IGF 2023 WS #105 Cyber Public Health - a model to inform internet governance


Global Digital Governance & Cooperation
Digital Commons as a Public Good
Governing Digital Economy
Harmonising Global Digital Infrastructure

Organizer 1: Yurie Ito, CyberGreen Institute
Organizer 2: Arastoo Taslim, CyberGreen Institute

Speaker 1: Adam Shostack, Civil Society, Western European and Others Group (WEOG)
Speaker 2: Jane Roberts Coffin , Civil Society, Western European and Others Group (WEOG)
Speaker 3: Phokeer Amreesh, Civil Society, African Group
Speaker 4: Yoshinobu Matsuzaki, Private Sector, Asia-Pacific Group
Speaker 5: Bill Reid, Private Sector, Western European and Others Group (WEOG)
Speaker 6: Alexander Klimburg, Civil Society, Western European and Others Group (WEOG)
Speaker 7: Paul Twomey , Civil Society, Asia-Pacific Group


Yurie Ito, Technical Community, Western European and Others Group (WEOG)

Online Moderator

Arastoo Taslim, Technical Community, Western European and Others Group (WEOG)


Arastoo Taslim, Technical Community, Western European and Others Group (WEOG)


Round Table - 90 Min

Policy Question(s)

A. What are the advantages to the Public Health metaphor, and how do those expand what we can do to advance and enforce cybersecurity norms and practices?
B. What are vital statistics in cybersecurity and how can we collect the data we need?
C. What should be the WHO of cyberspace? In other words, what entities should be tasked with collecting these statistics, ensuring that the data is sufficiently consistent to compare and making the data widely available? How can these statistics help us to better understand the systemic risks that are present on the internet?

What will participants gain from attending this session? Participants will gain the new knowledge about;

- Cyber Public Health model; its “data-driven” and “population level thinking” approach
- an understanding of “missing matter” in the data we’re gathering, and the need to gather data in new spaces
- How to encourage all communities to collectively address shared risks by raising transparency of the systemic risk landscape
- Vital statistics for Cyber Public Health
- Ongoing proof of concept studies and feasibility projects on Cyber Health risk measurement
- Way forward to establish a science of Cyber Public Health – challenges and ideas to overcome.


Public Health is responsible for doubling lifespans in the 20th century because it focused attention on a simple question: why do people die? Complementing medicine’s attention to individual health with attention to the health of a population has been tremendously powerful. Today’s work in cybersecurity often focuses on either an individual human or an individual enterprise. We believe there is a tremendous possibility in the frame, and that a diverse and broad community will have a tremendous impact.

Adopting a public health-style perspective that embraces data-driven, population level thinking, and preventative approaches to shared risks would be transformative for the practice of cybersecurity. From governance point of view, Public Health requires Public Private Partnership and encourages international collaboration, rather than drawing boarders.

We are proposing this in “Digital governance” because the framing and methods are broader than cybersecurity of individual components of the internet, and because the act of measuring the health of a system clearly contributes to our understanding of its security, but it is not limited to cybersecurity. “How/Who to protect the public core” is the incomplete question. How will we know if it’s protected? What is a healthy public core? How do we assess its heath?

Establishing a Cyber Public Health will require overcoming some challenges. One of them is data and methodologies. We need to build the foundations of Cyber Public Health on vast quantities of high-quality data, but we have little of it. The second big challenge is building the infrastructure and institutions to support a mature practice of Cyber Public Health. For example, today’s public health infrastructure includes institutions at every level of government, international NGOs, academic institutions, and private organizations that play a role. This is another area where coordination and collaboration among businesses, NGOs, academic institutions, and governments will be critical.

Expected Outcomes

- Provide a new frame idea for international and regional cybersecurity collaboration.
- Provide transparency on the health of the “Public Core” in a time where the international policy discussions have started to address issues of “Critical Internet Infrastructure” and “non-interference in the public core of the internet”.
- A workshop report that captures the opportunities, insights and challenges identified by the workshop participants for further technical and institutional design study to develop vital statistics for Cyber Public Health.

Hybrid Format: We will have our online speakers join us live on video (e.g. Zoom). If IGF has the technological means to do so, we would ideally have them projected or on a larger screen facing the online speakers. Questions asked by the moderator will be addressed to specific speakers to ensure coordination between those on site and joining remotely. We will have an online moderator, onsite, will make space for the online participants to contribute, regular check-ins, including monitoring the chat (commenting or messaging) system. As inclusive technology, we will have the rapporteur record ideas on his computer, which is both projected into the room and screen-shared with online participants. We will Invite everyone to reflect on the process at the end of the meeting to build additional learnings.