakova, Senior Public Affairs Manager
Speaker 7: Latha Reddy, Co-Chair of the Global Commission on the Stability of Cyberspace
Speaker 8: Dr. Katherine Getao
Speaker 9: Liesyl Franz, U.S. State Department
Speaker 10: Craig Jones, Cybercrime Director, Interpol
Report
Key messages from the session
Cybersecurity norms must be implemented. This must be done in a way that follows the lines of multi-stakeholder involvement, and in a way that protects the decentralised model that has ensured several decades of innovation on the Internet. Cybersecurity norms must be implemented and translated into Security by Design. In Europe, several initiatives, including NIS 2, aim at reaching this goal.
There is agreement between participants that CERTs and law enforcement authorities must improve cooperation, which should not be limited to information sharing. It should also include capacity building and joint operations. This must be done in a way that respects human rights. Therefore, new agreements should focus on cooperation, not on shifting definitions that may criminalise the exercise of fundamental rights like freedom of expression. Targeted surveillance of activists and politicians, including heads of state, should be addressed. They constitute a fundamental threat to global security.
With regards to effective implementation of cybersecurity norms, participants insisted on the need to improve mechanisms for responsibility, liability and attribution. There should be a focus on who benefits from cybercrime, including online hate and including the growing number of ransomware attacks which have targeted hospitals during the Covid crisis. States should take responsibility for cybercrime originating from their territory, even when victims are abroad. The IGF was mentioned by several participants as an appropriate forum to engage with all stakeholders, including lawmakers. Young people and people from developing countries must be represented, as they are a critical part of regulating the online space so that it works for them.
Agreement should be reached on investing in cybersecurity research, including in agreeing on a framework for responsible vulnerability disclosure. Some participants discussed the topic of zero-day hoarding and the necessity to regulate zero-day disclosures, enhance transparency on this topic, and implement export controls on surveillance tools in line with the Wassemaar Agreement.
Funding is another topic that was mentioned. This topic is especially sensitive for developing countries where governments may not have the resources to commit sufficient resources to combat cybercrime.
Finally, the matter of support provided to victims was raised by several participants.
Calls to action:
- Improve work on responsibility, liability and attribution and provide support for victims in the shaping of cybersecurity norms in a way that respects human rights
- Ensure effective implementation of cybersecurity norms through Security by Design, achieved through cooperation and multi-stakeholder dialogue, in line with the core basic principles such as openness and decentralisation that have made the success of the Internet