123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105 |
- IGF 2018 WS #75 Approaches to a Wicked Problem: Stakeholders Promote Enhanced Coordination and Collaborative, Risk-Based Frameworks of Regional and National Cybersecurity Initiatives
- Format:
- Debate - 90 Min
- Theme:
- Cybersecurity, Trust and Privacy
- Subtheme:
- CYBERSECURITY BEST PRACTICES
- Organizer 1:
- Carolin Weisser
- , Global Cyber Security Capacity Centre
- Organizer 2:
- Kerry-Ann Barrett
- , Organization of American States
- Organizer 3:
- Sophie Tomlinson
- , ICC BASIS
- Organizer 4:
- Barbara Wanner
- , U.S. Council for International Business
- Speaker 1:
- Dominique Lazanski
- , Private Sector, Western European and Others Group (WEOG)
- Speaker 2:
- William Dutton
- , Civil Society, Western European and Others Group (WEOG)
- Speaker 3:
- Akvilė Giniotienė
- , Civil Society, Eastern European Group
- Speaker 4:
- David Duren
- , Intergovernmental Organization, Intergovernmental Organization
- Additional Speakers:
- Contreras, Belisario
- : Organization of American States (government)
- Amanda
- Microsoft, (private)
- Dutton, Bill;
- Global Cyber Security Capacity Centre, University of Oxford (civil society)
- Giniotienė, Akvilė
- NRD CS (civil society)
- Greg
- Chief Scientist for the CERT Division at Carnegie Mellon University’s Software Engineering Institute, and Vice Chair of IEEE Internet Initiative (civil society)
- van Duren, David;
- GFCE (government)
- Wilches, Juan Manuel
- Commissioner, Comision de Regulacion de Comunicaciones, Government of Colombia (government)
- Relevance:
- Ensuring a secure, stable, resilient, and accessible cyberspace is critical to realizing economic and social prosperity and ultimately attaining sustainable development throughout the world. This has been the key message of previous IGFs and the basis for convening the Best Practices Forum (BPF) on Cybersecurity. This workshop will build upon the work of the
- BPF Cybersecurity
- as well as take forward key messages of the 2017 IGF High-Level Thematic Session, “
- Empowering Global Cooperation on Cybersecurity for Sustainable Development and Peace
- .” In particular, we will aim to educate, inform, and help to break down siloes to facilitate cross-stakeholder and cross-sectoral cooperation in implementing cybersecurity capacity building efforts and developing voluntary, risk-based security frameworks that will enable a nimble response to challenges in cyberspace. The overall aim is to provide insights to a more meaningful global-oriented approach and become more strategic and collaborative in building national and regional cybersecurity capacity that is risk-based to enable nimble responses to security challenges.
- Session Content:
- The workshop is designed primarily for stakeholders whose approaches to cybersecurity may be in infancy or as yet undeveloped, but also appropriate for a broad-based audience. Stakeholders from business, government, intergovernmental organisations, academia and the technical community will discuss their respective approaches to cybersecurity. These approaches emphasize a risk-based approach, public-private partnerships, global alignment, regional approaches and technology flexibility. One element common to many cybersecurity frameworks – to be examined by the technical community -- entails “building security in” from the start through secure system development and design principles. In addition, a speaker will consider capacity-building challenges faced by many developing countries and small organizations.
- Interventions:
- David van Duren, GFCE
- will describe the Forum’s approach to building a global platform for countries, international organisations and private companies to exchange best practices and expertise on cyber capacity building and the Cyber Capacity Building Portal which will be launched in a community one-stop-shop for knowledge in cybersecurity capacity building.
- Bill Dutton,
- GCSCC, will describe efforts to create comparable cross-national data on cybersecurity capacity that will support collaborative research and implementation efforts across the globe. In addition, he will present an analysis of the significance of capacity building, which empirically demonstrates the need for capacity.
- Belisario Contreras, OAS,
- will detail how several members of the Organization of American States (OAS) have implemented risk-based cyber-risk management plans. He also present key findings of the OAS regional Cybersecurity Capacity Maturity Assessment and plans to ensure security of the financial sector.
- Juan Manuel Wilches,
- Commissioner, Comision de Regulacion de Comunicaciones, Government of Colombia, will discuss how Colombia is working with the OAS in establishing and developing a national cybersecurity framework as well as the implications of Colombia’s recent acceptance as a global partner at NATO.
- Akvilė Giniotienė
- will speak about NRD CS experience working with governments and donors around the world in building national cyber security capacities, the challenges we as implementers of good cyber security practices face, the commitment that industry/ private companies need to take to see the country succeed and the importance of collaboration in addressing cyber security capacity gaps around the world.
- Amanda Craig
- , Microsoft, will provide the business perspective on the value of voluntary, risk-based cybersecurity frameworks developed through public/private interaction, such as business input to the OECD’s 2015 Digital Security Risk Framework and the NIST Framework and their subsequent implementation.
- Greg Shannon
- , Chief Scientist for the CERT Division at Carnegie Mellon University’s Software Engineering Institute, and Vice Chair of IEEE Internet Initiative, will discuss how incorporating automated security assessments and formal assurance methods to improve defensive cyber-deterrence enhance over-arching cybersecurity frameworks. He also will explore how IEEE created
- a platform
- to enable information exchange among developers and other stakeholders and how this platform disseminates the latest best practices and tools for securing critical systems.
- Diversity:
- Both organizers and speakers have been invited to participate to ensure a diverse representation of government, intergovernmental organizations, private sector, and the technical community. We also have sought to ensure diverse regional representation, through the participation of the Government of Colombia, the OAS, and University of Oxford as well as gender balance. The onsite moderator, two speakers, the substantive rapporteur and the online moderator are all female
- Co-Organizers come from four stakeholder groups -- private sector, Intergovernmental organization, academia, and the technical community.
- First-time IGF session speakers include: Amanda Craig, Microsoft.
- Online Participation:
- Inclusive online participation in the proposed workshop will be encouraged before and during the session through the strategic use of Facebook Live and Twitter during the workshop. In advance, the opportunity for online participation will be promoted on all available channels of the participating organizations, including email, telephone, mailing lists, and social media. The three core parts of the communication will be the importance of online participation for the outcomes of the IGF, the invitation to submit questions in advance which will be discussed and prioritised in the session, and technical information how online participation via the WebEx platform works. During the session the moderator will explicitly ask online participants to take part in the debate and the online moderator will ensure that their contributions and questions are prioritised.
- Discussion Facilitation:
- Participants (including those who participate remotely) will be invited prior and during the workshop to submit questions for the speakers via Twitter which will be announced by the moderator during his introduction. A hashtag for the session will be announced via the organiser’s account. Additionally, during the last 30 minutes of the session are allocated to answer questions by the audience.
- Onsite Moderator:
- Chris Boyer, AT&T
- Online Moderator:
- Ms Barbara Marchiori de Assis, Organization of American States (OAS)
- Rapporteur:
- Carolin Weisser, Global Cyber Security Capacity Center, University of Oxford
- Background Paper
- Agenda:
- Cybersecurity Challenges Create Need for Collaborative Solutions: Importance of Multistakeholder Participation
- Why regional approaches are necessary regarding such issues as strategy development, cyber risk frameworks, CSIRT, awareness raising, cybercrime, and research
- What are the benefits of global but also regional coordination
- Why a Voluntary, Risk-Based Approach Is Optimal
- The Importance of Finding Consensus Among Global Stakeholders: International Standards and Trade and how can they be translated for other communities, such as academia, private sector, civil society, and intergovernmental initiatives
- Design Principles to “Build in Security” from the Start
- Addressing Capacity-Building Challenges: What Policies/Support Are Needed for Implementation?
- It is clear that investment remains national. Are there opportunities to improve the return on investment of cybersecurity capacity building projects to nations, such as through better coordination of systems, better metrics to access their outcomes, and improved identification and prioritisation of cybersecurity risks
- Wrap Up
- Session Time:
- Wednesday, 14 November, 2018 -
- 09:20
- to
- 10:50
- Room:
- Salle II
|