The following are the outputs of the captioning taken during an IGF virtual intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.
***
>> We all live in a digital world. We all need it to be open and safe. We all want to trust.
>> And to be trusted.
¶
>> We all despise control.
>> And desire freedom.
>> We are all united!
>> MAGDALENA WRZOSEK: Good morning, everyone, and good afternoon, and good evening, for those of you who are joining us remotely. Welcome to this session "Keep Our Children Safe In The Digital World." My name is Magdalena Wrzosek, I'm from EY. I have the privilege to moderate this session we have distinguished guests and I will give the floor to present themselves.
>> PIOTR CIEPIELA: Thank you. My name is Piotr Ciepiela. It's a great privilege to be here and I think also responsibility. Today I will be representing two sectors, private sector, and nonprofit sector. In terms of private sector, on a daily basis, I'm a partner in a global leader in architecture and engineering and emerging tech at EY and within business responsibility. We are supporting an organization, critical for infrastructure operators, service operators, to protect from cyber threats, but also we are supporting governments, we are supporting standardization bodies to create regulations and guidelines related to private security.
On the nonprofit, I'm also chairman of the Committee of Information Systems Security Certification Consortium ISC2. The aim of this organization is to train security professionals. So that's the second. I think also I'm a father. I'm a father of two boys, age 9 and 11. So I think very relevant topic for them. So I will be combining today these three perspectives. Thank you.
>> JACEK OKO: Hello, my name is Jacek Oko. I'm the President of the Office of Electronic Communications in Poland, and I'm still a teacher, an assistant professor at Technical University, and also I'm a father and grandfather, and this stream to the children is very important, I think, for all parents, for all people, because the children are our future. Thank you.
>> ANTONI RYTEL: Good morning, everyone, I'm Antonio Rytel, I'm the Deputy Director of the GovTech Center of the chancellery of the Prime Minister of Poland. We deal with everything dealing with the public sector. And also recently with digital education and innovative education. I'm also wearing two hats. My one hat, I just briefed you on but the other one is an academic one. I'm also working at technical university the Inter alia. I'm not a father or a grandfather, but we deal with ‑‑ and hopefully I will offer you some perspective. I'm happy to be here at the IGF and to speak to such a distinguished multinational audience.
>> MAGDALENA WRZOSEK: Thank you. We also have two guests who are joining us remotely. Milija, can you hear me?
>> MILIJA LAKSO: Yes, can you hear me?
>> MAGDALENA WRZOSEK: Yes, we can hear you well. Can you present yourself to the audience?
>> MILIJA LAKSO: Yes, I work with UNICEF and the office of innovation of UNICEF particularly. I sit with the Venture Fund of the UNICEF innovation and our goal is really to invest and explore emerging open source technologies that could benefit children.
And from that point of view, we are looking at that kind of two to five‑year horizon in the future and what is emerging and how can we invest in digital solutions that can really benefit children in the coming years. Very glad to be joining this panel this morning.
>> MAGDALENA WRZOSEK: Thank you for joining us. And we also have Fabio from ENISA. He's not able to join us yet. Okay. So we will continue with the panel and wait for him to join as well.
So because the subject of today's session is very broad, we would like to focus for cyber skills among children and the young people. And how can we work together different ‑‑ with the different sector to make this more ‑‑ make this gap, which we have in cyber skills disappear or maybe a little bit smaller? One was presented by ENISA, just before the pandemic, and it was about the shortage of cyber skills, between the children also, and young.
And the second was published just after the pandemic, a few weeks ago which show exactly how during the pandemic the cyber skills shortage was a problem for everyone. Not only in the education as such, but also that we don't have an expert, because we don't have the cyber skills among the young and children and we don't have enough cybersecurity experts who can support the safe and security in the Internet.
So the first question will be for Piotr. What was the main observation regarding cybersecurity safety during the pandemic?
>> PIOTR CIEPIELA: Okay. Thank you for that question. Obviously, I think, we are missing cybersecurity skills among adults as well, but I think what is really important is that pandemic time really changed the way our children are using the Internet. Actually, when you look at the statistics over 1 billion children are doing the remote learning. So basically, you know, a lot of examples we are pushing our children, kids, to virtual world. And for many of those, there was actually a first time. They were witnessing, they were experiencing Internet. Today it is said that one in three Internet users are children below 18 years old, right? So we have a lot of children out there.
And for us, maybe for adults, it's obvious that we are using social media, but for them it's something new. Also video streamings platforms, this is also something new and to be honest, I was talking to one of my friends and he was really surprised and actually a little bit shocked. His daughter received a link on the lessons, the music lessons where a song. For us, it's something really obvious and I was really surprised why he's so shocked.
He said, you know it was the first time she actually clicked the link and she realized that there's a whole world, you know, a whole platform with videos. And within two hours she was clicking the videos she's not supposed to see. Probably we are not realizing that even the first usage of the Internet may be actually something that may lead to the wrong situation.
So obviously, looking again at the statistics, today only 12% of the children are using Internet less than one hour. The rest, the 88% are using more and even 11% using more than 9 hours a day. So if we can think that ‑‑ that using it more and more.
And obviously, this is not a safe place, right? So looking again, what we are seeing, 28% of the children saying that they have the password stolen. 28%. So you can think what is happening with their account is being intercepted?
Again, 35% saying, my device was breached, something happened to my device. And 30% ‑‑ or 40%, sorry, 4 out of 10 kids saying they were already talking with stranger over Internet. 4 out of 10! So definitely this is the time for us to act, because we cannot really wait until high school to teach about cybersecurity. We need to teach about it before the first usage of the Internet.
Again, I think it's working both ways because today, I mean, we are talking about it as adults, realistically, we need to teach our children, because they will protect us in the future. And, again, very quick example, but, you know, actually, the real life story from two months ago. Very quick one.
I was driving a car and somebody called me. Basically, I'm looking, this is the number from Austria. And the gentleman ‑‑ I pick up and the gentleman says Mr. Ciepiela. I'm calling from hotel, X, Y, Z, and he said, there's a problem with your credit card. And I realize my credit card is about to expire. I'm driving a car, please call me back later. In the back seat, there's my younger boy, right? He's 8 years old at that time. And he's saying, dad, do you really know this person? Do you want to trust him and give the credit card number to him? And.
And I said, well, probably, I don't. But he was so surprised that I'm actually considering it.
He was actually warning me about it. And actually, I called the hotel and they said we were having a cyber breach, and actually, a lot of information was stolen, and that was actually calling our clients and trying to get that information. So the reason I'm saying this is that obviously we have a lot of discussion about cybersecurity in our house, but when we are investing in kids, they are giving back. So they will protect us, especially in this very emerging tech‑oriented society.
So I guess it's for them but also for us eventually. Thank you.
>> MAGDALENA WRZOSEK: Thank you. Milija, what is your experience about cybersecurity skills among children and how can we build them?
>> MILIJA LAKSO: Thank you. So many of ‑‑ many of the things just surfaced by Piotr, really resonated with what we are seeing as well.
So as we know, you know, today more than ever, children's lives are being shaped behind a screen and we see both huge opportunities through digital skills, as well as online threats that we really need to ‑‑ and harms that we need to be able to safeguard.
Unicef and Gallup recently released the changing childhood, it's the survey to ask multiple generations about their views on the world and what it's like to be a child in the world today. A few interesting points on that survey, one the things is that majority young people see serious risks for children online, just as seeing violent or sexually explicit content. But it is up to 78% of the young people who have reported that as a risk.
Or being bullied, 79% of young people report having encountered that online.
And also coming to your point just now, just 17% of the young people say that they actually trust social media platforms a lot to provide accurate information. So also to the point that young people oftentimes are very ‑‑ do have more of that understanding in terms of ‑‑ of how to balance the information that they are receiving. And we know, obviously, that child safeguarding and protection line remain inadequate to support children and their families and education system to prevent the risk to these harms.
Obviously, the tech solutions are crucial elements to respond to these threats and really the way we can innovate and support innovation in our organization, in such a way that the digital solution should not do harm even at the very inception stage, that you just also mentioned, actually.
So it's one thing to kind of like monitor and put policies and standards, but what really will kind of help us solve the problem is to ensure that the digital solutions are created and designed from the get‑go with the safety and the security and the overall benefit of the end user in mind.
And given that much of the underlying technology that exists today is proprietary to corporations, the willingness of corporations or the ability to incorporate children's rights and point of view, from the get‑go is really, really key the way we see it.
The way the UNICEF office of innovation and our Venture Fund, really, does this or one of the specific approaches to do this is our steadfast commitment to open source. So we explicitly advocate open source to enable create impact in international development and cooperation and really helping to create and invest in innovations that support safer solutions.
I will give one example, a recent example. So as we very well know cyberbullying is one of the pressing concerns that we see for children online. So recently, we teamed up with the Kid of the Year from "TIME" Magazine. That developed Kindly it's to end cyberbullying and leverages the latest developments in AI to empower children themselves to solve this challenge. So basically, it's an open source API that uses machine learning to detect cyberbullying in text‑based messages.
So when a child sends, you know, message over any messaging platform, the API, the technology will kind of give them realtime feedback on whether the text they have typed is potentially, you know, toxic content, something that can be interpreted as bullying. And this really helps children to reconsider what they have, you know, typed in realtime and learn on those kind of skills in realtime.
Again, this is an open source solution, open sourced API that we are developing and that can then be easily taken up by other organizations, by governments, by the private sector to integrate into their solutions.
>> MAGDALENA WRZOSEK: Thank you. I just got information that Fabio is with us. Fabio, can you hear us?
>> FABIO DI FRANCO: Yes, can you hear me?
>> MAGDALENA WRZOSEK: I can hear you. But something happened with the voice. I don't know. It's like, yeah, in the room, something changed. It's not loud enough, I think. Can we fix it?
>> FABIO DI FRANCO: Can you hear me better.
>> MAGDALENA WRZOSEK: Yes, I can hear you, hello, Fabio, can you say a few words about you, because you didn't have the opportunity yet.
>> FABIO DI FRANCO: Yes, sorry, first, because I had problem to connect. And about me, I am Fabio di Franco, and I'm Italian, and I work in ENISA. And my role is to lead the group body own cyber skills and cyber education, higher education most importantly. And our goal is to strive for cross‑sectoral and multi‑stakeholder cooperation. So I'm very happy to be here and talk with the partner that you created about what ENISA has been doing on this topic.
>> MAGDALENA WRZOSEK: Okay. And the question for you. I mentioned the two reports that ENISA developed about cybersecurity shortage, and gap in cybersecurity skills. Can you please elaborate a little bit about that. And maybe do you have an idea how to attract children to learn more about cybersecurity and get more cyber skills?
>> FABIO DI FRANCO: Yes. ENISA has an initiative about cybersecurity for kids. One more important is the European cybersecurity demands. Together with the European Commission and Member States. ENISA is mainly maintaining the website which has become the one‑stop shop for collecting our governance initiative.
The message of this year, for example, is thinking before you click. This is important for kids. It's important to everyone. It's important because everyone is rushing, and sometimes they are using this approach to make people click on the wrong link.
The European cybersecurity demands through video, social campaign, online games and infographics promotes this effort and use of the Internet.
For more teenagers, so older kids, let's say, ENISA organized the European cybersecurity competition. This is mainly a competition, between young individual coming from different Member States, aggregated as a team representing the country, like imagining the European Cup, which compete in solving cybersecurity task from different cybersecurity domains.
This year, we had the final in Prague and the students representing 20 Member States come together and fight for achieving the goal of making Europe more cyber secure.
In 2022, we will have an international challenge. So members, teams from all over the world, represented their own area will compete in June of 2022. And also we will invite schools to assist to some of these events, local schools, in the way that the students will understand which are the opportunities in cybersecurity, how to join cybersecurity, what to start.
And also we are training at the moment the European team, the group which will represent Europe. There are 100 students which at the moment are studying how to operate their skill in cybersecurity and we will use this person to become an ambassador, an ambassador for other persons in the way that they can be interested to cybersecurity for what they want.
In particular, it's very important for women ambassadors, because there is a gender diversity issue in cybersecurity. We know from our statistics that only 20% of the graduates are women. So overall, this effort, we think they contribute to reduce the skill gap and attract younger, diverse and gender diversity in the cybersecurity topic.
>> MAGDALENA WRZOSEK: Thank you. So we heard that international perspective and international data and now I would like to ask director Antoni about the Polish perspective, what can we see in Poland regarding cyber skills among young children, and how it was reflected during the pandemic.
>> ANTONI RYTEL: Thank you for this question. I think it's something that in the future it will be looked upon as a pivotal moment in the way we view digital skills, especially among young people, students and teenagers. I think first we need to distinguish between the cybersecurity and social technical security. So the level of awareness of the younger generations in terms of vulnerabilities, attacks, and the threats which are commonly considered cybersecurity threats, such as clicking on malicious links or responding to phishing emails, those kinds of things, the awareness of the younger generation is much higher than the ones ‑‑ the parent's generation, so to say.
This is defining a report which one of our departments published a few months back. On the other hand, there's a more crucial sphere of cybersecurity which is a social technical security, which means being ‑‑ how vulnerable are the children to cyberbullying, to misinformation, to all of those ‑‑ to poisonous and toxic content on the Internet, and unfortunately, the prevalence of those occurrences has much increased in the last couple of years, pretty much in every category, we are seeing an increase in the number of people who said I have fallen victim to X, Y and Z, malicious Internet activity. None of them or most of them did not entail an actual breach of security.
So ‑‑ so this is the bad news, but there are a few good news. So the first one is that the youngsters have a much higher rate of knowing whom to contact. So they can contact their peers. This is actually one of the largest categories. They can contact their teachers. They can contact specialist authorities, of course. And more and more of them are actually doing something. So there's a slight decrease in the number of teenagers who have fallen to some sort of incident, be it bullying or an actual breach of security and have done nothing about it.
So it's still about one‑third. So it's obviously not enough. We want this rate to drop down to zero. The existence of the awareness of resources is there, is already an optimistic trend. And finally, one thing which we're also seeing is a large discrepancy between the parent's generation so to say and the student's generation. As others have said, as well, I think we're already at the end of this age, when the elderly or the ones teaching the younger ones in terms of how to use technology, I think at this point, we are already at a stage when during the five years it takes to train a teacher in Poland, at least, probably so much technology will emerge, that it's likely that that class will know more than their teacher.
And this is something which we'll probably have to get used to. This is ‑‑ this is a trend which occurs all over the planet, really. And I think that we just need to harness it. We need to view this as an opportunity and we need to adapt to this trend, because while the actual proficiency in using technology may be more prevalent in younger generations, than the awareness of the social context of how it is used, what can it mean that's ‑‑ what can someone mean by sending a particular message? And what can those lead to is actually something which just comes with experience.
So our ‑‑ our belief is that the know‑how of, A, the private sector, which obviously manufactures and keeps most of the solutions that everyone uses, as well as obviously us in the public sector, which has a bit larger purview, especially over education. But I think that the main goal that I think we are looking at is to switch our mindsets towards ‑‑ from being proficient in the use of technology to being proficient in the use of technology, but luckily, we are going the right direction. This is a journey without a finish line with more and more technologies emerging, but this is something that we will have to cope with. It's just the price of progress.
>> MAGDALENA WRZOSEK: Thank you. Regarding the switching our banks to the security, I was wondering because Mr. Oko, you are representing a very important organization. Do you think it's possible for telecom as deliverers of the Internet, right, to support this whole process of putting awareness among the children and young people?
>> JACEK OKO: Thank you for this question. I think that telecommunication market is specific today, during pandemia, we are basing a solution on a sector. We are basing when we create new services in new model. The new model based on new behavior, new tools. We supported as services, intelligence mission, learning. It's specific situation. It's two really ‑‑ for both streams for operators, how to prepare more safety services for safety, of course, for people, especially for young people because they are open for ‑‑ for all information and they are open for the web.
The second way is how to prepare from the point of view of the operators because they are based on the business. They try to earn money, which really which way we can discuss. And as a moderator, as a regulator of the market, we start to organize a special kind of center, typical ISOC, dedicated for sectoral ‑‑ sectoral means, telecommunications sector, and so this centers us, ISOC, normally we discuss with those who assigned this agreement at the beginning, because we started last month, really. It's future.
We discuss about two streams. The main, of course, change, the information creates new ideas, new procedure. It's regulating, formal, very strong and hard for the user but we can discuss how to prepare a service, a new service based on the activity and young people, and based on the habits and how we create the services, there is safety and open for the young people.
And we can discuss about new formal regulation. The legacy on how to prepare the new service, but of course, open for the market, but safety for the users, especially the end users.
I think we discussed today about the children, but we have two very important areas that young people and old people. I think sometimes it's the same market. Similar. Maybe not the same, but very similar. And this is the mainstream for this ISOC, for the organization, for the communication within operators, vendors, because the background of the operators, there are vendors, of course. The processors, the developers, we should start really create safety services at the beginning. Absolutely in the beginning when we create the ‑‑ we assume how to create the service, we can be okay. We, our user ‑‑ end user could be very, very open young people.
The second way is the educational part, activity of operator, and regulator, but I think the discussion for the other question.
>> MAGDALENA WRZOSEK: Thank you. We have six minutes left. So I would like to do some remarks ‑‑ final remarks by the panel. So it seems like building cybersecurity skills and awareness among the children is a team job, right? Not from one sector only, not from the public administration not only the private sector but we need a joint effort. And my question for everyone, and here we will be so separated for different levels. What should we do together? And how do we support each other in this process? And maybe we will start from international level. So Fabio, and Milija. What do you think about it? What kind of action should be taken on the international level to make sure that we have this action in progress?
Fabio? Milija?
>> MILIJA LAKSO: Should I jump in first? UNICEF, and a number of other organizations, especially in this context of the pandemic and this huge shift to online, identified really five key things which we have been doing together. First is really kind of working to empower children online which we have already mentioned here quite a lot.
The other is supporting parents and caregivers to help children stay safe online. Some of the things that we have done in partnerships with the global partnerships to end violence, as well as ITU, was to launch a call for applications for companies that use frontier technologies to identify these detailed tools for children online safety, which will be announced soon, in the beginning of 2022, a cohort of start‑up solutions that are kind of exploring those frontier technologies in this regard.
Thirdly, it's really important to provide a safe online learning experience for students. So the learning space is obviously one that has really, you know, shifted a lot in this space and working together to really provide that is key. Some of the things, as I mentioned that we are doing together with ‑‑ with a lot of other partners is building digital open source digital public goods.
There's a vetted group of digital learning schools that available on the digital public goods alliance platform, and we are building a toolkit on personalized online learning tools in that regard.
Finally, we need to make online platforms safe and accessible for children, again, coming back to the responsibility of companies that are developing these, as well as obviously finally strengthening national prevention, response and support services together. So that would really be the key things we would like to serve in that regard.
>> MAGDALENA WRZOSEK: Thank you very much. Fabio, can we hear what you think about it?
>> FABIO DI FRANCO: Yes. Can you hear me?
>> MAGDALENA WRZOSEK: Yes.
>> FABIO DI FRANCO: Okay. So ENISA is the multi‑stakeholder agency, and will try to empower the people. So our goal is to create a bit of organization in cybersecurity, because cybersecurity is a multidisciplinary topic. So our goal is to make companies and people and organizations to understand better the cybersecurity market.
How to do so? We think that we should clarify the roles as well as the competence needed in cybersecurity. This is ‑‑ if we clarify this, we create a common language across whole domains, all sectors and all European Union. We are able to understand how the cybersecurity is evolving, since it's very dynamic topic, and also to target initiative to solve a specific problem. A specific issue.
For example, we don't have a magic in place to understanding how assessing cybersecurity initiative and awareness initiative. We have something, but it's difficult to measure. What we are trying to do with this multi‑stakeholder group is develop the common lexicon of the roles and competencies and based on this also identify metrics where we can identify which competencies are more important than others, and ‑‑ or more requests ‑‑ more requested by the market.
And this is ‑‑ next year, I will tell you that we will come up with the first framework, which will let the company to attract people, their job ‑‑ their roles that they need with the skill set that they need and individuals can understand better what they need to study in order to get their job.
So this is from the European perspective. Thank you very much.
>> MAGDALENA WRZOSEK: Thank you very much. We have one minute left. So we need to be very brief. But taking into account what our international guests said about the international level, what is happening, what needs to be done here in Poland? Public administration perspective, like what exactly how can, for example, private sector support you in this action? On both the regulatory level, as the regulator of the telecom and all the actions that you are taking in this area.
>> JACEK OKO: Who first?
>> MAGDALENA WRZOSEK: Whatever you like.
>> JACEK OKO: Okay. I think the most important thing is we should present the young people ‑‑ it's a regulator, we can support it by the education way. Of course, the ‑‑ I think most important is the form of the presentation, of the information, because normally, we explain using the typical head which is ‑‑ they use the mouth and explain how it is dangerous, et cetera. I think we should prepare new ‑‑ new challenge for the communication.
For example, gaming. The same habits, but more safety with safety and with danger, present what could happen when you ‑‑ as young people will go the other way, not exactly safety way.
I think we can organize and support some workshops with young people. Normally, two careers, of course, we organize normally. Today we try to organize online, but I think next time, we will organize normally with the organizations, the work contact with the young people, because the contact and the way how we can show them how we can create, how we can organize and what it means for safety, for your colleagues, not only for you, because this area is very, very important for our contacts with the people. We can sometimes ‑‑ we can use the words, which is not so good for other ways, because like really fake. And it's a tragedy for young people which is open for us and I'm terrible and the reactions were not so good. We should prepare them in a responsible way. We can create open because we need the services but still safe services. Is our support.
>> ANTONI RYTEL: So I will try to be very brief. So first, common vocabulary knowledge sharing. Fabio referred to this I absolutely agree. We do need to speak with one voice. Also, the public sector does not control the Internet. It's something which is not really regulated in terms of who can access what. So we do not always get firsthand knowledge about every possible threat we can find them but in order to fight them, we need to know about them. So if they are reported and if children are engaged to report them, we can act.
We have actually started from easing procurement of sophisticated technologies into the public sector, so there are ways to do this in a way which is friendly to both parties which respects their specific way of doing things.
So definitely the tools with very welcomed innovation and something which is something which could really give us an edge in terms of fighting those pathologies of the internet. And third of all, we need to work together on the charting of the future technologies. For instance, we have launched this initiative where every school in Poland will have 3D printers and micro controllers and obviously very useful technology but a huge distraction potential as well if someone misuses them.
So both in terms of vendors and other users and manufacturers, we really need to speak with one voice to identify, contain and eliminate the risk and educate on their ‑‑ on the possibilities of misuse and ways of fighting them. So this would be it. And many thanks for the invitation again.
>> MAGDALENA WRZOSEK: And finally, Piotr. What can the private sector bring to the table?
>> PIOTR CIEPIELA: First of all, I think each sector separately is not enough, really, everyone is actually doing something, but to be honest, we need to have a triple helix approach. If you know it is basically government, industry and universities, right, this is very well-known approach. Basically, as you can see, we have all the pieces of puzzle, right? We also have ICS, we have created again cybersecurity adventures, basically for kids 6 to 11 with this famous catalyst, but we were lacking scale. We were lacking scale. And we need the organization. I think the private sector had helped with localization, with translation of those materials, but I think if you really want to have a scale, you first of all need to think about introducing this as a formal subject of a history or biology to schools and have a regulatory requirement and train the trainer and support from nonprofit and private organization to teach actually the teachers. And then we can, I think, have a scale. And otherwise ‑‑ I know it for a fact because we have created the trainings for seniors, for instance and it was very difficult to approach, to convince the head masters of the school.
Without the government support over here, I think it will be difficult, but I think we have all the things we need. I think cooperation will definitely should lead the way. Thank you so much.
>> MAGDALENA WRZOSEK: Thank you so much. So I think the final remark is let's work together to do it better.
Thank you very much for attending the session. Thank you to all the speakers here and also remotely. Thank you for everyone who joined us online and have a great day.
>> PIOTR CIEPIELA: Thank you so much.
>> MAGDALENA WRZOSEK: Thank you, bye‑bye.