IGF 2022 Day 2 WS #253 Towards Cyber Development Goals: Implementing Global Norms

The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.

***

 

>> MODERATOR: Shall we?  Hello, everyone.  Can you hear me now?  Can people online hear me as well?  I hope so. 

>> Rene Summer: Yes.

>> MODERATOR: Thank you for letting me know.  I would like to confirm that our online speakers are connected and their microphones and cameras are enabled.  Kaja Ciglic and Rene Summer if you can invite you to turn on your microphone and camera.  We cannot hear you in the room.  We can hear ‑‑

>> Rene Summer: Good morning.

>> MODERATOR: Waiting for the music to stop. 

>> Can you hear me? 

>> MODERATOR: See if we can hear you. 

>> Kaja Ciglic: Hi, how is everybody. 

>> MODERATOR: We cannot hear you. 

>> Kaja Ciglic I can hear Rene Summer.

>> MODERATOR: Yes, we can hear you.  If you are wondering if you are in the right room, this is IGF 2022, WS 253, towards Cyber Development Goals implementing global norms.

This session is convened by a number of partners, and national Chamber of Commerce, Business Action to support Information Society, an initiative I'm representing.  My name is Timea Suto, I will be your moderator today.  We have a distinguished panel with us.  My friends and colleagues that pulled this together.  In order of the alphabet we have Kaja Ciglic, Senior Director at Microsoft.  Mr. David Fairchild, first Secretary of Digital policy and cybersecurity affairs at permanent mission of Canada at UN in Geneva. 

We have Grace Itaga, CEO, and convener at PictoNet.  Jaqueline Pateguana, Clearinghouse Coordinator At Global Forum on Cyber Expertise.  And Mr. Rene Summer the Director of Government and industry relations at Ericsson Group, also online. 

Thank you for joining me.  And thank you to everyone in the room.  We have a panel, but I don't think it is just this panel, but the entire roundtable here.  We hope to have an engaging conversation with everyone today. 

By way of quick introduction of what this session is supposed to be about, as you all know, by today, cyberspace is an intrinsic part of development of every country.  Enabling everything from distance learning, innovation, and social and economic growth.

Secure infrastructure is the backbone of the social and economic development.  With just over half of the world's population connected to the Internet, closing the digital divide is essential to reduces inequalities and social economic gaps between those with service and those without.  However this rapid digitalization comes with risks as well including Lowe and middle‑income countries that may lack cyber resilience.  The growing vulnerabilities causes falling short of the frequency and intensity of fighting the cyber attacks.

This need for digital innovation and lack of strong security posture can be considered a risk towards achieving Sustainable Development and a track to a safe online environment.

While doing more to increase resilience of the infrastructure that is necessary, it is not sufficient to break growing trends and decrease the cyber threats that businesses and societies are facing every day.

Thankfully, we have ample ground to build on.  Most States and organizations have firm against the international law and the U.N. Charter applies to the use of ICTs by states.  States have agreed on norms for responsible state behavior in cyberspace.  Translating the agreements, the existing norms into feasible actions that halt the trends of cyber threats on businesses, communities, Governments worldwide is what is needed and long overdue.

Furthermore to empower societies against increased risks, the international community should explore practical ways to mainstream the cybersecurity capacity building.  This is essential for building resilient societies and approaching the whole of society to fight against threats.

Mainstreaming cybersecurity will leverage the resilience mechanisms reporting the safe Digital Transformation and thus a better and more sustainable future for all.  It is in this context that the International Chamber of Commerce convenes this session to discuss multistakeholder processes, agree and adopt so‑called cybersecurity development goals.

In this session with you all together and with the present panel, we would like to present this proposal for cyber development goals and gather perspectives from all of you on what such a list of goals can look like and what is the process to develop them.  This session aims to kick start a continuous dialogue and stimulate collaborative input from the international multistakeholder community, which is what the IGF is all about. 

I promise you won't hear this much from me during this session, I would like to give the floor to our speakers.  I would like to start with Grace here to my left to ask you what do you feel about the current situation of cyberspace, the activity of cyber laws and norms and what would be your recommendation on bolstering capacity building to implement this framework.  You will have five minutes. 

>> Grace: Thank you very much for this opportunity.  I'm stepping in for someone else that was supposed to be here.  But I believe I can still speak into the issues.  So in terms of cybersecurity approaches, what has been going on?  There are different efforts at different levels. 

Some, like the moderator highlighted include these like people coming together for the IGFIGF is seen as a multistakeholder approach where different voices come together to dialogue on an issue and articulate their perspectives.  So IGF remains one of those platforms that can be used to discuss cybersecurity measures.

The other process that is happening right now is the Open‑Ended Working Group where different Governments are ‑‑ you know, gather to discuss this.  And recently, they have also allowed, you know, other stakeholders like the businesses and Civil Society to come in and make statements.

So what I would say is that when you discuss cybersecurity, it is important to employ multistakeholder approaches, because we have seen that cybersecurity cuts across everyone.  Everyone, especially who is a user of any gadget or any device is prone to you know cyber attack.  This is, you know, this pass on or institution needs to be involved in this dialogue so we come up with the missions.

So in terms of what is being proposed, for example, I just like the expected outcomes.  Because you know, they're good, they're ideal.  And they express great aspirations of what to expect in terms of cybersecurity dialogues and measures. 

But my only concern is we need to be very clear who is ‑‑ you know, who is proposing these measures?  Because we have seen if you don't get it right from the word go, issues of trust coming.  If the process lacks trust from the word go, then it loses credibility.  So who is proposing this?  Is it the businesses?  Is it Civil Society?  And therefore, we need to consider a multistakeholder approach.  This is why this is such a meeting is very good.  Because then you're presenting and getting a buy‑in from the rest of the people in here.

The other thing is when we adopt the multistakeholder approach, how do we involve the multistakeholders?  We need to be clear on how this involvement will happen.  Are we going to select representatives from the different stakeholders to actually articulate what is important? 

Then Cybersecurity Development Goals needs to cut across practically every aspect of our lives.  So we are not looking just at security but also at development.  For us in development, what needs to be done to reduce the cybersecurity issues? 

And then I have highlighted that trust is very critical in such a process.  You know, we need to think through the issue of trust because this is what undermines good processes.

And therefore, we need to be very clear what are some of the trust issues.  And deal with them in, you know, at this stage.

And then of course for me, the last point, I know, before you tell me my time is over, there is the issue of cyber hygiene.  So we all tend to talk about cybersecurity, cybersecurity this, cybersecurity that.  And we forget that cyberattacks come to gadgets and systems and also to users.  Users might not be like us that are sitting in this room that are lucky to be discussing what are the critical aspects of cybersecurity. 

And so we must start mainstreaming cyber hygiene into this cybersecurity conversations.  Because it is ordinary people who are affected.  And it is ordinary people that we need to start embracing cyber hygiene practices so they're also able, you know, to understand because we talk of capacity building needs.  Ordinary people need to start understanding how cybersecurity affects them.  And how they can contribute into the processes.  And actually ensure that we all, you know, are attempting and moving towards a secure and safe space online.  Thank you. 

>> MODERATOR: I will use yours because mine is not working.  Thank you, Grace for that introduction.  You highlighted some of the things we would like to unpack throughout this session.  We look forward to everyone's contributions that you mentioned.  Processes that are ongoing at the U.N., the Open‑Ended Working Group, and the process to develop the cyber convention and Ad Hoc on cybercrime in Vienna.  And the international law and great work this previous GGE.  Against this landscape and against this list of aspirations, modalities, involvement, inclusion that you mentioned, what its Cyber Development Goals could do, Rene Summer?  What is this current state of implementation of existing norms and key ‑‑ how does that fit with the Cyber Development Goals structure?  What is this really we are presenting here for discussion? 

>> Rene Summer: Thank you.  Good morning to you all.  Sorry I couldn't be there with you to continue this very interesting discussion.

I think I heard already being echoed by several speakers that the relationship between digital the SDGs and cyber is a shared ‑‑ understand it is a dependency that we need to recognize.  This is a shared understanding.

I think what is important to also highlight that when it comes to the continued digitalization, which comes with enormous benefits this is a challenge for low and middle‑income countries as well as for high‑income countries.  It is not specific to one part of the world. 

This also warrants need for collaboration.  And the importance of trust.  And a global multistakeholder process.  Where we convene different stakeholders and collaborate together is essential element of achieving positive outcomes.

This is I think, where we as ICC starting in the case for collective outcomes and collective action is absolutely essential.  That is why we also think the Cyber Development Goals complement the Sustainable Development Goals where this is the key element.

In principle, what we are trying to say is that for this process to be successful, of course, the multistakeholder approach is an essential starting point.  Furthermore, we think that effort, collective effort here around the Cyber Development Goals could also help mobilize the U.N. development system and also help achieve concrete goals and facilitate coordination between stakeholders. 

So by no means, this should not be understood that ICC has an answer in the back pocket, which we are trying to position here.  It is really this joint effort and collaboration that we are calling for.

In terms of working towards some overarching objectives where we think a global multistakeholder process could help to A, agree on.  And adopt those Cyber Development Goals, we think that there are following consideration to be made.

Firstly, I think we need to demonstrate that a secure and trusted and inclusive digital economy is vital for continued progress.  This is really a shared challenge and a shared effort that needs to come from this.  We also want to work with the multistakeholder to convene a multistakeholder coalition with the purpose to develop and endorse the CDG concept.  Again, ICC per say does not hold the answer here, we don't have a specific solution in mind here.  We're calling for this effort to start and to works toward certain outcomes.

And a convening of the voices is what we are proposing.  And of course, some of what we think this shared effort should work towards is to support the implementation of those agreed norms.  And the international key that is highlighted.  This is not to change or shape the objective or the overarching destinations that have been agreed.  This is a facilitator.  A convening effort from our side to pull together different stakeholder to agree on how to support the implementation.

Of course, how can different stakeholders come with ideas and suggestions.  How the international community can support in achieving these goals.

So to conclude, in terms of what we are putting forward here is that we would like to initiate a process, multistakeholder process, an interactive consultation that aims to create in a collaborative fashion these goals and ideas how to achieve those.

We are trying to propose or think of this as an aspiration of goals where we together work as an international community to agree on actually what these goals should be at the end of the process.  So again, there is no idea.  We don't have a mix of goals already set in our mind.  It is the process that we'll develop these goals.

And of course, for this to happen, we, ICC will convene a multistakeholder Coalition of interested Governments and international organization, business, Civil Society, and technical organization.  Because we believe that we need to do this together.  So if there is anything I would like to end off with in terms of calling for action is that we try to endorse the need for a collective action with the purpose to have a global multistakeholder process that aims to agree on what the goal should be and how to go forward to adopt those Cyber Development Goals.

I think I will stop here. 

>> MODERATOR: Thank you very much Rene Summer.  These two interventions really conclude what we meant, what we wanted to put forward as a background for discussion. 

We've heard from Grace what would be the aspirations for Cyber Development Goals.  The need that we need to work together on these.  The need that we need to talk about not just technical issues, but the developmental issues and the way we translate goals that are sometimes very high‑level and very technical into every day, clear needs and actions.  So that everyone from the most technical experts to the layperson understands them.

And we understand from Rene Summer now on what is the proposal here at the table that we are looking for, pulling together a set of aspirational but feasible goals that would help rally all of us around the table as an international community.  Everybody in the U.N. system, Governments, businesses, Civil Society, around the globe, come together understanding that we need something like this.  But work together to define it.

This is what is at the table, the background of what we are going to discuss.  I will turn to my Fellow panelists to ask what do they think about this proposal?  And give some meat on the bones of this, of how this can help, how it could not help, if they think there might be pitfalls here.  What are the ways forward?  And if the Cyber Development Goals are something we want to take forward, what should those include?  How do they combine with existing work and efforts?  Because we are not acting in a void, there are a lot of initiatives already afoot.  How can the Cyber Development Goals also help pull those together or build on the good work that has already been done? 

To start out, I am going to turn to Jaqueline Pateguana.  As I said, Jaqueline Pateguana is the Clearinghouse Coordinator At the Global Forum of Cyber Expertise.  The premier cybersecurity capacity building organization, in my humble opinion.  How do you see the Cyber Development Goals and how can they help the cybersecurity capacity building for development? 

>> Jaqueline Pateguana: Thank you.  I think you have addressed what the GFCE does ... and why maybe we might be part of this conversation, but to give context to the participants in this room today, the Global Forum on Cyber Expertise is an international platform for collaborations and reducing of overlap and duplication of efforts in cyber capacity building ecosystem. 

We are comprised of over 170 partners and members, including 95 U.N. Member States, industry representatives, Academia, technical groups, Civil Society. 

So we have been working since 2015 to identify and create solid foundation of knowledge and resources on cyber capacity building.  Who is doing what?  What are they doing?  Where are they doing it?  And is there coordination amongst those who are already doing to make sure there is no duplication of efforts and also ensure that there is collaboration.  International, regional collaboration.

What we have seen through our work and contributions from the members who are out there doing these initiatives on the cyber capacity building specifically.  It is fundamental to link cyber capacity building with development.  Cyber resilience is an underlying imperative to achieving the Sustainable Development Goals.  You cannot think of deploying an education or health information system without thinking about the cyber triad.  Confidentiality, integrity, availability of said system.  You have to build trust with the users.  How do you do this?  Through cyber resiliency.

You have to think about this as a cross‑cutting issue, not only within the Ministry of ICT or telecoms.  There is justice involved, interior, education, health. 

Thinking about Cyber Development Goals, one of the conversations we have within our network is there are instruments and frameworks that exist such as norms on cyberspace developed by the U.N.  There are other stakeholders that could be inputting but don't know.  Cyber Development Goals would add to the conversation of coming up with feasible, achievable goals to put out to the worldwide community for implementation, for action.

Governments are trying to do it.  International organizations are trying to do it.  Cybersecurity is a complex issue.  We referred to it, it is a whole Government.  It is a whole society issue.  You have to think about how to address it.  Cyber Development Goals are not, you know, they're particle of a wider conversation on how we can mainstream cyber capacity building into development and make sure we are building sustainable economies, sustainable ecosystems going forward.

So we're very excited about this.  I think, you know, within our community, we started on some activities.  I think during this conversation I can share, but I won't prolong my initial thoughts.  Cyber Development Goals is what we see as especially for Private Sector contribution, and even Civil Society contribution to cyber resilience within national, regional, international fora.  I will stop there. 

>> MODERATOR: Thanks, Jaqueline Pateguana.  I like that last thought, especially on how the Cyber Development Goals have the potential to rally work and efforts not just at the international level, but we have to make sure those trickle down into the implementation of international context and into the various actors in different parts of Government that might not think that cybersecurity is part of their work or job, but it is.  Same to the whole of society.  That is something that definitely we are noting.

I am going to turn now to David, who as I said, is first secretary in the permanent mission of Canada at UN Geneva.  And our token Government representative on this panel.  But not the only Government that we're talking with about these issues.

But what I want to ask you, knowing that Governments are engaged heavily in international discussions in cybersecurity in different fora and different contexts.

What can an initiative like this bring to that?  Can it help?  Is it a complication?  Or can it help bring additional perspectives? 

>> DAVID FAIRCHILD: Good morning.  Hope everybody is awake.  Day three on the schedule.  I'm David, I'm a diplomat.  That is about as much as you need to know.  You may wonder why I'm here, I'm from Geneva, what am I doing at the IGF on an international panel?  I ask myself that question, too. 

I sit on a perch and attend all kind of different events, fora and processes that cover the gamut from digital through to cyber.  I think that is crucial and why I'm here.

The topic today is about bridging what I would say is traditionally two solitudes.  There is a conversation about cybersecurity in one area of the multilateral system and a discussion about development in an analog sense in a different part of the system.

Now we're talking about digital development, which is a blending of the two worlds.  I am going to employ a famously coined statement which is be sincere, be short and be seated.  I will keep my remarks short.  I have had to endure long ones the last couple of days.  So I appreciate it.

Canada is in the forefront of the system and we engage.  We uphold the system of open, free, interoperable, secure Internet based on democratic system.  There are other models, other ways of organizational models out there that are in competition with this.  But this is what Canada supports.  This is what Canada promotes. 

We uphold the United Nations’ framework for responsible state behavior in cyberspace with four pillars.  International law, norms, confidence builders and capacity building.  Capacity building underlies the other three laterals. 

‑‑ pillars.  This is one of stakeholders that have agency and equity in the issue.  Private Sector, Civil Society, Academia, individuals, the Internet belongs to all of us.  I think that is a difficult thing for Member States to grapple with.  These are multilateral fora.  But the stakeholders themselves need to be given meaningful participation which is the next point.

Canada is a strong Ser of meaningful multistakeholder.  If you talk to many of the stakeholders that followed the first Committee, I think we walk the talk.

21st Century is about Digital Transformation.  This is a wickedly complex problem, which I also consider omnidirectional.  Multisectoral, it is basically playing 3D chess and makes it difficult to deal with one thing at a time.  You have to deal with many things, many different ways.  This is further amplified as we talk about Digital Transformation and the development context.

So rising digitalization, rising cyber interdependence, in the borderless nature of the Internet means common threats and risks.  Every Member States should have an interest in every other Member States' cybersecurity.  It is only going to increase as concerns seek to transform their societies, their economies for the 21st Century.

So in short, I would say Canada is open to listening, engaging and consider anything that comes forward in the sense of having had a preview to what the ICC is putting out, I think failure to do otherwise is a failure to walk the talk.  It is a difficult conversation.  If you talk to people who are pure cybersecurity specialists that sit in that world, they're often reticent to talk about development in this context.

Every time you take a step forward on the digital pathway, you open yourself to further risks undermining the systems that have to be secure in order to keep the rest of us secure.  In that sense, this is a common outcome.  That is the transversal nature of the problem.

I will finish by saying ‑‑ this is my coin term.  We're in a sort of drive to 2025, we're in an interesting three‑year period where there are several multilateral processes covering a vast number of digital, cyber, tech governance issues that are all interrelated.  I put that forward to say as we think about the conversations, think about 2025 and the outcomes we're looking for.  The SDG review in 2023.  Summit of the 40, 2024.  WSIS + 20, 2025.  These discussions need to progress.  In the two years I have been doing IGF.  A lot of talk, not a lot of walk.  I think that is where I believe the ICC is trying to take us.  I will simply stop there.

>> MODERATOR: Thank you very much, David.  It was certainly short and sincere.  Thank you for that.  I think that sincerity is the ethos of developing Cyber Development Goals as well.  Because as you said, we are going to have difficult conversations.  Especially I think we're going to have difficulty speaking a common language, as you said, because we are a bit divided between the development policy people, between the cybersecurity policy people, the capacity building organizations, the businesses, we all think we're doing something, but how can we bring it together to speak a common language?  And really walk the talk.  Because I think we are looking at the same goals, but we need to find a way to get all of us behind the same goals and get there together. 

So Kaja Ciglic you're the last one on the panel, but not the last one to speak today, for sure.  I wonder if you want to bring us back to what the Private Sector hopes the CDGs could be.  What do you see as opportunities and challenges from a company that is heavily involved in cybersecurity discussions?  Where do you see the CDGs helping and what are challenges with that? 

>> Kaja Ciglic: Yeah.  Thank you.  Again, like Rene Summer, sorry I couldn't be there.

I think from a Private Sector perspective, I think ‑‑ I would echo what you just said, which is we all I think probably have very similar goals, we just look at it from slightly different perspective.

We don't always use the same language.  I think that therein is where the opportunity for the Cyber Development Goals lies.

I don't necessarily think that there would be anything that I would say that would be in competition or it would contradict anything that, you know, any of the previous speakers have talked about.  I think we all want a greater ‑‑ greater cybersecurity and greater stability of the online environment.  I think at the same time we all also want to ensure that we continue to make progress in bringing more and more people online.  Not just bringing more people online, but also getting more and more people adopting new technologies. 

So finding new ways of using them.  Purposely.  Usefully.  Effectively for the society.  And to do that in a safer way. 

As it was mentioned, there is a lot of ongoing initiatives at the moment that focus on cybersecurity capacity building.  Whether it is the work that is being done through the GSCE which we are proud to support.  I agree with you.  I think it is the premier body for cybersecurity capacity building.  Or others.  Different initiatives sponsored.  And advanced by both Governments and the Private Sector.  And often implemented by Civil Society and Academia.

Again, as it was mentioned, I think this is one of the areas that kind of needs to bring all of the different stakeholders together for it to succeed.  And this is where I think ‑‑ I think that there are a lot of very different initiatives.  There is still, even though with the efforts of the GFCE, still not necessarily coordinated or aligned to the extent that they could be.  I think the Cyber Development Goals, you know, as initially envisioned and of course, this is a continued conversation.  As far as I understand, really focused on the implementation of some of the agreements that have been adopted by States at the United Nations.

You know, as a core framework to drive some of those implementations, I think something that would be a useful rallying call to action.

 Both in terms of, you know, an aspirational goal that States should strive to, in terms of where they want to advance their cybersecurity journey to.  As well as a goal to focus funding for this issue.  I think funding across the Board in this space is still sorely needed.  And as well as sort of a process that allows progress to be measured a little bit more.  I think at the moment, a lot of the conversations that are happening and it is at the international level, in a very abstract level, figuring out how some of those ‑‑ some of those agreements should actually be implemented.  In real life.  And also then measuring progress towards those.  I think it is something that the goals can really meaningfully do.

I would say that is not to say there is not a lot of work being done already.  Because Canada, as David has talked has been driving a lot of fantastic work around trying to get countries on board to understand what implementation of some of these things would be.  But I think we need to take a step further and also work with the Civil Society industry development community, which is often really missing from the cybersecurity discussions.  We tend to be driven largely by either technologies or national security specialists. 

And unpack them, figure out how they can be most usefully applied in a domestic context to advance the development of those country.  I'm going to stop here.  But happy to take any questions as we go on. 

>> MODERATOR: Thank you very much Kaja Ciglic.  I noted the three things you said here quickly on my notepad of what the goals should strive to be and what they should accomplish.  And I like how you framed it as an aspirational goal that States should advance to while being something that helps us also track our progress.  And measure what we have achieved.  And of course, think about how those goals can be translated into our needs for funding and resourcing these activities.  Be that capacity building or anything else we need towards the implementation of shared norms and objectives.

So we have heard from the panel, before we turn to the audience ‑‑ by the way for those of you online, I'm not sure if you can see us.  We're almost standing room only.  I hope there will be a lot of interventions from the audience. 

Before I turn to that, I want to make sure the panel has time and opportunity to react to each other's statements.  I will go in the same order as we have taken the floor before and throw the ball back to everyone to react to what you have heard from each other, if there is anything you want to complement, challenge, or question each other about?  Grace?  

>> Grace: For me, the second speaker, I forget his name, he did articulate what I raised, the need for trust in such processes.  I think this will be critical so we don't undermine this process.  Because it is a good process.  The proposals are good.  And ideal.  And if they worked, we would actually start seeing a more safer cyberspace.  So the question then ‑‑ that is probably one of the things we need to hear from the audience is how then do we ensure that there is trust in this process? 

>> MODERATOR: Yes.  That's a really good question for any process, I feel.  That needs to be ‑‑ even if we claim it is multistakeholder, the fact that we are here and before we even start with anything are trying to invite your views and inputs.  And the sincerity that David mentioned earlier, I think that helps in creating (feedback).

We need to walk the talk for sure as we progress with this initiative and making sure that everything is transparent and inclusive and really helps bring people along the journey. 

Rene Summer, Grace sort of threw the ball to you.  What do you have to add? 

>> Rene Summer: I guess I can speak for ICC specifically here aside from calling for this initiative and asking for different stakeholders to participate in this process from an ICC perspective, also to be extremely clear.  This process and the importance of these goals is kept separate from whatever position ICC might have on any of the substantive points.

We are not trying to use this process as a way to sneak in substantive issue on these issues.  We of course have other interests but we need to keep them clearly separate from when we have views on particular goal, how it is best achieved.  And the need of having goals and having our common approach.

I think from the business side here, this is a very clear distinction to keep those two separate.  Then of course, moving beyond ourselves here, again, we are coming here with a sincere proposal.  We believe that it is necessary to achieve success.  Looking at the speed of the unfortunate negative cyber development, the cost it creates to the society.  I'm not talking about business cost here only.  I'm talking about society costs.  We are now already at 5.5 trillion euros globally.

If we get to another doubling of this cost to 11 trillion, which may happen within the next five years.  The economies of 3G 7 countries, nominal GDP will be evaporated.  So the enormous cost to societies, this development is incurring.  I think we don't have the luxury here not to make sure that this is not going to be successful. 

>> MODERATOR: Thank you, Rene Summer.  And thank you also for putting this conversation into the broader perspective of what this means in terms of not just monitoring costs ‑‑ monetary costs but otherwise as well for business and society.

The next speaker (feedback)

I'm sorry there is feedback.  I hope everybody is on mute.  I'm going to turn to Jaqueline Pateguana and asked we talked about capacity building and how it links up with the Cyber Development Goals.  How can that move into creating trust in this process?  And how do you see some initiatives that you mentioned earlier, linking up with this or anything else you want to add?  Will.

>> Jaqueline Pateguana: I don't think there is any rebuttal to what was said by other panelists.  As David said, this is a 3D chess game, as complex as one can think of.  Because you have to think about the technical, institution, policy capacities you have to create to ensure, you know, or to achieve any level of cyber resilience.  So how do we, in practical terms, then bring all the multistakeholders around the table to develop these goals?  I think this is going to be a very exciting process.  You know, of getting to something that we agree on, as bare minimum.  And then having the review processes and then obviously having to escalate and add to once some of the goals have been met. 

But in terms of, you know, the activities that we have talk about a little bit.  There is already a lot going on in cyber capacity building.  The GFC is not the only platform, and I see that a lot of the panel is here, now that Kaja Ciglic was talking about, Canada, they are already doing a lot in that sense.  But is it sufficient?  Is it enough coordinated?  Can it be done better?  That is the question going forward.  As the GRCE we're taking a 3‑step approach to supporting capacity building and linking it with development.  So on one level, working on political endorsement.  It is important that at the highest level you have buy‑in from those that make decisions.

As an example, next year we will host the global conference on cyber capacity building GCB3.  This is a conference to bring in the development community as well as the cyber capacity building community.

The idea is to look at how to complement each other.  Work together and think of this as a one package as opposed to a dividing sector.  If anyone is interested in that, go to GC3.org and register to find out more about the venue location dates.  I'm sorry to be doing advertising here.

It occurred already in the Open Forum.  In addition to that, you know, we are working on national frameworks.  We work with Governments to ‑‑ and with our partners and members of the GFC community to support legal reforms within countries to adopt these international norms into instruments that are feasible, tangible at a national scale.  Lastly, we also have more tangible actions that we work on.  That support nation States and with resources, et cetera to complement and give capacity that is needed to achieve or promote or foster an open and free and secure Internet as we have been talking about.

So, you know, the conversation, yeah, it is very complex.  But it needs to be had in various fora.  And it needs to be broken down into various instruments, which can be understood by, you know, multistakeholders.  So everybody in society.  Yeah, I think I will end there.

>> MODERATOR: Thanks, Jaqueline Pateguana.  I would actually like two concrete pieces from what you said.  One in mobilizing the players and one to talk to one (feedback).

Is it my phone?  It is my (feedback).

I'm sorry.  (Feedback).

Sorry, it interferes with the microphone.  Apologies for that.  In that way of talking to one another and mobilizing with the community and bringing everyone together, thank you for mentioning the event as well.  I'm sure it will be an opportunity for us to have more discussions like this.  And we will try and do more in between as well. 

But while we're thinking about that, David, what do you think that we can do more? 

>> DAVID FAIRCHILD: As they say, brevity is the soul of wit.  Yes, there is a lot of issues.  Look ... I could spend an hour telling you all ‑‑ rhyming off ‑‑ you heard yesterday the report, $20 billion of cost in cybercrime on the African continent, 120 billion in Latin America, same period, 2.9 billion unconnected.  Many countries in Africa are dealing with a wide spectrum of issues, getting them online ‑‑ the analog development issues we deal with in some parts of the world before you talk about the digital ones are not resolved.

It is where it is demanding more from your own Governments in terms of looking at the issues in a holistic matter.  We attend the meetings at the multilateral level.  There is a wide divergence of how the issues should be resolved.  That is what sometimes creates the friction and slows things down.  The notion of high speed, low drive.  We don't have the time as the previous speaker says, we're not meeting SDG goals.  There is a notion that digital will help accelerate that.  In that is the risk and threat of itself.  It lies in that very statement.  You start to digitalize farming, you have to start to worry about how to protect your data, how to move the data, where does it go?  It is a continuum of problems that Governments have to resolve.  That doesn't bring in the bottom‑up process, which is go to smaller communities across the country.  They have very different problems they're trying to resolve.

Those need to be pushed up so when we get to the table and negotiate at the large framework multilateral level that they're imbued by the problems.  Canada, other countries are there to discuss.  We want Africa at the table.  I hear it a hundred times, if I heard it once.  Africa wants to be in on the discussion.  They don't want to be just takers.  They want to be part of the process that makes the decisions.  That is a strong message to bring to your own Governments.  We're there to help.  There are a thousand points of light.  Which is a problem.  If there is one capacity building process, there is a hundred.  They're all available, sometimes they're less organized, but it is there.  Canada wants to work with countries that want to work with us.  It is with a framework and paradigm for which we will deploy our resources.  Thank you.

>> MODERATOR: Thank you, David.  Yeah.  I think you really hit the nail on the head on needing to have a holistic view of the issues and having the multistakeholder processes to help achieve goals at a high‑level need to be replicated down at the bottom level, really in national context and subnational context to have all the stakeholders that want to work together be part of the conversation.  Not just the conversation, but the decision and implementation as well.

Can the goals help bring ‑‑ we said, we are working towards the same ideas, we all want a safer, more resilient cyber system.  We all have various ideas of how to get there.  Can the goals help shine a common beacon towards with which we all are heading?  Like the SDGs have done for the development question.  Can the CDGs be that common rallying call for us to know where we're headed.  And then maybe make that role a little clearer together.

Kaja Ciglic on account of the last word of the panel again, what do you think? 

>> Kaja Ciglic: It is hard ‑‑ I feel like we are all in wild agreement.  It is difficult to sort of have something intelligent to add when that happens.  I would basically say we need to work together.  We need to all agree there's more that needs to be done.  You know, whether it is the Cyber Development Goals or a different venue, like the GSE conference that was mentioned.  Potentially those two together.  I think a rallying cry to sort of expand the understanding that really a lot more needs to be done on cybersecurity across the Board.  You know, I think that understanding needs to be expanded, outside of this room and outside of the people on the call, I think we all are convinced and all believers, but there is others that still needs to understand the importance of the subject.  

>> MODERATOR: Thank you, Kaja Ciglic.  Let's go global.  I hope we can do that.  I would love to hear everybody in the room and not just in the room, but people online are asking for the floor.  I want to make sure we know who we are talking to.  While we're enabling the cameras for the Bangladesh remote hub technical team, please, and others who want to take the floor online.  Please enable video, camera for them.  I want to do a quick raising the hand exercise in the room and see who we are representing.  Who here is from Government?  Okay.  Who here is from business? 

Yeah?  Who here is from a technical organization? 

Okay.  Who here is from Civil Society? 

I think everybody else.  Ha‑ha.  Great.  It is a multistakeholder group already here.  So we all know who we're representing and working with.  I think it is already a testament to the idea of trust and inclusiveness.  I hope we can continue on in the same way.

I saw two questions here in the room.  Four questions here in the room.  Five.  Okay.  I will go, one, two, three, four, five.  Back in the room.  Then we will go online.  Then I will go back to the speakers to see who wants to take the question.  Number one. 

>> ATTENDEE: Thank you.  My name is Fiona, Chief Executive Officer of the technology service provider in Kenya.  Mine was a quick pick up in the conversation, I think it is important to hear from the tech speaker.  Because the challenge with cybersecurity is everybody else expects the tech companies will be the ones ensuring everything works.  Which from a technical point of view, we do.  But we don't have the capacity to go in and dot public capacity building.  We will basically enable everybody to understand what they need to do, if I can give a few examples quickly? 

You all have phones.  You all use your phones.  You all know how to go online, download applications, do everything using your phones.  The one thing a lot of people don't do because in this part of the continent, the phone is the device that you use for online and digital transactions.  The one thing that is not paid attention to is the details of the different apps that have been downloaded.  The app has done everything and put it out there.

But getting people to spend time to read the instructions, the blueprint, it needs ‑‑ we need more than just tech pushing for that.

I like the idea of the goals, because then, within that, we begin to have standard ways of trying to ensure that we don't just ‑‑ we have a lot of skilled people, people can go online.  They can use computers they can use their phones but they're not knowledgeable.  What I mean is they don't take time to read, understand the pros and cons and what the app developers allow you to do.  What the platforms can let you do.  What the infrastructure will allow you to do, for example.

So we have a lot of people globally, online with a skill to get online, but without the knowledge.  And the aspect of knowledge cannot be a tech industry thing.  Why?  Because it is very difficult to even try and run advertisement in the public domain.  To get people to understand when you get a text message from someone saying they're injured and kidnapped don't just send money.  Call, check, find out.  You may think it is common sense, but it is not. 

So we have a lot of things ‑‑ that is how cybersecurity in Africa is thriving.  You use the Visa card.  You take the receipt, someone will pick that card, with the last digits of the Visa card, it is possible to get the full number of your card and get the security code and transact with your card online.  How do we behave as individuals?  This is on a user basis.  These are the things that the tech companies don't have time to teach in the public domain. 

And I think within there lies a role for Civil Society, partnering with Governments and pushing for that knowledge adoption.  Because the challenges and losses in cybersecurity, when we are part of the Forum for international incidence response teams.  We have clear responses and procedures and clear on how to handle things and clear on dealing with Government security agencies and who gets what information as a tech sector, but the public engagement is where the rubber hits the road.  Thank you.

>> MODERATOR: Thank you very much.  It is a very important and I think a very eloquent addition to what we are talking about.  Who was number two? 

>> ATTENDEE: Thank you very much.  Our presenters.  And the moderator as well.  My name is Joseph.  I am the Executive Director for organization on Sustainable Development Africa. 

I have some reflections on the cybersecurity and the global norms for data protection.  And I will try to write some examples of Ethiopia.  And there is time in which the country fits in the country cybersecurity in the receipt conflicts.

Actually, we have to focus on the security of the digital first.  It is as we are read, the digital measures all over the world.  For the case of Ethiopia, only to think 2021 Europe encountered a cyber attack 2,850 that was protected.  It was threats with banks and financial institutions.  That is the realm of war.

When we come to the issue of cybersecurity, it is also more with us, my sister raised the issue of trust.  That is more likely with the political commitment and political security of the country.  That is the outgoing part was taking the whole of the country, but it was really saved through the saving of the bias data.

So that is mainly the physical infrastructure of the cybersecurity has to give more attention as you arise the issue of coordination and the cooperation.  That is this optical (?) which mostly comes across the bodies.  How secure from various threats and cybercrimes.

This is the attention to make it secure in this world.  My question for the panelists is you raise good issues but what should the global norms look like so to ensure the global and regional cyber resilience?  Thank you very much. 

>> MODERATOR: Who was number two? 

>> ATTENDEE: Three was me. 

>> MODERATOR: Then we'll go to you.  Go ahead.

>> ATTENDEE: Thank you very much.  I am from Senegal.  I'm a cybersecurity specialist.  Thank you for the opportunity to attend this panel.  I will say that setting up goals and implement international norms to protect cyber users is important and great.  But I have some concerns.

The first one is are we going to harmonize in cybersecurity laws because it would implicate laws.  And knowing that the reality on the ground may differ from country to country and then I would say collaborations within those countries remains a big challenge.

Second one is implementing those norms are still important.  And the most beneficiaries will be us, like end users.  But some countries will be reluctant on the implementation.  So how you do this as a community will handle those issues.  Thank you. 

>> MODERATOR: Thank you, sir.  Ma'am, there and then there.  I would ask you to please try and be very brief because I also have three questions online to get to.  Please go ahead. 

>> ATTENDEE: Okay.  Thank you.  Can you hear me?  All right.  So my name is Laurie, I'm here with an organization called national ID Ethiopia, it is basically a Government program that aims to digitalize the country identification of the citizens of Ethiopia. 

So it also is based upon the principles from the identity for development, which is ‑‑ which are stated in the identification for Sustainable Development.  So what it is trying to solve is the inclusivity and removing barriers to access for everybody through inclusion practices and principles.

So this is a huge step for the cyber development of Ethiopia.  Since this is a very recent program.  And it's also an opportunity as well as a threat as you guys have said.  And the CIA tried ‑‑ I'm a computer science student.  I'm more familiar with the technical aspect and the technical threats that come with the cyber identification and cyber development.  The CIA triad is not well known by people of Ethiopia.

The UID, the unique identifier is a foreign concept, we never had in this country before.  The people are not sure about the security of it and the harm if it is shared.  There is the social engineering aspect, which is a culture here.

So I would suggest ‑‑ I have a suggestion and question.  So I would suggest that the Cyber Development Goals should take into consideration the developing countries and how it's not a common concept.  A lot of people are not well educated about the idea of cybersecurity, the idea of cybercrime.  They're not aware of the issues that come with sharing unique identifiers.  As we work toward cyber development, there are many issues in the future.  I think that would be a good place to start, considering developing countries like Ethiopia.

My question is based upon my suggestion.  How do you intend to handle the digital divide that exists between several of the countries here.  Some of the concepts you raised are foreign to the context of Ethiopia.  How do you intend to implement that really in countries like Ethiopia? 

>> MODERATOR: Thank you for bringing that important context.  Lady in the back and sir here. You are next and then ‑‑ can you come up to the microphone.  Thank you for sharing your seat.

>> ATTENDEE: Hi, everyone my name is Nancy.  Hi, everyone my name is Nancy from North American School of Internet governance.  I have two questions for any of the panel speakers.  How can countries ensure accountability for cyber attacks that breach international laws and norms? 

The second question is how can the Civil Society organizations contribute to protecting our cyberspaces?  This is from developed and developing countries.  Thank you.

>> MODERATOR: Thank you.  And thank you for being brief.  Sir? 

>> ATTENDEE: Okay.  Thank you, I'm from Ethiopia.  From federal judiciary.  I'm a Vice President for the (?) and spokesperson for federal authorities.

I have two questions and maybe one suggestion.  This cybercrime as you stated needs to have global norms for cybersecurity, but having norms is not enough, because there needs to be a legal instrument that makes countries accountable.  I think the United Nations is developing a Treaty for international Treaty or convention to combat cybercrime.  We have this Budapest convention in Europe. 

In Africa, we have the African Union has enacted a cybercrime convention.  Therefore, what needs to be done to harmonize different regions' conventions to combat the cybercrimes.  These cybercrimes are conducted in different countries.  They don't have a border.  The economic cost of cybercrime is so staggering.  Therefore combatting cybercrime is critical.  Different countries, different Regions should come together by having a common convention under the United Nations umbrella.  Therefore, what are the activities that have been carried out at the United Nations level.

The second one is during this awareness, awareness building I think is very important.  But we need to be also sure that the justice sectors are participating in cybercrimes combating.  Therefore, how we're going to detect crimes, how we're going to prosecute crimes, and how the judiciaries are adjudicating cybercrime cases are very critical.  Therefore capacity building for justice sector, for professional prosecutors is very important.

Here in Ethiopia, we have cybercrime proclamations and cyber computer crime laws.  The capacity and knowledge on that area is very mere.  I think support on those areas is very important.  Thank you. 

>> MODERATOR: Thank you very much.  I hope the panelists are keeping up with the questions and suggestions here.  I want to make sure we go to our online attendees as well.  So Bangladesh remote hub, are you ready online to ask your question?  Can you enable your camera?  Can we have your microphone at least? 

So we need the mic for Bangladesh remote hub, and then ‑‑ my colleague is coming up to show you which speakers.  While we're trying to figure it out with the tech crew.  I will turn to the panel, if somebody wants to respond to what we have heard? 

David, please. 

>> DAVID FAIRCHILD: Knowledge is to know that a tomato is a fruit.  Wisdom is to know it doesn't go in a fruit salad.  It is a problem, once you start the journey digital inclusion is about educating the citizenry, giving them tools and ability to get online to better enable and take from the Digital Transformation benefit.  And I think that is ‑‑ Fiona made that at the beginning.  Without going into a long and complex answer, Member States, there are obligations that are positive and negative legal obligations that Member States have signed up to.  Not all Member States follow that.  The 2015 report articulated 11 norms of state behavior.  Not all Member States follow the norms of state behavior. 

So again, it is a bit about walking the talk and talking the walk.

And I think it partly goes to the question of we don't always need more Treaties.  We don't know whether the current international law how it applies in the digital space how about how does international humanitarian law apply in the current context?  It is taking a hard look at what is there before we create more.  In the Global North, we're more sophisticated in the problems we're dealing with.  It is for Canada to tell other parts of the world and nevertheless crucial because they have to move up the value chain as well.

This is where coming to Africa, going to the Global South, hearing the problems that are actually the real problems here is crucial for us so when we go back and talk in New York ‑‑ because your countries don't necessarily articulate the same problems.  This is why the multistakeholder model is extremely crucial.  Private Sector is extremely important to many of our countries and citizens that live in their countries.  They don't have a voice at the U.N. first Committee.  They're part of the solution.  How do we bring them into the fold to find the solutions.  Same for Civil Society.

>> MODERATOR: Thank you, David.  I think the colleagues in Bangladesh are ready to ask their question.  Yes, you are. 

>> Bangladesh: (Audio is not clear enough to understand).

>> MODERATOR: Thank you, Bangladesh, we have feedback while you are speaking.  If you can put in the chat so we can make sure to present to the panelists the correct thing.  Next online is Basa. 

>> ATTENDEE: Can you hear me well?  Good morning, good afternoon, good evening.  (Audio is not clear enough to understand).

Take into the consideration of the countries.

>> MODERATOR: Thank you very much.  Thank you for joining us from Egypt.  The last question I see online.  Rob Collet.  Please. 

>> ATTENDEE: Hello, hi, thank you, my first question is how can we get involved in this process in terms of next steps, if we would like to support it?  And the second is, are the Cyber Development Goals that you are proposing limited to supporting what has already been agreed at the U.N. in terms of norms of good Government behavior?  Or are they going wider to how cybersecurity is needed to implement the security SDGs and potentially new SDGs.

>> MODERATOR: Thank you for that question.  Before you go ahead, can you remind us where you are from?  And who you represent so we can note that? 

>> ATTENDEE: My name is Rob Collet.  I'm with chat ham house an associate Fellow and also supporting the global conference on cyber capacity building next year as an advisor.

>> MODERATOR: Thank you.  Thank you so much.  I'm going to read ought quickly the question that Bangladesh asked.  So we're sure to heard it well in the room.  They say we have sorts of cybersecurity rules and simultaneously each and every Government has rules to lead it.  How can we mutualize two parallel rules by IGF

>> MODERATOR: The last set of questions, who would like to answer that.

If I can volunteer Rene Summer to answer the last one, that would be great.  But anybody else? 

>> Grace: There was a question that was raised on what Civil Society can do to support cybersecurity initiatives.  I think this is happening.  One of the things they're doing is raising awareness intervention.  There are several Civil Society organizations raising awareness on cybersecurity and how it effects our ordinary people.

For example, we will say, like on Internet, we have been working with ordinary people like farmers, like women in all their diversities, in raising awareness on social engineering and how they should be ‑‑ they shouldn't be culpable, especially when using mobile money transactions.

So one of the things that happens is of course, the exact raising awareness and there is also initiatives to train them on cyber hygiene approaches, cyber hygiene practices.  Because what we are pushing for is for this ordinary people to adapt cyber hygiene practices, in similar way that we washed our hands during COVID, we sanitized during COVID.  We kept social distance during COVID.  And support knowledge creation for the ordinary citizens.

Civil Society is doing it.  But there is still so much space for more to be done.  Thank you. 

>> MODERATOR: Thank you, Grace.  Rene Summer, I volunteered you to answer the last question.  How can people get in touch with us and contribute to the process?  How far are we thinking of going with the CDGs? 

>> Rene Summer: Yes, thank you for those questions.  And just first to underline the point of some previous speakers mentioned, there are many things out there already.  This is not about reinventing, for example, the discussion on norms or some of the great initiatives that have been discussed and presented today.

I think that this is number one.  So this is not a new thing to compete or duplicate anything.

The second observation I made is while there are many good things happens in different silos, we need to connect the dots.  And the other aspect of that is that we need also some kind of sense of common destiny.  And I think that is where the objectives or goals come into play.  That we want to achieve certain things in terms of tangible outcomes.  The key aspects here are to consider is not to duplicate or reinvent, but rather to connect initiatives.  And put a sense of agreed ambition or direction of what needs to be achieved within those different areas where the ultimate objective is to make tangible improvements in the real life.

I would say that that is the ideas we have.  Of course, that multistakeholder process and the involvement is critical.  Not only for trust, which ‑‑ by "only" I don't mean in a demeaning way.  It is that I don't think anyone sits with the answers.  This is what we should do even if we want to look somewhere.  I think the collective collaborative fashion is for capacity building and making changes by working with what is already out there but putting agency and sense of direction. 

I think this would be my answer.  In terms of how to get involved, ICC will make an outreach.  And please do make contacts with the people on the ground here today.  But we will invite participants, stakeholders, Governments for this process.  And our ambition is to convene stakeholders and start discussing how we can take concrete and concise steps towards the development or agreement of which goals are important.  Outcomes based objectives that are necessary to change facts on the ground.  And to which kind of goals do we need to have in place.  So we connect different dots of those great initiatives that are already in place. 

And possibly on the margin, there will be also ‑‑ maybe those that haven't been connected yet, which we find out need to be connected for the overall approach to work.  But again, that will be a consequence of a missing piece.  Not an ambition on its own. 

>> MODERATOR: Thank you very much Rene Summer.  We have three minutes on the clock remaining in the workshop.  On that note of inviting collaboration outreach.  I want you to know you will find us at the International Chamber of Commerce.  You will find my contact details there as well.  You will find me on LinkedIn.  And a space on the IGF website where you find a description of this session, where you can provide feedback on the session.

So there is various ways to get in touch.  I ‑‑ we will be here until the end of the event.  If I can volunteer also my Fellow panelists, I'm sure they can be reached out to for further questions.

Instead of me trying to make sense of this all, I'm going to give you the three words I think that I heard that are most important.  I will ask my Fellow panelists to do the same.  I heard trust, I heard need for inclusive and I heard the need for action.

So I think under the global idea of the Cyber Development Goals, I heard that we need them, there is a big question on how we're going to get there.  Trust, inclusivity, and inclusive action is what I take away from this conversation.

I will ask Kaja Ciglic to go first and work backwards from the list of speakers.

>> Kaja Ciglic: If you just need three words ‑‑ that is hard.  I would say trust, partnership, and I mean, invitation for everyone to contribute.  Which is not really a word, more like a feeling.  But that is what I am leaving you with.

>> MODERATOR: Thank you very much.  We feel that feeling here as well.  I hope.  It comes through the web. 

Going backwards then, from my list of speakers, I'm going to go to David. 

>> DAVID FAIRCHILD: Sure.  Let me say thank you to everyone for being here.  Agency, direction, outcomes are my three words.

>> MODERATOR: Thank you, Jaqueline Pateguana.

>> Jaqueline Pateguana: My three words are dynamic, collaboration, trust. 

>> MODERATOR: There is a recurring theme there.  Rene Summer, please. 

>> Rene Summer:

(Silence)

.  Sorry, I had a problem with my PC.  I think collaboration is the key. 

>> MODERATOR: All right.  Grace, you started us off.  What do you want to finish? 

>> Grace: Trust, collaboration, and ‑‑ trust, collaboration, and the other word I noted it.  Okay.  Let me just remain with those two.  Trust, collaboration, and engagement.

>> MODERATOR: And let's continue the conversation.  I think let's end on that note.  Thank you everyone for being here.  Thank you for my Fellow panelists for the presentation and the discussions brought here today.  Thank you for all participating and thank you for the wonderful team and colleague for making this all possible.

As my friends always say, see you on the web.