Part III: Summary of 2016 BPF Dialogue/Contributions and recommendations for way forward:

1 Leave a comment on paragraph 1 0 Part III: Summary of 2016 BPF Dialogue/Contributions (including discussions in the lead up to IGF 2016 and during dedicated substantive BPF session at IGF 2016) and recommendations for way forward:

2 Leave a comment on paragraph 2 0 The following statements/messages from draft 1.0 of the output document found some general consensus amongst participants in the 2016 BPF:

  • 3 Leave a comment on paragraph 3 1
  • The involvement of government, private sector, civil society and other stakeholders in handling cybersecurity was stressed as fundamental in terms of sharing best practices, sharing results of critical assessments and identifying globally accepted standards of cybersecurity. All stakeholders must understand, respect and trust each other’s expertise and competences.
  • It was emphasized that to many today, the word “cybersecurity” is often loaded with context, and many organizations associate it with government decision making, or commercial security solutions. Within the IGF, it was said, there is an opportunity to redefine cybersecurity as a common goal between all stakeholders, and to work towards finding a common understanding about what productive cooperation and collaboration might look like.
  • It was said that the term “cybersecurity” can mean very different things to different stakeholders depending upon the context in which it’s being used. (national security; public security; enterprise security; incidence response; personal security; protection against large scale data breaches and cyber crime/online crime; uncertainties about how our data is being used; surveillance and other online threats, etc.)
  • There was broad agreement that the roles and responsibilities of stakeholders are evolving in making the Internet a secure and safe place for people to socialize and conduct business. It is clear that security is no longer just the purview of governments and that it is increasingly a multistakeholder imperative.
  • Evolving understandings of cybersecurity make efforts to ensure the Internet is a secure and safe place an important focus of policy that requires input from multiple stakeholders. Starting from a dominant technical perspective of cybersecurity and focusing on protecting information infrastructure, debates around cybersecurity have rapidly broadened, bringing in many issues from cybercrime to secure access policies to data ethics and human rights under its banner.
  • There was general consensus within the BPF around the notion that cybersecurity initiatives should be built on democratic, multistakeholder processes, ensuring the meaningful and accountable participation of all stakeholders, including governments, the private sector, civil society, the technical community, the academic community and users.
  • It’s imperative to promote more robust, effective and timely information-sharing, cooperation and coordination among cybersecurity stakeholders at the national, regional and international levels. Cooperation and collaboration is key in cybersecurity, not only to avoid duplicate work and analysis, but also in respect to less mature entities, being able to profit from the experience and expertise of others and as such develop faster thereafter.
  • Within the CSIRT community, automating information exchange where possible, and ensuring CSIRT’s ability to process information at an increasing pace is extremely important. CSIRT’s can often be resource constrained in terms of qualified analysts, and allowing them to focus on harder problems that require expert review is critical. However, it is important to clarify that prior to any automated exchange taking place, it is crucial for stakeholders to set expectations around how the data will be used. Sharing indicators may not be helpful if they are not used correctly, or are used for different purposes than intended. While there are typically many technical means of addressing a security incident, it is most important that goals are aligned and expectations are clearly set.
  • For CSIRTs to effectively work with each other, or other peers within the community, trust is a crucial requirement. Trust is typically not established through legal agreements, but through a history of working with each other. Developing trust is easiest when the objectives of both organizations align. When both organizations have as goal to remediate the incident and restore operations, they both see value in the information exchange.
  • There is a need for more civil society involvement in cybersecurity debates in all countries, and in particular in developing countries. Furthermore and in parallel with increased participation, more opportunities for education and awareness raising among civil society groups on issues of cybersecurity should be supported. For cybersecurity cooperation and collaboration to be enhanced globally – and particularly in global south countries – the first step is to create a level playing field in terms of knowledge, skills and capacity for engagement.

4 Leave a comment on paragraph 4 1  

5 Leave a comment on paragraph 5 0 IGF 2016 dedicated BPF session (8 December 2016):

6 Leave a comment on paragraph 6 0 View the transcript here: https://www.intgovforum.org/multilingual/content/igf-2016-–-day-3-–-room-9-bpf-cybersecurity

7 Leave a comment on paragraph 7 0 Watch the video of the session here: https://www.youtube.com/watch?v=P1cxUnimmFQ&t=579s

8 Leave a comment on paragraph 8 0 Chair(s) and/or Moderator(s) and Speakers/Discussants:

  • 9 Leave a comment on paragraph 9 0
  • Markus Kummer, Coordinator for 2016 IGF BPF Cybersecurity (Chair)
  • Segun Olugbile, Co-Coordinator for 2016 IGF BPF Cybersecurity
  • Maarten Van Horenbeeck, Fastly, FIRST (Moderator)

10 Leave a comment on paragraph 10 0 Panel:

  • 11 Leave a comment on paragraph 11 0
  • Richard Leaning, RIPE NCC (Speaker)
  • Isabel Skierka, Digital Society Institute (DSI) (Speaker)
  • Kerry-Ann Barrett and Barbara Marchiori, Organization of American States (OAS) (Speakers)
  • Grace Githaiga, KICTANet (Speaker)
  • Matthew Shears, Freedom Online Coalition (FOC) (Speaker)
  • Hiroshi Esaki, Graduate School of Information Science and Technology, The University of Tokyo (Speaker)

12 Leave a comment on paragraph 12 0 Recommendations for way forward for the BPF:

13 Leave a comment on paragraph 13 0 Some suggestions for themes/topics for the BPF Cybersecurity in 2017 were:

15 Leave a comment on paragraph 15 0 – User knowledge gaps

16 Leave a comment on paragraph 16 0 –  Child online protection and online safety

18 Leave a comment on paragraph 18 0 – Regional and global cybersecurity cooperation

19 Leave a comment on paragraph 19 0 – Civil-society and government cooperation

20 Leave a comment on paragraph 20 0 – Transparency of private sector cybersecurity policies –

21 Leave a comment on paragraph 21 0 – Best practices for contractual arrangements with information security services

22 Leave a comment on paragraph 22 0 – Mechanisms to improve multi-stakeholder cooperation in formulating and implementing national cybersecurity goals

24 Leave a comment on paragraph 24 0 – How can cybersecurity contribute to Sustainable Development Goals

25 Leave a comment on paragraph 25 0 – Need for embedded security as broadband expands

26 Leave a comment on paragraph 26 0  

27 Leave a comment on paragraph 27 0 Annex I

28 Leave a comment on paragraph 28 0 List of Contributions

30 Leave a comment on paragraph 30 0  

31 Leave a comment on paragraph 31 0  

Page 31

Source: https://www.intgovforum.org/review/2016-igf-best-practice-forums-bpfs-draft-outputs-as-of-2-november/2016-igf-bpf-cybersecurity-draft-output-version-1/part-iii-summary-of-2016-bpf-dialoguecontributions-and-recommendations-for-way-forward/