You are here

IGF 2020 - Day 4 - OF34 Global Forum on Cyber Expertise (GFCE)

The following are the outputs of the real-time captioning taken during the virtual Fifteenth Annual Meeting of the Internet Governance Forum (IGF), from 2 to 17 November 2020. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 

***

 

 

>> ELLIOT MAYHEW: Hello.  Welcome to the session.  We didn't get much of a practice run.  So I guess we can just kick it off if you guys are comfortable with that, Joanna and Chris.

>> CHRISTOPHER PAINTER: Yep.

>> ELLIOT MAYHEW: How are you feeling?  Excellent.  I have slides to share, but I think with everyone's camera on, I think it's nicer like this.  Carolin, I know you wanted to share some slides I believe.  At that point, I can just start sharing if that works.  I guess with, that I will hand it over to Joanna.

>> JOANNA KULESZA: Without further ado, I will start us off.  Hello, everyone.  Welcome to this open forum session on the Global Forum On Cyber Expertise, the Global Forum On Cyber Expertise, the GFCE provides a dedicated and informal platform for policymakers, practitioners and experts to facilitate the sharing of knowledge and expertise best practices on cyber issues.

The importance of capacity building from the Internet Governance community perspective, was recognized at an early stage.

The Tunis agenda set out the mandate for the IGF and capacity building for Internet Governance in developing countries, drawing fully on local sources of knowledge and expertise especially in uncertain times capacity is a prerequisite for effective engagement and for cooperation.  Without even the ability to engage or the requisite knowledge and skills, stakeholders cannot be expected to advance implementation in commonly agreed standards or rules of the road.

Many stakeholders have insufficient understanding of complexity issue to develop and implement policies, engage with companies that are developing technologies and effectively explain these issues to the general public.

Providing equitable access to information and knowledge for all is therefore essential in had recognition of the role of ICTs for economic growth and development.

So to introduce the GFCE in more detail, I would like to hand the floor to Mr. Christopher Painter who is the president of the GFCE Foundation Board.  Chris needs no introduction, but to meet the formalities, let me very briefly say that Chris is a globally recognized leader on cyber policy, cyber diplomacy and cybersecurity and combatting cybercrime, he has been at the vanguard of cyber issues for over 27 years and was the world's first cyber diplomat at the US department of State.  He's also the commissioner for the commissioner for cyberspace.

Chris, the floor is yours.

>> CHRISTOPHER PAINTER: Thanks very much, and it's a great pleasure to be with you all today.  I guess good morning, good afternoon, and good evening depending on where you are.  For me in Washington, D.C., it's early afternoon.  So it's a pleasure not to be doing a seminar at 4:00 in the morning.  It's really good to be with you.

It's a pleasure to be here at IGF again.  I have been to, I think, eight IGFs.  The first virtual one for me and I suspect for a lot of you.  My name is Chris Painter.  I'm the president of the GFCE Foundation Board although it's been around for five years, it's just transitions to an independent foundation this year.

In is a special year for the GFCE as it marks the fifth anniversary.  During this forum, we would like to highlight some of the achievements over the past five years and also really importantly talk about current activities and looking into the future.  As Joanna mentioned the GFCE is a global multi‑stakeholder platform for the global cyber capacity building.  It provides a dedicated and informal platform for policymakers, practitioners and experts to facilitate the sharing of knowledge, expertise and best practices on key thematic cyber issues.

Since it was established in 2015, the GFCE has grown into a network of 120 members and partners that includes countries, governmental entities, international organizations, industry, NGOs, academia, technical groups and civil society stakeholders.  I know of no other forum that brings together such a wide swath of multi‑stakeholders including governments and governmental organizations together in this important ‑‑ on this important issue.

Issues of capacity building have always been important, as Joanna said going back to the history of Tunis agenda and the IGF and certainly every IGF I participated in, capacity building was an issue.  And it's been gaining more with prominence with many groups.  Global multilateral, multi‑stakeholder alike, attempting to define solutions.

Capacity building around implementation of agreed norms of responsible state and non‑state behavior, for example, has been at the very top of the agenda of both the UN group of governmental experts, the new ones going on this year, and the new open‑ended Working Group and, indeed, I have attended many of the sessions of the open‑ended Working Group and I would say capacity building is a central theme raised by many, many countries and other stakeholders.  A foundational theme, I would say.  And we're very happy that many of those countries and the stakeholders mentions the GOC as well.

The UN Secretary General's high level panel on digital cooperation report also calls the recommendation for the establishment of digital help desk.  I think that's one suggestion that highlights the importance of capacity building to understand digital issues and steer cooperation related to social and economic impacts of digital technologies.  I would also remark that given the current COVID crisis and the dependence on digital technologies and the unfortunate attacks we see on those technologies from a wide range ever threat actors, that again highlights the importance for every country who may not have put capacity building or cybersecurity at the top of their list before that this is really an important issue.

The GFCE is not a platform, I should note for developing new norms.  That's the job of the UN, and some of the regional organizations that have been focusing on this.  But rather it's a practical action‑oriented and bottom‑up organization for the realization of the implementation of those initiatives including the norms and issues and raising awareness and getting more support for those initiatives.  It tries to play a complimentary role to share experience and knowledge with each other and with the wider community.

A core part of our efforts of the GFCE's efforts and functions is to act as a clearinghouse.  They need help and those entities whether they be countries or other entities who can help both fund and implement that help.

We're organized around five GFCE Working Groups.  Working Group A is on policy and strategy, and that includes both national strategies where a lot of work has been done, but also policy issues including, issues around diplomacies, norms, competency building and Working Group B, on infrastructure protection and Working Group C is on cybercrime or combatting cybercrime.  And Working Group D is cybersecurity and skills and Working Group E is cybersecurity standards.

In the early years, which wasn't that long ago, the GFCE focused on building a network of folks who can talk about these issues.  At the same time, members and partners collaborated with each other to establish cyber capacity building initiatives under the GFCE umbrella.  The GFCE had provided the foundation for the establishment of about 20 such initiatives so far, including on topics such as one, increasing resilience of Internet infrastructure, through promoting the adoption and the implementation of open standards, increasingly justified ‑‑ increase in justified trust in the operation and the use of the Internet.  Two, helping to improve the health of the global cyber ecosystem by providing reliable metrics, measurements and mitigation best practices to cybersecurity instant response teams or CSIRTs and providing a platform for memberships to share experiences, and lessons learned in cybersecurity mechanisms for responsible and coordinated vulnerability disclosure policies.

A fourth I would add is working to get ‑‑ to help countries around the world, particularly in the developing world have national strategies for cybersecurity which is an overarching foundational element.  All of these initiatives can be found on the GFCE website and although my talking points don't have the website written, it's www.theGFCE.org.  We have lots of material there.  Really if you are not familiar with, I really recommend you check it out.

The GFCE has been encompassing ‑‑ it has overall encompassing strategic objectives for the near future.  One the things we want to do is look ahead.  Over the coming year, this is ‑‑ I think inflection point is used too often.  But this is an inflection point for us and the global community.  One is to increase the visibility of the GFCE, promoting knowledge and expertise of GFCE members and partners and highlighting the impact of those projects and initiatives.  This is critically important.

I think all of us who play in this area, we think it's very important, and it is, but often we don't get the recognition among senior policymakers and senior government officials who don't play in cyber every day.  We have to raise this as a priority for all of them.  Two, are we looking to connect with other fora and cyberspace communities looking at what is being done by the GFCE with other important global and multilateral initiatives.

As I said in the outset of my remarks, many of those global initiatives, including some UN ones like the ITU and the UNODC also work with the GFCE itself but we are trying to connect to other initiatives especially new ones.  And then additionally we are trying to create regional and national focus and an impact of cyber capacity building activities working with regional partners and national governments to offer targeted consultations and projects around cybersecurity capacity building.  This includes regional organizations like OES, ASEAN and others, but it goes beyond that and where we have a number of exciting things we are looking to create the regional focus as well.

On the practical aspects, I will hand over to other speakers and they can go into more detail.  It's important to know that the GOC has been steadily building on its strengths.  In the last five years, this has been a continue building process.  It's trying to be more flexible, creating synergies between the GFCE and connecting other organizations and being more responsive to the community.  This is very much a community‑driven organization, where there's a lot of consultation and work with the community.

The synergies between the IGF and the GFCE are very clear.  They play an important role as a one‑stop shop for people to increase their knowledge and understanding on thematic issues of Internet Governance and cybersecurity respectively.  I would say the Internet Governance Forum as we all know has spent well beyond issues of internet governance to deal with issues such as cybersecurity, cybercrime and capacity building and that's very important.

In fact, the IGF goes further than simply acknowledging the role on cyber ‑‑ on capacity building around Internet governance but recognizes that people and institutions, including governments, from developing countries have particular need for such capacity building and capacity development.

The IGF has many strengths.  The IGF has a bright future, except in stakeholder communities and gender balance in IGF bodies and activities and a broad network of 114 and regional and youth IGFs.  I just participated last week in a talk for the youth IGF and the youth IGF is really important as well.  We are trying to make sure that we partner with that.

It's been addressing some of the issues with limited participation of certain stakeholder groups gaining traction from government and business representatives again especially from small and developing countries.  And I would say this is a challenge for all of us that too often you get people involved in one subject area and you need to have a range of folks, even in governments, the ministerial level, it's not just ICT ministers.  It's folks who do ‑‑ from interior ministries and foreign ministries.  We need to broaden that scope and the stakeholders as well.

So both of our organizations, IGF and GFCE can play and are playing an important role in their respective fields and there's, I think, a good synergistic overlap in those fields and more can be done to link these initiatives in ways to broaden the opportunities for the respective communities some of which are overlapping but some of which can, I think, we can use to recruit even new members.

And broaden, and to learn from others and develop the skills needed for the governance that is required to create inclusive and positive outcomes for all of us.

So I very much look forward to this session as I look forward to the rest of the IGF and I look forward to seeing people in person next year.  With that, let me turn it back over to Joanna.

>> JOANNA KULESZA: Thank you very much, Chris.  Our next question is Ms. Carolin Weisser Harris who is leader international operations at the Global Cybersecurity Capacity Center.  She's working on the Afghanistan Working Group A on cybersecurity policy and strategy.  One of the tools that the GFCE has been supporting and developing for cyber capacity building is the Cybil knowledge portal and that will be the gist of Carolin's presentation.

>> CAROLIN WEISSER HARRIS: Thank you very much.  Good evening.  I want to say that there's a bonfire night in UK right now, and it just started.  So if you hear shooting in the background or if I'm suddenly jump, there's some background noise.

Yeah, thank you very much, Joanna for the introduction.  I will immediately go into the presentation.  Elliot, I don't know if you can share the screen or I can share the screen.  You can share the screen.

Yes.  So I would like to present Cybil.  Cybil is the knowledge portal of the global forum cyber expertise community.  As Chris already outlined the GFCE is really this to provide support and provide a platform to coordinate, to bring ‑‑ to bring people together and support the capacity building activities.  And one way to enable this is to also, of course, have the access to the knowledge and the access to lessons learned to practical tools to analysis to experience on how do to effective and efficient cyber capacity project.  And for that reason, Cybil was developed by a group of stakeholders, GFCE partners, the GFCE that you see on the bottom of this slide.  The Australia strategic, and Diplo, and NIIP, the Norwegian institute for international affairs.

So the ‑‑ as you see, that was very much outlined by Chris is that it's really important to share information with stakeholders in a very timely and efficient manner.  That's Cybil has the Delhi Communique and tries to hit the targets of the Delhi communique, which you can see, one goes through the details, but you see like we really try to ‑‑ yeah, kind of put the agenda into action and providing this platform.  Next slide, please.

So this knowledge sharing platform, it's a publicly available website.  It provides easy access to knowledge with respect to best practices and cyber capacity building and I will show you what it looks like in the couple of next slides.  It's neutral and on its work.  Neutral and open means actors can provide input documents, tools, et cetera, and it goes through a process that by the GUC Working Groups but overall, everyone who is a member of the GFCE, but partner of GFCE, and non‑partner can submit to the portal.

The aim is to avoid duplication.  First, that it's not showing any information which has already been somewhere else and not duplicating any other kinds the platforms but at the same time, it's to help actors who plan and implement cyber capacity building activities that they can what is happening in the capacity building, what type of projects are happening around the world in a specific country, on a specific issue that they don't do the same or duplicate any kind of efforts.

And the platform is often curated by the global community.  There's not one actor who decides on content, but the global community curates the content on the Cybil portal.

It meets the needs the global community and we actively, proactively talk to the global community at different events and collect inputs, what they would like to have on the portal, what actual kind of content, and how is it prepared?  We have feedback loops at every step of development but also like in the ongoing management of it.

And hopefully that's the aim, to have more ‑‑ it fosters and ables a more effective use of resources among the GFCE community and fully beyond the GFCE community as the GFCE becomes more known and eventually we have the aim that there's a great harmonization between different actors.

Next slide, please.

Yes, so that's why Cybil.  You know, there are many portals out there and cybersecurity building is really long word.  And we had people who saw it differently and they looked at the wording and they saw cyber capacity building, if you look at some of the ‑‑ you look at the words it's a bit of creativity for Cybil and the Cybil where the female prophets associated with wisdom.  We hope the Cybil platform fulfills this promise as well.  It's a nice catchy word and making it easy and we are talking about civilization within the community and also it's very good to make the brand much more known.

So everyone can go to the platform, it's www.Cybilportal.org and you can Google it.

And you see that there are four areas, and this is basically how the platform is structured.  We have a project repository, where projects are collected.  We have almost 700 to put on Cybil.  When you plan a project in a country, you can go there and look which other project, and which other actors has acted there.  And there's also the other area 99 tools.  These are tooled provided by the GFCE community that helps these activities.

This can be guidelines to develop cyber capacity awareness ‑‑ cybersecurity awareness campaign.  This can be assessment tools to assess national cybersecurity past and this can be other frameworks, handbooks, et cetera, that help you in the implementation.

And there's also publications so most GFCE member partners are academic institutions or think tanks but there are also other organizations who draft reports, do analysis and these kind of publications, including lessons learned, can published in that section.

And there's a big database of actors.  So actors include GFCE members which can be governments, implementers, funders, civil society organizations.  And so we have a broad range of organizations involved in cyber capacity building activities.

And then last but not least, this category doesn't have any ‑‑ it doesn't have its own tile, but there's an events calendar on Cybil.  And if everyone can submit his or her events, conferences, fora and it can be shared with the community.

So I will go into detail what you can find and also explain, like, what the benefit is.  Next slide, please.

For instance, this is the publication section.  You can see on the left‑hand side there's a menu where you can fill it according to the GFCE themes.  Chris mentioned this already.  The themes are also covered by the Working Groups.  And then you see the different tiles, which you can sort according to what was added last, or the number of results per page.  You can also have these tiles, as you see or you can have it in lines and what is really good, yes, you can filter according to actor, according to what kind of publication, but you can also download a spreadsheet.

So if you plan any kind of research or you do some kind of analysis, or you just want to have like a ‑‑ a ‑‑ have them all in one document, you can download a spreadsheet for research for analysis purposes.

Next slide, please.

Then Cybil can help you to coordinate.  And so this is a project database.  The GFCE Secretariat who is now managing Cybil after it was managed by Oxford for a year gathers the information from members and beyond and whoever is using and goes on this project category, can look for and filter according to the countries, the beneficiaries, the funders, the partners involved in a project, the region and topic.  So it really helps you to identify like who is doing what, where, when and you can also get more information about the project.

So if you want ‑‑ if you would scroll down.  This will be a ‑‑ you will see the same tiles and then you can click on a specific project and the project can also include certain ‑‑ the ‑‑ a description of the project, including certain documents.  And we have detailed information about a project.  And it's also possible again on the publication category, you can download a spreadsheet and then filter and use it for your project planning or whatever you want to do, if you do analysis or research, you can easily download it and have access sheet.

And with the aim like ‑‑ for also like identify areas for coordination whether you really know who is doing who, what and where and someone is doing something similar in the country.

Next slide, please.

That's the next category.  That's the tools.  Again, attention to filter according to the themes of who developed it and what is the topic and then you can also ‑‑ yeah, you can ‑‑ you can see it as a tile.  Again, you can download the files, if you want to have it in one document and use it offline.  So that should help you to improve your activities and help better understand and make ‑‑ and what is best practice and how to ‑‑ how to implement and draft the project.  Next slide, please.

Yes, so that's ‑‑ in the case that ‑‑ that's something which is for those who also are new to the community.  One of the observations was that in organizations, but also new people join the GFCE community or the cybersecurity capacity building and they are not sure where to find the right information.  There's a nice little small, get to know Cybil with a little smart user guide and where you can find it on Cybil and how it can help you.

Yes, how to get involved and how to engage with Cybil.  Of course, use it.  Provide your input, share your events.  Give feedback, it's a very good resource and it's something that really helps to promote ‑‑ promote what you are doing, and promote what is happening out there.  And also the link to actors, link to other players in the area and, yeah, really meet the objectives of the Cybil portal and achieve the agenda of the cyber capacity building.

Next slide.  Oh, this is already to the end.  So one last ‑‑ one last slide where we have.  I see I put it also in the chat.

So if you want to ‑‑ if you are interested to get involved and to submit something, you can always connect ‑‑ you can reach out to the GFCE.  There's a contact form on Cybil on the top right and you can reach out.

You can also follow the GFCE on Twitter and look on the GFCE website, if you want to learn more about what the GFCE is doing.

But, we, of course, spread the word about Cybil.  Let us know if you have any project going on.  We would like to help to communicate your achievements over Cybil.

>> JOANNA KULESZA: Thank you very much.  I might be biased, but I find the cyber capacity building that the GFCE is providing, together with its partners most informative and very useful, as you emphasized.  There are different tools but there, but this one is very comprehensive.  I think it skillfully links the practical side of cybersecurity capacity building with the research side and this smoothly brings us to our next speaker who is Mr. Enrico Calandro, who is the codirector of C3 Southern Africa but equally important is also chairing the GFCE Research Committee.  A relatively new initiative within the GFCE that is focused on research, the type of research that will help us build cyber capacity in a more effective, and efficient way.

As Chris emphasized, the GFCE is unique.  It brings together the practitioners and the government and also the researchers and Enrico the floor is yours.  Please tell us more.

>> ERICO CALANDRO: Thank you very much, Joanna and I had, everyone.

Greetings from Cape Town.  That's where I am in the world.  I'm very happy to present these ‑‑ yeah, relatively new as Joanna said mechanism of the Global Forum On Cyber Expertise.

I'm saying relatively new, because it comes from some discussions that the GFCE and the community had during the annual general meeting in Singapore in 2018, when the GFCE community realized that the different Working Groups were actually identifying knowledge gaps in their activities on cyber capacity building.  So we came up with an idea to try to fill into these knowledge gaps.

And we recommended to recognize this new mechanism, called global cyber capacity building research agenda.  So why?  Why do we need such a new mechanism?  Because as I said the community and especially at the Working Groups level, identified that we need to do research and we need to fill the knowledge gaps in a way that then capacity building activities can really be informed and evidence based.

So the best way of doing that then was to identify these knowledge gaps in a bottom up approach.  So really, you know, letting them emerge from the activities of the Working Group and translate these research ideas emerging from the discussions and the activities across the different themes of the GFCE and policy questions in research questions.  Into research questions that can be really developed through research projects by searchers, by experts and by consultants.

So in July of this year, we launched a call for research committee members and we received a number of applications and we selected all of these colleagues that you can see in your screen.  They are experts from different fields.  So they are not only academic researchers but they are also representatives from government entities, and from think tanks and from civil society organizations and from the private sector.  So that really all the different kind of expertise and knowledge is represented in this research committee.  The research committee is also not the traditional kind of academic exercise when you have only qualified academic, but an excellent way of doing research is different from the traditional academic work.

The research of the GFCE is practical and applied research.  It really has to identify answers and solutions to the problems identified within the Working Groups and that's what we are trying now to develop.  So all Working Groups GFCE according to the different themes that Chris Painter have identified a number of knowledge gaps and research ideas and committee members.  And these research ideas have been translated into with research questions and it's more structured research project that can be implemented.

And now mid‑November, in a few ‑‑ in one week and a half time, these research questions will be prioritized by the GFCE community so that then the prioritized researched questions will become part of the global cyber capacity building research agenda, which will be presented in ‑‑ at the end of November during the Global Forum On Cyber Expertise.

In December, we will start with some piloting projects to test these two mechanisms and the GFCE will have four proposals that will be open to everybody.  So not only to the GFCE community but to anybody who has actually got the specific expertise that we are looking for.

The initial research projects will be implemented.  As I said with the aim, we are really providing practical and applied knowledge to the activities and the problems identified of the Working Group level.  I believe that's an interesting mechanism really to fill some of these knowledge gaps within the Working Groups all the activities of the Working Groups have so far been done on a voluntary basis.  That will still happen and continue.  But somehow there is a feeling of adding more qualified for their activities, and that's where we tried to fill in that kind of gap.  So I look forward really to working with this newly established mechanism with the GFCE community.  I'm very happy to present for the first time publicly this mechanism with the broader IGF community, where I grew up from.

Yes, I really look forward to engaging to build the knowledge that is needed for the cyber building capacity processes.  Thank you for your attention.

>> JOANNA KULESZA: Thank you very much, Enrico.  That is an interesting endeavor and we're looking forward to the research call and the research that comes out that initiative.  As we said, what the GFCE does.  It brings together expertise and research and those in need of both of those elements trying to implement new policies legally or regionally and this brings us to the next speaker who is Ms. Racky Seye Samb, who is the head of the office of ministry of digital economy and telecommunications in Senegal.  Senegal is a governmental member of the GFCE and what they have been doing is exactly using the capacity that the capacity to build their cybersecurity strategy and hopefully Racky can share where Senegal came involved in the GFCE and who has been done so far on the Senegal national cybersecurity strategy.

I hope you can use your mic well, Racky.

>> RACKY SEYE SAMB: Yes, thank you, Joanna.  Hello.  So firstly, I would like to thank GFCE to invite are us to share our activities done since we are member of GFCE.

So can I share my screen?

Okay.  So firstly, I would like to talk about the history.  So Senegal joined GFCE via our Ministry of Telecommunications and digital economy in 2015, during the international conference on cyberspace in the Hague.

So during this conference, Senegal, they created an initiative named an initiative between Senegal and the kingdom of the Netherlands.  So this is aimed to promote a safe and secure cyberspace, and also to establish in enabling environment for an open net, including digital trust for the population.

And finally, dialogue to share the best practices in awareness during the campaign on cybersecurity.

So what we did first was to do an exercise in order to a reference situation on sign err security in Senegal.  So we did it with the help of Oxford University and based on the cybersecurity capacity maturity model for the university which includes five dimensions on policy and strategy, culture and society, education and training and skills, legal and regulatory framework, and standards and business models and technologies.

So we did ‑‑ we organized a work shop with all stakeholders at the national level in Senegal, in order to establish this situation on cybersecurity in Senegal.  And the main recommendation issued from this document is to establish a national cybersecurity strategy, which we included in this national cybersecurity strategy.

So after this.  I note that this document is online and you can download it, the capacity.

So after that, we establish our national cybersecurity strategy in 2017.  We had help with it was the same process.  We organized workshops.  All stakeholders at the national level and we without our national cybersecurity document.  It was validated by the government at the end of 2017.  So the vat is based on the vision in 2022 in Senegal, and this is a trusted, secure and resilient for cyber space for all.

So we want to promote cybersecurity culture in Senegal.  The first one is to strengthen the resources in cybersecurity in all sectors and the last one is ‑‑ to be involved in regional and national work on cybersecurity and to enhance our international cooperation in cybersecurity.  So what we have done since the validation of the cybersecurity strategy.  So we have a new law on Internet communications and we are updating our laws on ICT.  So we have things for personal data protection.

In the side of cybersecurity culture, so we ‑‑ we implement our National Action Plan on child online protection.  So we organize a training ‑‑ a lot of training and workshops on this topic, are in order to have more students and children and users on cybersecurity.

So there are also a lot of initiatives necessity national level that are done by stakeholders in order to aware users, Internet users.  Like ISOC and other stakeholders from civil society.

So also we created a national cybersecurity school in 2019.  So this school will ‑‑ this school will provide some ‑‑ it will provide some ‑‑ it will provide trainings on cybercrime.  Information security ‑‑ information security and cybersecurity governance.  So for all stakeholders at the national level and also at the national level.

So about critical CAIP.  We have also established competency security response team for the government network with ADI and also the national public key infrastructure is going to be finalized.

So at the national level, we are members of ECOWAS and we benefit from their support.  So to enhance or put in place our cybersecurity projects and we are also a member of GLACY plus, and we take back to a lot of trainings that are provided by GLACY plus for law enforcement.  And also we are UN‑GGE, and we also participate to UN‑GGE meetings in order to enhance our international cybersecurity domain.  And we participated in all activities in the GFCE, and encourage also as the countries, the African countries to be member of GFCE to share their experiences and get more from them in order to enhance our experiences on cybersecurity.

So challenges are ‑‑ are in general to continue the ‑‑ the setting up of our projects, our project officer of national cybersecurity strategy and also to create national responsive team and national structure on national security on national level and promote investment in cybersecurity.  Also, to implement an program for all groups of users and to enhance our international cooperation and international cooperation in ‑‑ by being by implicating ourself more in projects with the African Union and ECOWAS.  So my English is not very, very good.

So that is ‑‑ that's the end of my presentation.  So thanks again to GFCE to allow us to share these activities with you, and if there are questions or contributions or ‑‑ I'm available.  Thank you very much.  And sorry for my English.

>> JOANNA KULESZA: Your English was perfect.  That was a very clear presentation.  On the one hand we can clearly see what are the challenges at hand and we can also see what ‑‑ the long way you guys have made sin the very beginning in building the national cybersecurity strategy and infrastructure.  The challenges you are facing seem common around the globe and it's interesting to see it represents specifically.  Thank you very much for this.

Before I give the floor to our next speaker, who I'm looking very much forward more regional perspective, as Chris emphasized Africa is the region where the GFCE has provided most extensively expertise thus far, but first, please allow me a brief housekeeping note.

We started ten minutes later and I would presume you might be willing to go ten minutes beyond the original time that was set up for us, that would be 20:30UTC for us to finish, 21:30UTC, giving us 15 more minutes.  I see we have two questions in the Q&A bod.  The time permitting, I will be happy to read those out and bring to our panelists to answer.

Please Moctar, take the time that was initially assigned to your intervention and allow me for a brief introduction, Mr. Moctar Yedaly is the head of Information Society division at the African Union commission and has already indicated we are very much looking toward to the insights between the African Union and the GFCE.

Mr. Yedaly, the floor is yours.

>> MOCTAR YEDALY: Thank you very much.  It is really hard to follow all of those good speakers.  But there is some part of Africa where we say last one is the most loved one.  It is bedtime here.  I'm very humbled to be here with you, so speak about first of all the capacity building and the cooperation between the African Union and the GFCE in terms of achieving the objectives set at ‑‑ during the political declaration of the GFCE 2015, and allowing us to become members of the GFCE.

As Chris mentioned at the beginning, the issue of cyber capacity building or cybersecurity is being talked about everywhere and in every corner and from different angles and specifically, the countries ‑‑ the development countries are actually really requesting and are in need of more capacity building to augment the threats in the cyberspace for them to use the ICTs to get into the 21st century and reshape the way they are developing themselves.  And most of them are in Africa.  So 55 countries ‑‑ 55 Member States.  African Union.  And 54 countries or actually all of them are in need of capacity building.

And most of them as you have seen with the example of Senegal are trying to adopt some digital transformation strategies to address the way they are actually conducting their development and their ‑‑ they are meeting their development goals.  The African Union being a member of the GFCE has really is that righted to do a lot of capacity building to achieve three main objectives.

One is having each member of the African Union having the national cyber strategy.  Second is to issue the regulations and within the framework of GFCE, we have started to do a lot of capacity billing and seminars and webinars here and there and most of those activities we have done through which we have actually trained more than 200 experts in Africa.  That's just a number.  We have haven't had the chance to evaluate the ill pact of that and how it has implemented us in the cyberspace.  So most ‑‑ one the biggest parts that we have worked with within the framework of this is the US State Department, through which we have trained people in different issues from the technical side, evidence.

One of the ‑‑ that really is coming, and I wanted to push that today, which is the project that we are now starting with the GFCE related to the capacity building with support of the GFCE Foundation.

They are aimed at building so better understand the cyber capacities and understanding cyber resilience.  This is a two‑year project that will be starting toon, hopefully next month and you see the GFCE with the Bill Gates foundation.  One is to grow a trusted community of cyber leaders and Senegal could be one of the countries that could be benefiting from that.

Identify relevant cyber capacity games at the national level and that is very important also not only to start ‑‑ if we had to go for monitoring evaluation from we are starting, and we will look at what is happening in Africa and what is the situation, and build what we call the so‑called online database on all projects and at the same time creating the online models and materials that will be building that knowledge for cybersecurity in Africa.

This is what I wanted to share with you quickly and I hope I haven't been too long because I don't want to stand between myself and the bed.

And then leave a few times for the Q&A.  Over to you.

>> JOANNA KULESZA: Thank you very much, sir.  Thank you for staying up for us.  That was most informative and I think it gives a very good framing for the work that has been done thus far.  So we have looked at the theory and you and Ms. Seye Samb have showed us.  Thank you very much for taking the time.

We have a few more minutes I would like us to look into the Q&A pod, with the permission of our panelists, I will read out the questions for those of our participants who might not have access to the Q&A pod and I would like our panels to think about potential answers.

The first question:  This has been an increase in capacity building initiatives among different stakeholders.  The main question is:  Are they effective?

How does the GFCE measure its capacity building initiatives?  Is there any metrics and indicators that you can share with us?  That would be the first question.  I might have an assumption, but I will leave it open for a moment.

And then the second question is, is the GFCE knowledge portal and model for the GFCE as recommended by the UN high level panel on digital cooperation.  Is the scope and coverage of that different?  So we have two questions, questions one on metrics and one on the link between the IGF and the work that has been done by the GFCE within the Cybil portal.

I'm curious if we have any takers for nose questions.  Chris, I see your hand is up.

>> CHRISTOPHER PAINTER: Yes, let me start with the metrics issue.

I mean, I should say one of the reasons that the GFCE was founded is something that I found when I was in government, that we didn't have good metrics or good coordination.  I used to stroke we were training the same two people, whatever countries you name, and five countries were training them and there has no follow through.  There's different kinds of metrics.  There's questions how effective is the activity that you are doing and there's follow through so you don't just train someone and go away and never see them again.  And there's a number of aspects.  So what the GFCE does is it tries to make sure that there's follow through and coordination.

We are working on issues about metrics and some other folks might want to talk about some of those things and there are good metrics and issues out there.  To give an example of the strategy and the policy group with respect to national strategies.  One the country has a national strategy, it has to implement that strategy and sometimes it has to revise that strategy and the idea is to have the GFCE continue to plug in and make sure that the matchmaker function delivers what was asked for, and that the country is getting what it needs and then the country can take the next step.  So this is not just a one‑off process.  This is very much a journey that we are trying to take together with the countries that are asking and there's cyber green and other things that have metrics that are part of it, and I'm happy to defer to others.

>> JOANNA KULESZA: I'm curious if Carolin has something to add.

>> MOCTAR YEDALY: Can I say something about the issue of metrics.  This is something that we face in Africa.

Indeed, there's a lot of initiatives, a lot of capacity building.  We have seen most of the people but we don't know where they are and what is the impact, what they have done and have they achieved anything?  That's actually very important for us at this point in time to start thinking just ‑‑ question ‑‑ not just go ‑‑ we said we have 500, okay, fine.  Where are they?  What are the impacts?  Have they been really working the ‑‑ in the space?  This is something probably we need to think of how to really develop strategy good metrics in order to make sure that the impact has been really measured properly.

And beyond that, we will go after that to see how we are going to place all of those people we will be training.

Be it online or be it physically or be it those who are using our portal, be it all the GFCE portals.  We do have some digital platform we have developed in which we have what we call the digital clinic, with all the documentations and people are able to counsel, but, again, what is the impact?  That is something we need to ‑‑ because we have to adjust ourself.  The crimes are evolving ‑‑ evolving every single day.  They are being developed and we need to adapt every time.  It's not a one‑time training.  It's continuous enhancement of ourself in order to face the challenges we are having.

Over to you.  Thank you.

>> JOANNA KULESZA: Thank you very much.  Carolin.

>> CAROLIN WEISSER HARRIS: Yes, I will take the question regarding the portal.  So I think ‑‑ I think what ‑‑ and as was actually the principles of Cybil, I think that's something which is actually really important for whatever type of platform that you build is that it is inclusive.  So it's really inclusive in a sense that it tries to be open and inclusive in terms of who can access the content, who can use the content, and who can provide content and make sure that it doesn't discriminate against any type of obstacles that the players have.

The other thing, it needs to be practical knowledge.  I think a platform only works when it's useful for the users.

It's not worse to step for something that is just there for the sake of having a platform and then it's not ‑‑ it doesn't fit what the users ‑‑ what the user needs.

I'm also saying, this I feel that Cybil, it's a learning process, and is it actually fulfilling its objectives but it's ongoing dialogue to make it very useful for those who just intend to be for.

And then the issue of openness, again, like accessible, open for ‑‑ and also yeah, accessible, open for different kind of stakeholders.  It also means that the content must be in different languages, for instance, which Cybil is not at the moment.  That's one the aims.

And I think the other thing is that issue of ownership.  I think when they provided the funding for this platform, it was developed by GFCE partners, but it was also very clear that it was driven by the community and was not something that came top down but it also came from the community.

In regard like what is really important, I think that's what other portals, platforms probably experienced.  There was ‑‑ there was a panel at the IGF in Mexico four years ago on different platforms and the big issue for all of them was they started and then after one or two years, the funding stopped.

So what is really important is that these platforms, they can be really good in the beginning.  They have brilliant content but then the funding runs out and then a lot of effort, resources and, like ‑‑ and they get lost.

So to do that, I say that's what is really important to really have a commitment by a funder who doesn't see like a short‑term project and must really invest in it and doesn't give up after a couple of years.  And I think that's where the GFCE has become very valuable because they have not funded Cybil and another portal transitions into Cybil and, of course, you need the commitment.

Data and commitment, the commitment by the community.  A lot of it is on Cybil and what Cybil is actually is, is also based on voluntary involvement by ‑‑ by GFCE partners but also the GFCE members who contribute the content.  They look at the content.  They say it's valuable ‑‑ like you should go on Cybil and we have the creation processes and, of course, you need resources.  You have need money to ‑‑ not only to build something like this, but to maintain it, and to improve it and to develop it.

So long story short, I think the first question should be what does a user want?  How does he want it?  What is the ‑‑ what is the USP of a platform, like how is it ‑‑ avoid duplication.  What do other platforms already provide?  What are the gaps and then really ensure to find ‑‑ make it such a compelling case that any organization can fund something like this makes a long year commitment and I think Cybil and I think the cyber capacity building community is very lucky to have some organization like the GFCE who has made this commitment to start this kind of platform.

And you hope that it's successful and it will be there for many, many years.

>> JOANNA KULESZA: Thank you.  I fully shared that sentiment.  I have the odd job today of keeping time.  As much as I am a fan of Cybil as much as you are, I need to give us a framing.  Enrico, one minute for your feedback.

>> ERICO CALANDRO: Yes, very quickly on the question on metrics, so you can measure the effectiveness of cyber capacity initiatives in a number of ways but the GFCE currently in the task force on strategy and assessment is actually trying to understand what are the different it wills available to measure cyber capacity maturity and there are a number of tools with a number of indicators and metrics that try to measure the maturity of countries from an policy development, legislation, up to, I think, you know structures to fight cybercrimes like CSIRT.  And this is the cyber readiness index, the Oxford cyber maturity model for countries and the E‑governance academy national cybersecurity index.  So they have a number of really granular indicators that are collected at the national level, across a number of countries longitudinally, you can see how they change their poster in terms of cyber maturity.  And the GFCE is good at coordinating.  Having Cybil portal which is matching the cyber capacity initiatives, you can see whether they have been effective when you go and have a look at the indicators on the cyber maturity of different countries across the different themes and identify at that point specific points of cyber capacity where our country is particularly week and you can do it based on our research and what have you observed.  That was very insightful.

>> JOANNA KULESZA: Thank you for enumerating.  We have an interesting is, maybe Cybil can be part of an interconnected global network.  It avoids the risk of duplication.  I think that's a handy recommendation.  Thank you for sharing that.  Thank you for inquiring about the PowerPoints.  We will make sure that they get to you.  Please feel free to reach out to me or my cochair or the team at the GFCE with Elliot and particular situation.

I need to be wrapping up.  So thank you very much.  Thank you to our wonderful panelists.  I hope that this was a teaser of ow comprehensive and at the same time how open the GFCE is.  There is a lot to be said but we just have one hour.  We need to wrap it up.  Thank you for joining it.

On behalf of the advisory board and my cochair who joined us here today, thank you very much for participating.  We are open to questions.  You can reach out to me.  I'm just a very friendly individual and you can reach out to me on any issue.  Or if you need to reach out to the contact email of the GFCE, I'm certain you will have comprehensive and useful information.

Thank you, everyone.  I really need to wrap this up.  Thank you for joining us.  And thank you to the wonderful panelists and enjoy the IGF.  Until we meet again.  Thank you.  This session is adjourned.

>> Thank you.

>> Thank you.

 

Contact Information

United Nations
Secretariat of the Internet Governance Forum (IGF)

Villa Le Bocage
Palais des Nations,
CH-1211 Geneva 10
Switzerland

igf [at] un [dot] org
+41 (0) 229 173 411