IGF 2021 WS #142 One click to attack critical infrastructure. What can we do?

Thursday, 9th December, 2021 (08:30 UTC) - Thursday, 9th December, 2021 (10:00 UTC)
Conference Room 6

Organizer 1: Anastasiya Kazakova, Kaspersky
Organizer 2: Pierre Delcher, Kaspersky
Organizer 3: Jochen Michels, Kaspersky

Speaker 1: Anastasiya Kazakova, Private Sector, Eastern European Group
Speaker 2: Regine Grienberger, Government, Western European and Others Group (WEOG)
Speaker 3: Johanna Weaver, Government, Asia-Pacific Group
Speaker 4: Serge Droz, Technical Community, Western European and Others Group (WEOG)
Speaker 5: Pierre Delcher, Technical Community, Western European and Others Group (WEOG)
Speaker 6: Neil Walsh, Intergovernmental Organization, Intergovernmental Organization

Additional Speakers



Mr. Dan Yock Hau, Government, Asia Pacific Group 

Ambassador Henri Verdier, Government, Western European and Others Group (WEOG)

Ms. Carmen Corbin, Intergovernmental Organization



Anastasiya Kazakova, Private Sector, Eastern European Group

Online Moderator

Jochen Michels, Private Sector, Western European and Others Group (WEOG)


Anastasiya Kazakova, Private Sector, Eastern European Group


Round Table - U-shape - 90 Min

Policy Question(s)

Cybersecurity practices and mechanisms: What are the good cybersecurity practices and international mechanisms that already exist? Where do those mechanisms fall short and what can be done to strengthen the security and to reinforce the trust?
Roles and responsibilities in protecting against cyber-attacks: Which stakeholders hold responsibility for protecting national governments, businesses and citizens against cyber-attacks?

Additional Policy Questions Information: Our session aims to discuss a global response to preventing risks for critical infrastructure protection (CIP) within two tracks of moderated panel discussions. The first track focuses on conceptualizing a CIP policy framework and will bring government representatives representing their UN Member States in the intergovernmental negotiations and processes taking place at the UN First Committee. The first track presumes the following questions for the discussion: While protection of CI is a prerogative of states, including the formulation of what CI is, they are not the only ones operating in this field. A large portion of CI is owned and/or managed by the private sector. In the event of a cyberattack on CI, what’s the recommended course of action? As the private sector has a responsibility to protect, what is it expected to do and not to do? What are the existing good practices and approaches to protecting CI? What are the takeaways from the 2021 consensus UN OEWG report for the global community? The second track will focus on exploring opportunities for creating/developing a 'UN cyber emergency phone book' to deal with cross-border significant cyber incidents affecting critical infrastructure. The track will bring representatives from technical community, private sector, intergovernmental organization and government to discuss the following questions: Where a cyberattack affects CI in several jurisdictions, is cross-border cooperation possible and how? Is a ‘UN cyber emergency phone book’ possible? If not, why not? If an affected state doesn’t have the capability to respond and protect itself, who should it approach for help? What does the UN cyber stability framework suggest doing? What can be done to achieve stronger cooperation between CERTs/CSIRTs? And how can the neutrality of CERTs/CSIRTs be ensured during a cyber-crisis?

The two-track workshop, focusing on various elements of critical infrastructure protection (CIP) in a moderated panel discussion, will aim to address the following issues: 1. The first track will focus on national approaches and existing good practices to CIP, also touching on the global processes/negotiations taking place within the UN First Committee. Within this track, we will identify existing mechanisms and approaches of the UN Member States for CIP, accountability and roles of the private sector - which in often cases owns and/or manages critical infrastructure - as well as other stakeholder groups who support States in ensuring CIP. We will discuss these issues, taking into account the intergovernmental processes in the UN First Committee (i.e. UN OEWG and GGE) and the UN cyber-stability framework (consisting of non-binding norms, international law, confidence-building measures and capacity building) to share UN Member States' approaches to best practice implementation of this framework (especially when it comes to CIP-related non-binding norms). 2. The second part will explore opportunities for creating a ‘UN cyber emergency phone book’ – mechanisms for a global incident response in the event of cross-border cyberattacks on CI. This will include the discussion of the takeaways from the 2021 consensus OEWG report (and hopefully, the outcomes of the current UN GGE process) and, in particular, the recommendation on nominating national points of contact (PoC). We will try to discuss if the global cross-border cooperation mechanisms for incident response and mitigation are possible, despite the growing fragmentation and confrontation in cyberspace. And if possible, what the key ingredients/elements should be in place to make these cooperation mechanisms work. In this regard, particular roles and responsibility of different stakeholder groups (States, private sector, technical community etc.) will be included in the discussion too.



Targets: The discussion of issues and challenges in ensuring the critical infrastructure protection, with the participation of leaders representing governments' views as well as private sector and technical community will thus address SDGs target focusing on developing resilient infrastructure (e.g. 9.1.), including in the Global South countries (e.g. 9.a.). As the session will also focus on the intergovernmental processes taking place in the UN First Committee and will discuss different roles and accountability by UN Member States, including from developing countries, as well as other non-State actors, targets 10.6, 16.3, 16.7, 16.8 will be addressed too. Capacity building as one of the crucial elements in the UN cyber-stability framework will be widely covered in the session to identify what different stakeholder groups can and should do to strengthen the CIP across the globe, and from this perspective the targets 17.9, 17.14, 17.16, 17.17 and 17.18 will be covered.


The session titled as 'One click to attack critical infrastructure. What can we do?' aims to address current issues and challenges the global community faces in ensuring the critical infrastructure protection (CIP). By bringing different stakeholder groups' perspective (including governments, private sector, technical community and intergovernmental representatives), the session will focus on two key tracks: conceptualizing a CIP policy framework, and exploring opportunities for a 'UN cyber emergency phone book'. While the first track will focus on existing approaches of the UN Member States to ensure protection of critical infrastructure, as well as existing limitations and challenges to achieve this, the second track will explore opportunities to develop global cross-border cooperation mechanisms to address significant cyber attacks affecting critical infrastructure. In both tracks we will discuss these questions taking into account the UN cyber-stability framework and intergovernmental processes taking place in the UN First Committee (here we refer to the UN OEWG and UN GGE).

Expected Outcomes

Conceptualization of key elements for ensuring critical infrastructure protection and global incident response policy as well as identification of potential challenges and action items for the global community as a result of the two discussions involving experts and leaders representing different stakeholder groups and regions. As a result of the session we will also prepare a separate publication (report) to share the knowledge - we will get during the session - with a broader community.

Organizers will explore the use of audio-visual material (i.e., presentation slides, images, videos, infographics) throughout the workshop to animate the session and aid those whose native language may not be English. In addition, to further active participant interaction, there would be two brief online quizzes (consisting of 3-4 questions) offered to both the onsite and remote audience to poll participants in real-time on their views and collect their knowledge and feedback on the topic of two tracks' discussion. The remote moderator will make sure that all remote participants have a chance to share their views and ask questions during the workshop.

Organizers will use social media to promote the workshop in the days before leading up to the IGF and share the workshop’s findings after the meeting concluded.

Experts will also provide additional references and literature to the audience to present different stakeholder groups’ and regions’ perspectives on the topic.

Online Participation

Usage of IGF Official Tool. Additional Tools proposed: Menti.com for organizing brief online quiz (before the first track) and poll (before the second track). The quiz will consist of 3-4 questions to see how aware the participants of the workshop are of existing good practices to ensure critical infrastructure protection. The poll before the second track will aim to collect participants' feedback and views to possible global cross-border cooperation mechanisms to address significant cyber attacks affecting critical infrastructure.

Key Takeaways (* deadline 2 hours after session)

Discussed some countries' approach to regulating critical infrastructure protection (CIP);

Explored opportunities for cross-border cooperation between states and non-state actors in the event of a significant cyber incident.

Call to Action (* deadline 2 hours after session)

The global community needs greater knowledge on how non-binding cyber norms, including on CIP, are implemented at the national level;

Some of the confidence-building measures (CBMs) (e.g. establishing national PoCs) could serve as a basis for more effective cross-border cooperation in an event of a cyberattack at critical infrastructure.