NASK National Research Institute
Maciej Gron NASK, technical community, Eastern Europe Janice Richardson, InSight, civil society, Oceania Wout de Natris, De Natris Consult, private sector, Western Europe Katarzyna Kaliszewicz, NASK, technical community, Eastern Europe Julia Piechna, NASK, technical community, Eastern Europe
Maciej Groń NASK, technical community, Eastern Europe Anna Rywczyńska NASK, technical community, Eastern Europe Janice Richardson, InSight, civil society, Australia, Oceania Awo Aidam Amenyah, child online Africa, civil society, African Group Wout de Natris, De Natris Consult - private sector, Western Europe Juwang Zhu, intergovernmental organization, UN DESA, MAEMURA Akinori, JPNIC, JPCERT/CC, DotAsia, technical community, Japan, Asia-Pacific Group Mohammad A. Jauhar, YIGF, Internet Society Youth Standing Group, civil society, India, Asia-Pacific Group
Wout de Natris
Katarzyna Kaliszewicz, NASK
Julia Piechna, NASK
Targets: 4. Ensure inclusive and equitable quality education and promote lifelong learning opportunities for all 4.3 By 2030, ensure equal access for all women and men to affordable and quality technical, vocational and tertiary education, including university 4.4 By 2030, substantially increase the number of youth and adults who have relevant skills, including technical and vocational skills, for employment, decent jobs and entrepreneurship 4.7 By 2030, ensure that all learners acquire the knowledge and skills needed to promote sustainable development, including, among others, through education for sustainable development and sustainable lifestyles, human rights, gender equality, promotion of a culture of peace and non-violence, global citizenship and appreciation of cultural diversity and of culture’s contribution to sustainable development 5. Achieve gender equality and empower all women and girls 5.1 End all forms of discrimination against all women and girls everywhere 5.5 Ensure women’s full and effective participation and equal opportunities for leadership at all levels of decision-making in political, economic and public life 5.b Enhance the use of enabling technology, in particular information and communications technology, to promote the empowerment of women 5.c Adopt and strengthen sound policies and enforceable legislation for the promotion of gender equality and the empowerment of all women and girls at all levels 8. Promote sustained, inclusive and sustainable economic growth, full and productive employment and decent work for all 8.2 Achieve higher levels of economic productivity through diversification, technological upgrading and innovation, including through a focus on high-value added and labour-intensive sectors 8.3 Promote development-oriented policies that support productive activities, decent job creation, entrepreneurship, creativity and innovation, and encourage the formalization and growth of micro-, small- and medium-sized enterprises, including through access to financial services 8.5 By 2030, achieve full and productive employment and decent work for all women and men, including for young people and persons with disabilities, and equal pay for work of equal value 8.8 Protect labour rights and promote safe and secure working environments for all workers, including migrant workers, in particular women migrants, and those in precarious employment 9. Build resilient infrastructure, promote inclusive and sustainable industrialization and foster innovation 9.1 Develop quality, reliable, sustainable and resilient infrastructure, including regional and transborder infrastructure, to support economic development and human well-being, with a focus on affordable and equitable access for all 9.5 Enhance scientific research, upgrade the technological capabilities of industrial sectors in all countries, in particular developing countries, including, by 2030, encouraging innovation and substantially increasing the number of research and development workers per 1 million people and public and private research and development spending 9.b Support domestic technology development, research and innovation in developing countries, including by ensuring a conducive policy environment for, inter alia, industrial diversification and value addition to commodities 9.c Significantly increase access to information and communications technology and strive to provide universal and affordable access to the Internet in least developed countries by 2020 10. Reduce inequality within and among countries 10.2 By 2030, empower and promote the social, economic and political inclusion of all, irrespective of age, sex, disability, race, ethnicity, origin, religion or economic or other status 10.3 Ensure equal opportunity and reduce inequalities of outcome, including by eliminating discriminatory laws, policies and practices and promoting appropriate legislation, policies and action in this regard 16. Promote peaceful and inclusive societies for sustainable development, provide access to justice for all, and build effective, accountable and inclusive institutions at all levels 16.10 Ensure public access to information and protect fundamental freedoms, in accordance with national legislation and international agreements 16.a Strengthen relevant national institutions, including through international cooperation, for building capacity at all levels, in particular in developing countries, to prevent violence and combat terrorism and crime.
Hybrid. Open discussion and consultation
Secure, responsible connectivity is a cornerstone in the respect of human rights in today’s digitally rich society. NASK, the Polish national research institute and a pioneer in cybersecurity in Central and Eastern Europe, collaborated on international research in 2021 - 2022 that highlights major challenges to secure connectivity. It defines factors undermining the effectiveness of the cybersecurity industry, and recommends practical ways forward to increase cybersecurity for all. Recommendations range from improved collaboration between industry and tertiary education sectors for more performant graduates, to upgrading school curricula to foster in young people a deeper understanding of the structure and functioning of the technology they use. Through interviews and a survey, the study reached 65 countries worldwide, and highlighted broad-ranging good practices that illustrate the importance of developing a cybersecurity hub where stakeholders can share experience and knowledge. Cybersecurity evolves very rapidly, and people from different areas need to be encouraged to share knowledge, skills, and expertise to bridge the silos that are currently slowing down progress. Through this workshop NASK endeavors to bring the discussion closer to a solution. How can the recommendations of the international study conducted by Janice Richardson, et al, within the context of IS3C, be integrated into everyday practice? A proposed model of a cybersecurity hub will be introduced. As a concrete first step towards implementation, experts from industry, business, government, civil society and tertiary education establishments from six continents will discuss the proposed framework for a hub that strives to adapt education to the needs of the cybersecurity sector. Participants will be asked to share their view on: What should be the hub’s priorities?; Who should be involved and how can it be rendered rapidly effective?; What topics should it tackle? They will debate, vote on and prioritize these and broader issues: How to improve tertiary cybersecurity education?; How to diversify the cybersecurity workforce with a focus on women and young people, both currently under-represented in the cybersecurity sector?; and How to adapt education in general to better meet the challenges of the digital transformation? 5-minute introductory presentations will launch the discussion, given by professionals involved in the development of the research and the report “Closing the gap between the needs of the cybersecurity industry and the skills of tertiary education graduates”. Youth IGF representatives will ensure that the voice of youth is heard. Participants will actively participate in online voting for more concrete, representative outcomes. Background paper: ‘Closing the gap between the needs of the cybersecurity industry and the skills of tertiary education graduates’ You find the English and Polish versions here: https://is3coalition.org/docs-category/research-reports/
The session will be approached from the start as a hybrid one, with all participants able to raise their hand to take the floor for up to 2 minutes on the topic under discussion. The online and onsite moderators will intervene during the session on an equal footing and will make sure all participants can interact in the discussion. All participants will have received the same information enabling them to actively express their ideas, experience and insight on the set of questions available to them prior to the meeting online and in a leaflet that will be widely promoted. Online tools such as mentimeter will be used during the session to facilitate active participation and gather important insights from participants. Results from each vote will be displayed to trigger further discussion. Recommendations emerging from the session will be published on an open platform for ongoing interaction.
It is crucial to close the skills gap to attract more young people and women in cybersecurity. Industry needs people not only with professional competences but also transversal ones (such as: critical thinking, creativity, holistic thinking, team work). It is very important to bring the right people together to cooperate.
During the session a concept of the Cybersecurity HUB was presented as an online space where IS3C experts bring together representatives of key stakeholders: tertiary educators, industry, governments, ministries of education and students in am to bridge skills gap in cybersecurity field. To move from theory to practice, this is the objective of ‘The Cybersecurity Hub’ that is strongly based on findings and recommendations from the research report “Closing the gap between the needs of the cybersecurity industry and the skills of tertiary education graduates” (the research report available at: https://is3coalition.org/docs/study-report-is3c-cybersecurity-skills-gap/).
The sessions had a round table format. During the session the speakers representing industry, business, government, civil society and tertiary education establishments from six continents expressed their views on, i.a. partners to involve in the development of the hub to make it rapidly effective, strategies to bring more women and young people into cybersecurity workforce and also how to adapt education to better meet the challenges of the digital transformation.
After the introduction given by moderators Wout de Natris from IS3C (presentation of the IS3C and goals of the session) and Janice Richardson, Insight (presentation of the main findings and recommendation from the study) the following speakers presented their perspective, insight and best practices: Maciej Groń, NASK/Poland (Cyber Science Coalition, “Partnership for the Cybersecurity” program, creation of new ISAC’s, cyber hygiene training for: university students, local governments, public health-sector, VIPs), Julia Piechna, NASK/Poland (Youth IGF Poland project and engaging tertiary education students and graduates), Anna Rywczyńska, NASK/Poland (formal education from entry levels - challenges and best practices in the implementation of the cybersecurity in the educational system and school curriculum), Deniz Susar, UN (how to cooperate on the international and multi-sector level; good practices from UN’s perspective), Professor Youki Kadobayashi, NAIST, professor at the Industrial Cyber Security Centre of Excellence/Japan (examples of actions undertaken to bridge the skills gap in cybersecurity sector), Raúl Echeberría, chair on an industry organisation in Latin-America (the level of the implementation cybersecurity policies in Latin-America in business not directly related to IT & cybersecurity (eg. transport, trade, finance and insurance, health care, food industry), Mr. Hikohiro Y Lin, PWC Japan (do tertiary graduates meet the expectations of the private sector, strategies to have more specialists that meet the business needs), João Moreno Falcão, Vice Chair of the ISOC Youth SG and YouthLAC IGF/Brasil (how to diversify the cybersecurity workforce and encourage more women and young people to enter the sector), Ismaila Jawara, Founder of GamCON Infosec Community, Gambia Revenue Authority (how to diversify the cybersecurity workforce and encourage more women and young people to enter the sector). The summary of the session was made by Larry Magid, CEO ConnectSafely, Columnist Mercury News, Host of ConnectSafely Report for CBS News/US.
Active online participation was also facilitated by opening the floor for online audience via Mentimeter. The audience (online and onsite) had to prioritise the key functions of the hub and also vote for the most important practical steps that should be prioritised to launch and build the HUB. The voting showed that the most important function of the HUB is to (order according to the priority assigned): 1. promote collaboration between industry, universities and the cybersecurity workforce, 2. enhance cybersecurity skills at all levels of education, 3. gather and scale up good practice from cybersecurity and tertiary sectors, 4. raise interest in careers in the cybersecurity industry, and 5. provide online training from top experts on emerging topics. Defining strategic plan (goals, objectives, long-term vision of hub) according to the session’s participants is the most important practical step that should be prioritised to launch and build the HUB.
The most important conclusions from the discussion during the panel:
- It is crucial to close the skills gap to attract more young people and women in cybersecurity.
- Industry needs people not only with professional competences but also transversal ones (such as: critical thinking, creativity, holistic thinking, team work).
- It is very important to bring the right people together to cooperate.
- Educators focus on coding but not teaching young people about how things function, what is the backbone of the internet, how does cloud security work, etc. Also lots of graduates have insufficient knowledge about real world applications.
- Companies training their own people, employees to know today’s products but not the base to adapt to changes.
- Cybersecurity is important for primary and secondary education. Many think it should be mandatory.
- It is necessary to close the gap between what university are doing and what industry wants.
- Universities teach people how to invent AI but industry needs people who can use AI.
- It is important to create opportunities in developing countries which offer great human talent potential.
- Massive scalable solutions are needed.
- Attacks are moving faster than solutions and human resource allocation also fails to keep up.
- Traditional teaching should be replaced by modern, inclusive methods that provide space for experimentation and learning through practice, gaining deep knowledge through experience.
- More opportunities for young people should be offered by e.g networking – places for new comers to learn from experts what also leaves space for informal information sharing.
- It is important to encourage mid-career shift and also to take steps to retain the workforce. For retaining talents it is also important to taking actions to reduce stressful working conditions.
- Industry needs cybersecurity people in all fields (factories, farms etc).