IGF 2025 WS #193 Cybersecurity Odyssey: Securing Digital Sovereignty &Trust

    Organizer 1: Civil Society, African Group
    Organizer 2: Technical Community, African Group
    Organizer 3: Government, Asia-Pacific Group
    Organizer 4: Civil Society, Latin American and Caribbean Group (GRULAC)
    Organizer 5: Civil Society, African Group

    Speaker 1: Ihita Gangavarapu, Technical Community, Asia-Pacific Group
    Speaker 2: Samaila Atsen Bako, Technical Community, African Group
    Speaker 3: ISSAKHA DOUD-BANE KHOUZEIFI, Civil Society, African Group
    Speaker 4: Monojit Das, Government, Asia-Pacific Group
    Speaker 5: Lily Edinam Botsyoe, Technical Community, African Group

    Format

    Roundtable
    Duration (minutes): 75
    Format description: This interactive roundtable facilitates collaborative dialogue, promotes equal participation from onsite and online attendees, and maximizes engagement.

    Policy Question(s)

    How does the design of cybersecurity governance frameworks influence the resilience, sovereignty, and trust in digital infrastructures, particularly telecom and critical sectors? In the rapidly evolving technological landscape featuring quantum computing, AI-driven threats, and next-gen encryption, what core principles should universally underpin effective cybersecurity policy development and implementation? Can global standards in cybersecurity governance realistically be harmonized, and what role does the Global Digital Compact play in guiding international consensus and cooperation toward secure digital infrastructures?

    What will participants gain from attending this session? Participants will gain deep insights into the emerging intersections between cybersecurity and national security shaped by frontier technologies, acquiring actionable strategies to address AI-powered attacks, quantum encryption threats, and telecom vulnerabilities. The workshop’s scenario-driven format will offer practical tools to enhance cyber resilience and policy responsiveness, grounded in diverse global case studies. Attendees will emerge with an enriched understanding of core governance principles such as security-by-design and digital sovereignty, alongside methods for fostering multistakeholder collaboration in cybersecurity governance. This session will enable attendees to confidently advocate for inclusive and harmonized cybersecurity policies in their respective countries or organizations. Participants will also contribute to defining innovative global standards aligning with the principles of the Global Digital Compact, fostering international cooperation and interoperability in cybersecurity governance.

    Description:

    Recent frontier technology breakthroughs have transformed digital ecosystems, altering the cybersecurity landscape and shifting power dynamics between state actors, private entities, and users. AI-driven cyber threats, quantum computing advances, and innovative encryption methods pose severe operational, strategic, and technical challenges globally. Telecom infrastructure breaches (such as the 2025 "Salt Typhoon" espionage operations), deepfake-induced misinformation, and automated ransomware attacks have revealed the fragility and interconnectedness of national cybersecurity defenses. This workshop explores how policymakers, technical communities, private sectors, and civil societies can collectively establish robust governance frameworks, incorporating principles of security-by-design, resilience, and digital sovereignty to ensure global interoperability and trust. Through interactive scenario-based sessions, breakout discussions, and multistakeholder dialogue, this workshop will dissect recent global incidents to derive policy lessons applicable worldwide. Participants will analyze cases from Africa, Asia, Europe, and the Americas to understand how frontier technologies impact national security differently across contexts. With the Global Digital Compact (GDC) as a foundational reference, the workshop will examine pathways toward harmonizing cybersecurity standards and response protocols internationally. Stakeholders will collaboratively propose actionable strategies, emphasizing inclusive approaches and cross-sectoral partnerships, to effectively safeguard critical infrastructure and build resilient, trustworthy digital societies globally.

    Expected Outcomes

    A set of clearly defined, actionable recommendations for cybersecurity governance, emphasizing resilience and security-by-design. Frameworks for international cooperation derived from real-world case analyses and multistakeholder dialogue, facilitating alignment with the Global Digital Compact principles. Concrete strategies for integrating frontier technology considerations (quantum computing, AI-driven threats) into national cybersecurity policies and infrastructures. Establishment of a policy brief or white paper summarizing the workshop outcomes, which will be disseminated widely through IGF channels, influencing policymakers, technical experts, and stakeholders globally. Commitment to a follow-up virtual roundtable in late 2025 to review implementation progress and foster continuous collaboration among participants and broader IGF stakeholders, enhancing the sustainable impact of workshop recommendations.

    Hybrid Format: Ensuring Hybrid Session Engagement: (150 words) The session will seamlessly integrate onsite and online participation using interactive tools such as Slido or Mentimeter for real-time polling, Q&A, and scenario-based discussions. Breakout groups will merge onsite and online participants through facilitated virtual rooms, guided by onsite moderators and an online moderator who ensures equitable engagement. A shared online collaboration platform (Jamboard or Google Docs) will document inputs and allow simultaneous contributions from all attendees. A dedicated online moderator will monitor and relay virtual participants' questions and comments to the onsite discussion, maintaining inclusivity. The hybrid approach will be regularly evaluated during the session to ensure online participants' full inclusion, with adaptations made as necessary. Post-session, a synthesized summary capturing inputs from both onsite and online groups will be circulated to all participants, further ensuring comprehensive integration and meaningful outcomes from both participation modalities.

    Session Report (* deadline 6 July) - click on the ? symbol for instructions

    Cybersecurity Odyssey: Securing Digital Sovereignty and TrusT

    Introduction

    Speakers opened by noting how rapid advances in AI, quantum computing, and pervasive cyberattacks (for example the 2025 “Salt Typhoon” telecom breach) have exposed the fragility of critical infrastructure worldwide .  In this climate, the IGF 2025 workshop set out to balance national digital sovereignty with the need for global cooperation.  The session description aptly framed this “cybersecurity odyssey” as a search for governance frameworks built on “security-by-design, resilience, and digital sovereignty” .  Moderator  (Ernest) Mafuta of Zambia underscored the stakes, declaring that “in a digital age where trust is the currency and sovereignty the fortress, the challenge lies in building resilient, interoperable systems that uphold both security and individual rights” . 

    The panel drawn from Africa. America  and Asia aligned these ideas with broader initiatives like the UN’s Global Digital Compact, examining how to harmonize standards internationally without undermining local control .  This session report highlights the key insights and policy recommendations that emerged.

     

    Trust and Human-Centric Security

    A central theme was that people are allies, not obstacles, in cybersecurity.  Lily Edinam Botsyoe (Ghana, technical community) illustrated this with a compelling “spider story.”  She described a scenario where a researcher repaired a broken cobweb without consulting the spider only to have the spider destroy the entire web when it returned .  The lesson was clear: policies must involve people from the start, not as an afterthought.  As Botsyoe emphasized, “trust is not a byproduct of strong policy. It is a foundation of it” .  Likewise, Samaila Atsen Bako (Nigeria, Code for Africa) rejected the notion of end-users as the “weakest link.”  Instead, he insisted that a well-equipped and informed person becomes “your first line of defence… your literal human shield” .Other panelists reinforced this human-centric view.  Boutife (“Bolu”) Adisa (Nigeria, ICANN) put it bluntly: “security and trust go hand in hand” – secure systems breed genuine public confidence .  Osei Keija (Ghana Youth IGF) framed the insight powerfully: “Security without rights is brittle” .  All agreed that transparency, accountability, and civic participation are as important as any technical fix.  In practice, this means embedding multi‑stakeholder processes throughout policy development so that diverse communities have a say.

    Sovereignty and Regional Cooperation

    Panelists explored how countries can assert sovereignty over their networks while still cooperating internationally.  Ihita Gangavarapu (India) noted a clear “shift from free flow of data to regional control and localisation” in digital policy worldwide .  Yet she argued that this trend need not fragment the Internet.  Instead, regional cooperation can create “trusted data flows, shared security principles, and joint R&D on resilient infrastructure” .  For example, India’s emerging Trusted Telecom Center and Kenya’s multistakeholder digital ID consultations show how national initiatives can align with global standards.  Gangavarapu even highlighted content and cultural sovereignty: countries should manage content moderation “in ways that reflect their cultural and linguistic norms,” or risk digital “colonialism” where global platforms override local values .

    From a military perspective, Dr. Monojit Das (India, Ministry of Defence) cautioned that cyberspace is now “a frontier of warfare” on par with land, sea, air, and space .  He therefore urged a whole‑of‑nation defense posture, engaging not just the government but tech companies, civil society, and citizens.  Dr. Das recommended starting cooperation on universally agreed threats for example, by creating an international “collaborative portal for tackling fake news similar to Wikipedia’s model” .  He also stressed the need for clear norms: defining thresholds for cyber conflict and coordinated response mechanisms, lest traditional institutions like the UN fall out of step.  Together these insights suggest that digital sovereignty is best protected through alliances on shared challenges, not isolation.

     

    Policy Recommendation

    Based on the discussion, the following policy approaches emerged as essential:

    • Embed Security-by-Design:  Mandate that new technologies (from AI systems to telecom networks) be built with security from the outset.  Speakers urged adopting a zero-trust architecture (“never trust, always verify”), requiring features like multi-factor authentication, continuous threat modeling, and automated compliance checks .  Governments were advised to accelerate implementation of post-quantum cryptography and sandbox innovations (as done in the UK and Singapore) to stay ahead of emerging threats .
    • Cultivate Inclusive Governance:  Cybersecurity policies should be co-created with all stakeholders.  As Botsyoe and Bako stressed, regulations must involve affected communities “proactively rather than reactively” .  This means embedding multi-stakeholder processes (with women, youth, and marginalized groups) in drafting cyber laws, and including sunset clauses to regularly review and update rules .  In practice, this could extend to culturally aware content policies – for instance, allowing countries to enforce moderation aligned with local norms – and ensuring that rights (privacy, free expression) are safeguarded in any security design.
    • Harmonize Standards and Share Intelligence:  The workshop highlighted the importance of cross-border cooperation.  Panelists recommended using international forums (like the Global Digital Compact) to align cybersecurity and AI standards across regions .  Proposals included multilateral treaties embedding human‑rights safeguards (Dr. Khouzeifi) and shared threat‑intelligence networks.  Monojit Das’s idea of cooperating first on common threats (fake news, disinformation, supply-chain security) can serve as a practical starting point .  In short, regions should harmonize frameworks and recognize mutual certifications for trusted vendors and infrastructure.
    • Invest in Capacity and Literacy:  Technical solutions must be backed by education and institutional capacity.  The panel recommended expanding civic digital literacy programs so that citizens understand cyber risks and rights .  Governments and NGOs should fund training for SMEs and community groups.  Parallel efforts include building threat‑intelligence partnerships (even across continents) and supporting R&D cooperation.  As several speakers emphasized, an informed public and skilled workforce are critical to building enduring trust in digital systems .

    Key Takeaways

    • Trust Must Lead:  Participants agreed that trust is the foundation of cybersecurity, not a byproduct.  Effective protection emerges when users are seen as partners – “your first line of defence” – rather than threats .  Cyber policies should therefore be transparent, rights-respecting, and designed to earn public confidence from day one.
    • Build on What Works, Together:  There is no need to “reinvent the wheel” by creating entirely new frameworks .  Instead, the focus should be on better implementing existing standards (NIST, OWASP, etc.) and harmonizing them internationally.  Regional coalitions can adapt these proven tools to local contexts while maintaining interoperability .
    • Human-Centric, Multi-Stakeholder Approach:  Effective cyber defense requires a multi-sector alliance.  Governments, the tech industry, and civil society must collaborate from the start.  Solutions that ignore human factors or community voices (as Botsyoe’s spider story dramatized) will fail.  When policies are co-created and inclusive, societal buy-in improves and security measures are more resilient in practice .

     

     

     

    Calls to Action

    1. Mandate Secure-by-Design Practices:  Policymakers should require that critical systems adopt zero-trust principles and forward-looking encryption.  National regulations could mandate multi-factor authentication, continuous red‑teaming, and post-quantum cryptography (as advocated by Adisa) .  These measures must be backed by legislation and international standards to ensure baseline security.
    2. Champion Participation and Rights:  Governments and industry must institutionalize participatory governance in cybersecurity.  This means holding regular multi-stakeholder consultations, building mechanisms for public feedback, and protecting civil liberties even as defenses are strengthened .  Citizens and youth organizations (echoing Oseig Kaygah activism) should be empowered to scrutinize surveillance policies and demand accountability.
    3. Invest in People and Collaboration:  All stakeholders should bolster digital literacy and cross-border cooperation.  This includes funding education programs so citizens understand cyber hygiene and privacy rights .  At the same time, states and companies should set up shared threat-intelligence platforms and regional standards bodies to pool resources.  We must also respect local contexts  for example, by aligning content moderation with cultural norms  to ensure communities trust and adopt the solutions.

    By heeding these lessons and acting on these recommendations, the IGF community can move closer to a world where digital sovereignty and trust reinforce rather than undermine each other. The workshop underscored that building resilient, inclusive cybersecurity is a collective journey  one that requires vision, cooperation, and above all a steadfast commitment to putting people at the center of the Internet’s future