IGF 2020 NRIs Collaborative Session: Cybersecurity local policies and standards

Time
Wednesday, 4th November, 2020 (12:20 UTC) - Wednesday, 4th November, 2020 (13:20 UTC)
Room
Room 1
About this Session
Please follow this guide on how to connect to the platform https://www.intgovforum.org/filedepot_download/10603/2318

NRIs Collaborative Session: Cybersecurity local policies and standards

Theme: Trust

Policy Questions: 

  • What are the contemporary challenges for our societies regarding cybersecurity?
  • What are concrete examples of defence in cyberspace?
  • What are good practices of successful regional cooperation on cybersecurity matters?

Relevance to Theme and Internet Governance: 

Safe and secure online environment is a precondition for the respect of social, civil, human, cultural and political rights of all people connected to the Internet. Cyber attacks, Internet shutdowns, data misuse and manipulation, online fraud, illegal access to online information are all the reality of many countries and regions. Censorship is present and in some communities, it reaches absolute barriers, as the whole online networks or particular services are being shut down. Some legislations face practices where laws are introduced to allow for legal grounds to cancel some online services. These are not addressed within a comprehensive, global framework that would allow for harmonization of principles. As a result, we face segregation in terms of addressing these matters and coming up with effective solutions.

Description: 

This session  will focus on understanding what are the local policies and standards on local levels related to cybersecurity.  It will specifically look at the examples coming from the Albania IGF, Brazil IGF, Chad IGF, Ecuador IGF, France IGF, Kenya IGF, North Macedonia IGF and Tunisia IGF.

The multistakeholder communities of the mentioned NRIs will share the practices related to their cybersecurity ecosystem and development, as well as the challenges they face. It will focus on the ways the local communities defend people from cyber attacks and good practices regarding successful digital cooperation for a safe online environment.

Format of the Session: 

60-minutes interactive roundtable discussion with introductory remarks and open floor for questions and answers.

12:20-12:25 ‎UTC

Moderator introduce the topic, organizers and speakers

12:25-12:50 ‎UTC

(up to 3 min each speaker)

National cyber defence mechanisms: why do we need them and what are good practices? Examples from Brazil IGF and North Macedonia IGF

  • Brazil IGF: Ms. Cristine Hoepers, CERT.br
  • North Macedonia IGF: Mr. Predrag Tasevski
  • Chad IGF: Dr. Bakhit Amine, Academia Teacher at National School of ICT (ENASTIC)

 

Cybersecurity national frameworks in a context of regional and international cooperation?

  • France IGF: Mr. Lucien Castex
  • Albania IGF: Mrs. Vilma Tomco General Director of National Authority on Electronic Certification and Cyber Security
12:50-13:10 ‎UTC

Open discussion with participants.

13:10-13:15 UTC

(up to 1 min each speaker)

Achieving cybersecurity: concluding action-oriented commitments from the involved NRIs

 

  • Albania IGF: Mrs. Vilma Tomco General Director of National Authority on Electronic Certification and Cyber Security
  • France IGF: Mr. Lucien Castex
  • Chad IGF: Dr. Bakhit Amine, Academia Teacher at National School of ICT (ENASTIC)
  • North Macedonia IGF: Mr. Predrag Tasevski
  • Brazil IGF: Ms. Cristine Hoepers, CERT.br
13:15-13:20 UTC Conclusion by the moderator and final key discussed concepts presented by a rapporteur

Expected Outcomes:  

Understanding specific challenges and examples of good practices on local levels, as well as strengthening collaboration networks between the NRIs on these issues.

Discussion Facilitation: 

The moderator will follow the agreed set of policy questions and will allow for introductory, case study remarks by the NRIs speakers. This will be followed by engaging other present participants into developing an interactive discussion.

Online participation: 

A dedicated online moderator will be placed next to the onsite moderator. All participants will be using the online speaking queue to be treated equally in their requests for interventions. All input presentations will be made available at the IGF website and links will be shared via the online tool.

Co-organizers and delegated speakers:

  1. Albania IGF
  2. Brazil IGF - Cristine Hoepers, CERT.br
  3. Chad IGF
  4. Ecuador IGF
  5. France IGF
  6. Kenya IGF
  7. North Macedonia IGF - Predrag Tasevski
  8. Tunisia IGF

Online Moderator: Ms. Jennifer Chung, DotAsia, APrIGF

Rapporteur: Vinicius Santos, CGI.br, Brazil IGF

Connection to SDGs:

ANNEX: Substantive inputs from the co-organizers:

Brazil IGF

With regards to cybersecurity local policies and standards, Brazil IGF could provide an overview on our national cybersecurity ecosystem, given the existence of a local network of CSIRTs and a national CERT (the CERT.br), which provide support to the structuring and handling of security incidents in Brazil. There is a set of channels for reporting and a consistent documentation produced by those entities to orient local stakeholders, as well as a robust periodic release of statistics that help base public policy. Additionally, the Brazilian Government has recently released (February) a new national policy called e-cyber, that has been under construction since at least 2015. It seeks to strengthen cybersecurity, cyber defense, the security of critical infrastructure, the security of classified information, as well as the protection against data breaches, and to achieve some integration in national standards and strategies to protect users, providers, the Internet infrastructure and so on.

France IGF

Cybersecurity has been the corner-stone of the digital agenda in France for the past couple years from developing a national expertise to raising citizen awareness and strengthening educational programmes. As a member of the European Union, France transposed the NIS Directive and is applying the GDPR (privacy by design and by default principles) as well as a member of the ENISA ane Europol frameworks. France is also developing a national digital security strategy and the Military programming law is implementing strong detection mechanisms and security standards. The COMCYBER (in French Commandement de la cyberdéfense) has been created in 2017 and has a mission of developing France’s offensive and defensive cyber capacities.

At the national level, a number of policy initiatives aim at tackling the spread of toxic content online: Disinformation and platform transparency (2018), Hate speech (2019 - Ongoing) and Terrorism (2019).

At the international level, France has been promoting the Paris Call for Trust and Security in Cyberspace presented at the 2018 Internet Governance Forum. The call aims at bringing the stakeholder together to face the new threats endangering citizens and infrastructure in the digital space. The call is supported by 78 states, 348 civil society organizations and 643 private sector entities https://pariscall.international/en/ France is also collaborating with New Zealand on the Christchurch call initiative to eliminate terrorist and violent extremist content online, in a standard-setting effort.

IGF-MKD 

Emerging technologies and their interfaces with inclusion, security and human rights



Usage of information and communication technologies in households and individuals according to the State Statistical Office in the first quarter of 2018 is 79.3% and within access to the Internet is 70.4%. Whereas, the most used device for access to the Internet is via mobile phones by 81% [1]. Subsequently, the access to the Internet, emerging technologies and their interfaces are constantly growing in the country. For this reason, IGF MKD was established in 2017 by organising an Annual Internet Governance Forum event in the country within main focus openly to discuss Internet governance issues between all stakeholders.

First Annual IGF event was held in November 2017, concentrating on topics, such as: digital identity and diplomacy, digitalisation of government services, cyber security methods and presenting MKD CIRT (National Center for computer incidents response), online enforcement, copyrights, fake news and media literacy [2].

Second Annual IGF event was held in October 2018, where formation of Youth IGF MKD was announced, and three sessions within multistakeholder coverage were discussed. First we discussed cyber security and trusted services by introducing three pillars (technical, academia and government). Introducing retrospective view in cyber security, first academic CIRT and presenting first draft of National Cyber Security Strategy. Second session was about human rights, data protection and intellectual property. Where distinguishing guests from civil society, academia and private sector talk through GDPR challenges, Artificial Intelligence (AI) and intellectual property on the Internet. Last but not least, the third session was on media literacy, fake news and disinformation where the private sector, media and civil society were present [3].

Third Annual IGF MKD was held on 28 October 2019, emphasising on government action plan against spreading disinformation, followed by media society discussion, technical community by presenting high availability Internet connection research platform and cyber security, legal aspects and human rights.

On the whole, IGF MKD places an important role in the country by raising awareness and promoting a better understanding of Internet governance among all stakeholders by highlighting the importance of human rights, access to technologies and Internet, and security and privacy.



[1] Republic of North Macedonia. State Statistical Office. Usage of information and communication technologies in households and by individuals, 2018. 22.10.2018.

[2] IGF MKD 2017. First Annual Internet Governance Forum.

[3] IGF MKD 2018. Second Annual Internet Governance Forum.

1. Key Policy Questions and related issues
What are the contemporary challenges for our societies regarding cybersecurity?
What are concrete examples of defence in cyberspace?
What are good practices of successful regional cooperation on cybersecurity matters?
2. Summary of Issues Discussed

The session discussed the overall landscape of cybersecurity issues within the context of National and Regional IGF initiaves and their communities. Central aspects discussed included the mechanisms and frameworks put in place in each country as means to organize cybersecurity, as well as cooperation mechanisms and efforts in local, regional and global levels. There was broad agreement on the need for improving capacity building, education and training, as well as create a culture of cybersecurity in Countries and communities. Participants were mindful of diverse initiatives addressing definitions and basic concepts for cybersecurity, as well as the involvement of international organizations in capacity building programs. There was also a call for action in cooperation in all levels.

3. Key Takeaways

- Participants manifested broad consensus on the need for creating a culture of cybersecurity within countries and communities
- There were several reports on cooperation between regions and countries, as well as cooperation between local and international organizations
- Initiatives such as the Christchurch call or even the IGF BPFs were mentioned as important initiatives for strengthening cooperation and available knowledge about the discussed issues
- Education, capacity building and training were also key terms mentioned by participants as crucial for moving forward and advancing cybersecurity and national cyber defence policies and mechanisms

6. Final Speakers

1. Albania IGF: Mrs. Vilma Tomco, General Director at NAECCS
2. Brazil IGF: Ms. Cristine Hoepers, CERT.br
3. Chad IGF: Mr. Bakhit Amine, Academia Teacher at National School of ICT (ENASTIC)
4. France IGF: Mr. Lucien Castex
5. North Macedonia IGF: Mr. Predrag Tasevski 

7. Reflection to Gender Issues

Gender issues were not addressed in this session.

8. Session Outputs

No explicit outputs were referred, except for the improving of networks between participants and NRIs, and possible future collaboration.

10. Voluntary Commitment

In the very ending of the session, participants in general reinforced their commitments with creating a culture of cybersecurity, and seeking to improve initiatives for awareness raising, education, and training.