IGF 2022 Day 3 WS #422 Toward a Resilient Internet: Cyber Diplomacy 2.0

The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.



>> MODERATOR: So let's start school.  My name is Rafael Evangelista, I'll be the moderator of this session.  I'm a professor at the University of Campinas and counselor member of CDGR in Brazil.  This workshop today has the title towards a resilient internet, cyber diplomacy 2.0.  Let me make a brief introduction.  As an environment full of uncertainties deepened but the permanent increase of malicious activities online, cyberspace demands its actors to develop resilience to ensure its integrity.  In the sense the internet challenges the role of the states.  Not only have the considerations of known state actors become relevant, but also geopolitical dynamics impact the digital world.

Many more holistic and long term and cooperative strategies from states.  In the same cyber diplomacy emerges as a valuable tool for open dialogue channels that enable transparent discussions with stakeholders.

However, it has become complex when several issues are still clearly undefined and relies on different interpretations of what proper online behavior would mean.  In this regard, we aim to shed light on cyber diplomacy departments from different national and regional perspective.  Focusing on public attribution, sanctions and active cyber defense.

Thus, we have a brilliant set of speakers for today's discussion, but, however, before presenting today's speakers, I would like to inform you, unfortunately, Ms. Livia Sobota will not join us today due to a conflicting agenda.  So the speakers of today's sections are here in ‑‑ at my left, Koichiro Komiyama has been a visiting at the global research institute since 2016.  And Director of the global coordination division at the coordination Center for ‑‑ of the Japanese computer emergency response team.  Which joined in 2007.  He has been working on cyber security, capacity building project for years, both in Africa and Asia.

After that, we'll have Alexandra Paulus, a national cyber security policy ‑‑ sorry, Brazilian is difficult for me, she holds a Ph.D. in political science from the University of Technology and is a known resident fellow with the European cyber conflict research initiative.

And after Alexandra, we will have Veni Markovski, he currently works at ICANN's ‑‑ as ICANN's Vice President, serve as the primary liaison to the United Nations.  Discussing internet policy with diplomats from every country, participating in major conferences and keeping ICANN community abreast of the United Nations role.

Okay.  So each speaker will have maybe up to 15 minutes to expose their initial thoughts.  Following we will have a short debate among the different perspective, raised but the speakers, and then we will be devoted to an open Q&A, so prepare your questions.

So let's start with Koichiro Komiyama, please.

>> KOICHIRO KOMIYAMA: Thank you so much for the kind introduction.  Good afternoon or good ‑‑ hello, good morning, wherever you are.  My name is Koichiro Komiyama, I'm the Director of Global coordination division to Japan computer emergency response team, and I'm also a part‑time scholar at the can you university.  So in short, I'm a cyber security practitioner/scholar in area of global governance.

And let me be clear, I'm not speaking for the government of Japan, and not representing our government.

I'd like to begin with it is important from my own experience, because perhaps tech community ‑‑ sometimes diplomatic negotiation will improve cyber security, sometimes even diplomates do not believe they can change the other state's behavior by negotiation.  I think it will take years.  The responsibility at jp search is to respond to cyber security.  Dating back to 2015, we have observed, responded very sophisticated state sponsored attack from our neighboring country, and that affect Japanese businesses, Japanese companies a lot.

On September that year ‑‑ September 2015, Chinese president visited the United States to have a U.S.‑China Summit.  Who remembered that Summit?  There, they hold the Summit and they agreed upon, among other important agenda, they agreed upon both U.S. and China will not conduct commercial cyber espionage, they prohibit the cyber spy, in other words.

Like any other agreement, I knew it wouldn't make any difference, at least to my own business., and I believe ‑‑ I saw the cyber-attack will continue, regardless of the agreement, regardless of the agreement.

But to my great surprise, the number of cyber-attacks dropped dramatically after this agreement.  And I have been with JP research for 15 years, and the December 2015, we really have no business ‑‑ we only have a few cyber security incidents that we should respond, or we should handle, and that was the most peaceful Christmas I have ever had in my, you know, career with JP Search.  From this experience, I realize the power of diplomacy, of political negotiation.  It is powerful enough to change the life, even outside of signing party, okay, the agreement prohibit the cyber spy to U.S. or to China.  And that agreement affects the cyber-attack to Japan, reduced the cyber-attack to Japan.

And its impact can be seen in a few months.  There are many other agreements, declaration, pact, I'm proud I contributed to some of those, you know, agreements to reduce cyber security incidents.

However, I still have to say none of those agreements has very little tangible effect when compared to this 2015 Obama and ‑‑ U.S. and China agreement cyber espionage.  It helped reduce cyber security incidents.  The bad news is, this agreement did not take effect for a year, next Christmas, I was very busy again, responding to cyber-attack to Japanese companies, but good news that at least for a few months, someone attacking Japanese company prohibit their activities.  Ceased their fire.  That's the power of diplomacy.

Now, my second point is, cyber diplomacy has been changed in last few years, I like to piggyback with the theme of this workshop, cyber diplomacy 2.0, the rule of the game has changed.  States have always sort of secured their national interests, using recognition of diplomatic, military, economic and informational means, and technology has transformed the instruments.  Cyber or internet is one of those.

Diplomacy, as I understand, is a mean to pursue national interests, that's my definition.  And the objective in cyber diplomacy has long been to ensure national security in cyberspace, that's for share.  Of course, there have been other agendas, like capacity building, human lights, free ‑‑ human rights and freedom of expression.  The central direction has been how to protect one's nation from incoming cyber-attack.

Some tried to apply existing retribution, developing different.  So I call this cyber diplomacy 1.0.  The main players in the game of 1.0 were military superpowers, namely U.S., China, Russia and a few others.

Within the government, this is under the control of foreign affair, defense, intelligence, intelligence agencies, they are discussing various international fora, U.N. process for sure, but other security organizations like NATO, OSC, Shanghai corporation and others.

This is how cyber diplomacy 1.0 was played.  We want to ‑‑ cyber diplomacy 2.0.

Over the past five years, cyber diplomacy has been transformed, suddenly we realize how variable it is, we realize that computer cannot function up in the air, and what we admired as cloud computing is someone else's computer.

So we must ensure that ‑‑ we must ensure what is the safest place we can store our valuable data?  In the game of cyber diplomacy 2.0, nations, not only looking for security, but they want those commodities in their own control, that's the game of 2.0.  To control more data, nations through data centers, they undersea some cable, attempt to store data at their own territorial ‑‑ their own server.  The plain players in this new game, big tech, in addition to, of course, states, and this is because big tech is in a position to directly control the ‑‑ everyone's data, was in the government ministry in charge of trade and military and the economy, they have been key in this negotiation, and there are many ongoing discussions in the trade  agreement, TPP ‑‑ not TPP, and others.

So this is cyber diplomacy 2.0, in my understanding.  And the point is, cyber diplomacy has been upgraded to the economic and trade issues, as well as security.  This upgrade structure confrontation has changed.  Previously it was a competition against western Democracy versus eastern autocracy or authoritarian states.

In 2.0, it is a competition for resources, that's why even between the United States and the EU, who shares most common values, are in this new game.  I'd like to finish my remark by where this game is going, or what I think where this game is going.

Only two countries on this planet are very well positioned in both games, in both games, diplomacy 1.0 and diplomacy 2.0.  Diplomacy 1.0 is a traditional competition.  Country was military power, have advantages.  Diplomacy 2.0, population matters, because human activity is the largest source of data.  Countries with largest population are the oil producing country in Middle East right now, so they should be, they must be very rich.

Because they possess very rare resources in their own land.  Countries with military capability and large population.

And only to my understanding, only two countries can, you know, put in these two different criteria, it is China and India.  Two countries will shape the future, everyone except China and India, we need to find a way to get along with them.  We need to talk to them.

Now, next year's IGF will be held in my country, Japan, sure, we have many participants from China and India, because it's accessible, so IGF 2023, Japan, you cannot miss it.  To find a way for your country, for your nation to survive in the game of cyber diplomacy 2.0.  Thank you very much.

>> RAFAEL EVANGELISTA: Let me hand over to Alexandra, please.

>> ALEXANDRA PAULUS: Thank you so much and huge thanks to the organizers of this session.

My name is Alexandra Paulus, sorry for making you try to pronounce the very Germany name of my organization, let's call it SNV.  We are based in Berlin and work on tech policy.  I am with them in the international cyber security policy team where I focus mostly on cyber diplomacy and issues of international cyber security policy.

And so what I would like to ‑‑ yeah, which idea I would like to throw around here and share with all of you, looking forward though discussion afterwards, first of all, focusing a little bit about the opportunities and limits of current cyber diplomacy instruments and the idea of cyber resilience diplomacy as a possible way forward to keep in mind with the theme of this workshop.

So first of all, which policy instruments do we have, we as states?  Do states have at their disposal to responding to cyber operations, of course they are not the only actors and most of these require close collaboration with nonstate actors like private companies, technical communities, civil society and academia.

So the first necessary condition for responding to cyber operation is to conduct and internal attribution, this can have technical, political and legal aspects.  This is the basis for all other action.  By the way, if you're interested in hearing more details about this, this is based on a study I noted here my colleague has published.

So then the first instrument, responding to information sharing.  This is our national parliament, which was turned into a Russian espionage operation in 2015.  We know that because we got help from our Dutch friends, because at the same time, certain Russian operatives were active and targeting organizations located in the Netherlands and Dutch intelligence shed information on what was happening there with German counterparts which allowed the German counterparts to conduct this attribution of what was going on.  This got a lot of media coverage, of course, because the perpetrators were targeting also the Office of Angela Merkle, and her MP's office.  Information sharing, instrument #1.

Instrument #2, public attribution.  The screens you see here is of the EU high representative statement who publicly attributed the attacks to the Russian GRU.  Make it public, name and shame, et cetera.

#3 is then diplomatic measures, this can be a wide range, like diplomacy contains the whole breadth of activities that the state can conduct to build and maintain relations.

And so this would often include things like company called the ambassador of another country supposedly behind a cyber operation.

But then recently, this year, I got an example that works well here, is a bit more illustrative, this is when Albania cut ties diplomatic ties with Iran over a cyber-attack.  Now, of course, this was not only due to a cyber operation, this was due to a larger conflict between the two countries, but what sparked it was a cyber operation on Albanian systems, none they attributed to Iran.  This is something states can do.

4th we see this a lot, the U.S. used this, using criminal indictments to respond to an operation publishing, criminal indictment and pressing charges against the perpetrators of cyber operation in the hope that this, at least in the long run, constrains their activities.

And then ‑‑ yeah, sorry, it's gone a little bit, now behind the other picture, is sanctions, you can see the screen shot of the EU sanctions that were passed in response to the operation of 2015.  Against an organization and certain ‑‑ yeah, affiliates, people off the GRU behind the operation.

This is really where the spectrum would end for most states, I would say, so sanctions are the sharpest ‑‑ the sharpest sword of cyber diplomacy.  In theory, there are other options like intelligence operations, this year a newspaper article reporting on a person that was affiliated ‑‑ allegedly affiliated with Isis that we believed to be killed in a U.S. strike conducted by the U.S. CIA.  This is coverage of the Israeli defense forces that responded to cyber operations conducted by Hamas attackers, Hamas operatives with an air strike on the building.  Military operations, of course, in theory also possible.  For most states these are probably not part of the spectrum, which is why I put them in a lighter shade of orange.  And keeping this in mind, this is the spectrum we have.

What can we see, what are current or maybe structural challenges of cyber diplomacy, and then in the second step, next slide, I will sort of draw my own conclusions of how to move this forward.

The first very general challenge, of course, for cyber diplomacy, where we try to apply the very established diplomatic instruments or activities like negotiating norms, doing ‑‑ building confidence building measures.  It's of course very tricky, we do have to dual use problem, it's ‑‑ dual use problem, it's not easy to classify certain pieces of hardware as civil or military in their use, it makes it very complicated to do confidence building measures in a meaningful.  The second, attribution challenge.  It started with internal attribution, many actors have become a lot better at this, as long as it remains elusive for certain actors, then it is really very hard to respond at all to any cyber operation.  Even if we attribute an operation to a certain IP address or certain assets, it is even more challenging to determine political responsibility, which is where nonstate actors come in or you have hybrid actors which just makes this quite a headache for policy makers in the space, I would say.

So what can cyber diplomacy do?  I would say it's playing the long game and many of cyber diplomacy efforts should be seen as long‑term investments, but usually without immediate short‑term gains.  There is also in many cases dissent about practical applications, when it comes to the development of cyber norms, this is being decided very intensively right now by the United Nations and in other forums, but when it comes to what does this actually mean and ‑‑ what would it look like if states supplied it, it's still quite complicated.

Then, of course, politics will be politics, so I mean, after working on cyber diplomacy for a while now, watching this space since 2018, you see just broader questions of political conservations have a very strong impact on the extent we see movement forward here or not.  So yeah, I will take my chances and see we will probably not see terribly much progress in the coming months and years, because of factors that have little to do with cyber diplomacy and much more to do with broader political implications.

How can we move forward, this is where I would introduce what I call cyber resilience diplomacy.  Because our workshop has the subtitle of resilient in it, again, just I work at a think tank, I start things with a definition, that's what I do, stealing here the 2020 definition of cyber resilience, because I think it's quite helpful.  It means the ability to participate with ‑‑ recover from and adapt to adverse conditions, stresses and attacks or compromises on systems that use or enabled by cyber resources.

So again, what could this look like?  What would such a cyber resilience posture look like?  I've written about this with a colleague, if you're more interested, I can share a link to the article.

Domestic policy and foreign policy.  What would be cyber diplomacy on the domestic side, a few examples for what this could look like would be for instance, creating data embassies, this is something Estonia has done, the German government is contemplating this, creating digital twins of data so essential to the functioning of government that it's stored in supposedly or hopefully safe locations in third states that even ‑‑ even if these national systems at home were to be destroyed, whether that be through a cyber operation or simply an earthquake, or depending on where you're located, then you have a backup.  So it's basically backup for national data.

There's of course, increases the resilience and makes it less attractive to target these systems at home.  Second idea, threat hunting.  So really focus on monitoring your systems more closely, looking at what is going on there, to prevent cyber operations that could otherwise have very devastating effects.

Third, also contact regular cyber security incident exercises at home or even with international partners just to see what processes would look like if a cyber operation were to take place and to really practice what processes would look like to be prepared when the time comes.

What would this look like in a foreign policy context?  With cyber resilience diplomacy look like here?  One idea is using the resilience of transnational critical infrastructures, this is really rare.  It is in nobody's interest these go down, whether they are follow up to cables or ‑‑ considered the public core of the internet like DNS system.  States really focus on improving the resilience of these structures.

To enhance the posture of all.

Then very strong factor also conduct cyber capacity building activities but aimed at resilience in other states because then in the long term, this will reduce the attack surface in these states and hopefully in the long term reduce operations overall.

Setting international norms that a cyber resilience approach is a sensible one, when it comes to international peace and security because this is ‑‑ it's really a nonescalatory approach, as opposed to other approaches that a are a bit more active or persistent.

So it is really in many state's interests that the international community write large focus on this and one way to set such somewhere national norms is to design your domestic policies accordingly.

So what are the advantages of such a cyber resilience posture?  I see four main advantages.  First of all, it's threat actor agnostic.  So this provides a viable solution, whether your main focus, main problem is maybe currently ransomware, or is other state actors targeting your systems.

It's also simply more realistic view of the threat landscape.  So looking, for example at the most recent report here in Germany, cyber operations have been steadily increasing over the past years, critical infrastructures are increasingly targeted.  It is simply focusing on resilience and getting systems back up and running.  It's just a very sensible use of resources when the resources, money and people, are very scarce.

Third, especially cyber resilience diplomacy approach, focuses on improving it at home and abroad, Cherry Blossom in most state's interest.  Finally, it will contribute to international peace and security.

And so again, wrote this all down in this article here, happy to share more, looking forward to the discussion, thank you.

>> RAFAEL EVANGELISTA: Thank you, Alexandra.  I'll hand over to Veni, please.

>> VENI MARKOVSKI: Can you hear me?  I see nods, yeah.  I can see my transcript now.  So I'm the internet cooperation for finance and numbers, I have to make sure that ‑‑ I'm not speaking here on behalf of ICANN, the only person who can do that is our CEO.  But I'm going to share some of the work we are doing, and I will explain why we are doing it, and then listening to our other panelists, I'm told we will have a couple of questions for them when we later come to the Q&A session.

First of all, thanks to the organizers for inviting me and thanks to the government of Ethiopia for hosting the IGF.  I understand it's quite a good success and it's been going on well, and there are a lot of people there, which I miss, I couldn't be in Addis Ababa right now, but that's life, sometimes we cannot be where we want to be.

As you were saying, I'm the Vice President for U.N. engagement, and people may start asking questions like why is ICANN engaged at all with the U.N., and other governmental organizations, it is related to the topic we are discussing.

All these conversations about cyber diplomacy, inevitably coming to focus to the U.N. and the way it's happening is to different groups the United Nations General Assembly has been organizing.

So for the past several years, there have been a group of governmental experts which was appointed but the Secretary General which was limited in numbers, experts from different countries providing advice to the ‑‑ issuing the parts when they had consensus.  In the last few years this has changed, outside of having such a small group of experts, the General Assembly decided to create two parallel processes.  One is called the open ended working group, and that includes open ended means it's open for all governments.  Doesn't mean it's open for other stakeholders.

The other one is called the ad hoc committee.  The ad hoc committee is drafting a cybercrime convention.  So talking about non‑‑ when the U.N. passes ‑‑ the cybercrime convention, it will be the second one after the Budapest convention dealing with issues related to cybercrime.  So it will be interesting to see what kind of norms there will be and what kind of techs will show up in this convention and what will be different than the Budapest one.

On the open ended working group, which is dealing with issues related to cyber security, it's supposed to issue a report, that means 193 Member States of the U.N. have to agree, even if one disagreed, there will be no report.

It's a very delegate diplomatic work being done.

What we do at the U.N. actually, we do provide working for the diplomats.  Some of you are familiar with the fact that the diplomats are coming primarily from foreign ministries, they do not necessarily understand how the internet functions.  Only rarely you see a diplomat that has a technical background, computer science, et cetera, so we actually talk to these diplomats and organize briefings for them and tell them ‑‑ we explain to them, we provide information how the internet functions.  We also ‑‑ this is important because when they negotiate behind closed doors, there are norms of behavior, outside, we want to make sure some people in the room, if not all, are aware of how the internet functions and what they do and what texts they pass will not impact the security, stability and resiliency of the internet and not lead to its fragmentation.

As ‑‑ within the ICANN, there is the government and intergovernmental organizations engagement team, and we actually publish papers on the deliberations that are taking place at the U.N. and at the international telecommunications union and other organizations as well, intergovernmental organizations.  One of my colleagues will put a link in the chat where you can download all the papers that are there, they are also available in other languages, you can choose your own language on the top of the page and download the text in your language of better understanding.  So not only English.

We also have published separately one on China, one on Russia and one on the Netherlands.  These member of interest to people who are interested to know more about what these countries are doing both internally with regards to the internet, but also externally how they approach the internet at the intergovernmental settings.

We believe that this is important for the ‑‑ not only for UIHC, but the broader community to know what's happening in the intergovernmental organizations because what happens there, ineffably will have an ‑‑ inevitably will impact the internet.  Some of you may know the IGF actually didn't come out of nothing.  The internet governance forum was created by a Summit called the work Summit on Information Society, which took place in 2003 in Geneva and 2005 in Tunisia and published the so.

>> Called Tunis agenda, you can find it downloaded.  It's an interesting document, it was created with the participation of all stakeholders, not only government, but civil society, technical community, academia, et cetera.  Businesses.

And so this document ‑‑ this WSIS, there was a review of this in 2015, this is called WSIS ten years later.  And in 2025, there is another process coming at the United Nations General Assembly called WSIS 20.  These are the places where people are discussing not only what the future of the IGF will be but also whether countries can talk to each other, reach agreement on basic issues related to the internet.

These are the ‑‑ these are the meetings which we are urge people to attend and pay attention to, because when we talk about cyber diplomacy, it's being built nationwide, but eventually it is always coming to either bilateral or multilateral negotiations, because public policies of the government and international public policy is being decided at these venues like the U.N., and there were some attempts to move the conversations related to cyber security and the internet to the international telecommunications union.

In some of our papers you may find interesting details about government officials statements at the U.N. or at the ITU talking about the way the internet works.  You can see in the papers we have to provide context.  So that the readers would understand what it actually means when some government official says something, for example, that ‑‑ just make sure I'm quoting correctly.  That I can have the possibility of cutting off a whole country from the internet.

ICANN doesn't have that power, neither does any other organization that is running the internet or that is engaged with the internet.  In fact, we have seen in the history there are many countries which have tried to shut down the internet externally so that it's kind of only in the country, and that hasn't been very successful.  The internet manages to connect no matter what governments do.

But also ‑‑ we also think that since we are at the IGF, we think it's important to pay attention on the future of the IGF and it will be decided again at this WSIS plus 20 negotiations in 2025.  We find that the IGF, and I've been involved with the IGF since the beginning, I personally find it a very good opportunity to interact with other people to find out what's happening around the world, to make sure that we stay on top of things, and we talk to each other.  In fact, most ‑‑ many of my contacts are people I've met at the IGF, right from the beginning until even now when we are ‑‑ we are participating remotely.  There are people on the ground and still stay in touch using all the technologies we have.

So the bottom line here is that we are trying to bring knowledge ‑‑ technical knowledge to the diplomats negotiating cyber security and make sure they understand that ICANN is an organization is not there to lobby for ICANN, we are there to provide actual information, we are neutral technical body, which makes sure that the DNS and addresses are functioning all the time.

A few days ago we were celebrating 35th anniversary of the DNS, as we know it.  We are trying to make sure that, you know, people understand that all the services that they are using on the internet, that's not the internet as we know it.  There are two different types of handling internet, there are internet governance, dealing with everything on top of the technical internet governance, which is what ICANN and other organizations from the technical communities are doing.

So I mean, I can provide a lot of anecdotes and examples from our experience with governments at the U.N., at the ITU, it has been extremely interesting ‑‑ some of those are in our papers, including the country focused reports, which I highly recommend you read.

The fact is that this year, 2022, was quite important because there were elections at the international telecommunications union, there is a new Secretary General elected, she will be in other office, she's a candidate who has worked at the ITU for quite a while and has been involved with Africa because she's currently heading the developmental Bureau of the ITU.  I could point you again to our country focused reports on that.  There's a lot of information there, there was another candidate running for Secretary General and running on a platform that was mentioning that the current intergovernance is not working well and it has to be moved under the ITU and stuff like that.  I can talk for hours, but I don't want to obviously take the time for question ‑‑ I want to take the time for questions from my colleagues, stay in touch, subscribe for our papers, more are coming, we'll be reporting what's happening at the U.N. this year and at the ITU.  I hope that I'll be able to answer some of your questions later today.

>> RAFAEL EVANGELISTA: Thank you, Veni.  We have a set of questions that were prepared by the organizers, and I'll start to ‑‑ with Koichiro.  Due public attribution of cyber-attacks works as a cyber diplomatic tools to constrain inappropriate behavior online, what are the challenges perceived by you to make this a feasible tool, should it be used at all.

>> KOICHIRO KOMIYAMA: Thank you.  So are we talking about public attribution, I think government of Japan, to this date, made three different ‑‑ three different public attribution to separate attacks from north Korea and one for cyber-attack from group affiliated with ‑‑ no, sitting ‑‑ located in China.  Not accusing Chinese government, try not to offend, you know, the entire Chinese government.  That's the Japanese strategy in this area.

I think Ergoff and max Smith had a paper in 2021 on a framework for the public attribution, and their central argument in that paper is that public attribution is a highly complex and ‑‑ highly complex process which requires tradeoffs of multiple consideration.  In this case, tradeoff ‑‑ tradeoffs, for example ‑‑ for example, of course we have a risk of ending up wrong attribution by inaccurate intelligence, even in a successful case ‑‑ even a successful public attribution case, a country may use intelligence sources and that means more public attribution does not necessarily mean better strategic results.

Then even among close allies, there are gaps in the amount of information they have.  Let me take an example of the war in Ukraine.  The war in Ukraine triggered the various cyber-attacks, most important lessons from this war, lessons for me, was the importance of information or intelligence that big tech in the United States possessed.  Under the surface, U.S. tech companies provided a variety of information to Ukrainian government and military.  And without those information or intelligence, not only for Ukrainian government, many governments cannot do precise attribution without that type of information.  This gap in the capability of a government and private sector, is very different from legacy national security issues.

So looking back, the government can monitor nuclear weapons.  The satellite up in the air provides where ballistic missile has launched within seconds or minutes, government has full access to that type of information.  Even some government can attribute the objects in satellite or bet.

So compared to nuclear weapons, deep sea, and satellite orbit, has very limited information that can support their own decision for public diplomacy.

I think people in this room may have the philosophy that government should be as minimum as possible.  However, we should not rely on the good will cooperation of big tech to provide the intelligence because that's really the basis of their political strategic decision.

>> RAFAEL EVANGELISTA: Thank you, Alexandra, instead of handing over to you, because you already touched a little bit about this topic, I was thinking about handing over to Veni and then later to you, is that okay?  Okay.  So please, Veni, do you want me to repeat the question.


>> RAFAEL EVANGELISTA: Do public attribution work as a cyber tools to constrain inappropriate behavior online, harsh the challenges perceived by you to make this a feasible tool?  Should it be used at all.

>> VENI MARKOVSKI: I will share here some observations which I've seen at the U.N. at meetings, that I have attended because obviously this is outside of the scope of work that we do.  Which is the ‑‑ there are always ‑‑ the diplomats are very careful.  When they talk, they never name countries.  I mean, they always say certain countries or some countries or our country.  When the attribution is being done at the national level, usually, that is buoyed usually with some facts and evidence, we have seen cases where years later, some discovery may show up and an attribution will turn out to be correctly or incorrectly stated.  But I think the way ‑‑ the diplomatic tools working, first of all, these countries are talking at the U.N. about norms of behavior in cyberspace, and there is the perception some countries will follow those norms and others won't.

Those that follow the formers would be in a worse position because they follow norms and others don't.  I think the very fact they're talking about creating norms of behavior, the very fact that those working groups, the open ended working group and the group of governmental experts have issued several reports with consensus, that means that it's possible, dialogue is good, and it's port to reach consensus even when heads of state would say they don't work with other countries, but we see the opposite at the United Nations, because think about something.  In order for the open ended working group to public a consensus report, that means all the countries are talking to etch and even countries that may not necessarily have good behavior between each other, their diplomates have to not object to something said by the other or else there would be no consensus and no report.  We should be more positive about the possibilities diplomacy gives and encourage our government and talk to our government and offer our technical expertise and whatever other expertise we may have in the countries where we are.  I mean, everywhere more expertise is better than less.  Especially when we talk about the internet and the fact that countries discussing the negotiating the future of the internet and we need to make sure there are enough people in the room who have the skills and knowledge so what they do does not lead to the fragmentation of the internet.  Thank you.

>> RAFAEL EVANGELISTA: Thank you, Veni, please Alexandra, you want to add something on that or comment on your colleague's answers, please feel free.

>> ALEXANDRA PAULUS: Yes, thanks so much.  Yeah, so I would start with the question, like almost ‑‑ the question is why should we attribute, what is the idea behind it?  So I think if people believe that the public attribution of a cyber operation in itself will change very much, I would not necessarily agree.  I would, however, argue that the power of attribution or the reason it makes a sense to think about public attribution as one tool in the toolbox, attribution is the basis for other responses.

And so if actors decide they do want to respond to a cyber operation, the first credible step is to conduct a public attribution and here then where I think it gets really interesting is to look also at how these attributions are being done, what is the standard of proof or of information provided, the technical evidence provided together with the mere statement we attribute this to actor x.  This convincing?  Is there technical evidence, this is where it gets really interesting.  If we look at how attributions are being done, there has been a tendency over the past few years though collect attributions, so first we saw this mostly among ‑‑ but interestingly, we are also seeing that China recently attributed cyber operations to the U.S.

This is increasingly, I would say that states are discovering this as one tool in the toolbox to have more meaningful debates about state responsibility and also things ‑‑ factors like due diligence when it comes to nonstate actors.  One thing I wanted to share, is the fact ‑‑ where do these attributions come from?  And so this, of course, where we then move to the area of intelligence gathering or intelligence sharing.  Here I wanted to point out it's interesting to see that in the European Union, where we have quite elaborate cyber diplomacy tool talks, attribution is not part of the toolbox, there is a very limited information to share information among EU Member States.  The efficacy of which people are discussing, put it that way.  Even though it is so central to responding to cyber operations is not even part of the EU framework.  I think this points to the limits of public attribution.  Do what I suggested before, provide proof of attribution, this will lead us to ‑‑ on the other hand, it is quite problematic because not necessarily if you want to attribute to cyber operation, sharing how you found out what you found out.

So this is where I think it gets really interesting and where it will be Organization of American states attribution will remain with us for a while, I would say.

>> RAFAEL EVANGELISTA: We have here two more questions, but to optimize our time, I'm going to make one question to Veni and then the second question to Alexandra and Koichiro, is that okay?  Let's start with Veni.  What are the particular opportunities for cyber diplomacy and a way forward to better protect the internet.

>> VENI MARKOVSKI: Thanks.  I think I mentioned some of it, which is the most important part really is for the countries to talk to each other.  And the way to do it is also to ‑‑ even when they are not ‑‑ they don't have good organizations, they should find some common ground when we talk about the internet because the internet is actually ‑‑ it's almost like the air, it's everywhere, and you can still have some requirements about the quality of the air in your borders, but the wind will bring other air, and it may not be the same quality.  Unless we make sure that the internet is functioning as a single intra‑operable internet around the planet, we won't have all the good things and all the virtues it's bringing and all the possibilities that it's opening.  Let's not forget also we have a lot of people who are still not connected, and that means there is a lot of need for infrastructure development, a lot of need for bringing hardware and software and building communication and other skill ‑‑ computer skills and people around the world.  This cannot happen without diplomacy, cyber diplomacy is an extension of normal diplomacy.  Not anything different.  We need to reach out to our governments to make sure that they have expertise when they go and negotiate cyber related issues so they don't break the internet and, b, make sure that we can provide them with other experts ease, whether this is going to be done through like CGI in Brazil or Internet Society of Bulgaria, my own country, or nonprofits like the institute in Germany, et cetera, et cetera.

We should be sharing our knowledge because if we share our knowledge and expertise, that's good.  More people become knowledgeable, and more people, including diplomats obviously.

I cannot stress enough on the fact that, you know, in only three years, there will be Information Society review at the United Nations General Assembly, and we all have to pay attention starting now, you think actually some of us have started paying attention, we should make sure we are part of that conversation.

Once you are at the U.N., once you are at the U.N., it's only governments, it's a multilateral organization, not multistakeholder, including other organizations including ICANN, people, businesses, civil society, they have to engage with national governments to make sure the interest of their users in their country are protected and the internet is protected.

>> RAFAEL EVANGELISTA: Thank you ‑‑ Veni, Alexandra, do cyber sanctions work to shape behavior online.  Where has it been working successfully and the same question to Koichiro.  Thanks.

>> ALEXANDRA PAULUS: Yeah.  So I think this is a very relevant question because, as I said before, for most states, sanctions are sort of the sharpest sword at the end of the spectrum, the question is, of course, how sharp is the sword and have ‑‑  if the idea behind sanctions is really to change behavior, I would say that's a very ‑‑ quite high objective.  I mean when we look at how it's been applied up until now, most states pass two types of sanctions, either travel bans or asset freezes.

But this also means, these are referred to travel and assets in the case of the EU, in the jurisdiction of the whole union.  The effects of these are well limited.  So as long as states do not enter these respective territories or don't have any assets there, the sanctions have zero direct effect.  The idea is to, again, play the long game and think this will overtime create chilling effects, so to speak and may change the calculus of people considering going into the ‑‑ maybe affiliating themselves with the forces or intelligence agencies, whoever is responsible in a cyber country, and this will not be terribly attractive anymore because they will know they will not be able to travel to certain jurisdictions, et cetera.

This is a very long‑term game, and these effects are not immediate.  I think it could be interesting to consider, but more to what extent other kinds of sanctions can be applied, thinking here about economic sanctions, about really reducing the access of certain states or markets to certain goods.

So really make the sanctions hurt a bit more.

Just wanted to share more generally, sanctions are a quite imperfect tool.  And this is because they are not very nuanced.

They're a binary tool so they are either on or off, which means that once you've passed sanctions, it's actually quite challenging to lift them, it's politically quite challenging, once you have passed them, they sort of lose their power almost to a certain extent.  This is suddenly the case with travel bans and asset freezes, once they are passed, these certain individuals cannot enter the territory, et cetera, but since it's so binary, after this, there's little room for anything else you can do.  So this is what I see as the main challenge of sanctions.

So ideally I would argue that if sanctions are supposed to have an effect also on these more hybrid actors or nonstate actors, as well as state actors, what would be needed and more of an integrated strategy, what should we do in response, rather what is the actor we are talking about and what would be really hurtful to them, it would mean, what would be conducive to actually change behavior, I think this is where the discussion should go in the future.

>> RAFAEL EVANGELISTA: Thanks, Koichiro, please.

>> KOICHIRO KOMIYAMA: Sanctions, so in short, sanction and the power of the global community and professional ‑‑ global professional network, and that's what made me sad in this issue.  These the sanctions to Russia prohibit ‑‑ you have other spaces to Russia, which in the end, make vulnerable citizens in Russia.

More vulnerable.

U.S. economic sanction to Chinese tech company prevent, first, it's an instant response team, global membership organization among cyber security experts, which I was part of the board member, the first ‑‑ prevent first to share cyber security information with southern Chinese tech company like Huawei, and others.

So that's not help ‑‑ well, I think those sanctions is very difficult to achieve the tangible strategic outcome, and it has more and again, I'm very sad to see those sanctions being carried out.

From my sentiment.  If economic sanctions are to be imposed, I think we must work hard to make those sanctions more effective.  Russia has kicked out from SWIFT network, and it is not the power of the global financial network.  However, more and more financial assets are transferred via crypto currency network, like Bitcoin, you can name it, other crypto currencies, and right now there's no technical ‑‑ good technical mean of preventing or prohibiting sending Bitcoin to someone who is in north Korea or Russia.  That one we really ‑‑ the tech community should work harder.  That's ‑‑ I can say.  Thank you.

>> RAFAEL EVANGELISTA: We have a lot of questions online, then we have only 20 minutes to end our panel.

I want to hand over to read the questions, citing some of those questions.

>> ALEXANDRE COSTA BARBOSA: Thank you, Mr. Moderator, I will hand over to our colleague there in San Paola.  I think there are some questions and make the question themselves.  Can you open the microphone, please?

>> AUDIENCE MEMBER: Hello, good morning, good evening, my name is  ‑‑ I'm speaking from the Brazilian IGF hub, we are facing technical issues, if we drop the call, be patient, we will come back as we would like to participate in the discussion very much.  We have two people here that want to ask questions.  We'll be brief, to listen to our panelists.  But I'd like to ask a couple of questions.

>> ALEXANDRE COSTA BARBOSA: Can you speak thought that close to the microphone.

>> AUDIENCE MEMBER: Apologies, everyone, I'll be brief.  Considering the traditional diplomacy has a variety of formats and limitations, I'd like to hear from our panelists if they believe cyber diplomacy is an opportunity to take diplomacy to a different level, perhaps one more towards decision‑making approach that is something we feel is lacking nowadays.  I would like to know how they view the participation and inclusion of the global south community in current and future cyber diplomacy discussions?  I will take the opportunity to hand over to my colleague that will ask a couple of questions as well.

>> AUDIENCE MEMBER: Thank you, good evening, thank you for the opportunity, I'm Camilla Lately, I'm a lawyer in consumer defense.  So I'm a civil society representative.  I would like to ask two questions.  The first one is cyber security and development are two sides of the same coins that are clear and a challenge to many developing and low economy countries.  Could cyber diplomacy work as a breach between those elements in which way?  The second one is a civil society representative, I would also ask, what is the civil society role on that and how can we support the and advance discussions, thank you and congratulations on the panel.

>> ALEXANDRE COSTA BARBOSA: Thank you very much.  Any of you want to answer the questions, I will not point the questions to ‑‑ specifically to anyone.  Maybe perhaps you can volunteer to answer.

>> VENI MARKOVSKI: This is Veni.  I can answer the last question, civil society is near and dear to my heart.  My background is in civil society and tech, and I'm a lawyer by education as well.  That kind of makes me interested in all these issues.  I already mentioned actually, civil society could reach out ‑‑ representative of the civil society and organizations, if they're existing, or just, you know, individuals can reach out to their governments if they have the expertise and offer the government their expertise so that when they go and engage in negotiations on cyber issues, the governmental representatives are better prepared, and also because often the interests of the citizens need to be reminded of ‑‑ defended, whatever word you want to use, because in the heat of the negotiations, where, you know, there are bigger stakes and norms are discussed and you name it, sometimes this can be forgotten.  At the end of the day, the internet would not what it is without the users, which all of us are citizens, we should all feel part of the civil society.

I think it could have a crucial role.  It was instrumental in the first meetings of the Information Society in 2003 and 2005.  In fact, if it wasn't for the civil society to push the governments to open it, it would not have become what it is now.  So I think this is a good example where civil society had a real impact on intergovernmental negotiations as they were initially planned.

Just continue to be engaged or get engaged if you're not engaged.  There are countries which can serve as good examples, I don't want to start naming them, because I'm sure I will miss a lot.

There are countries, even those who are doing a lot can do better, and there are countries which haven't done much, so civil society representatives would, again, engage, and this should be done in a diplomatic way, you'll be talking to ‑‑ be careful, don't push too much in the direction which may be counterproductive.

But I think ‑‑ this is what we did in Bulgaria, and it worked well more than 20 years now, and I can only recommend, engage positively, try ‑‑ I will call the Prime Minister back in Bulgaria, when we had to sue them, in order to achieve what we wanted, he said if you want the government to solve your problem, you have to make your problem a problem of the government.

So I think that's ‑‑ that's a way to work with them in a positive way so that they don't have problems, so that if there is a problem you help them solve it rather than make it even bigger.  Thank you.

>> RAFAEL EVANGELISTA: Thank you.  Anyone?

>> ALEXANDRA PAULUS: I can jump in on the first question, I think it's a really crucial one.  I'm German, I'm also based in Germany, but I wrote my Ph.D. on the role of Brazil in cyber diplomacy and specifically in the development of cyber norms construction.

Through that work or research, I really found that it is quite astonishing, first, on the one hand to what extent policy makers, but also scholars have overlooked the previous participation of the global south in cyber diplomacy debates, but then also on the other hand, it's quite astonishing to what extent for a really long time, this was of course a debate basically among European states, 5i's and a few others.

So I think currently there are quite interesting movements or attempts to increase global south participation in this space when it comes to cyber diplomacy.

Certainly the establishment of the open ended working group was a huge step in the direction when really the debate at the United Nations about cyber diplomacy shifted from this very limited behind closed doors format of up to 25 states, and instead now WEOG is open to all U.N. Member States, and there is even ‑‑ this goes a bit into the direction of question #2, there is a very limited role for civil society in these forums, at least it's open, deliberations are open, and there is an accredit accreditation process.  So it's not perfect at all, but it's a huge step in the right direction.

Then I wanted to share a program that I don't know if you're aware of this, I think it's called the women for cyber program, which was launched by a couple of states to increase the participation of women diplomats in this space.  Specifically in the open ended working group at the United Nations.

The interesting thing is that not only did the participation of women go up significantly through this program, I think the Australian delegation made ‑‑ they counted the participation and it really shifted dramatically the way women engage in this forum, which in itself is a huge success, but also since these diplomats that are part of the fellowship are mostly located in the global south, it has really shifted the debate and led to really strong voices on the floor coming from states of the global south.

So in that sense the program even had a positive double effect.  I would say.  At the same time, I think it's still a very long way to go when it comes to global south participation, and it's a fine line because when we look at the tendencies of ‑‑ Veni laid this out very well, how are the cyber diplomacy landscape formed over time.  We have different forums aimed at different subtopics of cyber diplomacy.  The more we can have meaningful discussion.  It makes it quite tricky for states with limited resources like smaller countries, but also countries from the global south, who now suddenly not only need to send one set of diplomats to all these forums, but maybe three.  We have the WEOG, then the ad hoc committee on cybercrime and debating what shape a program of action could take.

So I think that's really the ‑‑ it is quite challenging for policy makers right now how to solve this.

>> RAFAEL EVANGELISTA: Koichiro, please.

>> KOICHIRO KOMIYAMA: I think the most important role of civil society is go to election, vote for right candidate who can represent you, and if we can fix a problem, and then if, you know, if he ‑‑ his or her performance is not what you expected, try not to vote him or her again.  So that's the basic process of at least ‑‑ process of the democratic society, and democratic society is really heavily relying on the successful or appropriate election, and this election is real toughly vulnerable to cyber-attack.

You face it from French, presidential election, U.S. presidential election, which was in ‑‑ 16, I guess, and both over Brexit in the U.K., we observed cyber-attacks and me information operation to manipulate the result.

On this particular topic, a group published a norm saying states should not attack infrastructure for election.  So you can help us in promoting this norm in Brazil and others, thank you.

>> RAFAEL EVANGELISTA: Thank you.  Now I want to open the mic for anyone here on site, if you want to make questions.  Anyone?

No.  So maybe please we can go to the final remarks of our speakers.  And we can start with Veni and then Alexandra and Koichiro, this will be the reverse of the first presentations.

>> VENI MARKOVSKI: You're closing the circle.

Thanks a lot again, thanks for the organizers.  I was really having, I think, a good comment in the chat when I was looking video from Brazil where there is a hub, that's exactly what we have been trying to talk about in the past year of the IGF, you know, I've served a couple of times on the multistakeholder advisory group creating all these ‑‑ the program of the IGF, such hubs are extremely important, given the time zone difference, but also sometimes it's lack of connectivity, sometimes it's lack of, if you will, video and audio equipment.  It's very important that we can open this IGF to even more people than participate usually, like several thousand people several thousand online.  I believe in the diplomacy.  The if I didn't, I wouldn't be doing what I'm doing, but I also believe that all of us stakeholders, different stakeholders have a place in this conversation, and we ‑‑ we have to be aware there are rules of procedure at the U.N., at the ITU, and when it's multilateral organization, it's a multilateral organization, we won't have equal participation as governments, which is fine, it's different from the IGF or ICANN or other organizations where governments have equal footing with other participants.  But I think the way I cannot stress enough on what I've been saying in the past couple of interventions, the way to do it is to engage with national governments, to talk to them, to provide them information, factual information about how the internet functions, who is doing what, so that we don't end up in conversations behind closed doors where diplomats are talking to somebody and somebody says something that is not correct.  I'm not saying that they say that with whatever purpose they might have, sometimes it's just lack of knowledge of how the internet functions, in order to understand that what you're saying or what somebody is saying, does not reflect the actual way of how the internet works.

It's very important that there is more ‑‑ we provide them with more technical information, with more neutral information, which nor information factually based so when they are negotiating all these items we are discussing, they have the knowledge or if they don't have the knowledge right at the moment, they know there are organizations that they can reach out and talk to.  I can give, again, example in Bulgaria where the Internet Society, a local chapter, has been very actively engaged with the governments in the last 23 years, I mentioned in 99 we had to sue the government in order to get rid of the post licenses for the internet service providers, but we were very successful, and that brought us today we are working closely with them.  Thank you and thanks to the organizers.

>> RAFAEL EVANGELISTA: Thank you, Veni, thanks for your participation as well.  Alexandra, please, and thanks for your participation too.

>> ALEXANDRA PAULUS: I would echo in a sense what Veni said about the multistakeholder participation when it comes to these issues, right.  Also my impression was when it comes to many of the topics, when you look at the issues covered by the cyber norms, this includes issues ranging very wide from attribution to critical infrastructure protection, to security, and in many of these, governments are really not at the forefront.  Instead, it is ‑‑ it is academia, civil society, it's the private sector who is currently developing actionable solutions and who even in a first step has insights on how to tackle this problem.  I think it's really essential to bring these different communities together and think about how we can translate these insights from different stakeholder groups into policy recommendations.  I'm currently doing this as part of my job at SNV, for supply chain security, and here it's really quite strike how different technical community or private sector initiatives are looking for practical solution at the same time many governments are struggling to come to terms with this topic.  This is why I think forums such as the IGF, but other multistakeholder forums are quite essential to develop what is a cyber diplomacy 2.0.  Thanks to the organizers and thanks to all my copanelists, I learned a lot from you, it was a pleasure being with you.

>> RAFAEL EVANGELISTA: Thank you, Alexandra, the pleasure was ours, thanks, Koichiro for your participation, your final remarks, please.

>> KOICHIRO KOMIYAMA: Graduate to be part of face‑to‑face and online discussion after 2.50 options of trip to overseas.

Listening to questions and arguments by other panelists, I started to think about discussing cyber diplomacy or diplomacy is really a luxury thing.  I mean, in my case, I have government that can represent my position in the global, multilateral discussion.  And ‑‑ not all of us, even in this room, not all of us has ‑‑ are in that position, and in my region, in east Asia, we have lots of issues.

So again, in this great discussion, at the IGF 2022, I really enjoyed the discussion, but I miss two key countries, China and India, why I think they are underrepresented ‑‑ well, given the size of their country, and also the previous IGF in Berlin, I see more representatives from big tech, from California and DC, and they are not here as much, as many as they were in Germany.  So as I said in my initial remark, next year, in Japan, I think we can fix that issue, many representatives from all over the world, and we could have even better discussion there.  So thank you so much and looking forward to seeing you there.

>> RAFAEL EVANGELISTA: Thank you so much.  Koichiro, certainly there's a lot of things to continue discussing, and we should keep working to open the debate and include as many as ‑‑ people as we can.

Thank you, everyone, for being here, thank you for ‑‑ everyone who are online, and this concludes our workshop, thanks.