The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.
***
>> OLGA CAVALLI: Can you hear me? Can someone tell me if you hear me? Thank you, Philipp. So, the remote people say you can hear me. Locals say nothing. Can you hear me guys?
>> CHRISTOPHER PAINTER: Yeah. It's Chris. I can hear you.
>> PHILIPP GRABENSEE: Wolfgang is having his own conversation. I can tell from here.
>> OLGA CAVALLI: Okay. Thank you for being ‑‑ Hola. Thank you. Let's start. Because we only have one hour. Thank you. Thank you very much for being with us. Thank you, Philipp, thank you, Chris, thank you, Merike, for being with us remotely. We have another big audience. But here are the good ones. More people are coming.
As we only have one hour and we have a lot to talk about, I would like to start first, thank you to all of you. Thank you, Jose. Thank you, Wolfgang, Ram, Philipp, Merike, Chris, and those of you who are here with us. To exchange some ideas about cybersecurity and cyberdefense and developing economies. We have some issues here.
So, I would like first to start presenting our distinguished panelists. We have Mr. José Cepeda, he's European Parliamentarian. She's from Spain. We have Merike, she's a board member and technical advisor. Hi, Merike Kaeo. We have Ram Mohan chief strategy officer and he was former ICANN board member. We have Chris painter, our dear friend Chris remote from the United States. He's the Director of Cyberexpertise. Chris was the first cyber diplomate in the world. He's well known for that.
We have professor Wolfgang Kleinwächter, from the University of Aarhus and Commissioner of Global Commission on stability in cyberspace, GCSC. And we have Philipp Grabensee from Germany, defense counsel, and former Chairman of Affilias from Internet services. Thank you all for being with us.
I would like to start a statement from José Cepeda from the European Parliament. Jose will make some remarks in Spanish. And I will translate into English. If you want to practice your Spanish, it's a good moment to listen to Jose. Jose, the floor is yours.
>> JOSÉ CEPEDA: Well, thank you, Olga. Thank you for an invitation to join this panel. It's very important for Europe, for Parliament to debate about cybersecurity and cyberdefense. But it's very important to speak in Spanish to Latin America. It's very important for us. Yes. (Speaking non‑English language).
>> OLGA CAVALLI: So, thank you, Jose. I will translate. So, Jose's explaining us all the preventions and techniques they're doing about cybersecurity and cyberdefense for 2025.
First, he spoke about escalation of threats, integrated multichannel attacks from state and state, sponsored state actors that combine cyber-attacks with sabotage and activities. He explained the manipulation of ICS networks to dispute power followed by disinformation campaigns to maximize social impact. Then he explained us about the technical cyberdefense about early detection systems with machine learning (Audio breaking up) necessary to identify patterns in this hybrid actions. And then he explains about targeted past (?) such as satellites and communications and distributed data centers will be prime targets, according to (Speaking non‑English language) European cybersecurity agency. Efforts include the use of advanced stealth (Audio breaking up) and infiltration techniques. Then he described the cyberattacks and artificial intelligence‑based threats, not only artificial intelligence used by bad actors but also (?) actors with artificial intelligence attackers will use artificial intelligence to generate malicious code in realtime that evades traditional detection. This will be problematic for environments that are not updated or do not implement artificial intelligence‑based adaptive systems.
Then he explained to us what autonomous cyberattacks about systems (Audio breaking up) such as denial of service in which use case by being programmed to dynamically adapt defense and responses. And then finally he explained about technical cyberdefense. Security information and event management and security orchestration, automation, and response platforms will be essential for automated responses. All these are issues about the cybersecurity and cyberdefense forecast that they are preparing for the next year.
(Speaking non‑English language) I would suggest after this very interesting comment that Jose made about cyberdefense in 2025, I would like to go to the questions to our panelists if I can find my script. Merike, are you there? Can you hear us?
>> MERIKE KAEO: Hi, Olga. Yes. Can you all hear me?
>> OLGA CAVALLI: Now, I can hear you. Merike, your experience so you're involved in cybersecurity. Based on your experience, which are the skills that a system must have in (?) country that with economies face in relation to cybersecurity and cyberdefense? And also, after what Jose shared with us, which is the threats forecast as they see that for the next year? And welcome. Thank you for joining us.
>> MERIKE KAEO: Thank you for the question. Being a chief information officer is a position that has evolved over the years. It can mean different things to different people. However, to me, the role has always meant that you are the person responsible for developing and implementing the strategy to provide resilience and trust worthiness in our digital environments.
In developing countries where sometimes they are still evolving to create effective regulation and also national cybersecurity laws, you are most often also a stakeholder and should be in the room to be a voice and especially so if you're a CSO in critical infrastructure.
I'm going to list three primary skills. One of them is that you absolutely must have critical and strategic thinking. And part of that is because in developing economies, you're often faced with challenges that include lack of resources. And it's not always financial. There's really, I think, the biggest challenge is a skills gap where you just don't know or you don't have the people that that can help with overall cybersecurity roles. And this lack of resources and effective team means that sometimes the CSO has to be the security architect, the security operations team, the security operations center, the incident response team, and the threat intelligence team. They have to do everything while they're trying to prioritize what needs to be done. And how do you actually get it done
So, by utilizing strategic thinking, a CSO in developing economies can determine when to outsource and which tasks need to be prioritized. So most developing nations or companies that provide cybersecurity help will have usually a list of the top five or ten items to do. And they think, oh, that's not so much. Well, in many developing economies and with the lack of resources, you might only be able to, one, or at most two of these items. So which ones do you choose?
When outsourcing, it's extremely important to be strategic and make sure capacity training is included so developing economies can develop expertise to provide for future opportunities within their own countries. It can also be beneficial, because sometimes in developing countries there are language constraints. So being able to communicate in your own language.
The second skill is having effective communication skills. Because you must be able to communicate critical risks that are relevant to your organisation, industry, or nation state. As I previously mentioned, you are a stakeholder typically in perhaps developing legal constructs and also regulations within your developing country.
And effective communication can also help build trust and collaboration which is what brings me to the third extremely important skill of being able to promote collaboration and information sharing.
This is absolutely critical in developing economies. We all learn from each other. I've had the privilege to work in a very global environment. And I know that the Pacific Island nation states, Southeast Asia, Latin America, Africa, the Balkans. There are many, many information sharing groups that are region specific. This very much helps developing economies because within a region you usually have different levels of maturity when it comes to cybersecurity, either defense or understanding or skills. It's not that you just develop sharing groups within your own sector, be it financial or healthcare or what have you, but sometimes also you have similar issues based on geographic region.
So that information sharing and collaboration as to which threats you're most vulnerable to, what is actually happening in your region is extremely important.
And also, what is critical regarding collaboration is that you must know who to escalate as a CSO when you see that there's nation state relevant information that is specific and that can target your specific nation state or region. So, to sum it up, I think the three skills that are really important are one, critical and strategic thinking. Two, effective communication, which means with the technical sector, with policymakers and regulators. And also, three, which is extremely important to me is promoting collaboration and information sharing.
So, thank you for that, for giving me a chance to enumerate on those aspects.
>> OLGA CAVALLI: Very good. We always go to one of the things ‑‑ we always talk about capacity building, learning, and exchanging information. I think this is so important. But sometimes having worked in several technological environments, we don't have that much time. And we have very few resources. So sometimes it's not that you don't want to share information. You just don't have the time to prepare the information to be shared to other colleagues. Because sometimes you have to reshape it or prepare it to be easily exchanged among colleagues.
So that's something that has happened to me and maybe something that we lack the time. A resource will help us is making the (?) easier. Ram, an expert in critical infrastructure, which I consider DNS critical infrastructure. And you are the chief strategy officer of a very big company that has infrastructure all over the world where security is a main issue because, if the DNS doesn't work, most of the activities that go on the Internet won't be possible to perform.
So how do you think that in a developing economy can this critical infrastructure be protected? Which measures should the local people and actions can be taken to protect this national and critical infrastructure from cyber-attacks?
>> RAM MOHAN: Thank you, can you hear me? Okay. Great. Thank you. At my company we have the privilege of serving both developed nations as well as nations that are developing. So, we run the critical infrastructure of Australia, dot AU. We're the designated service provider and designated critical infrastructure provider for Australia, a developed nation. But we also do this for many other smaller countries, countries in the Caribbean. We do this for Belize. We're going to be doing this shortly for Angola.AI in just a little while. And what you find is that the nature of the event is not any different. The kinds of threats that developed nations encounter and the kind of threats that developing nations encounter are no different.
The scale and size of the threats are also often not much different. What is different is preparation, people, and policy. Those are the three things that distinguish the responses of a developed nation from a developing one.
Merike already spoke about resources and you spoke, Olga, about (?) it's not enough to just have the data on what the threats are and how to respond. It is important to have it accessible in the right language at the right level. You have to calibrate it.
But in reality, in my perspective when the problem actually happens, when you have a nation under attack, a nation's assets, critical assets under attack, when you have the banking system that is crucial being targeted, when you have telecommunications networks that are in trouble, the very first thing that fails are the systems and the people who are unprepared.
And it doesn't matter if you have great resources, great knowledge, great education. But you will find ‑‑ and this is true even in developed nations, but especially true in developing countries, there is little preparation for it. They have read the paper. They have seen the website. They have even had a discussion at the cabinet level on the (?) attack that had happened or the fact that you need to secure your routers. So, they have the theoretical knowledge. But when the attack happens, we've never drilled about it before.
So, what you find is that preparation is the crucial difference between a developed nation's response to a cyber-attack and a developing nation's response to a cyber-attack.
The second thing is people. Often you will find in developing countries the people who have the knowledge to distinguish whether a problem that is occurring, to distinguish whether that is an attack or merely an error where only a few people who know it. And if those people are not available or are on vacation ‑‑ I can tell you a story. In one of the countries that we serve, there's one primary person responsible for cyberdefense. And his wife was giving birth. He was in the hospital. The country came under attack. And the systems went down, because he had to choose between being there for the baby or being there for the country. He chose the baby.
But that's a real-life issue. So, people ‑‑ second thing. You just don't have enough resources in that area.
The third part is policy of the you find in developing nations governments they look at says USDNG they look at the various protocols or maturity models, GCSC had a bunch of norms they developed on safety in cyberspace. They are excellent frameworks. But you need governments to actually take those frameworks and implement policy so that it gets into curriculums. It gets into training systems. It gets into other governmental departments and becomes a priority of those departments.
An example, if you look at Australia, for instance, several years ago they got really concerned about cyberdefense. The government came up with what they called the essential eight. These are eight essential principles for cyberdefense. They include well‑known things like two‑factor authentication, et cetera. What they did was they implemented policy. They said every government department within 12 months must implement the essential eight. Two years later they said every critical infrastructure provider must certify implementation of the essential eight.
So really what you need in developing economies for success here, for proper cyberdefense strategy is preparation, people, and policy.
>> OLGA CAVALLI: Thank you. The eight ‑‑ thanks. Very interesting. Although I think that also developing countries are also attacked. That crossed my attention because there are nations and companies that have a lot of resources to have very secure infrastructure. Even though they get under attack, and so ‑‑ developing economies are in a much vulnerable situation. Yes.
>> RAM MOHAN: (No audio).
>> OLGA CAVALLI: Preparation is the issue. Okay. I would like to go to Jose. You shared with us more of your ‑‑ (Speaking non‑English language) forecast made by (Audio breaking up)
(Technical difficulty).
>> JOSÉ CEPEDA: Yes. The next point I want to just for cyberdefense and it's very, very important, it's collaboration. (Audio breaking up) sorry. I try in Spanish, in English. (Speaking non‑English language).
>> OLGA CAVALLI: So, what Jose explained is a very interesting issue is that there is trust, trust among different (Audio breaking up) and he explains that presentation made by the Minister of (Audio breaking up) personal information by the Minister of Finland, and express cooperation, want to create an intelligence European agency, something like that. It's a project based on trust.
There's joint work with the organisation (Speaking non‑English language) with NATO. (Audio breaking up) and a unique way of harnessing all these threats. For next year we expect more sophistication in attacks. The use of artificial intelligence will be not only for defense but also for offensive attacks.
There will be also attacks done through Internet of Things and things connected to the Internet in supply chains using Internet of Things. So, all the strategies of cyberdefense must use predictive intelligence (Audio breaking up) and also regulation frameworks must be based in trust. And also, quantum computing must be considered, because this big capacity that the computers will have in the future will have a very big impact in cybersecurity and cyberdefense.
(Speaking non‑English language) for also the military forces. Okay. Thank you, very much Jose. Now, I will go to ‑‑ (no audio)
(Audio breaking up) this gap that exists in human (Audio breaking up) just for you. You have opened a new career, cyberdefense. And we had one month. High demand (Audio breaking up)
So, Wolfgang, what do you think.
>> WOLFGANG KLEINWÄCHTER: That's a difficult question. And it was already mentioned by previous speakers. We have to this gap. We have the resource gap. And then what Ram had said, preparation, people, and policy are the differences. It's a complex problem, which you cannot settle in just one hit. There are a number of different initiatives which come together, a string which will enable the developing countries or the Global South to step by step close the gap. And thirdly, needs help (Audio breaking up), quote, unquote, because to best help if you trust, provide resources which enable those countries to find their own way. Because otherwise, say, just a target from the export of models ‑‑ I see a problem because the whole world agrees that capacity building in AI and capacity building in AI, (?) domain is extremely important. There is no disagreement.
What we have seen in the General Assembly of the United Nations, we had two resolutions. One sponsored by United States and one sponsored by China. The Chinese resolution in particular is about AI capacity building in (?) countries. It had overwhelming support. US supported the Chinese resolution and China supported the US solution. There is no reason to be against it. There's a risk in it. Just capacity building organised by China will include the export of the Chinese model. And the capacity building on the part of the United States will include the export of the American model.
So, I think the challenge is ‑‑ and this goes to policy and people. So that means (Audio breaking up) developing countries in the Global South has to develop its own strategy to define exactly what they need. And if they have a list which specify the needs, then they can ask, who can help? So, you're not dependent on big brother or big sister or the big uncle. But you start from your own needs. I think this is important point and has to guide a strategy, the long‑term strategy for the Global South. That's why the African digital compact is so important. Because they had their own digital compact which was in the Global Digital Compact in the United Nations. But the African digital compact has specified the specific needs of Africa and what is relevant for the general digital strategy for those countries is also important for the defense sector, for AI. Because what one has said, there are no ‑‑ if it comes to attacks, it's no different whether it's developing countries or developed countries. It's the same. It's how you react, how you prepared people, how you have policy in place. In particular, this preparation aspect so that you have, not only one person but a backup if one is on vacation, the other one should be in the office. I think that's a problem.
But if it comes to another aspect, which includes also the preparation of military personnel. I was in a workshop a couple of months ago where they discussed what is the type of the (?) of the future. How to train the soldiers of the future? In the 20th Century you need strong young men who could move very fast. But today, you know, if you have a young man who is overweight and is very capable of this computer and keyboard, he's probably the better soldier.
So, I think this will ‑‑ the whole AI revolution in the military field will change ‑‑ a challenge to understand how to train the soldiers of the future. The best thing is you do not need them that means peace is always better. You have to be prepared. If you have the wrong soldiers, then you will lose the war in the 21st Century.
>> OLGA CAVALLI: I like this soldier of the future concept. I think it's very interesting to think about.
But about this independence that countries should have about capacity building, there is a big challenge, because the technology is developed in few countries. I would say mainly in two countries. The rest of the world is using that. Capacity building comes also based on which technology are we using?
I would like to ask Chris. Chris, are you there? Thank you for being with us. It's great to have you here at the IGF. You're an expert in cyber diplomacy. The first in international relations. (Audio breaking up) spaces will should focus on (Audio breaking up) about what is happening, especially considering that sometimes you don't have the resources to follow the spaces and go to all the meetings. Which one would you say are the most important ones?
>> CHRISTOPHER PAINTER: Olga, thanks. Good to be with you all there. I'm sorry I couldn't be there in person. I wish I was. Sadly, I'm not. I would say a couple things. That is a real problem. There's a myriad of different things, people should develop in global countries Global South should be prospecting in, not just to gain the knowledge but also to share their experience. Because that's critically important. To point what others said when we talk about capacity building that's a foundational element of everything else in cyberspace. If you don't have the capability, both the policy capability and the technical capability, you can't really participate either in these forms well or secure your own systems to respond to attacks. That's the connecting point.
For, when I've seen that, as it was also noted, Ram noted this, you have a number of different factors, including the political will in the country too, not just the technical people saying they want the training. But actually, the political commitment that this is a real priority for them. And that's becoming more real but that's been hard. That's hard for the global forum on cyber expertise, one. Groups I do a lot of work with and has for years, which is a capacity building platform that has 60 countries, a couple dozen companies, Civil Society, and academia, we move to a demand driven approach. Ask the Global South what do they want rather than saying, here's what you get. That's a more sustainable model.
In terms of the forums you mentioned, obviously there's the UN, the Open‑Ended Working Group in particular which is dealing with cyber. I would say that when that first met, the first one of those, about eight years ago, I was struck by the number of developing countries said we would love to debate norms and esoteric concepts but we need help in capacity and building our technical capability. That's a critical one.
I would say there's some good news stories on that on trying to get more Global South participation, particularly women in cyber programme that's been administered by GFC but many countries behind it. There are lots of women going to and making interventions in that session. That's important. There's been training that UNDA has done for cyber diplomates in developing world countries and others that have done that. That's important.
Coming up this year will be WSIS+ 20. It's hard to believe we're already a plus 20. I remember plus 10. That's an important for developing countries to be at. The GFC, our platform, we had 220 members and partners. We have regional ‑‑ what's important is we've created regional hubs to allow these countries to more easily interact, including in the Pacific Islands, ASEAN, the African Union, the Baltics. In some ways the institutions are trying to come to the community. The ITU is important, more on the technical side.
First, first responders and certs. The Council of Europe in UNODC for cybercrime issues.
So, as you noted, the problem is there's so many different forums that folks can attend. You need the right people attend. You can't just have your representative in New York, for instance, in the UN go to all these meetings unless they have expertise. You need the ability to attend them. Even for big countries, trying to attend all these meetings is hard. In small countries where there's one person. Pacific island country one person from Fiji is both doing their cybersecurity there, but she's also travelling to New York and these other forums to try to participate. It's very difficult on them to be able to split that time. So, we need to figure out how we can more constructively engage with the developing world and allow them to be part of these forums, because it's critically important. Obviously, the IGF is another forum as well. That's a real challenge. Because we can't simply have the developing world in one level and the rest of the world at another level.
We need to make sure for practical reasons too, even from the developing world's standpoint they need a lot of countries to work with them to be able to go over cyber are threat which are routed through these countries if they don't have strong laws and capabilities.
>> OLGA CAVALLI: Thank you. The good thing most of the events are hybrid and many things get recorded. I know it's not the same. It's lovely to be here and interact with people and share coffee and share a sandwich. But if you want to do research or want to know about something, you can find information online. Luckily, in several languages. Language is also a big barrier. In Latin America it's a big barrier. Not everyone speaks English. In order to understand foreign speakers or read clearly the documents.
Now, I would like to go to my dear friend Philipp Grabensee. He's a defense counselor and also an expert in DNS structure, which is a critical infrastructure because he was former Chairman of Affilias which is a company which is merged with another company. But it's a company that manages DNS infrastructure.
How do you think developing economies can find guidance or reference in order to ‑‑ in order to legal update, refine their legal frameworks for a fight against cybercrime. Ram mentioned as an important thing regulations and policy.
So how can that be really considered and up to date so the agility and the development of this regulations and welcome. It's a pity we don't have you here. But we're seeing you online.
>> PHILIPP GRABENSEE: Thanks for having me. This is a tough question to answer in the remaining two or three four minutes I have. Let me make a few points regarding that. So far we have talked about crimes against computer systems. But another big part of cybercrime and fighting crimes is the content‑related crimes.
Let me ‑‑ I think we cannot learn too much ‑‑ of course, we can learn ‑‑ but we can also learn from the mistakes, which has been made within legal frameworks. Because every time something horrible happens ‑‑ I will give you an example for that. The society and the people are calling for new laws and new tools for enforcement agencies and increasing of laws. A lot of times asking for new laws has very negative side effects. I think the problems are really somewhere else or a lot of the problems are somewhere else.
I think in the discussion we had it has become very clear that the problems are not so much the laws or the framework or technology. But it's really that people are unprepared or what Merike calls a skills gap you have. As much as you have a skills gap and people in the technology field, you have also the skills gap or people unprepared in law enforcement.
So it's not really the technology. It's not so much the framework. It's really about the skill set missing and the preparation of the people. So the example I'm giving you here, it's an example of horrible cases of possession of child sexual abuse material in Germany.
There were horrible cases in the news, a big outrage in society, and laws were increased, and new laws were passed. Reform of the German criminal law which in the end led to unintended consequences for teenage sexual expression through the digital media. Because suddenly all kind of exchange of information and exchange of pictures from teenagers on media was suddenly criminalised and a crime. So that was a really negative side effect of that calling for new regulations. And the real problem was, why was law enforcement not effective before against ‑‑ or why is law enforcement, weaknesses still in law enforcement to fight against this horrible crime? The problem is you're lacking well trained and capacity of well-trained people in law enforcement.
That was really the problem. This problem has not been solved by increasing fines or introducing new paragraphs making certain behavior or criminalising certain behavior. It is what Ram said and Merike said, it's really a capacity of the people, the capacity building, the training of the people, the skills gap.
In the specific example of sexual abuse material, we were just lacking ‑‑ in Germany we were lacking the police enforcement officers who were prepared to exposure of traumatic material who had psychological training to deal with that. We had not enough people to do it. And not prepared people to go through the Internet and look at this content.
So that's why ‑‑ still it's a problem. So, what you need is really also here across frameworks help and then you can have framework for capacity building. But it's not so much frameworks and it's not so much the laws, it's really about ‑‑ it comes down ‑‑ it comes down to the people. Of course, artificial intelligence helps you to go through the Internet and identify potential crimes. But in the end, it has to be people who look at it and bring it to prosecution. And that's what really helps protect the victims of those horrible crimes.
So, I can only echo what my colleague says. Also, in regard to content‑related crimes and enabled and related crimes, same as what it counts for crimes against computer system itself.
>> OLGA CAVALLI: Ram, so you have the policy is making it work, making it relevant, because if not, how to make it relevant. So, we have five minutes is anyone in the audience who would like to add something or make any comment or we make a final one minute for speaker and we have to leave the room.
We'll start with Ram who is looking at me directly.
>> RAM MOHAN: Thank you, Olga. This is really terrific set of comments that have come through from everybody.
What strikes me as a useful next step is to think about collating the information that has happened in a session like this and to go back and look at developing countries, at least those who you know who we know and check whether this will actually work. You see what GFCE is doing what Chris was talking about, they already have a framework. They already have material that is available. And I think that we ought to look at what's already done, not reinvent the wheel in building cyberdefense, effective cyberdefense is not new cyberdefense. Effective cyberdefense is cyberdefense that has already worked and more importantly, defense that has already failed and therefore been patched.
So there is that ‑‑ I think that's kind of the way to look at it. Let's be practical. Let's take small steps. Because the large steps will overwhelm developing economies.
>> OLGA CAVALLI: Thank you. Wolfgang?
>> WOLFGANG KLEINWÄCHTER: It's not a theoretical question. It's a very practical question. It's just implementation. You have to do it.
>> JOSÉ CEPEDA: Thank you. While, sorry for the three pillars, people, policy, preparation. Three pillars are necessary to all countries. And this is not the future. It's the present. It's now.
>> OLGA CAVALLI: Thank you, Jose. Merike, your final comments.
>> MERIKE KAEO: Yes. Chris had mentioned first and I had the privilege of helping a developing nation set up their national C cert, I think that is critical. There are many, many guidelines that exist that also talk about the legal constructs and the regulatory frameworks that countries should have within their own culture, within their own legal systems to build up this national C cert that I think will greatly help developing nations.
>> OLGA CAVALLI: Thank you very much. Chris, your last comment?
>> CHRISTOPHER PAINTER: I think it goes back to what we were saying before. This is a critically important area. You need the political will in countries. You need sustainability and continuity, which is always difficulty. And you need nonduplication.
I think as we try to match resources with the needs and the needs are great, I totally agree, don't recreate the wheel. There's lots of stuff out there. It's an important area. The portal that the GFC00s has hundreds of projects, calendars, things ‑‑ it's publicly available. It's not limited to just the GFC. It's been linked to the cyberpolicy portal at the UN. I think that's a great cross‑linking resource.
The last thing I would just say is on the topic of things that are out there, I also am on the board of a nonprofit called the center for Internet security, which like the essential eight has the ten essential controls. So, a lot on cyber hygiene is available. I agree. Collating what is there rather than recreating is critical.
>> OLGA CAVALLI: Philipp, your last comment.
>> PHILIPP GRABENSEE: I can echo the last three comments. In the end we came to the same opinions. Implementing not just ‑‑ not recreating the wheel means always not making new laws, enforce ‑‑ not recreating the wheel means in law enforcement just enforcing existing laws and building capacity for people to enforce those laws. That's the way to go forward and also because existing laws have always shown that they have gone through the critical test of how they relate to human rights and constitutional rights. So always creating new laws always puts a lot of danger, talking as a defense counsel, puts a lot of danger because then the laws have to be looked at from all kind of perspective and a lot of things go wrong when a new law is being passed, especially in a hurry. Not recreate the wheel, implementation of enforcing of existing tools and laws, I think that's the way to go ahead.
>> OLGA CAVALLI: Okay. Please help me applauding our dear friends and colleagues for a very interesting session. And for the remote, don't go away. We will take a picture. Don't go away. We'll take a picture.