The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.
***
>> MODERATOR: Hi, everybody. Is that working?
You have to have headphones for online. Check, check. Good afternoon, everybody.
That's not working. Hi, everybody. Good afternoon. This is slightly awkward because this session was organized on cyber peace and diplomacy in the Middle East. Unfortunately the speakers were unable to make it due to urgent health issues so they didn't manage to make it on their flight. I was the own speaker plan for this session who is actually here in person.
But we emailed the Secretariat to say can we cancel the session due to the lack of speakers they did not remove it from the agenda. And so you are all here because you are expecting to see a session on cyber peace and diplomacy in the Middle East although we do not have panelists. And that applies to everyone online as we.
So hi, everybody online and thank you for joining. We have two options: One is everybody enjoys the Riyhadh sun and have a coffee and find another workshop they would like to engage in. Option two, we have more of an open discussion on cyber peace and diplomacy in the Middle East.
I should introduce myself. My name is James Shires. I'm co-director of an organization called Virtual Roots, and my background is on researching cyber diplomacy in the Middle East.
I brought a book called cyber diplomacy in the Middle East and have worked on this extensively throughout region. So if you would like to have an open conversation about these issues with me, I am very open to that. If you would rather get a coffee or go to a different workshop, then I would not be offended in the slightest. Everyone is still here.
So let me set the scene somewhat. Because this is a controversial topic. It's one that doesn't often get the attention it deserves. If you -- especially talk to outsiders, policy makers in Europe and the U.S. about cyber peace or cybersecurity in the Middle East, they would think of one country usually. And they will worry about a country that has both been the target of significant cyber operations and has also conducted those offensive cyber operations itself, right. And that's Iran.
So the framing in a lot of the western policy world on cyber middle east is an Iranian cyber threat. Just as if you were to go to the same conferences and say you are worried about the major threats, you would hear talk of another three or four similar states. The same list of state.
But that is not the kind of cyber diplomacy in the middle east I want to talk about today. Right. Because my experience and my research in this area suggests there's a lot more nuance. There's a lot of more interesting thing going on. And that actually there are some really promising signs of sooner diplomacy in the middle east that other areas can work on as well.
I can talk about a few of those examples if you would like to. But I can also just open the floor to your own reflections. We have somebody -- I think the scheduling for the panels is currently in flux. As in the Secretariat have not responded too much to request the council or move panels around. Any rescheduling for me I think is risky because it probably just wouldn't happen.
So would anyone like to open the floor for any questions? Why did you come to this session? What did you expect to hear from this session? I have a microphone. Can I pass it around.
>> Hello, everyone. So maybe my question here is what is cyber diplomacy to you? And how has the difference and the global landscape today inspired the creak or, like, the -- generally the idea of cyber diplomacy?
>> MODERATOR: For me, cyber diplomacy -- keep the. You might need.
It there's more here. For me cyber diplomacy is diplomacy about cybersecurity issues, right.
There's a whole set of questions on cyber diplomacy as in the use of cyber or digital tools or digital diplomacy that is very interesting and important. How the Minister of Foreign Affairs adapted to the digital world. How they used AI, for example in their day-to-day lives.
That's not for me, cyber diplomacy. It's about diplomacy about cybersecurity issues. It's distinct because these issues have stakeholders that are much more transgressional than in other issues.
You can't necessarily tie down the technical community governance to the internet to particular states or responsible statements. And it's also a lot more based on the private sector as well. So that for me is cyber diplomacy in general. It has its own challenges based on the kinds of actors involved and also the technical experience required for the issue itself.
So if you want tone gain in cyber diplomacy there's a relatively high bot technology. That's not unusual for cyber diplomacy. Many require existing knowledge, but cyber diplomacy would take more knowledge. So that would be my framework for what cyber diplomacy is.
Go ahead.
>> How do you think it's going to look five or ten years from now? Because maybe five or ten years ago it wasn't the same as what it is now?
>> MODERATOR: To bring the question back to the Middle East. Five years ago there was very little cyber diplomacy in the middle, I would say, right. The extent to which most Middle East states engaged with UN cybersecurity government processes was very little.
You had some places like the opened working group, the OEWG putting forward relatively rich statements at the start of every group. So Iran aligned with particular views, mainly rejecting what is saw as kind of the western dominance of these processes. And so would Syria align with that as well. So you saw some coalition building. But many other states just didn't engage at all.
That really changed with the cybercrime convention. Because there's a long history to cybercrime laws in the region, right. They have not signed up to the Budapest conventional cybercrime which was a European mechanism but they did have very early cybercrime laws often in the Gulf, so the first in Saudi Arabia was in 2006, and then it was updated eight years later after the Arab spring and after the Arab conventional cybercrime, right, put forward by the legal states.
So the idea of a UN conventional cybercrime was something that spoke to these states more so and you had a very active engagement, especially toward the end of that process.
So that's where I see that going from there. You said where is it going in the future? Now we have had lots of attempts by Saudi Arabia and other states to put forward new means of cyber diplomacy, right. You have had things like the digital cooperation organisation, right.
On the face of it, I expect to see more of those efforts. I expect to see a lot more cyber diplomacy as soft power, as the ability to include thing like cybersecurity issues on major GEO political stages, right. You have the forum in Qatar and the dialogues in Bahrain.
All of these states are trying to put their take on the geo political issues and act as an convening space for the GEO political issues I expect cyber diplomacy to continue in those areas as we. There are more microphones if someone else wants to come in. One over there. And do come to the purple table. It's nice if you like it.
>> QUESTION: Thank you. So when I look at cybersecurity there's digital infrastructure comprehends. So we are seeing some of the wars targeted removal of ICT infrastructure, which means people are not -- and that's a big part.
So one question is in that realm how would cyber diplomacy actually act? The second one is actual lit softer part. So there's the algorithmic part, right. So when you are having a project that can identify targets very specifically that are downloaded from one area and remove them in war, this becomes a major challenge. But it may not be war. It could be disinformation. So we are also seeing a lot of disinformation come in at the same time. So I think there's three thing I'm looking at. One is the misinformation and there's an issue there. Romania to postpone their presidential elections because of this issue.
Where would it come in? So rebuilding, for example, after a war, we often see it's the same people who supply the equipment for the war. Which I find very strange so just asking your view point for the balances.
>> MODERATOR: That's three big questions. One is regulating cyber tools in conflict, and two, which is content issues like misinformation, and three which is conflict reconstruction.
So let's talk about them separately, right. The first one, cyber tools and conflict. Now here I would like to do a little bit of a contrast with a global perspective. In the years after the stock snap virus where everyone thought this is the advent of cyber war.
Many commentators saying this is what cyber wars will look like. High sophistication and high investment on strategic sites. You had a lot of investigation in the follow years of what cyber war would look like after. That you then have the Ukraine conflict in 2022 when that challenges expectations. Cyber tools are blunted. The cyber dangerous weapons seem to have a good chance of repelling cyber attacks. There's a lot of capacity building and development going into Ukraine's allies doing that.
And then have you Israel's invasion of Gaza. And there the only cyber component, right, really is truly understood as the link to active outside the conflict. For a very simple reason, right. All infrastructure in Gaza is targeted and pretty much destroyed, right. Not just Telecom infrastructure but water and energy and everything else, right. So there is no cyber tools in conflict in the Gaza side, because there is no use of cyber tools there, right.
On the other side, you have a bigger conversation about the role of digital intelligence in targeting in conflict, right. That's not necessarily cybersecurity narrowly understood, compromising devices and getting into devices. But this idea in conflict you use digital signals and device signals to do connectic targeting, i.e., to kill people and bomb people, is extremely obvious in both conflicts. In Ukraine it goes from things like mobile phone on the front line and measure apps being used by soldiers and then being used for drone strikes.
In Gaza it's AI targeting systems, and putting up lists of potential target sites to Israeli missile strikes, right.
So this idea of digital targeting and conflict changes the landscape significantly. It seems gives greater advantage to already asymmetric conflicts and by that I mean it enables states to bomb more and no bomb more indiscriminately.
So that's just a quick thing on cyber tools and conflict where we are now. The second point is on content disinformation. Now we have already talked about cyber criminals. Now most cyber criminals in this region have a strong contact component. They have an -- fake news or certain kind of content will be pros dutied and will be considered crimes under this law. That's not the case in other regions. So the Budapest convention, for example, very clearly excluded content from its list of potential criminalisable offenses.
This was very much a political decision, right. As one that a lot of -- for lack of a better word, western countries rejected wholesale up until the concerns about the misinformation stemming largely from the U.S. elections, right. They then under that there was some need to focus on disinformation and con issues.
There's also a parallel discussion of online safety, right, of bullying and much more human security issues affecting content moderation. So both of these pressures is have slightly flattened the spectrum of positions for how to regulate content online.
Most states now agree there should be some regulation of online content. They disagree significantly about how much and what kind of content. But most of these disagreements don't necessarily lie in the technology them self they lie in the beginnings underlying that technology. Folks of what is a criminal act online. What and -- what violents national laws on media freedom and similar. So there's a wide range of Spectrums there and there is a wide range of positions here in the region as well.
Now of course there's mis and disinformation becomes a tangled topic because have you to piece it apart. So when have you cybersecurity companies fracking disinformation around the Gaza conflict, essentially they are tracking kinds of opinion that might be widely seen on many streets in many Arab countries, right.
So it's very difficult to disentangle the identification of disinformation from the political side and positions of that are taken from people feeding that or promoting or reading that information.
I will probably leave that there. Because there's no more to say about that.
The third point. Reconstruction. Now I don't have much to say on reconstruction, especially in the Middle East context. Because the obvious point is here in the war in Yemen. And whatever will happen after Gaza, right. There will be a lot of investment required. And of course increasingly you see Lebanon requiring massive reconstruction funds as well.
The way in which cyber relates to that is a mute point, surface left because it's physical reconstruction. It's all other kind of infrastructure needs to be rebuilt. But maybe there's an opportunity there be right. Maybe there's the ability to bring in new forms of -- like very modern teleconference infrastructure. This is me trying to be as optimistic as possible in a situation that is incredibly pessimistic.
So I would -- there is maybe some potential for reconstruction, but the big decision is about who pays for it even when it happens. But we are not there yet. So I wouldn't be able to comment any further.
There's a question online. Should I read out the question? Gaza has been testing and using -- this is a question, Artificial Intelligence systems to create apartheid war crimes and depend side again the Palestinian people that had led high numbers of civilian deaths.
What can be the role and responsibility of the United Nations and governments and UN IGF in dealing with the weaponisation of Artificial Intelligence that is contrary to human values and International Law. So thank you so much for this question.
I'm not sure where to look because you can't really see me. So this is a crucial point, right. And I have a feeling that many of you are at this panel because it is the only panel on any topic remotely like this at the current IGF, right. You scroll through the schedule. There is a panel tomorrow afternoon on transgressional oppression and cybercrime. So you should make sure you attend that if you are around.
But there is not much discussion of conflict in general, right. There is certainly not much discussion of the conflict in Gaza. And let alone any discussion of the use of AI tools, I mentioned the lavender system or others in terms of how that should be addressed by the U.N.
Now I will make two short points. One is that the UN system is already mobilizing to look at the war in Gaza from a point of view of International Law and what is prosecutionable or not, especially by the International Court that might suspect hacks. So there are prosecutors there looking at the well publicized leaders on both sides that is happening.
So that is happening by ICC but the UN itself there are resolutions condemning what is happening but going into the existing geopolitical divides, whether this is a security council or the general assembly. So the UN is mobilizing but always could do more.
Now this is better. Now in terms of the IGF, right, question one would be whether the IGF -- sorry, I will finish this point. Whether or not the IGF should address the AI itself. It is the inn government forum. One could arraigning it has to address the governance. Which has many of the social and complicated situations of AI. So it could say this is not part of our mandate.
Now we already heard from main high level speeches yesterday and so far that the Internet Governance forum does intense to include AI. Ask you can see from many panels or ethics and responsibility that this is the case. So I would say certainly the Internet Governance Forum should look at the responsible use of military AI to understand not only how AI is being used now.
But what is the potential for putting guardrails on it in the future, if the lessons from the cybersecurity debate are anything, like tell us anything, they tell us that the Intergovernmental process will be long and convoluted and dissatisfactory at the end. But there is still hope. Please go ahead. Yeah. I'm actually also going to -- I have another meeting. I thought the panel was gone. But I will send a quick message while you discuss that. Please.
>> QUESTION: Is there any research on cyber technology in the middle east. If it's published. If there is work, it's good to read these steps.
>> QUESTION: I was just going to chime in on the last matter about the use of AI in conflict. So on the military side the phrase to look for is human in the loop. Because that's how military people think of it, right. If there's a human in the decision making loop in the kill chain, then there's ultimately a person upon whom responsible falls and they know how to do that much whereas if it was just all the way down, then it's machine learning, training that, who filtered the data. Blah, blah, blah.
And ultimately everyone can evade any responsibility for anything. And on the NGO side, there's the campaign to stop killer robots which is the coalition of NGOs that are working in this area.
>> MODERATOR: Thanks, Bill. And to tie that human loop conversation back to what the question was asking about, which is Israel's actions in Gaza, right. There is not a discussion there about them not being humans in the loop. That is not the issue that is taking center stage. The issue is that the humans in the loop are operating with insufficient constraints on collateral damage and targeting limation, and on the number of strikes they are conducting, et cetera, et cetera.
So it's a very different scenario about how to regulate the use of AI in conflict when the real problems coming from the use of AI is not from the use itself. It's from the inn corporation into the decision making and flaws into decision making. I hope that helps to answer the question. We had one here which was on, where did you read about this? Right.
So there's a book called Cyber War and Peace in the Middle East, which was published by the U.S. DBS Institute a couple years ago. There's a book on cybersecurity policy which has been released you might want to read and also recent work especially on the AI and the Gaza war, for example by Anwar Machena in the college in the U.S.
There's a few people writing in this. But it's not a very large community either. So I can send you a list of references. Can I go online and then come back to you. Because I think there was an online question.
Mockberry. Existing government is not sufficient to respond to the policy issues related to data, domain names, safety, health, common infrastructure, technical standards and content and requires the adoption of a comprehensive approach and a Newark texture. Can this smart combination of consultation be appropriate? Account model of the international organisation to ensure the legality health and safety of cyberspace.
So this is -- I guess this is not a Middle East related question. But it is an important question. It's one that -- how fit for purpose is the current governance system. Now the issue civil organisation is a really interesting example because there you have an extremely highly regulated industry, right. Not only is airplane building a very highly regulated activity but communications and everything to do with airspace is extremely highly regulated. So in a way it's kind of the opposite F internet.
The internet by default and design by technologies is not regulated. Anyone can set it up and they can create a network and connection it to other networks and so on. So in a way the ICAO is at the wrong end of the spectrum to think about Internet Governance. You have people cooperating to make sure they can build and create safe passage agenda for aircraft. The internet on the other hand is a wide diversify of actors all trying to do what they want and doing what they want very quickly. So have you to try to bring those in.
So I think a definition of the multinational governance model and multi-conversation would not be sufficient. You would not get people in the room.
You would not be enabled to enforce or act on any recommendations or things like that because you wouldn't have -- yeah. The multilevel governance would not be effective. That's why I say. That but I know there are other people in the room who might watch to comment as well. Would you like to come in (?) you have a question? We have two questions. You have a question, right? Okay. I've answered it already. You go. Go ahead.
>> QUESTION: Can you hear me?
>> MODERATOR: I can hear you.
>> QUESTION: The fact we have different finishes for the cybersecurity, we are going to lead an effort to find a beginning for a single security job. What are the steps that should be followed?
>> MODERATOR: So we would like to have a single universally agreed beginning of cybersecurity. Now the problem arises, right, when you start stepping outside of technical beginnings of security, right.
So the classic technical definition are thing like confidentiality, availability and integrity, right. And you can define those properties within networks relatively well, right. With those classic diagrams about who can read what, when.
That's how you would get to those beginnings. But even then, integrity, right, which is usually the communication is the same coming out as it was going in and they always have some kind of -- it has the right timestamp as well the if you delay communication that's also a failure of integrity. These property have also been redefined, right. So a lot of the disinformation and misinformation work is about integrity work.
So maybe Facebook or Meta would try to think about their content moderation efforts within that framework. So you very quickly get pushing at the boundary of these technical concepts to make them include much thicker ideas about what should be and shouldn't be included. And that's the root of the problem with defining cybersecurity.
Because then you get into thing like, what is security? It means -- does it mean that there's no access to a network? Have you a secure network. That's a very black and white definition. There's inside and outside.
Is it being able to respond to make sure can you continue to function, right? That's much more resilience focus of a definition of security of or as many people around this forum say, should there be a human idea of cybersecurity. It's actually, what does it mean for people, whether they are secure or not and what they do online.
And that's possibly the thickest beginning you have which includes everything to do with content or all the technical aspects of cybersecurity and everything else.
So the reason we find it hard to define cybersecurity is because contained within this discussion is a lot of our own values and opinions and our cultural background as well. So we start on picking those whenever we start to get to a definition. So I don't think there will be a single beginning. I might be wrong. If somebody can give me a single universally agreed beginning of cybersecurity, I would love to hear it. Do you have a microphone?
>> QUESTION: I was just wondering how would you assess the maturity of the cybersecurity landscape in the Middle East compared to other regions in the south, whether continue Africa or other regions.
>> MODERATOR: So I would say maturity. I don't like the term maturity, point one. There's an ITU index and a lot of maturity surveys. And it implies that all that is needed is a certain amount of capacity, and then everyone will engage in the same way. So the problems come from lack of maturity. I think that's not actually the case here.
So you have very deliberate choices by states, what they invest in. Do they invest in cyber diplomacy. Like classically understood. Do they see the UN discussion, WEOG. So you can do them by comparison and index and on the Oxford security cyber building or molds. There's a lot of ways you can do international regional comparison.
My preference is -- what do people or decision makers and leaders in the region, what do they want to get out of these discussions? And are they getting what they want out of them. So for example, with the ITU index, right, are they able to communicate their country is digitally advancing, right. That it's a tech power or a tech hub for the region. You see them very powerfully in Saudi Arabia. Are they able to say in terms of capacity building to devote projects and funding they are interested in. In many countries that they have a diplomatic interest.
Maybe that's in Africa or somewhere else. Yes, of course. And are they able to do education? There's a lot of very impressive open education initiatives in Arabic and English and the Emirates and catarrh and Saudi Arabia to really reach the population.
So yes, there's a lot of activity there, right. The way -- when I've done speaking to people at professional conferences and things like that in the region, often this then been -- so if you reject the global indexes of maturity and you say it's all about what you want, this then becomes a conversation about standards. Okay, how many companies in the region are obeying 27,000. How many are obeying the NIS standard or how many adopting the NIS standard. There you might get a much lower answer.
You will say they are doing it for only audit purposes, but they are not practicing the kinds of measures that they would advise. Or they are even not engaging in the standards conversation at all. And there you can point to probably more reliable metrics. There are lower levels of maturity, especially in sectors of this region that would need a lot of advancing to go well. But that's possible at a regional level. So could you do that through the GCC and through the Gulf Council Committee and further on as well. Please.
>> QUESTION: Thank you. So if I look at -- I guess the whole panel is on cyber diplomacy and peace, right. So there's an angle where you have to look at peace within the Middle East. That is Middle East by Middle East and maybe there's Middle East with others because we know there's a lot of actors outside Middle East involved in the Middle East which disrupts peace, right.
So if cyber diplomacy is about influence and getting people aligned to the cause, and everybody want peace, because peace is when you prosper. You don't prosper very much unless you are selling thing that disrupt that, right.
So most of the hardware and the tech comes from other sides of the world. How will this impact cybersecurity in the future when you control the narrative and you control the data? We see that already out of 500 cables most of the 99% is private sector cables and if you look at the private sector companies owning them you know where they are. They are mostly in the west. So do you think this becomes a challenge in the future?
>> MODERATOR: I certainly think it does. I think -- so there's a very -- there's two answers to the question. One, the ownership of hardware of infrastructure and ownership of data are both really live issues, especially for this region, right. There's a strong push for data localization.
So if you look at cloud regulations in the Gulf states and agreement those have struck with main cloud providers. They are really pushing for local agreements. In partnership with local companies. So if you can Google Cloud platform and Amazon, et cetera. They are working with partner companies. And they are also asking for dedicated data centers.
Now I published something quite recently on this on the role of cloud computing and cybersecurity in diplomating interactions between Israel and the UEA. The theory that Israeli and the AUE said you had to have local data centers, great. but you want a whole cloud region. Right. So that's actually at least three independent
(Audio Difficulties)
At least three independent bases or distances apart. They didn't just bill these data centers. They weren't part of the region, so they changed the definition slightly. So this began for localization is kind of met in name but not in reality.
So, yeah. That's point one. Point two is kind of the role of term actors, right. And here you have to look at what is really going on in terms of offensive cyber tools. And here we switched to go to a threat landscape. There's an actor by the threat. The predatory -- which has been linked to cyber attacks in Iran that have had disruptive effects on railways and on steal plants and fuel stations and thing like that.
Now part of this is because -- kind of the infrastructure in Iran as far as I know, is outdated. Right. It doesn't have the ability to do modernize its whole digital critical infrastructure. So relatively easy to target.
But also this actor, whoever it is, the state sponsored is pushing the boundaries. They are disrupting critical infrastructure to a certain extent and then rolling back on. That not going as far as they claimed they could do. So there's also actors in Middle East that are constantly pushing the boundaries what have is acceptable through cyber conflict and seeing how tar they can go there. And that's a really worrying trend. Please. I don't know if this one works.
>> QUESTION: We will share a mic. Hi. I will put these on so I can hear. Actually I don't need it. Thank you very much for organizing this session. It's a good tune. Because we get a chance to talk. So I really like this. I had a couple of reflections.
I'm from the University of Belgium. I had a couple of questions.
I will start with one which is in Europe at least we see this connection between cybersecurity now with the new European commission that has just been put in by bringing this connection between cybersecurity and democracy or stability of institutions right, in the field.
And I was wondering whether that is something you have seen panning out in this area. And then the second question was as part of the Ukraine conflict, I've noticed that companies like Microsoft have been publishing reports, threat report, right, which have been saying what Microsoft as a private actor has been doing to defend Ukraine, right.
Changing the landscape from security actor to -- you know, of the types of security actors that you talk about when you talk about cyber diplomacy between incorporating different types of actors. And I was wondering how that is playing out in this region be particularly in light of the last question when he we talk about different types of actors. Is the private sector now playing a bigger role? And of course that private sector being largely based outside of the region.
Is that playing an important role in this space? And how will that play out? Because then the opposite of that is then moving towards more cause for digital sovereignty. Data localization. But you know digital sovereignty which -- you know which only further gives space for more conflictual responds I'm concerned about that sort of evolution of this dialogue.
>> MODERATOR: That's alright. Thank you. Really interesting point. So on the first one, right. This idea that the private sector is becoming almost a combatant, right. They are providing support to -- in Ukraine, by Microsoft. Critical services. Some of them defense services. Some of them military services, right.It and very hard to distinguish, right, if you provide a power platform for the Ukraine government. Some of it is defense and some is not. What is the legitimate target for the other side. How far do they get involved in that war. These are really difficult questions that a lot of people are very worried about. A lot of people think that the boundaries are being really tested there.
So in the Middle East conflicts I've talked about in Yemen and Gaza there's not the same question there. There's not the same involvement of private side actor on the defensive. Now there are on the Israeli side. It's a major side. Big Israeli countries. There's the use of territories for developing technologies through Israeli history. That's not a new thing about industry lead leader lies getting through the industry that they sell to this region and this country as well.
That they are using cyber offensive and defensive as diplomacy. Arriving to and a lot of the recruitment comes out of the military. So this idea that the private sector is involved comes from a very -- I guess I would a European or American squeamishness, right. A Silicon Valley idea that these companies are not part of the state. They are not associated with state military activities.
It just doesn't exist in the Israeli context. That's why it's so different. Because there's a central hope they don't have the need for central companies to come in the same way. And of course on the other side in Gaza and Yemen, they are not getting the same type of support. Just to state the blatantly obvious. We won't migrate your structure online. No, none of that is happening, purely because of political priorities.
Yeah?
>> QUESTION: If we needed cyber peace or we needed peace in the region and you come back to your mainframe of question, what are the four or five thing you recommend we do? Three thing.
>> MODERATOR: Thank you very much for giving me a wrap-up. For those online, I know we had a couple questions. I hope you found this stimulating. And just to reiterate, everyone who has joined a little bit later. I am kind of having an impromptu discussion because many of the panelists couldn't make it.
So thank you, everyone, for sticking with it. What are four or five things in terms of cyber peace and diplomacy going forward? Now the first is data. Data on use of cyber tools in conflict, on the actors using those tools, right.
At the moment we rely on -- as this gentleman said, private sector reports that are very skewed toward certain factors. It's not a good source of data, but it's the only one most researchers have. So new and different kind of data about what kinds of cybersecurity threats there are on the ground. And then you can have a conversation about how to counter those threats once you know more about them.
Working in a multistakeholder way, working more with Civil Society, with industry and with government, Internet Governance organizations around the wore. Everything we talked about so far from contented moderation to offensive cyber tool and the things like that. Working and finding ways where countries can agree they won't get for better access and internet connectivity would be two. Look tight chief those aims.
And number three would be plugging into the UN processes. They have the floors I have already talked about. But at the moment there are no alternatives. If you use regional mechanisms, whether it's the GCC or other regionals to develop your own practices and develop states competencies and collaboration in cybersecurity, and then translate that to the global level, to the multilateral level, that I think would be the last recommendation. Thank you, all, for what has been an extremely interesting conversation.
Please do follow up. I have some cards here. I know I promised people some references. I promised people some things to read, and I will definitely do that if you come and approach me afterwards. So thank you so much.
(Applause).