Deprecated: Array and string offset access syntax with curly braces is deprecated in /home/wgig/public_html/igf/website8/web/cms/libraries/joomla/database/driver.php on line 1946

Deprecated: Array and string offset access syntax with curly braces is deprecated in /home/wgig/public_html/igf/website8/web/cms/libraries/joomla/database/driver.php on line 1946

Deprecated: Array and string offset access syntax with curly braces is deprecated in /home/wgig/public_html/igf/website8/web/cms/libraries/joomla/database/driver.php on line 1946

Deprecated: Array and string offset access syntax with curly braces is deprecated in /home/wgig/public_html/igf/website8/web/cms/libraries/joomla/database/driver.php on line 1946

Deprecated: Array and string offset access syntax with curly braces is deprecated in /home/wgig/public_html/igf/website8/web/cms/libraries/joomla/database/driver.php on line 1946

Deprecated: Array and string offset access syntax with curly braces is deprecated in /home/wgig/public_html/igf/website8/web/cms/libraries/joomla/database/driver.php on line 2022

Deprecated: Array and string offset access syntax with curly braces is deprecated in /home/wgig/public_html/igf/website8/web/cms/libraries/joomla/filesystem/path.php on line 143

Deprecated: Array and string offset access syntax with curly braces is deprecated in /home/wgig/public_html/igf/website8/web/cms/libraries/joomla/filesystem/path.php on line 146

Deprecated: Array and string offset access syntax with curly braces is deprecated in /home/wgig/public_html/igf/website8/web/cms/libraries/joomla/filesystem/path.php on line 149

Deprecated: Array and string offset access syntax with curly braces is deprecated in /home/wgig/public_html/igf/website8/web/cms/components/com_fabrik/helpers/string.php on line 264

Deprecated: Array and string offset access syntax with curly braces is deprecated in /home/wgig/public_html/igf/website8/web/cms/libraries/src/User/UserHelper.php on line 621

Deprecated: Function get_magic_quotes_gpc() is deprecated in /home/wgig/public_html/igf/website8/web/cms/libraries/cegcore2/gcloader.php on line 63
2015 11 12 WS 17 Cybersecurity Awareness though Multistakeholder outreach Workshop Room 4 FINISHEDigf
 Welcome to the United Nations | Department of Economic and Social Affairs

The following are the outputs of the real-time captioning taken during the Tenth Annual Meeting of the Internet Governance Forum (IGF) in João Pessoa, Brazil, from 10 to 13 November 2015. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 



>> MICHAEL KEISER: Good afternoon, everyone.  What we'd like to do is make this a highly‑interactive session.  If you're not speaking, chances are you will be called upon to know ties to you come sit at the table; everybody gets a free cup of water.  I'd like to ask everybody to come sit up around the table to make it more intimate and we could be talking to each other instead of at the backs of heads as we get into the discussion.  Thanks.  Michael promises he won't bite.

We'll start in just a minute or two.  We will try one more time to ask to you come down and sit here.  If you don't, we'll respect your consensus as a multistakeholder group and we will come to you.  So, so much for that plan.  Remember the cameraman requested we sit here.  You look so far away.  Are you sure you don't want to come sit at the table with us?  Are you sure?  There we go.  Look at that.  A few brave souls.  Thank you.  See, it takes leadership.  In all things it takes leadership.  Thank you.  Free water.  Look at this.  This side over here seems less.  This side seems a lot less willing to participate.  We are not going to let you off the hook.  We still will expect to you participate. I guess we should just get started.  Let me just start by introducing myself, and Barbara can introduce herself.  My name is Michael Keiser, Executive at National Security Alliance in Washington, D.C.

We are an NGO, a public‑private partnership.  That's our phrase for a multistakeholder group in the United States, a public‑private partnership.  We are funded both by Homeland Security as well as Industry to just do education and awareness cybersecurity.  We run Data Privacy Day.  We do National Cybersecurity Awareness Month, Cybersecurity Awareness Month in many countries around the World, and Barbara will talk about that as well as what is going on in Latin America. 

We started the Stop.Think.Connect Campaign as an example of how to create a multistakeholder approach to cybersecurity awareness.  Barbara and I have like five minutes each we like to talk about and then we have a lot of questions for and you we want to have a dialogue.

This is really about a conversation.  Everybody has been here for a few days and people talked at you.  It's time for everybody to talk together.  And that is in the spirit of being multistakeholder.  So I'll turn it over to Barbara for a second.

>> BARBARA MARCHIORI de ASSIS:  Good afternoon.  My name is Barbara.  I work in the Cybersecurity Programme at the Organisation of American States and basically I will talk about how is our work and try to raise awareness in the region about cybersecurity. 

First of all, we are facilitators.  What we try to do is try to bring to the countries in the region, in Latin America and Caribbean, best practices, experience of all sectors, Private, Civil Society, Government.  And how do we do this?  Well, we do this for besides partnerships.  So we try to partner with as many organizations that we can from all sectors, which includes talking about Stop.Think.Act.  You are going to talk about that later?  But Stop.Think.Act, he will explain more about it.  But it already provides a lot of material that can be customized by countries, governments and organizations. 

So don't need to start ‑‑ if you want to have your own cyber awareness -- Cybersecurity Awareness Campaign, you already have a great resource to look for information.  And OES brought this initiative and have been encouraging our member states to participate and join Stop.Think.Act.  We have Panama, Paraguay, Uruguay and Jamaica.  And other countries are discussing the possibility.

We also have other organizations like Argentina.  We have the Argentinean Association of Internet Users of ICT.  We always work together and try to have events where we engage people from Academia, Civil Society, Private Sector, and Business.  We also engage in Private Sector too because they have a lot of information that can help with better understanding the training. 

So what is happening?  What are types of cyber attacks?  What are the best techniques?  And we have this partnership been able to produce real interesting reports that provide information about the region.  Back in 2013, we had a great report and this year we published about critical infrastructure protection. 

So cybersecurity awareness involves shared responsibility and multistakeholder.  So we try to have partners from all sectors to be sure all the audience are being involved.

Another important thing that our programs ‑‑ OES has done, is we have recognized October as Cybersecurity Awareness Month.  We encourage member states to do this.  Why?  Because how to better coordinate our efforts.  Resources are limited.  So we have to think okay, how can we make sure that our campaign reach as many people as possible?  So when you have a specific month, of course the campaigns all over the year but a moment to say okay, let's discuss this and have an event.  Let's think about how we can improve cybersecurity awareness in our countries.  So this is why we encourage our member states.

Another important thing we have been working to develop is this Cybersecurity Campaign Awareness -- Campaign Toolkit.  It's available online in English and Spanish.  This was a result of conducting several workshops and roundtables, and every time they discuss how to structure a National Cybersecurity Strategy.  What we need?  What are the challenges and needs of the region?  Every time cybersecurity awareness, how to raise cybersecurity awareness was also an issue and it is an issue of all levels.  We have a problem, companies to civil level, employees, government, ministerial and civil servants.  We have general policy.  Our teachers, children.  It was so many people were concerned about cybersecurity, how to raise awareness.  And the issue was, how do we structure our own National Cybersecurity Campaign?  How do we do this?  That is when we decided to develop this Toolkit.

This is not a Cybersecurity Awareness Campaign.  It is how can Governments and any organization, not only Governments, any organization, how can we structure our own Cybersecurity Awareness Campaign based on our needs?  So an interesting document that explains since the beginning, okay, who should be involved?  Who are the stakeholders?  What is the audience that are trained?  How do we measure impact?  How do we discuss it?  How do we monitor this?  We have a lot of material explaining how we can engage.  How do you structure the message?  How should be this message? 

It's really good material and it is available online if anyone wants to talk more about it, this is one of our great efforts at the moment.  It is for any organization if you are interested in how to develop a public policy.  I think it is an interesting document.

>> MICHAEL KEISER:  What is the website?

>> BARBARA MARCHIORI de ASSIS:  It's not here.  If you go to our website and then in a section of documents and then you have it there.

>> MICHAEL KEISER:  How about we raffle off copies of your Toolkit for those people sitting at the table?

>> BARBARA MARCHIORI de ASSIS:  We can do that.

>> MICHAEL KEISER: Before I go on, let's know about you.  So, how many of you are here from NGOs?  Raise your hand.  How many of you are here from government?  How many of you are here from industry?  We have a multistakeholder's group going on.  Who did I miss?  Anybody from law enforcement?  Great.  Any elected officials of any kind?  Anybody else did I miss anybody?  Academics?  Any academics?  Did I miss anybody else? 

So you are a multistakeholder group in and of yourself, right?  So how many of you are involved already in some kind of Cybersecurity Education Awareness Campaign?  Great.  So, some of you aren't.  For those of you who are, how many of you on those campaigns partner with other people in making those campaigns happen?  So, let me ask you two, or maybe there is another one and you might have to come up to the microphone, tell us who your partners are.  Who are your partners?  You have to turn on the mic.

>> MONIQUE MORROW:  My name is Monique and I work with the Ministry of Communication in Nigeria.  Our government, the immediate administration just signed the Cybercrime Act and in coupled with that we have cybersecurity policy and the cybersecurity strategy.  We have several stakeholders partnering with us to create awareness on the Act itself and then to kickstart the implementation. 

In a few days time, we will be having a national workshop.  We are inviting key stakeholders to come around and look at those documents and benchmark them against the global good practices and see how we can improve on them and then just generally create awareness, you know, around cybersecurity with those key stakeholders in the legislature, law enforcement agencies, government officials, Telecom operators and the service providers in the country.


>> MONIQUE MORROW:  And we partner with CTU.

>> MICHAEL KEISER: Anybody else want to share who your partners are.

>> AUDIENCE MEMBER: Luca Mora from Oxford.  Our partners are Stop.Think.Connect.  We support the initiative and APWG and MOG and we are raising cybersecurity awareness and also we are developing a workshop to teach kids about cybersecurity.  But it is lacking the benefits.  We just make like 3‑4 workshops but we are developing.  And national telecommunications ask us to apply to workshop to the whole city that they are based in.  So we are soon we apply to the whole cities in the countryside of the state of ‑‑ here in Brazil.  I think we will further this.

>> MICHAEL KEISER: That sounds awesome.  Anybody want to the share who you're working with in a multistakeholder way in education awareness?  Before I go on, let me just ask for those of you doing this, how many have an audience of the general public?  General public part of your audience?  I see some people back there.  How about small and medium ‑‑ how about business cybersecurity?  How about young people?  Great.  How about the education system as a whole like just K‑College?  Somebody over there.  Teachers and schools?  Great.  So, you can see that there is a lot of people that we have to reach.  I'm just going to take a few minutes and talk about our approach to multistakeholder and how we created Stop.Think.Connect. and then I have more questions. 

So we'll engage in this conversation a little bit.  The National Cyber Security Alliance is a public‑private partnership we were born to work with other people.  I often say, if we are not working with other people it ain't worth doing because we can't do very much on our own.  We can only do things in partnership because the scale is so large.  Ultimately we have to reach everybody and there is not one group that can do that on their own.  So when I think about why we have public partnerships or multistakeholder groups, I think about that first. 

The scale is gigantic and no one can do it on their own.  We are all in this together.  Every action that anyone takes, anyone takes to make their Internet experience safer actually makes everyone else who uses the Internet more secure.  Because if I'm being safer in my household, and my computer doesn't get infected with a botnet, I just protected all of you down the line.  So we are really connected here and what we do in cyber security is really important.

No one owns this issue.  No one owns this issue.  It is owned by everyone.  The government doesn't own this issue on their own.  The NGOs don't own this issue on their own. Industry doesn't.  This cybersecurity infrastructure is everywhere.  It's sitting everywhere.  It's owned by all different kinds of people and nobody owns it, therefore the owners, everybody, have to work together.

Somebody maybe already raised a resource question.  You raised the resource question.  Not enough resources to go around on any topic.  If we work together and if we leverage each other's resources as you hear about Stop.Think.Connect. In OAS and other people, we can save a lot of money and then new resources can be given back to campaigns and then share them.  That's our model.  And we want to reduce duplication and the way or the reason to collaborate on awareness and there is some other reasons to collaborate in cybersecurity as well, but two levels we have to protect. 

The whole ecosystem, and that is like with a lot of technical people when they try to ‑‑ we already heard a mention.  MOG and APWG, technical organizations solving specific problems like spam or phishing or other kinds of efforts, to education and awareness where we have to collaborate both at the ecosystem level, all of us who are doing it, to reach down to the very lowest levels, which is every user on the Internet.

So here is what I think are the elements of a good multistakeholder/public‑private partnership: as many people at the table as possible, as many people as possible; because if it is successful, all those people will help you deliver your campaign in the end and that's our model in stop, think, connect.  All the people we pull together, and we pull together 25 companies, some of the biggest companies in the Internet, in the World; Google, FACEBOOK and Microsoft all working with us.  We had Symantec. 

We had McAfee.  We had AVG.  We had TrendMicro, a lot of security companies.  We had Bank of America.  We had Internet Service Providers like AT&T and Verizon, which is for us in America.  We had a lot of big companies seven, not just one but seven federal agencies, The Department of Homeland Security, Department of Justice, our Social Security Administration, our Federal Trade Commission just to name a few, who came to the table and agreed come to the table with a very simple kind of notion. 

Peter Cassidy from the APWG, and myself, got on the phone and started calling people and said look, would you just come to a meeting to discuss awareness?  We are not asking to you do anything big.  Just come to a meeting.  We know you're interesting and talk with us and we have some ideas and we want to see if you're interested.  So we brought them together and we said to them, over a course of a day, we said to them, we discussed is this a big problem?  Yes it is.  Do we need to have a single message?  I think we do.  We need a single message like, look both ways before crossing the street. 

That's safety and security.  We do that.  And then we said, the big question, are you willing to work on it with us?  And they all said yes.  So we built this group around a shared problem.  We all agreed.  We spent most of the time talking about whether there was a problem in awareness not what we were going to do.

And then, we set ourselves both APWG and the NCSA as the neutral third party.  We were going to facilitate.  We had things we wanted in this message but we wanted our stakeholders to create it and they did.  They brought their self interests to the table and that have very, very important.  Self interests in this process must be open and on the table if you want to have a multistakeholder process.  It's okay.  We got people to raise their hand and said, I won't use this message no matter what it is if it is negative.  It has to be positive. 

I won't use the message unless I think the message or equates to the quality of my brand.  I have to be able to put it with my brand.  It will be have to be up there with my brand.  Then it better match my brand in some way shape or form.  So we had discussions about deal breakers and all these things that might happen.

And then finally, just a couple of other things to think about that the purpose who runs this, and this could be you all and hopefully some of you will go back and start to run these multistakeholder processes, that you have to remember that this effort is not only owned by you but by the people who come together to create it; right?  Everybody is equal.  This is important. 

So when we were doing our process, we had some very large companies who could have written a check for the whole thing and we had much, much smaller companies who that would have been a burden and what we decided on the funding is the end, every company no matter how big or no matter how small, put the same amount of money in the process.  It was equal across‑the‑board, which gave everybody an equal steak and means the message belonged to everyone equally.  We also moved ahead by consensus and this is really important.  It's not just like taking a vote. 

The people who lead these processes need to understand very deeply what the interests of the people are at the table and need to make that process go forward knowing I know Barbara's concerns when we get to the next step, I have to make sure that I'm already addressing Barbara's concerns when we get to the table the next time.  Makes things move along.

Have a path forward.  Like we are going to get from A‑Z or know they are going to be side track all the way.  And then get participation.  Don't just run this process for them.  Give them meaningful participation.  When we created our campaign, people raised their hands at every meeting.  Who wants to review the research instrument being done by the marketing firm?  Great.  Who wants to work on collateral or messaging development ideas?  Who wants to work on graphics and people raised their hand and they participated all along the way and they did enormous amount of the work and two things happened.  One, the work gets done. 

Even more important they stick to the process at the end of the day.  It's their product.  It's not mine.  It's their product.  They have to stand behind it.  So I'm going leave it there on that.  And I think we'd like to go back to some discussion with you all.  So, for those ‑‑ let's talk about some of you who raised your hand.  What is your hope to come here today and think about cybersecurity awareness, multistakeholder Cybersecurity Awareness Campaigns.  What is it you're hoping to learn?  That would be great to know. 

Anybody want to raise their hand and talk about that?  By the way, those in the back of the room, just come to the front and make your comment, all right?  And those at the table just raise your hand.  Somebody can bring a microphone to them as well.  What is it you want to know?  Go ahead.

>> AUDIENCE MEMBER: My main question and thoughts is how to reach people that you need to raise awareness?  My company is a cybersecurity company so usually we know about cybersecurity, but how to reach people that are not ‑‑ doesn't have resource to reach the cybersecurity awareness and how to do multistakeholder initiative.  It is a challenge and this is what I have in my head when I came here.

>> MICHAEL KEISER: I have answers but I wonder if anybody else has an answer to the question how to reach all the people.  Who has been working in this, or a similar area, that might have an answer to that question?  Anybody?  Go ahead.

>> AUDIENCE MEMBER: Maybe I can just share some legal experience in doing this.  Not cybersecurity awareness but other kinds of awareness.

>> MICHAEL KEISER: We should learn from other ‑‑ this is not unique.  Learn from other things.

>> AUDIENCE MEMBER: For example, I work with the Federal Ministry of Communication and we created like a CIA group bringing together ICT Directors from all government agencies.  Okay?  Under one umbrella.  We call it Council of ICT Heads in Government.  And in this forum, we come together like two months and we share experiences from our various agencies and we also share best practices and like what I learned here today, when I get back, I'm going to at the next meeting, share it with them.  They will then take the message back to their organizations and share it within the organizations. 

So, that is applicable in other areas.  We can get a look at what level those come together and have meetings and they have government Chairman.  You can bring such messages to such groups and they can take it down to their constituents and share such messages.  Like that, you actually have all the stakeholders get the same information that you want them to get.

>> MICHAEL KEISER: That's great.  Any thoughts on that Barbara?

>> BARBARA MARCHIORI de ASSIS:  I was just like, great point like how to organize the umbrella and how it was possible.  You created pretty much a central coordination and then you make sure to find a way to spread this really interesting and it is how something we try to encourage.  Bring together and then try to find ways to spread.  Good work.

>> MICHAEL KEISER: Go ahead.  Do you have a thought?

>> AUDIENCE MEMBER: I have a question but it's a bit moving the conversation to somewhere else.

>> MICHAEL KEISER: The conversation is yours.

>> AUDIENCE MEMBER: My name is (Indiscernible) from Lebanon.  I work with Education Gulf Centre for Human Rights and I am here because I'm an ISOC Ambassador.  They made us say that.


I want to ask a question.  It has to do with trust because this issue is very, very delicate in the region where I come from.  It is very hard to put one part of the multistakeholder group with another who is being oppressed by that part or the other way around.  You cannot make decisions with other counterparts who might take advantage of a thought you might share during a forum like this.  Especially in the Gulf where the rule of law is not rule of law we all know in other parts of the world.  So I'd like to know some kind of best practice or advice from your point of view on region such as mine.

>> MICHAEL KEISER: I think, our model of rolling out the campaign speaks to this a little bit.  It doesn't speak to necessarily how you get two parties who will never trust each other to work together.  That's an obviously very difficult situation.  But, perhaps maybe there is a narrow strip of ground where something like keeping your citizens safe online is in everybody's best interest.  Maybe there is a shared interest in that everybody can use the Internet safely.  Maybe there isn't and in some places there isn't that shared interest.  But that is one thought. 

Our model of dissemination beyond this 25 or 35 people that originally created the message, is we get other groups to adopt the message and we do that because of trust because we realize in the very beginning, that it is a lot of energy to get people to trust somebody new.  So, on the National Cybersecurity Alliance it sounds like someone should be trusted on this topic, but 345 million people in the United States, to get them to trust me first before they listen to the message isn't going to happen; but if you have your message widely disseminated by all different kinds of groups that people trust. 

Some people trust government so they go to government to get the message.  Go to the Federal Trade Commission they will see Stop.Think.Connect..  They go to a company like RSA or Intel Security or something like that uses the message.  They see the message.  The trust already established because the consume ser deciding I trust the government for this message.  I trust industry for this message.  I trust an NGO for this message.  So you disseminate across what I call trusted networks and let people decide who they trust and receive the message from them rather than being stuck on who is the trusted messenger.  And I think that doesn't really answer your question.  I don't have a full answer for your question.  I think that's hard but maybe somebody else has a thought.

>> PANEL MEMBER: Just one thought.  Focus on the issue.  Focus on the problem we are trying to address.  And Michael talked about some of the companies that are involved with Stop.Think.Connect. in the United States.  Fierce competitors in the marketplace, gunning for each other every single day trying to win customers back and forth.  Yet, they put those differences aside to focus on a much larger issue which is the cybersecurity efforts. 

So I think if you can somehow get everybody to focus on the problem you're trying to address, some of the previous history of disagreements may be temporarily put aside.

>> BARBARA MARCHIORI de ASSIS:  Also in my experience facilitating discussions in the region, we have a trust issue here, maybe at different levels but what I noticed when some interesting techniques and one of them is what he said.  Focus on the problem.  What is the main issue they are trying to solve?  If you focus how to do it, the beginning discussion may be okay.  Great.  But okay, you all agree our children to be safe online.  Okay, so we have this in common.  So from that broad statement, broad vision, and then you start building something.  Don't start bringing your specific issues to the table because otherwise then it gets harder. 

So start from the main issue that everyone agrees and then go from there.  Other techniques that may help and useful when you have a facilitator to the discussion, someone that neutral it is helpful because someone can balance the discussion and help find a common ground, a notetaker.  This Toolkit, we have a specific section about meeting deadlines and how to improve the discussion.  It doesn't really answers but techniques to help improve the discussion and encourage common ground and work together.

>> MICHAEL KEISER: When we do these processes, and we have done several, we jointly write a Mission Statement by consensus and start every meeting by reading it to remind people this is what we are focused on.  Don't drag us down.  This is what we are here to do.  I don't know if that is possible but it is advice to everyone.  Develop that joint goal and keep it narrow.  Really, we started very narrow in our campaign.  We started with can we even come up with a message?  And we weren't even convinced of that until like four meetings in we could do it.  We argued about that a lot.  Like, I don't know.  Maybe we can or maybe we can't. 

Then we had to decide we could do consumer research.  So keep very focused.

Other thoughts or questions?

>> BARBARA MARCHIORI de ASSIS:  It's not going to be one roundtable, one meeting, that will solve the problems.  It takes a lot.  So it interesting also when you have the first meeting.  Like, keep taking notes.  Today that was our conclusion.  Then the second one, because there is more ‑‑

(Loss of audio due to intermittent Internet interference)

We have a chance of coming together to discuss this.  That's why I think it is for.  Because the issue at the end, it's coordination, and I think it gives a moment for let's think.  What happens sometimes is we are all of us so engaged, let's implement cybersecurity in this campaign and don't have a moment to stop and discuss with the others. 

So I think that is why it is important to have specific moment to discuss this.

>> MICHAEL KEISER: It lets people attach to something bigger which they want to be part of anyway.  It allows people to say, I can do my part even if it seems small, it is part of a bigger effort. 

I want to go back to your success question.  Does anybody have any other answers how they measure success in education and awareness?  I'd love to hear ideas on this.  It's an important topic.  It's not easy I agree.  It's hard to measure success in educational awareness.  Any other thoughts on that?  Way in the back of the room ‑‑ we have to get them all around the table somehow.

So, I would love to hear more about also from any of you what kind of information and support would be helpful for those of you who came to learn about building a campaign.  What would be helpful to you.  We will be able to report out on this.  What would be helpful to you?  What kinds of information, assistance, whatever would be helpful to you in building a campaign?  What do you need?  For those who don't have campaigns but are here because you're maybe thinking about one, what is it you need to help you be successful?

>> AUDIENCE MEMBER: For us, as you well know it's an emerging economy.  Infrastructure is maturing and a lot of people are still not connected.  And part of the Minister's mind is to make broadband accessible to everybody in the whole country.  And with this of cybersecurity, we need to get a balance between encouraging people to put their businesses online, to interact and do stuff online, and build their confidence, all right?  And be able to also warn them about the risks and the threats about cyber world.  The criminals, the bad guys.  All of that. 

So, for us, what is giving us some nightmare or sleepless night is to be able to come up with a segment or an idea that we will encourage them to come online, at the same time, let them know that yes, you're coming online but there are risks around this and you should be able to protect yourself and so, you know, we have to have a way to say, this is what is the need for you, at the same time, these are the challenges that you may face and these are ways you can go around it or mitigate those threats. 

So, it is a delicate balance when you encourage somebody online, come, come, come.  And then you're saying, this is also there to harm you or to bring your business down or something.  So we need to get a balance to be able to just put it across and then accept that and come online and accept the risks and threats that they may face.

>> MICHAEL KEISER: So I always said this, in a way, in the United States, our problem was that we started doing education awareness after everybody had already developed bad habits.  Everybody was already online for a long time doing bad things making mistakes and then we tried to retrain them.  If you can get people to start with good habits, you are actually ahead of the game.  Let me just say.  Very much.  Getting people change things they already decided to do on their own without help is really a problem.

>> BARBARA MARCHIORI de ASSIS:  That is something you need to remember.  States are still dealing with this problem that not so much are people online but encouraged to be online but then the safety issue to say, don't see as a challenge but as an opportunity to make sure that the you will be online and safe at the same time.  But something else about your question.  Encourage them to be online and they are concerned because be careful.  There is all the cyber risks.  But how to think of it as normal business. 

If you want to open a business, you still have some risks.  Everything has a risk.  So why cybersecurity has to be like this?  So if you have to open a business, you have to have insurance or do this or this.  So as any other step you have to consider it a risk too and protect yourself.  So try to deal with it based on other experience that is it is people they are used to and say, well, as any other business there is problems but that is what you should do.  It's something ‑‑ try to think of something not so far and so complex.  Because there are real examples that it is just the same.

>> MICHAEL KEISER: Other thoughts or questions?

>> AUDIENCE MEMBER: I think as an initiative to raise cybersecurity awareness, we need to learn or have a best practice about how to open doors, to open doors in space that is you want to reach as a target.  If you want to raise cybersecurity in schools for example, I need to open doors in schools because due to the trust issue.  And I think this is most ‑‑ I am a technician so I'm not a public-relation person.  So it is kind of difficult to break this first barrier that you have that is through open door and I want to help, I want to introduce, I want to ‑‑ to share what I know and I think this is great and difficult thing we have when dealing with cybersecurity, when raising cybersecurity awareness.

>> MICHAEL KEISER: So that is a difficult part of the process and that is part of developing the multistakeholder process is sitting down with people and finding out like where the shared interest is.  Where is the interest that ‑‑ where is our interest crossover?  I think schools always a target and in the United States, it's hard to reach schools because our school system is incredibly decentralized down to the local level where local school districts decides what is taught. 

You have thousands and thousands of thousands of school districts.  It's finding leadership in the verticals and sitting down and talking with them and showing them how you can help them.  Because you already have a lot of the answers they don't.  And sometimes people especially in the cybersecurity, especially in early stages, don't address it because they feel like they are not an expert.  It's hard for a teacher to talk about something that they don't feel they know.  Right?  Because I'm supposed to be the teacher and have a answer to the question.  So helping them. 

In the United States we see things now like in‑service trainings on security and online safety and those kinds of things for teachers.  Those take long periods of time.  But that's why getting them to the table early in the discussion is really, really important.  And then finding someone who will get their attention.  So if you don't know them, find someone who knows them who gets them to talk to you about it.  It's not easy.  This is not ‑‑ having a multistakeholder approach is a great solution but it takes a lot of work on the front end to get people to the table. It is hard to get people to the table.  Sometimes you have to cajole them.  That's what we if.  We said come to one meeting.

That's all I'm asking you.  Come to just one meeting.  I'm not asking to you sign up for the rest of your life.  Just the come to a meeting to see if there is any shared interest.  If there is, great.  If there is not, go home and none has ever gone home.  But that's what we talk to people about.

We just have a few minutes left.  I don't know if there are any other thoughts?  Great.

>> AUDIENCE MEMBER: Thank you.  I think cybersecurity is a big issue as far as our Internet is concerned.

>> MICHAEL KEISER: Can you talk into the microphone a little bit more, please?

>> AUDIENCE MEMBER: As far as the Internet is concerned, we are bad guys and good guys on the net.  Where we have to live, unfortunately ‑‑ so the only thing which will happen is for us to fight and we fight this crime or side bar issues.  I think the best way is collaboration among the good guys on the net, then awareness so that at least the bad guys can be aware that there are good guys and they are doing something bad.  In addition to this, I know this is quite difficult but we should expose them.  The way we expose them, I think that could be so there is no safe place for the bad guys on the net.  Thank you.

>> MICHAEL KEISER: That's a pretty good place to call the end.  I think you're right.  First of all, you're all the good guys, right?  I'm assuming everybody here is a good guy.  Don't raise your hand if you're not.  I'm assuming you're the good guys but you're right.  It's how we banned together.  That's part of the multistakeholder process. 

It leads to kind of resistance because we are creating the resistance whether it is technically through technology, through standards, whether it is through education awareness and making every Internet user better defended against the risks that are out there or their devices better defended against the risks to their devices.  This is all building that resistance is really one of the major elements of Cyber Security then resilience, coming back.  If something bad does happen. 

So resistance and resilience are the two ways we talk about cybersecurity.  But I would also say that cybersecurity for me, and this is one of the messages we have that is slightly different than others is about enabling people to do more.  If you know how to be safe and secure online, if you know how to keep your devices secure, you can do more online and security enables you.  It doesn't prevent you from doing things.  And I think that is really important.  I will leave it there.  Barbara do you want to add anything?  We only have a minute left.

>> BARBARA MARCHIORI de ASSIS:  Agree you have to change a little bit with cybersecurity as something that is not bad.  It is something quite positive to try to protect ourselves and another device, trying to promote cybersecurity, address it as a positive thing, like asking about the business.  Don't start a campaign like, cyber criminals can get you.  But write a message in a positive way.  That is a good way to start.  So thank you all.

>> MICHAEL KEISER: I think we are right on time.  So I want to thank you for coming.  I'm willing to stick around and answer questions ift6tttttt people didn't get them fully answered.  We appreciate you coming late in the day.  Late in the week.  And that's it.  Thank you very much.