IGF 2020 WS #210 Nobody Left Behind - Interregional Cyber Capacity Building

Time
Thursday, 12th November, 2020 (07:20 UTC) - Thursday, 12th November, 2020 (08:20 UTC)
Room
Room 1
About this Session
This workshop aims to bring together stakeholders from developing regions to identify best practices of cyber capacity building initiatives and the prerequisites needed to ensure their sustainability. The participants will look at the different perspectives of cyber capacity building across stakeholder groups and what roles these actors can play in developing capacity.
Thematic Track

Organizer 1: Caroline Groene, Microsoft
Organizer 2: Ben Meany, Microsoft
Organizer 3: Liga Rozentale, Microsoft Corporation

Speaker 1: Liga Rozentale, Private Sector, Eastern European Group
Speaker 2: Latha Reddy, Civil Society, Asia-Pacific Group
Speaker 3: Bart Hogeveen, Civil Society, Asia-Pacific Group

Additional Speakers

Folake Olagunju, GFCE Advisory Board Co-Chair & Program Officer of Internet and Cybersecurity, ECOWAS

Kerstin Vignard, Head, UNIDIR support team to General Assembly processes pursuant to resolutions 73/27 and 73/266

Moderator

Liga Rozentale, Private Sector, Eastern European Group

Online Moderator

Ben Meany, Private Sector, Western European and Others Group (WEOG)

Rapporteur

Caroline Groene, Private Sector, Western European and Others Group (WEOG)

Format

Break-out Group Discussions - Round Tables - 90 Min

Policy Question(s)

• How do different international actors and regions understand cyber capacity building and what role does it play for them? • What are the common interests among regions and where are the differences? • To what extent can best practices from one region be applied to others? • What are the key tools and instruments that can be applied across regions? • What are the policy areas where interregional cooperation could be helpful to better inform and support governments' engagement around these issues?

The threats and challenges in cyberspace not only affect industrial countries who are leading the international policy debate, but also less developed regions. The latter often lack appropriate infrastructure and resources to address their vulnerabilities. Despite an increased international recognition of the importance of cyber capacity building, there is a high risk of duplication of initiatives due to the lack of exchange and communication on existing projects - as acknowledged in recent GFCE meetings. Realizing the importance of regional collaborative efforts to address this gap, the Paris Call presents an ideal platform to enable cross-sector communication and knowledge exchange regarding existing efforts and best practices as well as their applicability to other regions. The Internet Governance Forum presents an ideal platform for this interregional workshops as it enables important actors from less developed regions who are usually under-represented, to take part in these important discussions.

SDGs

GOAL 9: Industry, Innovation and Infrastructure
GOAL 16: Peace, Justice and Strong Institutions
GOAL 17: Partnerships for the Goals

Description:

Although discussions on cybersecurity often focus on Western countries, fragility and the lack of security in cyberspace is not a Western phenomenon and is as much of a threat to those in developing regions of the world. In particular, those countries in the process of developing their ICT infrastructures can lack resources and capabilities to address security and resilience issues. However, increasing cybersecurity capacity is not only in the interest of individual countries – in a globally connected world where vulnerabilities in one country create risks for others, building capacities and confidence across the world is crucial. Despite international organizations recognizing this need and the existence of an increasing number of incentives, few lessons learned and best practices are shared globally. Realizing the importance of regional collaborative efforts to address these threats and challenges, the Paris Call for Trust and Stability in Cyberspace serves as an ideal platform for its worldwide supporters to work together on strengthening cyber capacity measures. Most recently a significant number of nations and civil society organizations in Asia, Africa and South America joined the Call and thus expanded its reach in these important regions. Other international fora such as the IGF Best Practice Forum on Cybersecurity and the Global Forum on Cyber Expertise have also highlighted the added value of like-minded multistakeholder groups exchanging and advising each other on best practices in capacity building. This workshop will be mindful to not duplicate those previous efforts, but rather to build on them by leveraging its large and diverse group of endorsers and their experiences. Drawing on the contributions of Paris Call signatories, this workshop aims to bring together stakeholders from less developed regions to identify best practices of cyber capacity building initiatives. Participants will discuss in regional groupings where their interests lie and what challenges they face. Subsequently potential links between regions and their applicability can be identified. These synergies can then be used to build an informative basis to strengthen interregional cooperation on cyber capacity and confidence building measures. In the first part of the session the moderator will set the scene and each of the speakers will contribute from their specific stakeholder perspective as researchers, government, civil society and private sector representatives. Then the floor will be opened, and participants will work together in regional groups to identify common interests and challenges. This format will encourage brainstorming and interactive dialogue in a candid atmosphere. In a concluding part of the session, groups will briefly present their preliminary findings and panelists will comment on identifiable common grounds. This workshop is intended to be 90 min.

Expected Outcomes

Added value from this workshop will range from discussing interests and experiences, recognizing common best practices to identifying challenges among different regions. We want the participants in our workshops to exchange their lessons learned and best practices, and to suggest actionable steps on how to transfer those practices to other regions. As such, this discussion would make an important contribution to the current CCB discussion by providing attending representatives from various sectors and less developed regions with already existing innovate ideas and tools and hence reduce duplication as well as shifting the focus on underrepresented regions. Based on this preliminary analysis, further discussions on interregional cooperation can be continued in different fora. The Paris Peace Forum 2020 will take place only a few days after IGF and offers the opportunity to present conclusions of this workshop and continue the discussion. A publication of these findings will be discussed as well.

The format of the workshop will be focused on interactive discussions in groups to encourage open exchanges and sharing of best practices among the participants. Furthermore, each group will be asked to shorty present their key findings, and hence, allow for equal participation of each region that is present. The panel of experts will be asked to avoid long speeches or formal presentations in the introductory part of the session and to share their short but straightforward thoughts in the concluding part. However, considering the current uncertainty, this workshop format is flexible to move the discussion online and find creative ways to push interaction in the digital space.

Relevance to Internet Governance: The Paris Call directly speaks to the multistakeholder approach of internet governance as it founded on the principle of international cooperation between governments, private sector and civil society to address challenges and threats in cyberspace. This session will support the very notion of the Forum by bringing together a wide range of stakeholders in the international community, with a particular focus on less developed regions, and hence, support underrepresented stakeholders to contribute to this important exchange.

Relevance to Theme: The supporters of the Paris Call commit to working together to build trust and security and adopt responsible behaviour within cyberspace to further advance digitalization. Two years after its creation, the Paris Call is still the largest multi-stakeholder group ever assembled in support of a cybersecurity focused agreement and has received support from industry and civil society in key developing countries and also smaller, usually underrepresented, states. Particularly, in the context of the implementation of practicable initiatives, as in the case of cyber capacity building discussions, it is crucial to involve industry and civil society to realise these efforts. As the Paris Call offers a reliable platform to continue and advance multistakeholder discussions, having this session at the IGF would enable us to share learnings from the Paris Call and alert stakeholders not already involved to the benefits and capacity building assistance that can be gained by participating. Particularly, this session allows for an interactive participation and informal exchange of experiences among stakeholders and therefore, creates trust and strengthens cooperation that can be built upon in other fora.

Online Participation

 

Usage of IGF Official Tool.

 

1. Key Policy Questions and related issues
To what extent can good practices from one region be applied to others? Where in your work have you seen this done well or have felt that cross-regional sharing would have made CB more successful?
Trust and legitimacy are key criteria for successful capacity building. Are there existing regionally focused organizations or partnerships that are under-utilized or under leveraged? What have been successful ways to connect across regions?
When we say “sustainable”—what features contribute to sustainability—and are these features the same everywhere? How can the sustainability of capacity building measures be ensured?
2. Summary of Issues Discussed

The panelists agreed that regions approach and operationalize capacity building differently in practical terms, however, it was also recognized that more cross-regional sharing would be beneficial where possible. Examples included interregional organisations (ASEAN, ECOWAS, EU) or more developed countries (Singapore) in certain regions sharing best practices and building capacities for lesser countries from the same region. Krey criteria for successful and sustainable capacity building comprise legitimacy, trust and respect, according to the panelists. Relationship building was also mentioned as an important contributing factor. However, panelists warned that one can only be as strong as the weakest link, therefore it makes sense to not only become stronger within your country, within your subregion. To really have a proper open, secure, safe system, one must really cooperate between regions. This would also help to address closing gaps between regions on CCB. Furthermore, national buy-in is essential. This would ensure reciprocity and a two-way street from with both partners benefit. 

However, it was also stressed that the differences among regions are significant (geography, economics, politics & culture) and best practices are not applicable to every region. The Pacific region was named as an example where countries differ enormously and best practice sharing would not be very successful. Lastly, another important criteria constituted the involvement of multiple partners for sustainable capacity building, which is still lacking in general. 

Overall, multistakeholder initatives such as the Paris Call for Trust and Stability in Cyberspace or multistakeholder organisations such as the Global Forum on Cyber Expertise were named as great platforms that could support on cyber capacity building across regions. Interregional fora such as the EU-India dialogue were cited as successful exchanges on CCB.

3. Key Takeaways

Trust, legitimacy and the involvement of all relevant stakeholders are the pillars for any benefitial capacity building project. The work of the GFCE was recognized as a great contribution and new partnerships with the private sector focusing on Africa seem to be promising. For the future, a focus on norms discussion amongst African states, the creation of a single universal trusted organisation on cyber capacity building and the standarised use of multistakeholder approaches were listed recommendations for the future. Furthermore, additional track 1.5-dialogues not only between countries but also regions or country and region (such as the EU) were recommended. 

6. Final Speakers

Speakers:

Folake Olagunju, GFCE Advisory Board co-Chair & Program Officer of Internet and Cybersecurity, ECOWAS

Latha Reddy, Co-Chair of the Global Commission on the Stability of Cyberspace

Bart Hogeveen, Head of Cyber Capacity Building, International Cyber Policy Centre, Australian Strategic Institute (ASPI)

Līga Raita Rozentāle, Senior Director for EU Cybersecurity and Emerging threats, Microsoft

moderated by Kerstin Vignard, Head, UNIDIR support team to General Assembly processes pursuant to resolutions 73/27 and 73/266

7. Reflection to Gender Issues

The session included several female speakers from four different continents, including developing regions. All speakers have represented different stakeholder groups throughout their careers in governments, think tanks, regional organizations, the private sector and civil society, so they have sat at different seats at the table. The content as such did not touch upon gender issues, however, the perspective of female professionals in this space allowed for a diverse view on the topic.

8. Session Outputs

This workshop will be the first in a series of additional sessions in collaboration with the IGF.