You are here

BPF Cybersecurity



The 2017 BPF on Cybersecurity was approved during the MAG's virtual meeting on 11 April. As outlined in the proposal to the MAG, its projected work in 2017 builds on approaches used last year and will emphasize local and regional-level best practice cases.

Regular monthly meetings of the BPF's members will be held leading into the annual IGF in December. These meetings will be announced on the Cybersecurity BPF mailing list and are open to all stakeholders interested in or with expertise on cybersecurity issues. Updates on the BPF will also be communicated through the list and posted on this page. 

Open Drafting Process
The Cybersecurity BPF is engaged in an open and collaborative drafting process to produce a tangible output. 
The current draft is available at 
Comments on the current draft can be submitted on the document by Thursday 21 December 2017, noon UTC.


Mailing List Sign-up



Proposal to MAG for 2017 Work

CENB Phase I - Security-focused Policy Analysis

CENB Phase II - Security-focused Policy Analysis


Meeting Summaries

Informal Virtual Meeting I - 17 January 2017

Informal Virtual Meeting II - 24 March 2017

Virtual Meeting I - 20 May 2017

Virtual Meeting II - 21 June 2017

Virtual Meeting III - 7 August 2017

Virtual Meeting IV - 18 September 2017

Virtual Meeting V - 11 October 2017


***Call for Contributions***


All stakeholders are invited to submit written contributions addressing the below questions and issues to the 2017 IGF BPF on Cybersecurity mailing list (subscribe: While it is envisioned that initial drafting of the output document will begin on 15 September, this should be considered a soft deadline as contributions will be welcome on a rolling basis, particularly from IGF National and Regional Initiatives (NRIs) and from other relevant entities or organisations who may be holding meetings relating to cybersecurity prior to the IGF annual meeting in December. Contributions received past 30 September may not be guaranteed for inclusion in the BPF's output document. 

Contributions will then be compiled and synthesized by the Secretariat, and further circulated to the community for comment and further work towards an output document for the BPF to be presented at the 12th IGF in Geneva, Switzerland from 18-21 December.

All individuals and organizations are asked to kindly try to keep their contributions to no more than 2-3 pages, and are encouraged to include URLs/Links to relevant information/examples/best practices as applicable. When including specific examples or detailed proposals, those may be included as an Appendix to the document. Please attach contributions as Word Documents (or other applicable non-PDF text).



During 2015 and 2016, the Policy Options for Connecting and Enabling the Next Billion(s) (CENB) activity within the Internet Governance Forum identified two major elements:

  • Which policy options are effective at creating an enabling environment, including deploying infrastructure, increasing usability, enabling users and ensuring affordability;
  • How Connecting and Enabling the Next Billion(s) contributes to reaching the new Sustainable Development Goals (SDGs).

The Best Practice Forum on Cybersecurity realizes that making Internet access more universal, and thus it supporting the SDGs, has significant cybersecurity implications. Well-developed cybersecurity helps contribute to meeting the SDGs. Poor cybersecurity can reduce the effectiveness of these technologies, and thus limit our opportunities to helping achieve the SDGs.

BPF participants have conducted an initial study of how the policy proposals compiled as part of CENB Phase I and II may affect, or be affected by, cybersecurity implications.

As part of this ongoing effort, the IGF is now calling for public input to collect additional risks and cybersecurity policy recommendations that can help mitigate security impacts, and help ensure ICTs and the Internet continue to help contribute to achieving the SDGs.


Relevant reading:

-Summary Records of the BPF

-UN Sustainable Development Goals

-Policy Options for Connecting & Enabling the Next Billion(s) - Phase II

-Security focused reading of CENB Phase I -

-Security focused analysis of CENB Phase II -


Questions [*Please see HERE for NRIs-specific questionnaire]:

  • How does good cybersecurity contribute to the growth of and trust in ICTs and Internet Technologies, and their ability to support the Sustainable Development Goals (SDGs)?
  • How does poor cybersecurity hinder the growth of and trust in ICTs and Internet Technologies, and their ability to support the Sustainable Development Goals (SDGs)?
  • Assessment of the CENB Phase II policy recommendations identified a few clear threats. Do you see particular policy options to help address, with particular attention to the multi-stakeholder environment, the following cybersecurity challenges:
    • Denial of Service attacks and other cybersecurity issues that impact the reliability and access to Internet services
    • Security of mobile devices, which are the vehicle of Internet growth in many countries, and fulfill critical goals such as payments
    • Potential abuse by authorities, including surveillance of Internet usage, or the use of user-provided data for different purposes than intended
    • Confidentiality and availability of sensitive information, in particular in medical and health services
    • Online abuse and gender-based violence
    • Security risks of shared critical services that support Internet access, such as the Domain Name System (DNS), and Internet Exchange Point (IXP) communities
    • Vulnerabilities in the technologies supporting industrial control systems
    • Use of information collected for a particular purpose, being repurposed for other, inappropriate purposes. For instance, theft of information from smart meters, smart grids and Internet of Things devices for competitive reasons, or the de-anonymization of improperly anonymized citizen data
    • The lack of Secure Development Processes combined with an immense growth in the technologies being created and used on a daily basis
    • Unauthorized access to devices that take an increasing role in people’s daily lives
    • Other: describe a cybersecurity issue critical to developing the SDGs in ways not listed above relevant to your stakeholder community (100 words or less)
  • Many Internet developments do not happen in a highly coordinated way - a technology may be developed in the technical community or private sector, and used by other communities and interact in unexpected ways. Stakeholders are managing complexity.
    This both shows the strength and opportunities of ICTs and Internet Technologies, but also the potential risks. New technologies may be insufficiently secure, resulting in harms when they are deployed: conversely we may adopt security requirements or measures that prevent the development, deployment, or widespread use of technologies that would generate unforeseen benefits. Where do you think lies the responsibility of each stakeholder community in helping ensure cybersecurity does not hinder future Internet development?
  • Where do you think lies the responsibility of each stakeholder community in helping ensure cybersecurity does not hinder future Internet development?
  • What is for you the most critical cybersecurity issue that needs solving and would benefit most from a multi-stakeholder approach within this BPF? Should any stakeholders be specifically invited in order for this issue to be addressed?



Additional Information


Contact Information

United Nations

Secretariat of the Internet Governance Forum (IGF)

Villa Le Bocage

Palais des Nations,
CH-1211 Geneva 10


+41 (0) 229 173 678

Zircon - This is a contributing Drupal Theme
Design by WeebPal.