Part II: Synthesis of Contributions Received in Response to the BPF Cybersecurity Call for Contributions

1 Leave a comment on paragraph 1 0 Part II: Synthesis of contributions received[1] in response to the call for contributions[2]

2 Leave a comment on paragraph 2 0 Following a series of virtual meetings[3] and consultations via the BPF Cybersecurity mailing list[4], on 11 July 2016 the IGF Secretariat launched a public call for contributions on the IGF website inviting the IGF community to submit responses to the following questions:

  • 3 Leave a comment on paragraph 3 0
  • What are the typical roles and responsibilities of your/each of the stakeholder groups in making the Internet a secure and safe place for people to socialize and conduct business?
  • What are some of the typical communication mechanisms between stakeholder groups to discuss cyber security related concerns?
  • How can cybersecurity cooperation and collaboration be enhanced particularly in developing and least developed countries?
  • What are some common problem areas that stakeholders encounter when trying to enhance cooperation and collaboration?
  • What are some notable existing best practices and examples of successful collaboration and cooperation amongst stakeholders and specific actors that have helped improve cybersecurity?
  • What are some examples of best practices in ‘Cyber security Situational Awareness’ where different organizations have worked together, specifically with law enforcement agencies and other specialists?
  • What are other related or different topics that your organization would like this BPF to address moving forward, both in 2016 and beyond?

4 Leave a comment on paragraph 4 0 The following section compiles and synthesizes the contributions received by the community to these questions. Some contributions are summarized while others are included verbatim[5]. All contributions can be accessed and reviewed in their entirety on the IGF website here and via Annex I of this document.

  • 5 Leave a comment on paragraph 5 0
  • What are the typical roles and responsibilities of your/each of the stakeholder groups in making the Internet a secure and safe place for people to socialize and conduct business?

6 Leave a comment on paragraph 6 0 Contribution from the Freedom Online Coalition (FOC):

7 Leave a comment on paragraph 7 0 ‘The roles and responsibilities of stakeholders are evolving in making the Internet a secure and safe place for people to socialize and conduct business. It is clear that security is no longer just the purview of governments and that it is increasingly a multistakeholder imperative. With cybersecurity and cybercrime challenges increasing in frequency and complexity there is a need for all stakeholders to work together to address these in a manner that preserves human rights, particularly privacy and free expression.

8 Leave a comment on paragraph 8 0 The call for cybersecurity policies to be developed in a more open and inclusive manner with greater protections for human rights has been growing:

  • 9 Leave a comment on paragraph 9 1
  • The Seoul Framework[6] that resulted from the Seoul meeting of the London Process in 2013 states that it is “necessary to continue to work together towards ensuring a trusted, secure and sustainable environment in partnership with multiple stakeholders, including international organizations and the private sector.”
  • The 2014 NETMundial Multistakeholder Statement[7] noted, inter alia, that “initiatives to improve cybersecurity and address digital security threats should involve appropriate collaboration among governments, private sector, civil society, academia and technical community.”
  • And, the Chair’s statement[8] at the 2015 GCCS meeting in The Hague urged governments “to ensure that cyber policy at national, regional and international level is developed through multistakeholder approaches, including civil society, the technical community, businesses and governments across the globe.”

10 Leave a comment on paragraph 10 0 Despite the recognition that cyber issues should be dealt with involving all stakeholders, there are few fora in which cybersecurity related concerns can be discussed on a multistakeholder basis. Various issue specific meetings may be held on cybersecurity matters to which other stakeholders are involved, but the degree to which civil society are engaged and welcomed is minimal, particularly in cybersecurity policy and norm- setting processes. Much work remains to be done to realize and put into practice the increasing calls for multistakeholder approaches – now is the time for all stakeholders to work together to make this a reality.

11 Leave a comment on paragraph 11 0 The Freedom Online Coalition Working Group 1 on “An Internet Free and Secure” has undertaken the following mapping of cybersecurity spaces and processes which assesses the degree to which they are open or not to stakeholders:

12 Leave a comment on paragraph 12 0 https://www.freedomonlinecoalition.com/wp-content/uploads/2015/05/Mapping-Brochure-WEB-1.pdf

13 Leave a comment on paragraph 13 0 This mapping exercise clearly illustrated the degree to which cybersecurity processes and fora remain closed to stakeholders and particularly civil society.’

14 Leave a comment on paragraph 14 0 Contribution from Mr. Fotjon Kosta, Albania:

15 Leave a comment on paragraph 15 0 The contribution from Mr. Kosta highlighted the 2013 ‘Behavioural Code’ in Albania as an important agreement aimed at making the Internet a more secure and safe place. In this agreement all mobile companies, ISPs (Internet Service Providers) and the Ministry of Technology and Information officially committed to protect children from Internet risks. This code provided new services to raise Internet users’ security.

16 Leave a comment on paragraph 16 0 Contribution from Mr. Segun Olugbile, Nigeria:

17 Leave a comment on paragraph 17 0 The Nigerian ICT & Cybersecurity stakeholders’ forum provides local awareness for policy makers on cybersecurity and public Internet safety. The forum collaborates with heads of government agencies relevant to ICT development, telecommunication regulation and captains of industry in the ICT industry to build trust and entrench Internet user confidence on the use of the Internet as a tool and a platform.We engage the public on cybersecurity awareness through consistent participation in the Nigeria IGF and similar events such as the e-Nigeria Summit where we ensure regular discussions on a secure cyberspace, share emerging issues on Internet safety as well as provide relevant capacity building on Personal & Corporate Internet Safety Responsibility (PCISR).

18 Leave a comment on paragraph 18 0 We engage the use of social media apps most especially WhatsApp to create discussion forums where instant Internet security incidents and mitigation reports are distributed and shared among individual members of the forum in real time and in an upwardly mobile basis. This approach has helped de-escalate the spread of incidences and provides enhanced community awareness.We engage in local high level political discussions with senior public officers and political office holders within the executive and legislative arms of the government on possible policy and legislative intervention on cybersecurity. The group collaborates with key industry players and industry regulators on the development of technical codes of conduct for the Nigeria ISP and operators in the Internet Industry.’

19 Leave a comment on paragraph 19 0 Contribution from the Association for Progressive Communications (APC):

20 Leave a comment on paragraph 20 0 ‘Cybersecurity initiatives should be built on democratic, multistakeholder processes, ensuring the meaningful and accountable participation of all stakeholders, including governments, the private sector, civil society, the technical community, the academic community and users. The respective roles and responsibilities of stakeholders should not be set in stone, or defined definitively at one point in time. Rather they should be interpreted in a flexible manner with reference to the issue under discussion. From the 2014 NETmundial Multistakeholder Statement, “initiatives to improve cybersecurity and address digital security threats should involve appropriate collaboration among governments, private sector, civil society, academia and technical community.”[9]Furthermore, policy processes should actively seek out experts from all stakeholder groups that together comprise a wide range of contexts and experiences.

21 Leave a comment on paragraph 21 0 States are the duty bearers for human rights and security (including the right to personal security) in the international system. They have a positive obligation to provide a minimum standard of protection for the lives, integrity and personal security of individuals in their jurisdiction or under their effective control. States have obligations and duties under international law to respect, to protect and to fulfil human rights. The obligation to respect means that states must refrain from interfering with or curtailing the enjoyment of human rights. The obligation to protect requires states to protect individuals and groups against human rights abuses. The obligation to fulfil means that states must take positive action to facilitate the enjoyment of basic human rights.

22 Leave a comment on paragraph 22 0 These obligations extend to the digital environment, as the same rights people have offline must also be protected online.[10] Governments have committed to “address security concerns on the Internet in accordance with their international human rights obligations to ensure protection of freedom of expression, freedom of association, privacy and other human rights online, including through national democratic, transparent institutions, based on the rule of law, in a way that ensures freedom and security on the Internet so that it can continue to be a vibrant force that generates economic, social and cultural development.”[11]

23 Leave a comment on paragraph 23 0 The private sector must engage in multistakeholder policy spaces alongside civil society and governments and uphold their responsibility to respect human rights. As the UN Guiding Principles on Business and Human Rights[12] lay out, corporations have the responsibility to respect human rights, including by acting with due diligence to avoid infringing on human rights and addressing adverse impacts with which they are involved, and to provide victims access to effective remedy.[13] Not only should we expect the private sector to follow international law, but non-binding standards and protocol norms as well. Products of the private sector should respect human rights by design. Likewise, where the private sector conducts research and development, its standards and protocols should be rights-respecting by design; for example, user privacy should be considered as inherently valuable as efficiency.

24 Leave a comment on paragraph 24 0 There is a recognition that the technical community cannot work alone, which is why we have seen recent reports such as from David Kaye, UN Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression, supporting the implementation of encryption and anonymising tools as critical for human rights[14]. Kaye recommended that States, international organizations, corporations and civil society groups should systematically promote access to encryption and anonymity without discrimination and engage in a campaign to bring encryption by design and default to users around the world.’

25 Leave a comment on paragraph 25 0 Contribution from the Organization of American States (OAS) Cybersecurity Program:

26 Leave a comment on paragraph 26 0 ‘The Organization of American States (OAS) Cybersecurity Program’s efforts are geared toward three specific objectives:

  1. 27 Leave a comment on paragraph 27 0
  2. Increasing access to knowledge and information on cyber threats and risks;
  3. Enhancing the technical and policy capacity of governments and critical infrastructure operators to detect cyber threats, respond to cyber incidents, and combat both;
  4. Promoting more robust, effective and timely information-sharing, cooperation and coordination among cybersecurity stakeholders at the national, regional and international level.

28 Leave a comment on paragraph 28 0 The Program’s stakeholders include government entities, the private sector, academia, civil society and the general public from the OAS member states. Each stakeholder grouping participates in the cybersecurity supply chain at different stages, either as a supplier or an end-user as each has a role to play in keeping their activities secure. As it relates to our activities, each stakeholder grouping has made every effort to participate and contribute to workshops, reports and the develop process for national cybersecurity frameworks. Our workshops include different topics, ranging from critical infrastructure protection to cybersecurity and freedom of speech in the web, and the participation of experts and attendees with different backgrounds. Our reports are prepared based on a comprehensive understanding of cybersecurity with the contributions of stakeholders from different sectors. Our last report, “Cybersecurity: Are we ready in Latin America and the Caribbean?[15]” jointly prepared with the Inter-American Development Bank, is a good example of this collaborative work. Finally, the development of national cybersecurity strategies involves the participation of representatives from different stakeholders since its inception in order to build a common national view on cybersecurity.’

29 Leave a comment on paragraph 29 0 Contribution from the National Cyber Security Centre – Finland (NCSC-FI):

30 Leave a comment on paragraph 30 0 ‘First of all, we have roughly a dozen sectoral cooperative networks (energy, finance, vendors… + a few networks for different authorities). These networks cooperate on two levels. The first level is the daily information sharing via email lists, IRC and portals. The second, and more closed cooperative level, is the face-to-face meetings among selected peer organizations.

31 Leave a comment on paragraph 31 0 The face-to-face meetings bring technical personnel together in order to share information, best practices etc. on the level the cooperative group wants it to take place in. There are no “responsibilities” as such except active participation and information sharing on threats, current challenges, success stories etc.’

32 Leave a comment on paragraph 32 0 Contribution from Global Partners Digital (GPD):

33 Leave a comment on paragraph 33 0 ‘Evolving understandings of cybersecurity make efforts to ensure the Internet is a secure and safe place an important focus of policy that requires input from multiple stakeholders. Starting from a dominant technical perspective of cybersecurity and focusing on protecting information infrastructure, debates around cybersecurity have rapidly broadened, bringing in many issues from cybercrime to secure access policies to data ethics and human rights under its banner.

34 Leave a comment on paragraph 34 0 From its inception, the protection of the Internet was taken on mainly by governmental actors and the technical community. As the Internet has grown and become more a part of our economies and societies, more capacity – and indeed responsibility – for keeping the Internet secure has passed into the hands of private sector actors. This is because in many cases critical infrastructure is owned by businesses and public-private sector partnerships are considered essential to ensuring robust cybersecurity.

35 Leave a comment on paragraph 35 0 This has resulted in a situation whereby much of the policy and technical measures discussed in cybersecurity debates are defined primarily by private and state actors. While their involvement is vital, the dominance of these state and commercial perspectives has often put an emphasis on the protection of systems rather than the individual, and has led to cybersecurity policy approaches that often appear to pit security against human rights which can lead to curbs on fundamental rights. This might mean more restrictions on content and freedom of expression, more disproportionate measures like mass surveillance, and more measures to undermine anonymity in the interests of furthering security interests.

36 Leave a comment on paragraph 36 0 Much work by civil society and other non-state actors has shown that this is a false dichotomy. Cybersecurity and human rights in fact depend on each other. Security is not something enacted on something to mitigate risk and harm – security is a positive concept, importantly associated with a person’s freedom and capacity to act; without security the individual cannot fully exercise their rights. This rights-based perspective that above all focuses on people as the referent object of cybersecurity – rather than systems – is often missing from debates on cybersecurity policy.

37 Leave a comment on paragraph 37 0 With increasing challenges with regard to ensuring a safe and secure Internet, it is therefore vital for all stakeholders to work together to address these in a manner that preserves human rights. This imperative has already been recognised in the call for multistakeholder participation in many cybersecurity-related processes from the London process to Netmundial. But more work remains to be done to ensure the main policy making spaces are opened up to meaningfully incorporate multistakeholder input. Engagement with civil society is still minimal, and strikingly absent from most cybersecurity policy and norm-making processes.’

39 Leave a comment on paragraph 39 0 Contribution from the Forum of Incident Response and Security Teams (FIRST):

40 Leave a comment on paragraph 40 0 ‘The communications mechanisms used by CSIRT to interact with their constituency and peers are diverse. Most CSIRT communications involve notifying others of problems or vulnerabilities: asking others to disclose information about perpetrators is a role for law enforcement agencies. Law enforcement reduces the number of criminals: CSIRTs reduce the opportunities for committing crimes. Below we are referencing a small set of messages that are in use by the CSIRT community:

  • 41 Leave a comment on paragraph 41 0
  • Standardized protocols, such as the Network Abuse Reporting framework X-ARF are used by the community to report abuse originating from a particular network. Participants in the incident response community can develop X-ARF messages to flag a particular host as emanating malicious traffic, and send these reports for automated or semi-automated processing by the network owner;
  • Within the CSIRT community, several tools are in use to collect, assess and re-distribute information to the correct stakeholders. Examples include AbuseHelper, which allows automated processing of incident notifications, and the Malware Information Sharing Platform (MISP) which allows automated exchange of incident indicators.
  • E-mail is still a common method for reporting security incidents. A CSIRT may both receive messages from other network owners or data sources on events that originate or occur within its constituency (e.g. compromised web sites, phishing, or a malicious host scanning another network), or may send them (e.g. notifications of a phishing site that affected a constituent).

42 Leave a comment on paragraph 42 0 Confidentiality of information is typically important, especially when working with a stakeholder that is in the process of mitigating a security incident. Early knowledge of such an incident by either the adversary, or others could make an effective response more difficult. Within the community, standardized protocols such as Transport Layer Security (TLS) are most often used for automated tooling, and Pretty Good Privacy (PGP) is the de facto standard for e-mail communication.

43 Leave a comment on paragraph 43 0 As a community, automating information exchange where possible, and ensuring CSIRT’s ability to process information at an increasing pace is extremely important. CSIRT can often be resource constrained in terms of qualified analysts, and allowing them to focus on harder problems that require expert review is critical.

44 Leave a comment on paragraph 44 0 However, it is important to clarify that prior to any automated exchange taking place, it is crucial for stakeholders to set expectations around how the data will be used. Sharing indicators may not be helpful if they are not used correctly, or are used for different purposes than intended. While there are typically many technical means of addressing a security incident, it is most important that goals are aligned and expectations are clearly set.

45 Leave a comment on paragraph 45 0 Several members of the wider incident response community have built specific partnerships and programs to enable them to work effectively with other parties on similar problems. Examples of these are well described in Proactive detection of Network Security Incidents, published by the European Network and Information Security Agency.’

46 Leave a comment on paragraph 46 0 Mr. Fotjon Kosta, Albania:

47 Leave a comment on paragraph 47 0 The contribution from Mr. Kosta noted that ‘the Albanian Government has made multiple agreements and has implemented several mechanisms between stakeholders groups related cybersecurity including the establishment of the Albanian CIRT in 2011.’

48 Leave a comment on paragraph 48 0 Mr. Segun Olugbile, Nigeria:

49 Leave a comment on paragraph 49 0 ‘The Nigeria ‘’Stakeholders Roundtable on Cybersecurity’’ was created to foster communication on policy issues, cooperation, and understanding of common emerging Internet security incidences among local stakeholders.

50 Leave a comment on paragraph 50 0 APC:

51 Leave a comment on paragraph 51 0 ‘In 2015, the Freedom Online Coalition working group “An Internet Free and Secure” (FOC WG1) published a mapping of cybersecurity policy-making spaces. What they found was that nearly 40% of those fora were closed to or placed limits on civil society participation. The main problem of communication between stakeholder groups is that states close their processes for reasons ranging from domestic security to status quo policy making. The private sector’s cybersecurity practices are protected intellectual property. At best, fora like the Global Conference on Cyberspace invite civil society participation that is neutralised by a full schedule of presentations and panels, while bilateral meetings between states and the private sector are scheduled in parallel. Another example is committees or working groups that are multistakeholder but that only produce very high-level recommendations or agreements that are non-binding and demand no accountability from even the stakeholders who produced them.’

52 Leave a comment on paragraph 52 0 OAS:

53 Leave a comment on paragraph 53 0 ‘a. The OAS Cybersecurity Program has a twitter account which facilitates the easy transmittance of information and communication among the followers.

  1. 54 Leave a comment on paragraph 54 0
  2. The OAS Cybersecurity Program has a mailing list in which anyone can participate. This mailing list announces the Program’s next activities and recently published reports.
  3. The Program has also been developing a virtual hemispheric network of CSIRTs which seeks to facilitate real-time communication and information-sharing between CSIRTs in the Americas.
  4. In the development of National Cybersecurity Frameworks, the program facilitates multi-stakeholder roundtables and national workshops to discuss cybersecurity issues facing member states.
  5. The publication of cybersecurity reports that benefits from the input of all member states in providing accurate and current data on their national cybersecurity reality.
  6. The hosting of sub regional, regional and international cybersecurity crisis management exercises in collaboration with private sector and national and international government entities.’

56 Leave a comment on paragraph 56 0 APC:

57 Leave a comment on paragraph 57 0 ‘The role of the technical community includes, in some national and regional contexts, the establishment of Computer Emergency/Incident Response Teams (CE/IRTs) and Public Key Infrastructure in order to support resilient implementations of secure protocols and standards. At a minimum, we would like to see more emphasis placed on research of these types of institutions so as to strengthen them and model human rights-respecting best practice.

58 Leave a comment on paragraph 58 0 There is a need for more civil society involvement in cybersecurity debates in all countries, and in particular in developing countries. Furthermore and in parallel with increased participation, more opportunities for education and awareness raising among civil society groups on issues of cybersecurity should be supported.’

59 Leave a comment on paragraph 59 0 OAS:

60 Leave a comment on paragraph 60 0 ‘a. Engagement of political leadership is critical as this will ensure the continuation of cybersecurity initiatives and incorporation of cybersecurity concerns into cross cutting policy issues, such as economic development and national infrastructure expansion projects.

  1. 61 Leave a comment on paragraph 61 0
  2. Staging of Regional meetings geared towards networking and building networks on various levels (private sector, academia and government counterparts).
  3. Engagement with stakeholders from different sectors since the beginning of the formulation of cybersecurity policies through participatory and deliberative procedures (e.g., roundtables, online tools) in order to build trust and confidence and ensure the transparency and accountability of the entire process.’

62 Leave a comment on paragraph 62 0 GPD:

63 Leave a comment on paragraph 63 0 ‘The Global Partners Digital video series “How to Engage in Cyber Policy”[16] is one initiative to help bridge the gap – both in knowledge and also in terms of understanding different perspectives on cyber policy issues. The series is aimed at any actor who holds an interest in developing rights-based policy, regardless of stakeholder group, and aims to give a holistic understanding of cyber issues that see security issues and human rights as mutually reinforcing, resulting in more effective and empowering policy measures, globally.

64 Leave a comment on paragraph 64 0 For cybersecurity cooperation and collaboration to be enhanced globally – and particularly in global south countries – the first step is to create a level playing field in terms of knowledge, skills and capacity for engagement. This has been acknowledged through multiple capacity-building projects focusing largely on Internet policy and governance, but less so in the more specialized space of cyber security and human rights. It’s important to appreciate that cybersecurity and human rights capacity-building will require sustained engagement over time, building the skills, knowledge and overall capacity of human rights defenders and others to engage in an informed manner in dialogues, exchange of information and finally the development of solutions for cybersecurity challenges that are rights respecting by design. We believe that this video series makes an important contribution to this growing capacity building effort.’

65 Leave a comment on paragraph 65 0 NCSC-FI:

66 Leave a comment on paragraph 66 0 ‘-          It is very important to define the scope of the cooperation. We have tried to keep the cooperation as close to “real world” technical problems as possible. There has to be a clear and understandable value proposition. As a government authority we try for example to provide participants information they would not otherwise have.

67 Leave a comment on paragraph 67 0 –          Let the development of cooperation take time. It is important that different players first get to know each other. Before that no true cooperation can take place. This concerns especially the face-to-face meetings.

68 Leave a comment on paragraph 68 1 –          The cooperative bodies should have as much homogeneity as possible. This helps focusing the subjects.

69 Leave a comment on paragraph 69 0 –          Make sure everyone knows who are involved and why they are involved.

70 Leave a comment on paragraph 70 0 –          Make sure everyone knows what the cooperation is for; a “code of conduct” (who, why, how, when) should be drafted together with the participants. This also helps the participants to justify the participation within their own organizations.

71 Leave a comment on paragraph 71 0 –          Make sure that the people who participate in the cooperation are empowered enough and informed within their organizations.

72 Leave a comment on paragraph 72 0 –          Also, try to identify at least a few active persons representing the industry beforehand. Contact them and ask them to take active role especially in the beginning in order to break the ice and get things going.

73 Leave a comment on paragraph 73 0 –          When putting face-to-face meetings in place, try to find someone from the industry to act as the chair for the group.

74 Leave a comment on paragraph 74 0 –          Make sure you have Traffic Light Protocol or other formal rules concerning the level of confidentiality and dissemination of information in place.

75 Leave a comment on paragraph 75 0 –          Keep the number of participants as small as possible. This helps building the trust among participants.

76 Leave a comment on paragraph 76 0 –          If you are a public sector organization, take active role in the beginning. Usually in the beginning it is more useful to start with a top down approach. It is possible to move later into a model where the industry members take more active role.

77 Leave a comment on paragraph 77 0 –          Conduct a “customer satisfaction” survey regularly, preferably once a year.’

79 Leave a comment on paragraph 79 0 From Fotjon Kosta, Govt. of Albania:

80 Leave a comment on paragraph 80 0 ‘The most common problems areas are: lack of legal framework, lack of financial resources and human resources, social and political issues and lack of capacity building.’

81 Leave a comment on paragraph 81 0 APC:

82 Leave a comment on paragraph 82 0 ‘Overwhelmingly, fora’s for cooperation and collaboration on cybersecurity issues are closed to civil society. Civil society is often unable to find the venues to engage, while states and the private sector do not look to spaces like the IGF, where there is robust civil society participation, to address cybersecurity concerns. When opportunities are opened, the general lack of transparency and familiarity with processes and actors makes it difficult to engage meaningfully. Spaces where civil society is invited to participate prepare no binding or accountability mechanisms.

83 Leave a comment on paragraph 83 0 The dominant narratives around cybersecurity are a significant barrier. Governments from across the political spectrum insist on pitting security and human rights against one another, when in fact the trade-off of some “security measures” (like building in backdoors) is actually security versus security. Many governments assert that security is good enough even if the right to privacy and the security of individuals are not fulfilled, and thus sacrifice human rights for the sake of this top-down notion of “security”. The ubiquity of the framing that security and privacy are incompatible means that civil society engagement is focused on upsetting this ideology rather than bringing concrete policy recommendations for rights-respecting cybersecurity.’

84 Leave a comment on paragraph 84 0 FIRST:

85 Leave a comment on paragraph 85 0 ‘For CSIRTs to effectively work with each other, or other peers within the community, trust is a crucial requirement. Trust is typically not established through legal agreements, but through a history of working with each other. This work contributes to building trust in at least two ways:

  • 86 Leave a comment on paragraph 86 0
  • It ensures both organizations have an accurate understanding of the actions the other organization will take. For instance, when indicators of a security incident are provided, a CSIRT can trust the information will be used to remediate the source of the incident, rather than purely for investigative or intelligence purposes, which may not assist the CSIRT in mitigating the incident.
  • It ensures organizations have an understanding of the effectiveness and capability of the other CSIRT. If multiple reports have not led to successful remediation, or led to action which was counterproductive (for instance simply taking down malicious content, which continues to reappear, rather than addressing the issue comprehensively), a CSIRT may be less inclined to share information in the future. At the very least, it will need to check that both parties have a common understanding of the incident response services being offered and provided.

87 Leave a comment on paragraph 87 0 Maturity and trust help avoid these misunderstandings. Problems can often arise when there is no CSIRT present, but the incident response role is performed on an ad-hoc basis. For instance, in the product security world, organizations may react defensively, or even threaten legal action, when a security vulnerability is reported, rather than implementing and executing on known vulnerability coordination steps, such as defined by ISO 29147:2014. Building incident response maturity helps address and prevent these issues.

88 Leave a comment on paragraph 88 0 In our experience, developing trust is easiest when the objectives of both organizations align. When both organizations have as goal to remediate the incident and restore operations, they both see value in the information exchange. Trust does not develop when one or both organizations are perceived as having a different goal, an issue which sometimes appears when a CSIRT is established within a law enforcement or intelligence agency.’

89 Leave a comment on paragraph 89 0 NCSC-FI:

90 Leave a comment on paragraph 90 0 ‘-    Not knowing the right level of abstraction and technical details in which to have the discussions.

91 Leave a comment on paragraph 91 0 –     Among very competitive areas, the participants may be hesitant to provide information. Legislation may even prohibit sharing of some security information between companies if it distorts competition.’

  • 92 Leave a comment on paragraph 92 0
  • What are some notable existing best practices and examples of successful collaboration and cooperation amongst stakeholders and specific actors that have helped improve cybersecurity?

93 Leave a comment on paragraph 93 0 2014-2015 IGF Best Practice Forum on the Regulation and Mitigation of Unsolicited Communication:

94 Leave a comment on paragraph 94 0 ‘This 2014-2015 IGF BPF on the Regulation and Mitigation of Unsolicited Communication received several case studies, including visionary views, academic research, successful solutions, and public-private and private-private partnerships. These case studies can be learned from and where appropriate replicated or adapted. They are contained in the annexes to the BPF’s report. The case studies demonstrate that a shared idea, need or vision can lead to cooperation and solutions that make the Internet safer.’                                           

95 Leave a comment on paragraph 95 0 Contribution from the Information Technology – Information Sharing and Analysis Center (IT-ISAC):

96 Leave a comment on paragraph 96 0 ‘The concept of ISACs was introduced in the United States in Presidential Decision Directive-63 (PDD-63), signed May 22, 1998. While initially focused on the United States, the ISAC concept has spread globally, and many U.S. based ISACs now accept membership from companies outside the United States and operate globally. 21 ISACs coordinate and collaborate through the National Council of ISACs (www.isaccouncil.org).

97 Leave a comment on paragraph 97 0 ISACs are trusted entities established by critical infrastructure owners and operators to foster information sharing and best practices about physical and cyber threats and mitigation among security teams. Typically non-profit organizations, ISACs reach deep into their sectors, communicating critical information far and wide and maintaining sector-wide situational awareness.

98 Leave a comment on paragraph 98 0 ISACs have demonstrated success in providing operational services – such as risk mitigation, incident response, and information sharing – that help security and response teams protect critical infrastructures.

99 Leave a comment on paragraph 99 0 Preparedness & Operational Considerations

  1. 100 Leave a comment on paragraph 100 0
  2. Incident Response. A key service of an ISAC is to provide critical infrastructure sectors with actionable intelligence leaders need to make informed decisions that enable incident response teams to more quickly identify and respond to incidents.  Whether through information sharing portals, collaborative lists, or other arrangements, ISACs can harness industry specific analysis to contextualize member-provided, open-source, for-cost services and public-sector-provided threat news. ISACs can help incident response teams develop a sound understanding of the threat environment and the communities’ relevant risks, providing a trusted community that enables teams to discuss how to manage their organizational risks and concerns.
  3. Training. ISACs can provide your security teams with access to training and discussions with peers that cover contemporary, pressing topics to the industry at large. This sort of community exchange, using resources from across a wide spectrum of disciplines and making it applicable and collaborative for a specific community, is only possible through an ISAC or similar organization capable of taking a sector-wide / community-wide view of the threat environment, being able to understand and process the relevant risks, and helping community members identify their greatest concerns.
  4. Exercise. Many ISACs have participated in a variety of exercises with their members and with partners. From high-level exercise events validating the information sharing and collaborative processes between ISACs and partners to sector-specific drills exercising intra-ISAC processes and procedures to ensure readiness to respond to major threats and events, ISACs help members develop and test their ability to react to the dynamic threat environment. Some ISACs can also provide resources or contacts to help members conduct their own exercises ensuring robust preparedness across sectors.
  5. Operations. Many incident response teams formally integrate ISAC membership into their Concept of Operations and other operating policies. These help to operationalize and institutionalize the relationship between the ISAC teams the member incident response teams.  Setting policies on integrating with ISACs also enables incident response teams to understand and share information that is relevant to other ISAC members.

101 Leave a comment on paragraph 101 0 Information Sharing and Analysis Centers (ISACs) help incident responders from critical infrastructure owners and operators protect their facilities, personnel and customers from cyber and physical security threats and other hazards. ISACs collect, analyze and disseminate actionable threat information to their members and provide members with tools to mitigate risks and enhance resiliency.’

Contribution from the Computer Incident Response Center Luxembourg (CIRCL)

‘CIRCL (Computer Incident Response Center Luxembourg) is a government-driven initiative designed to gather, review and respond to computer security threats and incidents. It’s the CERT for the private sector, communes and non-governmental entities in Luxembourg.

102 Leave a comment on paragraph 102 0 CIRCL is operated by SECURITYMADEIN.LU, which has even broader missions in the area of cybersecurity, from awareness raising, both via national campaigns as well as by dedicated sessions with specific target audiences (children, youth, elderly people, etc.) (e.g. https://silversurfer.lu/); via organisational  security through the federation of risk management methodologies and other information security governance tools (e.g. MONARC –  https://www.cases.lu/index-quick.php?dims_op=doc_file_download&docfile_md5id=56ee6ff569a40a5b52bed0e526a6a77f); up to fostering the cybersecurity ecosystem in Luxembourg, mainly by promoting information sharing, collaboration and co-operation among stakeholders (e.g. https://securitymadein.lu/cybersecurity-breakfast/).

103 Leave a comment on paragraph 103 0 The setup of SECURITYMADEIN.LU, 6 years ago, with its threefold mission, covering behavioural, organisational and technical aspects of cybersecurity, has become the de facto centre of excellence in this area for Luxembourg. Communication-wise, the different stakeholders are addressed in a regular fashion, via press and media coverage (e.g. http://www.itnation.lu/62000-cyberattaques-au-luxembourg/), awareness campaigns (e.g. https://www.bee-secure.lu/fr/outils/campagnes/clever-cloud-user), conferences (e.g. https://2016.hack.lu/) and training (e.g. https://circl.lu/services/misp-training-materials/).

104 Leave a comment on paragraph 104 0 Over 4 years of experience in malware and threat sharing, via MISP (https://circl.lu/services/misp-malware-information-sharing-platform/) shows that cooperation and collaboration is key in cybersecurity, not only to avoid duplicate work and analysis, but also in respect to less mature entities, being able to profit from the experience and expertise of others and as such develop faster thereafter. MISP brings together specialists from different areas, like malware reversers, security analysts, intelligence analysts, law enforcement, risk managers and banking fraud analysts. Legal restrictions, like law enforcement frameworks, but also practical issues, high risk of information leakage, a “nothing- to-share” mentality or alike are difficulties that we encountered.

105 Leave a comment on paragraph 105 0 Nonetheless SECURITYMADEIN.LU continues its investment, development and promotion of MISP as well as MONARC; because we believe in the “sharing is caring” principle and especially focus on bringing together specialists with different competences and knowledge.

106 Leave a comment on paragraph 106 0 A nice example is the “committee C”, as we call it, which is a regular meeting of the local CERT community, law enforcement, attorneys and judges as well as intelligence people to exchange on relevant information and co-operate on common cases.

107 Leave a comment on paragraph 107 0 At the level of organisational Cybersecurity, risk management has become the main driver, not only because the European legislator has seen its usefulness and integrated aspects of risk-based approaches in recent directives (e.g. NIS directive) and regulations (e.g. GDPR), but also businesses need to get better knowledge and grasp on their risks. MONARC builds on this and especially focuses on providing a solution to empower SMEs with efficient tools and access to the expertise needed, by reducing the time for a risk analysis by up to 80%. These figures were achieved in the area of local government and municipalities in Luxembourg, due to extreme overlapping needs and procedures. Currently other sectors are being addressed with this same mutualisation scheme to achieve similar efficiency.

108 Leave a comment on paragraph 108 0 Tools, platforms and other technological “helpers” are often modelling how people and organisations work together. Especially in cybersecurity, tools are critical to conduct incident response, make information sharing easy and enhance proactive notification. All these tasks involve huge volumes of data and can only be efficient with performing and adequate tools. When designed and operated by the “user community” itself, tools tend to better support the work of the community and especially security-wise do a proper job.

109 Leave a comment on paragraph 109 0 Our two main platforms, MISP and MONARC, needed improvements in many different areas and by reducing the development cycle, the communities could benefit from their feedback in a timely fashion. Tools, if heavily used and appreciated by the communities, can even influence the legal framework or highlight current limitations of a specific regulation.

110 Leave a comment on paragraph 110 0 Something else that we have seen in our past experiences is the importance in the distribution of the tools. Only those that are widely available and not restricted by complex confidentiality agreements, have succeeded and got high acceptance of their user communities.

111 Leave a comment on paragraph 111 0 Beyond these considerations, guidelines to build a “culture of security” for economic and social prosperity are depicted nicely in the 2002 and 2015 OECD documents on security (please find them attached for your convenience). They are both still valid and give great insight for large-scale or national cybersecurity strategies.’

112 Leave a comment on paragraph 112 0 Contribution from Together Against Cybercrime (TaC)[17]:

113 Leave a comment on paragraph 113 1 ‘TaC – Together against Cybercrime International is a non-profit making civil society anti-cybercrime organisation established in France and working at local, national, European and international levels. TaC International works in the field of cybercrime/cybersecurity and child online protection and advises different entities on cybersecurity strategies. TaC is also actively involved in Internet governance issues by stimulating discussion on the use of information and communication technologies (ICTs) by vulnerable people and initiating debate in the format of youth and teenager dialogue.’

114 Leave a comment on paragraph 114 0 GPD:

115 Leave a comment on paragraph 115 1 ‘Cybersecurity policies, laws, and strategies can have serious implications for human rights, and the need for a strong human rights voice in cyber policy making processes and debates has thus become crucial. However, all too often, the spaces they are made in can seem closed and inaccessible to many actors, especially civil society. This results in important decisions on cyber policy being taken by a narrow range of security actors, behind closed doors and without the crucial scrutiny, insight and expertise that human rights defenders can provide.

116 Leave a comment on paragraph 116 0  

117 Leave a comment on paragraph 117 0 Earlier this year, Global Partners Digital launched a new global cyber capacity building programme, which aims to help human rights defenders develop the tools, skills and knowledge they need to engage effectively in cyber policy debates.

118 Leave a comment on paragraph 118 0 One core element of the programme is the online series ‘How to engage in cyber policy: tools for human rights defenders’.

119 Leave a comment on paragraph 119 0 A key focus of this series has been on the relationship between cybersecurity and human rights. “Cybersecurity” has become a catchphrase in a whole range of discussions dealing with different aspects of cyber policies, often pitting security against human rights. Gaining the basic knowledge and resources needed to engage in these debates can be challenging.

120 Leave a comment on paragraph 120 0 The series aims to provide a starting point for human rights defenders all over the world to kick-start debates on cyber policies that support and promote human rights and security in a balanced manner.

121 Leave a comment on paragraph 121 0 The video series was developed in collaboration with an Advisory Board, and in consultation with cyber policy experts worldwide, who helped identify pressing issues in the target regions and shape the curriculum.

122 Leave a comment on paragraph 122 0 The series is structured around five modules: the first four each focus on a different aspect of cyber policy – human rights, cybersecurity, regulatory frameworks and cyber capacity building – with a final regional module highlighting how these apply in Africa, Asia and Latin America.

123 Leave a comment on paragraph 123 0 Each video was developed collaboratively with cyber policy experts from around the world, and takes participants through a key cyber issue or concept — explaining how it relates to human rights, who the key actors are, and how and where to engage. Each module is also accompanied by a live Q&A session, giving participants the chance to discuss the issues with field experts from around the world. (Watch the recording of the Q&A sessions for the modules on Human rights and Cybersecurity.)

124 Leave a comment on paragraph 124 0 The videos were designed as a long term, sustainable and lasting resource to be used in the future. Although the videos feature case studies that might become outdated, the concepts outlined form the core of crucial debates on cybersecurity policy – particularly the importance of multistakeholder engagement in defining cybersecurity and the threats perceived under its banner, and the importance of human rights as a crucial underpinning of all debates surrounding cyber policy. They can be watched individually or as a whole, giving people flexibility to choose what topics they watch individually or as a whole, giving people flexibility to choose what topics they would like to focus on and in which order.

125 Leave a comment on paragraph 125 0 The series was designed as a public resource, open to everyone interested. All videos are licensed under Creative Commons so people are free to share them. They have already been used as a resource in other training programmes, like the Middle East and Adjoining Countries School of Internet Governance (see https://twitter.com/SMEX/status/763655273911312384 ; https://twitter.com/SMEX/status/763652370224058368 )

126 Leave a comment on paragraph 126 0 The videos have English subtitles, which make them easier to understand for non-native speakers, and are currently being translated into more languages to reach broader communities. This is being done on a voluntary basis by organisations and individuals who wish to use the videos as a learning resource – illustrating how much demand there is for videos like these to fill gaps in knowledge among civil society actors.’

127 Leave a comment on paragraph 127 0 OAS:

128 Leave a comment on paragraph 128 0 ‘Exchange of best practices and ideas during regional workshops. These regional workshops provide a unique opportunity for stakeholders from Latin America and the Caribbean to discuss their problems, to share lessons and cybersecurity capacity, as well as to build a common understanding of cybersecurity.’

129 Leave a comment on paragraph 129 0 FOC:

130 Leave a comment on paragraph 130 0 ‘The Freedom Online Coalition Working Group 1 – “An Internet Free and Secure” (FOC WG1) is a notable and highly functioning example of multistakeholder collaboration on cybersecurity. The purpose of FOC WG1 has been to bring a human rights framing to ongoing cybersecurity debates. It aims to develop, through multistakeholder dialogue, meaningful outputs that feed into existing cybersecurity processes and the creation of new, more effective, human rights enhancing cybersecurity policy.

131 Leave a comment on paragraph 131 0 The Working Group’s purpose, composition and blog series can be found here:

132 Leave a comment on paragraph 132 0 https://www.freedomonlinecoalition.com/how-we-work/working-groups/working-%20group-1/

133 Leave a comment on paragraph 133 0 The WG was created as a multistakeholder exercise by design, noting UNGA Resolution 57/239 on the creation of a global culture of cybersecurity and in particular the Annex on          Elements for creating a global culture of cybersecurity notes the importance of stakeholders working together. FOC-WG 1 can serve as a model for successful multistakeholder collaboration on cybersecurity between the private sector, civil society and governments. The work involved Internet policy, cybersecurity and governance experts from across stakeholder groupings, was driven by collaborative and open dialogue and resulted in multiple significant outputs. Notably, the WG has developed the following definition of cybersecurity focussed on information and individual security:

134 Leave a comment on paragraph 134 0 https://www.freedomonlinecoalition.com/how-we-work/working-groups/working-%20group-1/blog8/

135 Leave a comment on paragraph 135 0 In order to advance the normative debate on cybersecurity, the WG developed a set of recommendations that promote greater stakeholder-driven and human rights respecting approaches to cybersecurity. These recommendations were developed with the aim to provide guidance to all stakeholders involved in cybersecurity matters, and in particular those involved in developing and implementing cybersecurity policies and frameworks. They are designed to encourage stakeholders to incorporate the protection and promotion of human rights in all matters related to cybersecurity and to ensure that cybersecurity policy is rights-respecting by design.

136 Leave a comment on paragraph 136 0 And, as a step towards facilitating greater stakeholder engagement in cybersecurity debates, the working group conducted a mapping exercise to identify main global spaces where cybersecurity is being discussed. The main objective of this exercise was to raise awareness among the broader community. The final output of the exercise was a visual timeline of relevant global spaces where cybersecurity debates are taking place:

137 Leave a comment on paragraph 137 0 https://www.freedomonlinecoalition.com/wp-content/uploads/2015/05/Mapping-Brochure-WEB-1.pdf

138 Leave a comment on paragraph 138 0 In the public debate about how to provide security in the digital context, the dominant narrative has become increasingly entrenched pitting privacy and other human rights against public safety and national security. In practice, though, threats to privacy and other human rights can also harm public safety and security. This binary framing is therefore damaging to both sides of the equation, and creates antagonisms where mutual reinforcement is possible. Framing privacy and other human rights as antithetical to public safety and national security is not only misleading, but undermines public safety and security, as well as freedom. Raising the profile of human rights protections in existing cybersecurity policy-making is necessary to offset this trend.

139 Leave a comment on paragraph 139 0 These recommendations are a first step towards ensuring that cybersecurity policies and practices are based upon and fully consistent with human rights – that cyber security policies are rights respecting by design.

140 Leave a comment on paragraph 140 0 These recommendations were shared with the community in a successful workshop at the IGF in Brazil in 2015, the report for which can be found here:   https://www.intgovforum.org/cms/wks2015/index.php/proposal/view_public/18

141 Leave a comment on paragraph 141 0 The recommendations were also the subject of a session at RightsCon in March of 2016, the video for which can be found here:

142 Leave a comment on paragraph 142 0 https://www.youtube.com/watch?v=3IhlNEdpOks&index=10&list=PLprTandRM961m3pH%20sOlfij8wd9C_PHgqm

143 Leave a comment on paragraph 143 0 The final version of the recommendations will be presented at the 2016 annual meeting of the FOC meeting in Costa Rica October 16th and 17th.’

144 Leave a comment on paragraph 144 0 Mr. Segun Olugbile, Nigeria:

145 Leave a comment on paragraph 145 0 ‘An Interagency network for collaboration has worked well for Nigeria. It involves policy synergy, cooperation, and collaboration among all government agencies thus evolving into a single point of contact and response on National Cybersecurity. The outcome produces a single corridor approach to engaging other non-government entities on partnership.

146 Leave a comment on paragraph 146 0 A Cybersecurity Nigeria mechanism spurred a cohesive approach on principles of engaging the whole of country’s stakeholders. It provides a mechanism for building trust, engaging and uniting all stakeholders on common national cyber issues, through negotiation and understanding. This approach worked well during the development of the Nigeria Cybersecurity Policy and Strategy 2013-2015.’

147 Leave a comment on paragraph 147 0 APC:

148 Leave a comment on paragraph 148 0 ‘The previously mentioned FOC WG1 is an example of best practice of multistakeholder collaboration on cybersecurity through its project on policy recommendations for human rights-respecting cybersecurity. Through multistakeholder dialogue, the working group developed a short document that can easily be used to evaluate existing cybersecurity processes as well as aid in the creation of new, more effective, human rights-enhancing cybersecurity policy[18].

149 Leave a comment on paragraph 149 0 Another example of a best practice is the Human Rights Protocol Considerations[19], one of 10 chartered research groups of the Internet Research Task Force, which is investigating whether standards and protocols can enable, strengthen or threaten human rights, as defined in the Universal Declaration of Human Rights and the International Covenant on Civil and Political Rights. This unprecedented cross-sector work is building alignment between technologists and human rights advocates. Their outputs range from popular education tools about human rights and Internet standards to building awareness in various events of both the political and technical challenges to privacy.’

150 Leave a comment on paragraph 150 0 FIRST:

151 Leave a comment on paragraph 151 0 ‘Methods of enhancing cooperation and collaboration:

152 Leave a comment on paragraph 152 0 FIRST sees three high level areas of work ahead in ensuring CSIRT can cooperate more effectively both within their community, and beyond:

  • 153 Leave a comment on paragraph 153 0
  • Responding CSIRTs must be able to contact the partners they need to mitigate an attack. By themselves, CSIRTs, especially when they coordinate for more than a single constituent, do not always control computers and networks involved;
  • When working with another team on an incident, both organizations must speak the same operational language and have accurate expectations on the use of the information provided.
  • The community has the tools and techniques to enable automated information sharing. Analysts can focus on leveraging the information to truly understand the ramifications of the incident and make the right choices to reduce risk while mitigating the attack.

154 Leave a comment on paragraph 154 0 FIRST has invested in expanding the options of CSIRT when reaching out within their community. As an example, FIRST has initiated the Fellowship program, to allow new CSIRT with less financial capability to successfully join the community. In addition, FIRST has historically organized training, both developed by its partners and by itself, to ensure CSIRTs have a similar understanding of the issues at hand.

155 Leave a comment on paragraph 155 0 Finally, FIRST has convened its community to determine and publish a “CSIRT Services Framework” in the six official UN languages, which introduces a common understanding of the individual services offered by CSIRT teams.

156 Leave a comment on paragraph 156 0 Within its community, FIRST members have launched a number of working groups to standardize information exchange, focused on Vulnerability Coordination, the Traffic Light Protocol, and an Information Exchange Policy (IEP). FIRST also maintains the Common Vulnerability Scoring System (CVSS), which allows organizations to uniformly describe the impact of software vulnerabilities. While FIRST does not develop tooling for automated information exchange, our members leverage these standards in the development of their own tools.

157 Leave a comment on paragraph 157 0 There is an opportunity for the implementation of a similar approach between CSIRT and other stakeholders in the cyber security space. For instance, there are opportunities to train leaders in the Internet community who may not be security experts, on the issues and role of incident response teams, or how to best benefit from their work. In recent years, FIRST has contributed to the Internet Governance Forum and other governance efforts to create more awareness of the CSIRT community, its role and services. Other parties have also published guidance on the CSIRT community focused on other stakeholder groups, such as the Global Public Policy Institute and New America Foundation. Focused CSIRT assisting very specific groups, such as Access Now, have also exposed incident response capability to previously unserved audiences.

158 Leave a comment on paragraph 158 0 Identifying the right partner for cooperation:

159 Leave a comment on paragraph 159 0 Within our community, FIRST has long maintained its member database, a public resource for individuals to find a CSIRT and the constituency they are authoritative for. In 2015, FIRST opened up this data set through a well-structured Application Programming Interface. Network operators can leverage this tool to, in an automated manner, establish who to report a security incident to. FIRST is actively working with peer organizations in the community to extend the database beyond FIRST membership.

160 Leave a comment on paragraph 160 0 A well understood issue is that not every network is covered by a CSIRT. It is important for countries to support or establish a “CSIRT of last resort”, which is willing to help coordinate across cultural and language barriers even if it has no official authority over the network in question to help address these gaps.

161 Leave a comment on paragraph 161 0 Corporations and software vendors which develop products have also increasingly stood up Product Security Incident Response Teams (PSIRT). These are increasingly part of the CSIRT community, and have a valuable role to play as the security response experts on the respective products they produce, which are increasingly becoming connected.’

162 Leave a comment on paragraph 162 0 Contribution from the Geneva Internet Platform/DiploFoundation[20]:

163 Leave a comment on paragraph 163 0 ‘Today’s headlines often feature the word ‘cyber’, reporting on threats related to the virtual world: online child abuse, stolen credit cards and virtual identities, malware and viruses, botnets and denial-of-service attacks on corporate or government servers, cyber-espionage, and cyber-attacks on critical infrastructure including nuclear facilities and power supply networks.

164 Leave a comment on paragraph 164 0 Cybersecurity came into sharper focus with the rapid expansion of the Internet’s user base. The Internet reiterated the old truism that technology can be both enabling and threatening. What can be used to the advantage of society can also be used to its detriment. One side effect of the rapid integration of the Internet in almost all aspects of human activity is the increased vulnerability of modern society. The Internet is a part of the critical global infrastructure. Other core services of modern society, such as electric grids, transport systems, and health services, are increasingly dependent on the Internet. They are frequent targets of cyber-attacks.

165 Leave a comment on paragraph 165 0 What are the real cybersecurity challenges? What is the role of diplomacy, international legal instruments, and regional and national policies in addressing these threats, and how efficient are they? How does international cooperation in cybersecurity work, and what are the roles of the various stakeholders?

166 Leave a comment on paragraph 166 0 Diplo focuses on these and other related questions through online and in situ courses, awareness-raising sessions and events, evidence-based analysis, policy research, illustrations, and videos and other visuals. At the same time, the GIP Digital Watch observatory, operated by DiploFoundation, maintains regular updates on cybersecurity issues, actors, processes and mechanisms.’

167 Leave a comment on paragraph 167 0 DiploFoundation recently published a comprehensive report on cybersecurity competence building trends in OECD countries[21]. The research, conducted by DiploFoundation and commissioned by the Swiss Federal Department of Foreign Affairs, identifies and reviews key trends and policy options for building competences in cybersecurity in ten OECD countries (Austria, Estonia, Finland, France, Germany, Israel, the Netherlands, the Republic of Korea, the United Kingdom and the United States).

  • 168 Leave a comment on paragraph 168 0
  • What are some examples of best practices in ‘Cybersecurity Situational Awareness’ where different organizations have worked together, specifically with law enforcement agencies and other specialists?

169 Leave a comment on paragraph 169 0 NCSC-FI:

170 Leave a comment on paragraph 170 0         We have many good examples of companies warning each other of malware campaigns, DDoS campaigns or giving tips (do’s and don’ts) to their peers.

171 Leave a comment on paragraph 171 0 –     If, for example, a certain organization finds out about malware campaign targeting the organization, it may send the information concerning the suspected malware to other organizations (including us) in its cooperative network. If needed, we will then use that same information, anonymize the target organization(s) and send an email etc. to other cooperative networks as well.

172 Leave a comment on paragraph 172 0 Mr. Fojon Kosta, Albania:

173 Leave a comment on paragraph 173 0 ‘A very good example is the collaboration and cooperation of the Albanian CIRT with State Police and Albanian Governmental institutions and authorities. Another example is the cooperation between the National Bank of Albania and private banks in the country on cybersecurity issues.’

174 Leave a comment on paragraph 174 0 Mr. Segun Olugbile, Nigeria:

175 Leave a comment on paragraph 175 0 ‘Nigeria’s foremost coordinator of all security organizations, i.e. Office of National Security Adviser (ONSA) mobilizes all security and para-security organizations including the Military, Police, and other law enforcement agencies, through the Interagency network framework, into the  Cybersecurity Nigeria forum.’     

176 Leave a comment on paragraph 176 0 OAS:

177 Leave a comment on paragraph 177 0 ‘The Program has staged in collaboration with the South School of Internet Governance, ‘SEGURINFO’ in several of our member states. SEGURINFO is an annual meeting for information security, including intensive information sessions and networking for information security professionals and industry suppliers. The OAS is also a signatory to and promotes the STOP.THINK.CONNECT messaging convention. STOP. THINK. CONNECT. is a global online safety awareness campaign aimed at helping people to stay safer and more secure online. The message was created through a coalition of private companies, non-profits and government organizations with leadership provided by the National Cyber Security Alliance (NCSA) and the Anti-Phishing Working Group (APWG). Many countries and private sector entities have joined this initiative[22]. In October every year, the OAS Cyber Security Program organizes an event dedicated to raising public awareness about staying secure online in partnership with several organizations, such as the National Cyber Security Alliance, the US Department of Homeland Security, and the STOP.THINK.CONNECT.’

178 Leave a comment on paragraph 178 0 [1] http://www.intgovforum.org/cms/191-igf-2016/bpf-2016/3111-list-of-contributions-2016-igf-best-practice-forum-bpf-on-cybersecurity

179 Leave a comment on paragraph 179 0  

180 Leave a comment on paragraph 180 0 [2] http://www.intgovforum.org/cms/best-practice-forums/bpf-cybersecurity

181 Leave a comment on paragraph 181 0  

182 Leave a comment on paragraph 182 0 [3] http://www.intgovforum.org/multilingual/content/bpf-cybersecurity

183 Leave a comment on paragraph 183 0  

184 Leave a comment on paragraph 184 0 [4] http://www.intgovforum.org/mailman/listinfo/bp_cybersec_2016_intgovforum.org

185 Leave a comment on paragraph 185 0  

186 Leave a comment on paragraph 186 0 [5] Generally, verbatim text is included in single ‘quotations.

187 Leave a comment on paragraph 187 0 [6] http://www.mofat.go.kr/english/visa/images/res/SeoulFramework.pdf

188 Leave a comment on paragraph 188 0  

189 Leave a comment on paragraph 189 0 [7] http://netmundial.br/netmundial-multistakeholder-statement/

190 Leave a comment on paragraph 190 0  

191 Leave a comment on paragraph 191 0 [8] https://www.gccs2015.com/documents/chairs-statement-gccs2015

192 Leave a comment on paragraph 192 0  

193 Leave a comment on paragraph 193 0 [9] netmundial.br/wp-content/uploads/2014/04/NETmundial-Multistakeholder-Document.pdf

194 Leave a comment on paragraph 194 0 [10] See Human Rights Council Resolution 20/8 (2011) on “The promotion, protection and enjoyment of human rights on the Internet”. ap.ohchr.org/documents/dpage_e.aspx?si=A/HRC/RES/20/8

195 Leave a comment on paragraph 195 0 [11] See Human Rights Council Resolutions 26/13 (2014) and 32/13 (2016) on “The promotion, protection and enjoyment of human rights on the Internet”. ap.ohchr.org/documents/dpage_e.aspx?si=A/HRC/RES/26/13 and ap.ohchr.org/documents/dpage_e.aspx?si=A/HRC/32/L.20/

196 Leave a comment on paragraph 196 0 [12] UN Guiding Principles on Business and Human Rights. (2011). www.ohchr.org/Documents/Publications/GuidingPrinciplesBusinessHR_EN.pdf

197 Leave a comment on paragraph 197 0  

198 Leave a comment on paragraph 198 0 [13] Sullivan, D. (2016). Business and digital rights: Taking stock of the UN Guiding Principles for Business and Human Rights in the ICT sector. APC. https://www.apc.org/en/system/files/APC_Business_and_digital_rights.pdf

199 Leave a comment on paragraph 199 0  

200 Leave a comment on paragraph 200 0 [14] Kaye, D. (2015). Report of the Special Rapporteur on the promotion and protection of the right to freedom of opinion and expression. https://www.justsecurity.org/wp-content/uploads/2015/06/Kaye-HRC-Report-Encryption-Anonymity.pdf

201 Leave a comment on paragraph 201 0 [15] https://publications.iadb.org/handle/11319/7449

202 Leave a comment on paragraph 202 0  

203 Leave a comment on paragraph 203 0 [16] https://www.youtube.com/channel/UCow9ZGJMNsZtAkz4ZvTtcJA

204 Leave a comment on paragraph 204 0  

205 Leave a comment on paragraph 205 0 [17] https://againstcybercrime.org/

206 Leave a comment on paragraph 206 0  

207 Leave a comment on paragraph 207 0 [18] Freedom Online Coalition. (2015). Recommendations for human rights based approaches to cybersecurity. https://www.freedomonlinecoalition.com/wp-content/uploads/2014/04/FOC-WG1-Recommendations-Final-21Sept-2015.pdf

208 Leave a comment on paragraph 208 0  

209 Leave a comment on paragraph 209 0 [19] https://irtf.org/hrpc

210 Leave a comment on paragraph 210 0  

211 Leave a comment on paragraph 211 0 [20] https://issuu.com/diplo/docs/cybersecurity_executive_summary

212 Leave a comment on paragraph 212 0 [21] https://www.diplomacy.edu/ig/cybersecurity

213 Leave a comment on paragraph 213 0  

214 Leave a comment on paragraph 214 0 [22] https://www.stopthinkconnect.org/

215 Leave a comment on paragraph 215 0  

Page 30

Source: https://www.intgovforum.org/review/2016-igf-best-practice-forums-bpfs-draft-outputs-as-of-2-november/2016-igf-bpf-cybersecurity-draft-output-version-1/part-ii-synthesis-of-contributions-received-in-response-to-the-bpf-cybersecurity-call-for-contributions/