Deprecated: Array and string offset access syntax with curly braces is deprecated in /home/wgig/public_html/igf/website8/web/cms/libraries/joomla/database/driver.php on line 1946

Deprecated: Array and string offset access syntax with curly braces is deprecated in /home/wgig/public_html/igf/website8/web/cms/libraries/joomla/database/driver.php on line 1946

Deprecated: Array and string offset access syntax with curly braces is deprecated in /home/wgig/public_html/igf/website8/web/cms/libraries/joomla/database/driver.php on line 1946

Deprecated: Array and string offset access syntax with curly braces is deprecated in /home/wgig/public_html/igf/website8/web/cms/libraries/joomla/database/driver.php on line 1946

Deprecated: Array and string offset access syntax with curly braces is deprecated in /home/wgig/public_html/igf/website8/web/cms/libraries/joomla/database/driver.php on line 1946

Deprecated: Array and string offset access syntax with curly braces is deprecated in /home/wgig/public_html/igf/website8/web/cms/libraries/joomla/database/driver.php on line 2022

Deprecated: Array and string offset access syntax with curly braces is deprecated in /home/wgig/public_html/igf/website8/web/cms/libraries/joomla/filesystem/path.php on line 143

Deprecated: Array and string offset access syntax with curly braces is deprecated in /home/wgig/public_html/igf/website8/web/cms/libraries/joomla/filesystem/path.php on line 146

Deprecated: Array and string offset access syntax with curly braces is deprecated in /home/wgig/public_html/igf/website8/web/cms/libraries/joomla/filesystem/path.php on line 149

Deprecated: Array and string offset access syntax with curly braces is deprecated in /home/wgig/public_html/igf/website8/web/cms/components/com_fabrik/helpers/string.php on line 264

Deprecated: Array and string offset access syntax with curly braces is deprecated in /home/wgig/public_html/igf/website8/web/cms/libraries/src/User/UserHelper.php on line 621

Deprecated: Function get_magic_quotes_gpc() is deprecated in /home/wgig/public_html/igf/website8/web/cms/libraries/cegcore2/gcloader.php on line 63
2015 11 11 WS 131 Commonwealth approach on National Cybersecurity Strategies Workshop Room 3 FINISHED
 Welcome to the United Nations | Department of Economic and Social Affairs

The following are the outputs of the real-time captioning taken during the Tenth Annual Meeting of the Internet Governance Forum (IGF) in João Pessoa, Brazil, from 10 to 13 November 2015. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 




>> SHOLA TAYLOR:  Good morning.  Good morning.  Good morning.  Good morning.  Good morning.

Good morning.  Yeah, good morning.  Do we have our mics, headphones on?  Yep?  Okay.  Thank you very much.

Yes, we've ‑‑ good morning once again.  To my left we have Mark Carvell from the ‑‑ UK who has kindly agreed to take some notes.  This is going to be a flash session of 30 minutes.  The intention here is to share some information with you with regards to what we are doing at the telecom world vision organisation on strategy service developments.  My name is Shola Taylor.  I am the Secretary‑General of the CTO.

Yesterday, when I spoke during the opening ceremony, I did mention that we have five main priority programmes for the CTO the next four years.  And one of the key programmes is on cybersecurity.  Second one is broadband.  The third it's about ensuring that countries have ‑‑ environments, which is investments and insures that the customer gets the good service that it deserves.  The fourth is on ICT applications in areas of health, education, ag and other sectors of the economy.  And the fifth is coordination of views across common world at international fora.  Tomorrow there will be one session on the commonwealth IGF where again we'll be able to share some views on Internet Governance and the future.

This morning I'll be spending some 5 to 10 minutes on what we're doing at the CTO.  The Commonwealth Telecommunication Organisation was established in 1901.  It has undergone a series of evolution.  It started as the Pacific Cable Board in 1901.  And it has evolved to what you know today as the Commonwealth Telecommunication Organisation, which is an intergovernmental treaty‑based organisation with members from policymakers, ministries, regulators, operators on the private sector.  And one of the reasons why we're successful today is our partnership which we have between governments, regulators, stakeholders, private sector and all the rest.  We provide a shining example of the stakeholder approach to approaching issues.

So today I'm speaking basically on the cybersecurity strategy developments.

First, let me share with you some statistics.  Maybe will be familiar with some of the statistics that's shown on that slide.  There has been an increased penetration of smartphones across the world.  The costs are going down and the increase in last year was 70 percent and it has grown to ‑‑ it's projected to grow to 4 percent in the next few years by 2018 (34).

Africa leads over 1.3 billion subscriptions from countries.  That's rapid gross of e‑commerce and we have seen examples like Jumea.  Checky and OLX.

Now, again some of the trends in developing countries, we have seen how the cable infrastructure has been extended across countries.  The map there shows you the various fiber cables which have been laid across from North Africa, from Europe, North Africa, West Africa down to southern Africa.  Mobile bandwidth transfer has been on the increase.  We've seen the increase of Empasa which has over 16 million customers.  We've also seen examples of social media.  Today, 78 percent of Internet usage in Africa is social media.  And that's very striking.

This is estimated to grow to $30 billion in Africa by the year 2025.

Just to illustrate the rates that we have today, in 2014, the global cyber attacks assessment shows that Africa counted for 4 percent of securities worldwide and I'm sure that will grow because of the vulnerability of the continent to cyber attacks.  Every one second 18 adults are victims of Cybercrime.  That makes it 1.5 billion victims globally per day.

Financial fraud is on the increase.  African cities like Johannesburg, Nairobi explains a lot of financial fraud.  Banks now have to take extra measures.  Nigeria, for example, the banks have decided that every single customer must come in and have their biometrics, just to increase the level of protection.  Software piracy is also on the increase.

We also see an increased use of ICT to commit acts of terrorism.  We have seen the likes of ISIS, Boca Haram,al Shah bib and ‑‑ using ICT to negative effects.  And these have to be ‑‑ we have to address these issues.  This creates social problems.  For example, there was an attack in west gates mall in Nairobi which resulted in 6 people dead and nearly $200 billion lost revenue for tourism.  That really shook and resulted in a number of measures by the security.  But is quite a problem for countries to be proactive in the sense that they have to prepare, not to react to events.

Cyber attacks are also attacking government websites.  In Nigeria, the defense website have been attacked.  In Ghana, we've seen 11 out of the 58 dot dh sites attacked.  Senegalese sites have also been attacked.

Now, social media have been used to positive and negative impacts.

Now, if you take Nigeria, for example, the last election which was held in Nigeria was won and lost through the social media.  About 20, 25 percent of the content was damaging.  By the end of the day, the content, 70 percent convinced voters to vote for or against whichever party they were considering.  And that shows the extent of theoff social media in Africa.

We said before that 78 percent of the use of Internet in the African continent is basically for social media.  We're also having an increased on social networks and that could be a challenge in itself.

Many cyber security challenges which I've listed in the slides, I'm very aware of the time so I will run through so we can have some good exchanges.

In trying to establish a strategy, a number of issues need to be taken into account.  One is legal framework.  In many countries, legislation is not there.  And needs to ensure that technology is used appropriately to support enforcements of whatever education that you have.

There needs to be regional harmonization, mainly because of cross‑border issues.  Somebody commits Cybercrime in a particular crime at the border and runs to the other country of the is there a cross‑border regional agreements that could help also to trace the person who is causing the attack?

We also need coordination and cooperation.  It's an absolute must.  Within the commonwealth, once you have the cyber governance model, we also ensure that we have cooperation at regional levels, whether it's within Africa, Asia and the Caribbean, which are regions which are mostly attacked in this particular area.

Technology considerations are that it needs to establish and enhance the sites in various countries, in finance sector, education sector, transport, military and all the rest.

Secondly, it's also important to ensure that best practices, cyber governance are put to use.  For example, it's important that government encourage the use of country Top Level Domain names in order to be able to ensure that we have a strategy that can be properly addressed in each country.

There are challenges which are very, very complex.  Capacity building, it's one of them.  There also has to be conservation of the culture of cybersecurity awareness.

Now, in trying to develop a strategy, we had to define what we need to do as a must.  One, we ensure we have support at the highest level of governments.  Because without supports coming from the President or the head of state or the Prime Minister, whatever we do may not really see the light of the day.  So we start by ensuring that we engage the political musters in trying to see the importance of cybersecurity strategy.  We also ensure that the highest level of governments are also aware that there is an overriding need to ensure the private sector to have the multistakeholder approach.  Many governments still feel that they have the absolute right and control over what happens in cyberspace.  But there is a need to convince them that this cannot be done only by governments.  This needs total cooperation from the private sector.  It's important that the private sector, the stakeholders, must have trust in whatever strategy that has been implemented in the countries, and therefore the essence of multistakeholder approach cannot be overemphasized.

There is also the need to have a lead organisation.  It's important to establish a lead organisation in the country because too often there is some kind of competition amongst agencies that have responsibilities for ICT.  So it's quite important to ensure that we have an organisation that takes the lead and that cooperates with other agencies which have responsibilities for ICTs.

In preparing a strategy, there are a number of issues that we normally have to put in place.  One, guiding principles, vigilant strategy goals, specific objectives, stakeholders and strategy implementation.

Now, we have given a lot of the content on the slides which I'm sure will be available to all of you through the websites.  We'll have it on our websites and you can go through some of these content which we try to apply in every country that we go to support.

Very quickly, just to give you some ‑‑ okay, yeah.  We are currently active in Cameroon, in Botswana, in you Ghana and now in Fiji and what you're doing there is in every country, we look at the specific environments, the current legislation, how those legislations affect ICTs cyberspace in particular and then try to draft a strategy in conjunction with the stakeholder community; and that's been very, very useful for us in the examples that we've had.

We also want to use this as an example to other countries in terms of how they approach the strategies, what has been done in other countries and how this can be put to use.

Within the commonwealth, we have countries that have developed very robust strategies.  Countries like Canada, the UK, like Australia, like New Zealand.  And we try to make the best use of their experiences in trying to help the less developed countries like the ones I've mentioned.

Let me stop there so that we can have some interaction because I realise we have just about 7 to 8 minutes.  So I welcome any comments, suggestions or issues that you might want to raise.  Thank you very much.

Yes, if you kin tro did you say yourself and your question, please.

>> FABRICIO PESSOA:  Hi, my name is Fabricio Pessoa.  I'm from Brazil.  I work for AXUR.  Basically what we do is we deal with lots of issues of cybersecurity.  Basically ‑‑ Cybercrime.  We look for illegal content and try to get them removed from the Internet.  And I think you touched one point that I think it's very important and it's crucial for it to work; that is, cooperation between public sector and private sector. 

For example, as we detect lots of bad stuff that are on the Internet and we contact directly the ISPs to get the content removed, it would be great if we had other agencies involved in the process because we are dealing with the consequence, right, but we are not working on the root.  And it's very difficult to tackle the root.

So my point here is that especially in developing countries that are still in the beginning of the process of getting connected, it would be great if ‑‑ I think it's a great opportunity to work on the problems that we are having now in other places.  But from the way that I believe that should have been done, that means get everybody that's involved in the process and gets together to try and decide what works for everybody, because the problem that we have now, for example, is that we don't have common sense on how to operate between the people that report, that detect and report the incidents, the ISPs, for example, that are the ones that have access to the information and end up with responsibility that they don't want to have because they are the ones, just because they are the ones that have access to the content.  So this liability is one of the things that is a problem.  And I think that if we had started from the beginning working and talking everybody to see how can each of the ones involved in the process act?  Which nowadays we wouldn't have lots of problems that we have of the so I think this is something that's very important and I congratulate for these efforts.

>> SHOLA TAYLOR:  Yes.  Thank you very much.  That is very important.  What we try to do with the countries we go to is, number 1, we tell the governments of the day:  You cannot do this alone because it will not work.  Because there are certain actions which need to be taken by some members of the community.  And the only way they can take those responsibilities is if they are convinced that it needs to take those actions.  And therefore we engage all the stakeholders in writing the policy, in preparing the strategies so that it is owned by the whole stakeholder community.  So by the time we have issues that arise, everybody is defending everybody.  And that's the approach that we have taken and I'm quite happy that in Brazil you have recognized that aspect.

Thank you for that comment.

Any?  Do you have another comment?  We have a gentleman there.  Yes.

>> Yes.  Hello.  Andy Putty with Wildway Technology USA.  You did mention cooperation with the United States.  In terms of information sharing, the CERT Coordination Centre at Carnegie Mellon is an excellent independent organisation to share information with.

Also, the Stop, Think, Connect campaign is working internationally with governments and private organizations to help raise cybersecurity awareness.  I think you may want to consider the Stop, Think, Connect campaign.  They have things that companies and countries can sign onto.

>> SHOLA TAYLOR:  Thank you very much.  Although the Commonwealth Organisation, we do have possibilities for ‑‑ countries to participate in our work.  As a matter of fact, we have non‑commonwealth members accepted members and they are incorporates with ‑‑ we take it on board because anywhere that we have best practices, definitely it's a plus for us.  So I welcome your suggestion.  I'd like to have your card after this session.  Thank you.

>> FABRICIO PASOA:  Hi, this is Fabricio Pasoa again from Brazil.  So another point that I wanted to mention when you talk about increasing awareness, well I don't come from a technical background, I'm public relations and I have landed into the cybersecurity almost in a parachute but one thing I realise being a nontechnical is that when we talk about cybersecurity, most of the discussions focus on the technological aspect of that.  It's past.  We are not kind of 10 years ago or 20 years ago when Internet was something for the geeks.  The Internet is now everywhere and everything is in Internet.  So I think it's the time now that we change a bit our focus and start bringing people from other areas to discuss about cybersecurity, areas such as psychology, education.  Because we see, for example, lots of material being produced to try and educate end‑users and the population, which is great, but they are being developed by technical people that maybe don't have the education mindset.

So I think it would be important to try to engage and get people from other areas to discuss these together with the technical.  Because the technical parts are very well taken care of.  We have a lot of people taking care of that.  Of course it's not perfect but people are working on it.  But I think the human part is something that we are missing.

>> SHOLA TAYLOR:  Good points.  Yes.  Well there's a lady.  Let me give preference to the lady.  Thank you.

>> SALLY LONG:  Thank you, very kind.  So I'm Sally Long from The Open Group.  And we've ‑‑ I agree with this gentleman that the technical interoperability part is kind of solved; but the fact that tainted and counterfeit parts are getting into technology that is creating the basis for malware, IP theft, et cetera, does require best practices from technical organizations.  And so we have created a standard on mitigating the risk of fake suppliers and, and we have something that they can be on getting on a public registry and we've also been approved by ISO as a standard.

So I would very much like to talk to you later about this because I think that basis for the ICT that you bring in to the environment is your first line of defense against bad things.

>> MODERATOR  Great.  Let me just also inform you that next month we're having a first Cybercrime workshop.  And we have chosen Nigeria, being the most populated country in Africa.  And I would really like to see anyone here who has something to offer to come to that workshop because if Nigeria can get it right, a lot of countries in Africa and Asia will also get it right.  So if you have something which is tangible, I really welcome you to participate at that workshop.  It's a national workshop.  So environment that we have, represent all the problems, all the goodies that you can have in this sphere.  So you're welcome.  After the session, we can have a discussion.  Second 204th December we are ‑‑ second to fourth December we are having the workshop in Abuja.

>> TAYLOR ROBERTS:  Taylor Roberts, research fellow at the Global Cybersecurity Capacity Centre at the University of Oxford; and we work very, very closely with the CTO in this national cybersecurity strategy initiative and helping out with exactly this mapping initiative, what the current level of capacity is in these countries.  We've attended some stakeholder cluster Forums in Uganda and my colleagues are currently in Fiji on the current project in Fiji.  And we do take such a broad and indepth look at what cybersecurity consists of.  And that does aware from awareness raising to education and to the adoption of technical standards.  Looking at education, looking at legal frameworks and looking at national policy.  I really want to commend the CTO of the acceptance of the breath of the issue of cybersecurity and make sure before they develop a national strategy that not only do you have the separate stakeholders involved but you look at it in a very comprehensive way.  So thank you and congratulations.

>> MODERATOR  Thank you very much.  I'm so grateful that you're here.

Let me also tell you one of the things that we do at the CTO.  Twice a year we bring in very top level Board Members to London at the headquarters and we expose them to the top issues of the day.  Rubbings Ford is one of our good partners, we had them come to the group, talk to them.  These are the guys that take decisions.  We organise like 20 to 30 working groups.  And they discuss all the issues.

And again what's the gentleman from the University of Oxford, I mentioned covered the points you raised about awareness, all the aspects, not just the technological issues and that's the approach we have.  That's the only way we can succeed in this sphere.  Thank you.

Any other questions, comments?  Yes?

>> Hi, my name is Grace Mutumu from the ISO Ambassadors Programme.  My question is what is the linkage between the CTO initiative and other initiatives that are happening?  For example, the Africa cyber ‑‑ Africa union cybersecurity protocol?  Thank you.

>> MODERATOR  Thank you.  One of the things that we do is show that we have collaboration and cooperation.  Last year, the ICT ministers from the commonwealth met and they established subgovernance model.  That's a baseline.

What we then do in practice is when we're looking at Botswana, we look at what the African Union has done and show that they conformed to the desires of the ministers and also the commonwealth that we have established.  So there's a lot of synergy.  We work with all the organizations involved, even the last few weeks ago we had a joint commonwealth African meeting just to emphasize some of these rules about coordination and cooperation.

No?  Maybe to give, I didn't want Mike to just sit down and write notes.  Just one or two things to round off and then we can close.

>> MIKE:  Thank you, Shola.  And thank you, everybody, for coming.  Some very good questions.  Certainly from the UK government perspective, we're very supportive of this initiative by the CTO.  And the key elements of it fit very much with the UK's approach to cybersecurity challenges; that is, to involve and maximize the participation of stakeholders to promote awrareness and the sort of the human element that was touched on by our Brazilian colleague is a very important element of that.  So we're very supportive and we look forward to comments and feedback through the CTO on this initiative.  So appreciate very much your participation.  And the UK government will continue to support this initiative.

Back to you on that, thank you.

>> SHOLA TAYLOR:  On that note, I can thank you, thank you, thank you.  And I'm here to discuss further with you.  I'm here till Friday for any other discussions we have.  Thank you so much.  Have a nice day.


[End of session.]