IGF 2025 - Day 1 - Workshop Room 1 - Open Forum 51 Strenthening Cyber Resilience in Global Posts & Logistics

The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.

***

 

>> MAYSSAM SABRA: Good afternoon. Also good morning and good evening to our online participants who may be joining us from different time zones. Welcome and...

I think there's something wrong. I can hear someone talking here. So welcome. Thank you for being here with us for our open forum on cybersecurity for the Post, global Post sector. My name is Mayssam Sabra from the Post Centre of the UPU, and I will be your moderator for this session.

Quickly, for those of who may not know what is the UPU, it is the Universal Postal Union, agents educated to Postal Sector. We mainly coordinate international postal policies and standards among our postal operators and member countries.

We also assist the postal operators in the transformation of their services toward a secure digital connectivity and we help    we promote collaboration. We also help ensure an efficient and secure mail delivery worldwide.

As you know, the global postal network plays critical role in facilitating trade, communication and economic development. However, as we rely more on digital technologies, we also face increasing cyber threats such as ransomware, phishing attacks, data breaches, supply chain attacks. This is not disrupting our operations but can compromise sensitive data, damage reputation and can erode trust within consumers and businesses.

So in today's session we aim to explore how we can strengthen our cybersecurity, how we can enhance the cyber unions across the sector. With will discuss best practices to build trust and security in the postal and logistics sector.

So I am honoured to share this platform with five distinguished panelists with me today. On my left I have Ms. Floreta Faber, the Deputy Director General and Director For International Project Coordination and Strategic Development at the Albanian authority. And Mr. Mats Lillesund, Director of Governance and Communication, Norwegian Post. And Kevin Hernandez, expert at the Universal Postal Union. And on my right, Nigel Cassamire, The Deputy General from Caribbean. And Mr. Tracy Hackshaw, head of the Postal Union.

So we have a limited amount of time. I encourage all of you, please, to keep your remarks concise so we can hear from all of you. Therefore, online participants, if you have any questions, please type them in the chat box. We will read it on your behalf.

Now let's kick off our discussion. I would like to start immediately with Kevin Hernandez. Kevin, you are the digital inclusion expert at The Universal Postal Union and lately you have been working on digital services report for the Postal Services which indicated specific section on the cybersecurity for post, so maybe you can walk us through the state of cybersecurity in the postal sector so we can discuss further the finding of what you will show us.

>> KEVIN HERNANDEZ: Great. Thank you very much for the introduction, Mayssam. I'm Kevin Hernandez, a digital inclusion expert at the UPU where I work on a project calledConnect.Post. So we connect and transform to one stop shops for digital services. For all of you interested in the project I mentioned, I will not speak of in it detail, but I have concept notes I can share with you on the front and some at the.Post booth. Though Connect.Post is not a cyber project, ensuring the newly connected post offices and services are secure is one of our biggest concerns. I will explain why in this presentation.

So as Mayssam mentioned I was recently working on a report for the UPU, the Digital Camaraderie Report, based on a survey on digital services and cybersecurity and posts from 152 countries responded on the survey. The survey found posts are offering many more digital services than we were expecting. We thought post offered digital services, but we could never imagine how much. So    these services go well beyond the postal sector, which is very important to highlights. Posts are not just offering digital postal services but are offering digital services across multiple sectors. Many is super exciting, from an inclusion standpoint. I don't know if any of you know, but there are over 650 post offices in the world, the majority located in rural areas, which are specifically the places where people are less likely to use the Internet and where people are most at risk of being left behind.

So digital services offered through the Post has significant potential to promote inclusion. For example, our survey found 71% of posts are promoting economic inclusion for SMEs through e Commerce service, 58% promoting financial inclusion through digital financial services, 51% are promoting social inclusion through e government services, 11% are promoting universal health coverage through digital health services. Also 70% are directly contributing to bridging the digital divide and promoting digital inclusion by providing at least one digital connectivity service or solution.

Going one step further our survey found more than a third, so 34% of posts, show signs of becoming a one stop shop for economic, financial, social, digital inclusion by providing all three services at once. Mainly digital financial service, e Commerce services and e government all under the same roof so one place where citizens can go access all these services. This helps mitigate risk of exclusion for less connected groups while helping governments achieve multiple public policy objectives related to these areas and overarching, "leaving no one behind" SDG goal.

We found posts are offering these through multiple channels. As you would expect, the main channel that posts digital services is a digitally equipped post office counter through interaction with postal staff. This is great for users because they receive help accessing a service in person. They may not otherwise be able to access on their own due to a lack of Internet access, not having an adequate device or not having the necessary digital skills to access that service on their own.

However, many posts are offering these digital services through fully digital channels, like a website or app. What some are delivering through services with device like digital personal assistants, tablets or smart phones. This can be useful for people whose mobility might be restricted. It is important to note in many cases the post may only act as the physical extension of a partner digital service. It is not necessarily the case all these services belong to the post, but the post is acting as a trusted partner.

So building on that, as posts begin to offer more and more digital service, they become an even more critical infrastructure that must be secured. Because they are now holding more sensitive data about customers and citizens across multiple sectors and across multiple aspects of life. This makes the potential consequence of a disruption of a postal operator's digital system more severe. These disruptions will disproportionately impact people in rural areas and elderly, who rely on the post for digital services the most.

This makes impact of breach, identity theft and financial losses even more severe. Although, as I mentioned before, multi  service channel delivery is great from an inclusion perspective, it opens more entry points for cyberattacks. As a result, the ability for post to maintain trust is both more important than ever and difficult. Not just for customers or citizens but also, as I mentioned before, for partners. Because delivering digital financial services, e government and e Commerce requires partnerships with private institutions with companies and government agencies who would be reluctant to partner with an institution they see as insecure, especially when that service belongs to that institution.

At this point you may be asking how secure are posts. Are they ready to offer these services in a secure way. And our survey found the current state of cyber hygiene best practices within the postal sector is in need of significant improvement. We found some optimal implementation rates across all cyber hygiene best practices, which were surveyed. Encrypted websites were only best practice implemented by at least two third of posts and two other practices, namely secure emails, secure staff email, sorry, and business continuity plans were implemented by at least half posts.

Meanwhile other best practices such as cyber security training were implemented by less than half of posts. This is extremely important, given as mentioned, posts are utilizing a multi channel approach to service delivery, meaning the staff are likely to be involved in delivering services, whether at the counter of the postal office or staff with digital devices.

Less than half of posts implement cyber security risk management plans. Only around 40% have incident response plans and crisis management plans. So this kind of paints a picture of posts that are largely unprepared and unable to adequately respond to cyber security threats. The survey also found a drastic regional difference in implementation of these best practices. I couldn't fit all on this one slide, but this trend tends to hold true across all of the cyber hygiene best practices that were on the previous slide.

So developing regions and    post from developing regions and in particular three, Latin America, Caribbean, Asia Pacific and Africa are least likely to implement these cyber hygiene best practices.

I want to end by highlighting another scary finding from the survey. So cyber security budgets of post are not keeping up with their cyber security workflows. So although around 70% of posts saw an increase in their cyber security workload in the last two years, less than half posts reported that they increased their cyber security budget allocations. Post, once again, from developing regions and those three regions in particular, were least likely to increase their cybersecurity budgets in the last two years. Not only are they not well prepared but budgets are not keeping up with their workload. One last thing, along with low implementation of cyber hygiene best practices and lagging budget allocations, posts are also not getting national level support responding to these cyberattacks. So only 35% of posts were affiliated with the National Information Security Incident Response Team. So as you can see, there is a lot of work to secure the posts, especially as they offer more digital services from multiple sectors, through multiple channels.

That is it from me. I hope this presentation has helped set the stage for the discussion on cybersecurity in the post, thank you.

>> MAYSSAM SABRA: Thank you, Kevin, for the insightful presentation. Actually, it really indicates urgent need for enhanced cyber assistance for posts in some regions. In light, I would like to hear from Nigel. As you see from the presentation of Kevin, we can    it indicates a low percentage of cyber security offered in some posts in the Caribbean region, so maybe now you will walk us through some slides that highlight some    digital transformation in the Caribbean and the role you have been playing in improving this in the Caribbean. Please proceed.

>> NIGEL CASSIMIRE: Yes, I'm Nigel Cassimire from Caribbean Telecommunications Union. I will be looking at our status of the digital transformation in postal industry, which is not very advanced. That may be part of the reason why Kevin's results would have shown, as he showed for Latin America and the Caribbean.

Just to give a background on the CTU, this is an intergovernmental organisation in Caribbean specializing in ICT. Our members are 20 governments. Should I say central region in the Caribbean. We advise on ICT policy matters. That includes things related to digital transformation, for example. In our involvement with the postal services in member states would probably fall under our ICT policy formulation and project coordination type parts of our mandate, as shown on the screen there.

So just setting the context for the Caribbean, as far as postal digital transformation is concerned, it is happening in our governments pursuing digital transformation, generally. They are looking at introducing e government services. And they have done that in most of our member states. Also facilitating e Commerce generally to get the economies going and to help diversify their economies.

Of course, the postal services has been evolving throughout the world. And Caribbean is no different. We've seen traditional mail services going down while things like courier services in support of e Commerce going up. There is competition for the traditional postal services now. Private companies involved in the courier and delivery business and logistics as well. Also traditional services have obligations to deal with. In the face of environmental changes, there are opportunities noted for the postal services to modernise and become competitive in the markets.

What you have been seeing, some of the initiatives, and a lot have been mentioned by Kevin already, they've been seeking to enhance their logistics and delivery. They've been trying to capitalize on that trusted niche of the postal services and being used as community hubs, delivering government e services and products, facilitating access to government services for persons who may not have their own private Internet connections. Some of the financial services Kevin also mentioned. In some cases, they may have facilities to help with some capacity building of the less technically savvy persons in the community.

So there may be an area of a post office, especially in rural areas, maybe, where the citizenry can come and get help many maybe accessing some government services. But as the post offices try to modernise their operations and utilize digital technologies and transform digitally, as mentioned, this comes with the attendant cyber risks and requirements for resiliency.

Kevin went into some of the very specific type thing, but I will talk about what the CTU    the approach the CTU has been taking. Our involvement in the digital transformation and assisting our governments is more general and postal service is one aspect with our own member states. So in 2022, actually at the ITU plenipotentiary conference, we had an opportunity to meet with the postal union. They apprised us of the new services they had developed in the digital sphere. And we decided that yes, we needed to partner to help enhance the quality of our digital transformations in the postal services in the Caribbean.

So shortly after that, an MOU was signed between the CTU and UPU. This was    the initial meeting was in 2022 and this is first half of 2023, when the Director General they call him    Director General of the UPU signed this MOU with the Secretary General of the Caribbean Telecom to cooperate in various areas. This MOU was to promote digital services in the Caribbean. There were specific things identified in there. Deployment of the UPU's digital readiness for e Commerce assessment, a programme whereby UPU would come in and do a comprehensive assessment of the state of the particular industry and the capabilities of the postal services and make some specific recommendations in terms of how to go forward with modernization and seek digitalisation of their operations.

We also were seeking to promote option of the UPU's.Post domain by our postal services. That is a secure domain that I think gels well with the trusted and would tend to preserve the trusted nature of doing business with the post offices and also implementing the Connect.Post initiative in the region, which Kevin had mentioned. In fact, he said he works in the Connect.Post area.

So since back to 2023 we have had specific engagements in the Caribbean with at least three of our member states. Typically with some of the larger ones. We do have some specific recommendations, now that they are implementing.

Within the Caribbean there is a Caribbean Postal Union, an affiliate of the UPU. We have CTU liaisons with the CPU in terms of fulfilling the requirements of the MOU.

So that's kind of where we are. So we are getting the recommendations and start trying to implement the implementations from the UPU to enhance the cyber resiliency of the postal services in the Caribbean, thank you.

>> MAYSSAM SABRA: Thank you, Nigel. It is a clear focus of cyber security adoptive initiatives of .Post domain or programme to enhance the cyber security in the Caribbean region. Thank you very much for highlighting this.

Now I would like to hear from Mrs. Floreta Faber. Floreta, you are Deputy Director General at the Albanian Cyber Authority but you also coordinate and lead projects on cyber security strategies on development. So, as you know today, as cyber threats evolve, how do you see this changes our impact on cyber security strategies in our organisations. And maybe you can share successful initiatives that improved the cybersecurity sector.

>> FLORETA FABER: Thank you very much. I'm very happy enjoying the discussion. The Albanian Cyber has been focused on big changes in the cyber security domain in Albania. We had the strong state sponsored cyberattack in mid 2022. All over the e government services. Albania today has over 1,200e service towards citizens. More than 95% of all government services to citizens are given online. Cyberattack on those services meaning really strong steps towards all the countries like Albania and democratization processes and transparency with the citizens.

Since then, we have been taking strong reforms on cybersecurity and big steps forward. Part of all the transformation, the changes flow on cybersecurity. We have a new one since May last year, according to the E.U. director, and number of sub-laws on cybersecurity, which still go through model of European Best Practices and The Directive. We looked at the specifics based on the criticality, and the postal service is one of this group which we have been working specifically.

The postal system, as mentioned from studies in Albania as well has increased its level of digitalisation. Having the attacks through the postal service    or using the name of the post has been really attacks of last year over 15% of the attacks in the country, or efforts to attack the system out of 88 attacks    attacks we had last year, over 15% were through the postal system. Only three were successful cases, with I the post office was dealing with and the National Authority On Cyber Security was supporting hand to hand.

We have seen strong Internet security companies. In 2024 all the post office, according to our grouping, is with the transportation group. Almost all the attacks last year in this group were only through the post system. Specifically through domain impersonating in the public facing brand. The issue carried significant weight due to far reaching impact on the public trust and institutional integrity and stability of critical infrastructures.

Attacks on national post service are not isolated nor random. They have been calculated efforts to exploit institutions that serve as a fundamental touchpoint for millions of citizens who use the postal services and the digital services in their daily life. The impersonation of postal brand and misuse of digital channels to spread fraudulent messages can erode public confidence in public services and amplify the risk of financial and identity related crimes.

In this context, the importance of building a cyber resiliency in the cyber sector goes far beyond working on the technical issues, and it become matter of protecting civil trust. Civil trust for    and continuity of essential services in the digital area. And in a time that most of the services through the post offices as well are given to digital systems.

Because these are not isolated cases, this pattern resonates globally. Maybe you have seen in the last week, F.B.I. issued new warning for iPhones and Android about companies, as highlighted by Forbes and New York Post and leveraging name of institutions, including postal services, to steal and (?) public trust. Our data confirm this was the case in Albania as well. Only from January to March 2025 we have seen that over 6,500 indicators of compromise that were found through our national search. Over 15% were linked with the postal office.

This means the efforts to attack through the cyber systems on public infrastructure in Albania, over 15% really go to one of the critical infrastructures we have. While the numbers remain high, we have seen promising numbers. I mentioned that last year on the attacks we had three of them, really made some issues in the institution. But this year, all the attacks, none of them has been coming to a point where there was an incident inside the post office.

In response to the growing threat landscape, the Albanian National Authority on Cyber Security has taken concrete steps to strengthen sector resilience including targeted cyber security training, implementation of early detection system, real time monitoring of threat indicators and joint incident simulation with the authority and the postal system. We are also integrating cyber security requirements into the digitalisation road map on the National Postal System. Our approach is not reactive, it is proactive, strategic and tailored to the unique challenges the sector faces. By aligning services with security protocols we aim to reduce the attack surface and enhance institutional readiness involving cyber threats.

The fact that nearly all attacks in 2025 were smishing based tell us the human layer is still the weakest link in cyber security attacks. That is why efforts include not just technical hardening but aware raising among citizens and postal employees.

So first we have been investing heavily in capacity building and the cross sector collaboration cybersecurity is a challenge and requires ecosystem level resilience. We have developed sector specific early warning mechanism and shared playbooks tailors for public service operators like the post. The National Cert which covers 15 institutions, one is the postal office, because we believe the strong efforts through the system are worth having specifically focused on saving those systems.

Second, we are working closely with postal operators to build internal cyber hygiene protocols. It is part of the    all the cyber hygiene trainings that we were giving throughout the country. Because    since especially 2022, it was given specific priority to cybersecurity sector in the country. Only last year we had over 6,000 people trained on cyber hygiene, including a specific focus on having all employees of the postal office. Because among all the steps taken to change the cyber ecosystem in Albania and to take the steps for changing the laws, we believe it is important to work with people and have the cyber hygiene, a new culture on cyber security in the country. And the request of people to have those trainings in increased numbers means there is an awareness that people need to know more.

Unfortunately, for bad reasons, because attacks have been numerous. And some have been successful on creating cyber incidents. People, more and more, are getting awareness they should know more and what they should do to protect themselves and institutions they work with in cybersecurity.

As we reflect on all the developments in the country and in the postal services, we understand that it is important that this is a work in progress and this is something which doesn't finish in a year or two with the increase of the number of technologies used, with increase of number of attacks, with increase of AI use on cyberattacks, it is also important we get prepared technically. And not only on cybersecurity, even the postal office. And we believe it is very important that we have a strong bridge between people    how we get ready in changing technologies and having people prepare on facing those cyberattacks.

>> MAYSSAM SABRA: Thank you, Floreta, for these important highlights. The finding you have highlighted are important and we hope strategy you are developing will help your organisations become more resilient.

Now I would like to move to Mr. Mats Lillesund, Director of Cyber Security at Norwegian Post. Mats, as we mentioned earlier, we rely more and more on digital technologies and we also increasingly connect foward and postal sector face significant cyber threats. Sometimes we think these are limited to developing countries. But in reality, they are also targeting big organisations and big countries. For example at the UPU, we have been informed of many several cyber attacks that targeted big posts in big countries.

So in today's opening session, the speeches, most speeches highlighted emphasize the collaboration, partnership on the power of collaboration, partnership and cooperation. So I would like to know what is your view on the collaboration between postal organisations and industry stakeholders, enhancing cybersecurity in our sector and what initiatives partnership has Norway Post taken or initiated to improve    to foster this cooperation?

>> MATS LILLESUND: Thank you, and thank you for the invitation of being here, ladies and gentlemen. I would like to address your question. It is a big question and interesting. A little background about where I work in Norwegian Post. So we serve actually Nordic countries, postal and logistic services. We have approximately 14,000 employees. But our base is from Norway and Norway Post, where we have the largest market share and also an important society function.

So of course it is a global scale, as you point out. We have the same threats, challenges as any other big company have in today's threat landscape. I think that is our adversaries or nature specific threats also, which I think is an important factor in today's threat landscape too in addressing cyber resilience also.

Just to point out a few of those, we have everything from fraud. The people in Norway, for example, is targeted for fraud. Where the postal logo and initial components are used in phishing companies. To more aggressive computer attacks and (?). So on the measurement side we are, of course, addressing this on various angles. We have both human and competence training. We have organisational measures. And, of course, a lot of technical measurements and controls in place to address this. I think it was very interesting what Kevin and the other panelists described. The different areas, I recognise a lot of them. I think that we have    we are always aiming to get better. I think we are pretty good, but we are always aiming to get better.

When it comes to cooperation, I think that is a major factor in solving issues. So here in Norway we have    I think we have a very open society. We have a lot of openness in terms of security incidents also. Companies and governments are very open also in the media, talking about incidents. But it also means this culture is something that you bring into your behind channels. And experts talking to experts on various issues.

Some of the    I would like to emphasize something that has grown in the financial sector in Norway, spread into something in the Nordic countries called financial search, a good example how sector cert function can work together among banks and insurance companies to leverage each other's capacities and knowledge to address cyber issues.

So I think it is a very important aspect of both to be prepared and to discuss issues when they arise as incidents.

>> MAYSSAM SABRA: Thank you very much. It is actually very important and inspiring, the cooperation you just highlighted, thank you very much for your thoughtful insights. I would move now to Tracy, last but not least. Today you are the head of .Post unit at the UPU and working on some cyber initiatives. So if you could please give us some details on the cyber initiatives and the role of the UPU in promoting (?) In postal sector.

>> TRACY HACKSHAW: Thank you. Good morning, good evening, good night, wherever you are. Time is short so I will move pretty swiftly to get questions in, if there are questions already. This is one big observation. When Nigel pointed out the work we did with the CPU, current postal union, to reiterate they were a .Post user, so they migrated their website from something else to CPU .Post and running secure email and secure hosting environment.

I'm going to move pretty swiftly and show on this slide just some of the issues with attacks in the postal sector. As you can see from the slide, over the last several years we have had quite a number of public reports of cyberattacks in the postal sector, and not limited only to what was said before to developing countries but also related to countries in North America, Europe and otherwise.

So it is not limited to countries which are least resourced. But as Kevin's research pointed out, there is a heavy risk, or a large risk in their countries where the resources are least deployed and therefore could be seen as potential low hanging fruit for cyberattackers.

As we go into our initiatives, as Mayssam mentioned, we are mentioning a series of projects at UPU within our programme. You have heard already the .Post initiative. Essentially, that is a programme which looks to utilize the DNS, the Domain Naming System, to secure the edge network for postal sector. If you are running a website and email and so on, you will be able to use secure top level domain, which is what the UPU has at .Post that is dedicated to the poles sector. And you as the postal service, as a postal office, operator or player in the sector, meaning providing services, a technology operator, you are making envelopes, package, in custom sector or airline sector, you can U.S.The .Post in the trusted platform.

We have established a digital framework which we have wrapped the sector with services, as you mentioned earlier the cyber resiliency services. To mention what .Post brings to the table, it is a major cyber resilience infrastructure. We have a series of compliance measures that relate to our overall cybersecurity framework. We look to implement a secure digital identity of the .Post domain. We are looking to deploy services, email, secure hosting and other secure services. So if you are in the sector and looking for secure services, please do reach out to see how best we can work with you to secure your online transactions and services.

As I mentioned, the platform is (?) live and you can check it out, as we speak. We also have an offer for all posts in the small island developing states category, SIDS, or least developing country, if you scan this code right now you see on the screen, you can provide us with some information. We may be able to assist you with a funding package to get you up and running in your journey transformation securely. We have secure post we are now rolling out. Now with our check URL. If you go to secure. Post you can check to see if it's been reported for scams or malware within the space, and you can use that same platform to report a suspicious link, phishing link, et cetera. That is available. Coming soon we will roll out the entire services. Lining, testing, directing you to secure partners in the framework. I will show you who they are.

Today we are running with a short list of these partners, some of the top alliances and institutions within the cybersecurity space globally. In addition to what we do in the secure post platform, we are implementing ISA, Information Sharing Analysis Platform. That ISA essentially looks to provide a secure, trusted platform where posts and other stakeholders within the sector can confidentially and securely share information and collaborate to deal with threat landscape, as mentioned by our colleague from Albania. That is evolving on a daily basis. We encourage all posts and their stakeholders, meaning the supply chain, vendors, academic institutions, customers, brokers, airlines, et cetera, to reach out and join us on this journey of building a global postal ISA. I will show you very rapidly a link in which you can reach out to us by completing this information on this form via our QR code. You can express in joining us on this journey to implement a postal sector ISA. I know time is short. I apologise for being so rapid, but I will stop here to ensure we have some questions and maybe elaborate as the case may be. Thank you for listening to me. Hand back over to Mayssam now so she can facilitate comments or questions in the room or remotely.

>> MAYSSAM SABRA: Thank you, Tracy, for your presentation. I believe the cyber resilience programme is vital for the postal service only structure. We have eight minutes left, so I will take a question from online. From (?) In the process of digitizing, broadening and networking is the physical non tech infrastructure of the post offices and jobs expanded to suit the technological expansion. While postal services become digital, the postal office can become a fallback, have an extraordinary (?) Of digital infrastructure, has design of post modernization considered these possibilities?

Who would you like to answer the question?

>> KEVIN HERNANDEZ: That had two parts. From my understanding the question was trying to get at whether the digitalisation of post replaces jobs in some way. I would say not really. Actually, what is happening is the post is now offering more services, but the problem is, the people who work at post offices need to be up skilled. In the past, they may not have been working on so many digital platforms at once or might not have been working on any digital platform at all. So they need to be up skilled. Not just on how to use the digital technology, which is one thing, but then also how to use the specific platforms and also how to ensure they are doing it in a secure way. So you need basic digital literacy training and also need digital training on specific platforms used for each type of service. It might be the case the e Commerce platform is different from the digital government platform, different from digital financial service platform, so need to learn to use all. On top of that, they need cyber hygiene training to ensure they are not opening themselves up for some sign cyberattacks.

>> MAYSSAM SABRA: I have   

>> KEVIN HERNANDEZ: We are trying to implement the human touch. Because I think that is key and role the postal sector can play, place you can access help utilizing a digital service that.Is the value proposition using the posts. It is key. We need the postal staff.

>> NIGEL CASSAMIRE: To supplement, I see the question and put additional comment. Did it create more jobs in the decision to upscaling. The other part related to use of the postal infrastructure in terms of disaster fallback. It could be taken into account and something the companies would have to keep in their own diversity management plans.

>> MAYSSAM SABRA: Thank you, Nigel and Kevin. I will take a question from the audience.

>> Hi, everyone. Thank you for your insights. I'm (?) Representing the youth IGF, India. I work in the space of external threat monitoring. When you talk about larger stakes in post, it is an industry that we come at for us but not so often. In terms of catering to bunch of clientele, right. So my question is, when we are tracking lot of threatS that could be phishing, impersonating postal services or leaked credentials or compromised third party vendors, these are external threats. When the focus    usually in the industry is focus is on internal threats or having solutions monitoring internal possibilities or vulnerabilities. I want to understand how could be connected to Tracy. You mentioned POST ISAC, how is it positioned to shift that balance from bringing more attention to external risks and threats, especially in regions which have limited visibility or resources to focus on external innovation to threats that are in the space.

>> TRACY HACKSHAW: Thank you. That is what the ISAC was trying to do. Not sure if I could convey the message clearly but focused on collaboration between all the stakeholders in the sector. So the thinking is, just to give an example, if we are onboarding post offices, 192 postal operators, the idea is we also onboard the supply chain, those who them. It is a very diverse and extensive supply chain, including right up to the delivery partners, airlines, shipping companies, the whole thing.

All of those external entities are essentially risk factors to the entire sector, because they are not only potentially targets by cyber attackers but, as you mentioned, the software that runs this environment, which can be shared, you are sending messages between parties. Just to share with you, my colleague from the post may want to elaborate, when you scan a bar code, that message goes everywhere. So in tracking and tracing it is going through a network. At every point in that network there is a potential failure and potential way of getting that attack, literally speaking. So the ISAC is designed to identify those stakeholders and bring them together. I won't say the first time but certainly in a way that would allow the information to be shared literally and collaboration to begin happening, so it wouldn't be seen only as internal but external risks and identified from that standpoint. I hope it will be the first and major time that happens in a sector to get this done effectively, thank you.

>> MAYSSAM SABRA: Okay, thank you very much. With this, we come to the end of our session. It was short, but I hope it was inspiring and insightful for all of you. I would like to thank my panelists for being with us today. I would like to thank the online participants. If you would like to continue conversations or discuss further, please visit us at the UPU Secure .Post booth. We will be happy to continue conversations. Thank you for your participation.

 (Applause)