Meeting Spot for CSIRT Practitioners: Share Your Experiences | IGF 2023 Networking Session #44

Knowledge Graph of Debate

Session report

Audience

In the analysis, the speakers emphasised the importance of building bridges between different communities to contribute to an open, free, stable, and secure internet. They highlighted the need for increased interaction and adoption of each other’s languages and processes between network operators and cybersecurity specialists. This closer collaboration would facilitate a more effective response to incidents and enhance overall information sharing in the field of cybersecurity.

The speakers also stressed the significance of finding a balance between security and stable communication. They acknowledged that while security is essential for protecting networks and data, it should not hinder the smooth flow of communication. Striking this balance ensures that individuals and organisations can communicate freely while maintaining a safe online environment.

Cooperation at both the national and global level was identified as highly beneficial for internet security. The analysis indicated that different regions have various experiences that can be shared for mutual benefit. Adopting a “defend locally, share globally” approach contributes to wider global security and promotes cooperation in tackling cybersecurity challenges.

Furthermore, the speakers discussed how geopolitical issues can both challenge and strengthen the cooperation of Computer Emergency Response Teams (CERTs). While geopolitical tensions can potentially hinder cooperation, recent events have highlighted how the commitment to keeping the internet secure has strengthened certain relationships despite these challenges.

The analysis also highlighted the crucial role of sharing information in tracing the origins of cyberattacks. However, it was noted that this can be difficult due to factors such as local laws and regulations and the intersection between cybersecurity and national security. Despite these challenges, the speakers emphasised the importance of sharing information to effectively combat cyber threats.

Resource limitations were identified as a constraint to international cooperation. The analysis suggested that having expert-level communication specialists is necessary for continuous monitoring and maximising resource findings. Addressing resource constraints would facilitate more effective international cooperation in the field of cybersecurity.

In times of global crises, such as the current pandemic, the speakers emphasised the need to continue information sharing. They viewed the pandemic as a blueprint for global information exchange during crisis situations. Even amid geopolitical tensions, the speakers concluded that the continuation of information exchange is vital to effectively address cybersecurity challenges.

Overall, this comprehensive analysis underscored the importance of building bridges between different communities, striking a balance between security and stable communication, and promoting cooperation at both national and global levels. It also highlighted the challenges and opportunities presented by geopolitical issues, the significance of sharing information, the constraints of resource limitations, and the importance of continuing information sharing during global crises.

Bernhards Blumbergs

A recent meeting addressed the importance of freedom, openness, and security on the internet. While acknowledging that achieving all three aspects simultaneously may not always be possible, participants stressed the need for ongoing efforts to strive for them. The argument put forth was that the internet should be a space that promotes freedom of expression, ensures open access to information, and prioritizes user security and privacy.

Regarding information sharing, participants highlighted its crucial role in the development and progress of the internet. Even during times of geopolitical tension, it was emphasized that continued information sharing is vital. Peter Koch from the German top-level domain registry specifically emphasized the significance of maintaining information exchange despite any underlying political conflicts. Additionally, the meeting discussed how the COVID-19 pandemic served as a blueprint for prioritizing global information exchange during a crisis, showcasing that challenges can be overcome to facilitate the flow of information.

The meeting also underscored the need to understand and prioritize device and personal security. Participants agreed that enhancing cybersecurity requires individuals to have a deeper understanding of device security and personal security practices. Furthermore, they recognized the essential nature of practicing good cyber hygiene at both personal and national levels to create a safer internet environment.

Importantly, it was emphasized that information sharing should not be restricted to specific layers within the internet infrastructure. Participants argued that sharing information should extend beyond technical, operational, and strategic layers and instead be facilitated between these layers. Building understanding and effective communication across different levels of the internet infrastructure were highlighted as crucial aspects of successful information sharing.

In conclusion, the meeting highlighted the importance of striving for freedom, openness, and security on the internet, despite the challenges of achieving all three simultaneously. It also emphasized the critical role of information sharing, particularly during periods of geopolitical tension and crises. Additionally, understanding and prioritizing device and personal security, along with facilitating information sharing across various levels of the internet infrastructure, were identified as key factors in creating a better and more secure internet environment.

Adli Wahid

Adly Wahid, a security specialist at the Asia-Pacific Network Information Centre, is actively engaged with the CERT and C-CERT community in the Asia-Pacific region. This engagement allows him to interact with various stakeholders involved in cybersecurity, fostering collaboration and knowledge sharing.

Previously, Adly Wahid has gained valuable experience working for the National CERT, Malaysia CERT, and a CERT dedicated to the financial institution. These prior positions have equipped him with a strong background in handling cybersecurity incidents and implementing effective security measures.

The importance of cooperation between CERTs and CSIRTs at both national and global levels is paramount, as it ensures a wider exchange of experiences and technologies to effectively combat cyber threats. By collaborating and benefiting from one another’s expertise, CERTs and CSIRTs can enhance their capabilities in dealing with cybersecurity incidents. Despite global problems and adversarial geopolitical issues, cooperation between these entities has actually been strengthened, showcasing their commitment to making the internet a secure and safe place.

Recent geopolitical issues have played a positive role in strengthening the cooperation between CERTs and CSIRTs. The analysis reveals that these geopolitical issues have actually heightened the commitment to collaboration, as stakeholders recognize the shared interest in safeguarding cybersecurity. By uniting, these entities are better equipped to address the evolving challenges in the digital landscape.

Overall, Adly Wahid’s expertise and experience, combined with the increased cooperation between CERTs and CSIRTs, contribute to ongoing efforts to ensure cybersecurity at various levels. This insight highlights the significance of international collaboration and knowledge sharing in effectively tackling cyber threats and promoting a secure digital environment.

Masae Toyama

Masae Toyama, a cybersecurity practitioner, has drawn attention to the pressing need for increased representation of cybersecurity workers in internet governance forums. In these spaces, Toyama noticed a distinct lack of voice for professionals in the field of cybersecurity, and they encountered difficulty in connecting with others who shared similar backgrounds during previous forums. This experience prompted Toyama to recognize the necessity for a dedicated platform where cybersecurity meets internet governance.

Toyama firmly believes that cybersecurity practitioners play a fundamental role in upholding a secure and stable cyberspace. However, despite their significance, their presence and voices are not as prominently heard among the various stakeholders within internet governance forums. Drawing attention to this disparity, Toyama advocates for a stronger representation of cybersecurity experts within these platforms.

Toyama’s positive stance emphasizes the importance of creating a space where the intersection of cybersecurity and internet governance can be realized. By fostering a greater inclusion of cybersecurity professionals within forums like the Internet Governance Forum, the collective knowledge and expertise of the cybersecurity field can be harnessed to effectively address the challenges and concerns of internet governance.

In summary, Masae Toyama highlights the pressing need for a more robust representation of cybersecurity workers in internet governance forums. Their personal experience revealed a lack of voice for cybersecurity professionals, and they emphasize the essential role they play in maintaining a secure cyberspace. Toyama advocates for the creation of a platform where cybersecurity and internet governance intersect, in order to strengthen the presence and voices of cybersecurity practitioners within these influential forums. This perspective offers valuable insights into the ongoing dialogue surrounding the intersection of cybersecurity and internet governance and underscores the significance of including diverse perspectives in shaping the future of the digital landscape.

Moderator

The need for increased representation of cybersecurity practitioners in the Internet Governance Forum (IGF) is emphasised. Currently, there is a lack of individuals with backgrounds in cybersecurity, such as those working at CERT or actively involved in cybersecurity, participating in the IGF. This lack of representation results in their voices not being heard as loudly as other stakeholders.

A proposed session by a speaker is recognised as beneficial for all participants. The session aims to address the need for greater involvement and voice of cybersecurity practitioners in the IGF. It is expected that such sessions will provide a platform for cybersecurity professionals to share their expertise and insights among the various stakeholders involved.

Networking sessions are also implemented to encourage participants to interact and discuss their experiences and views on cybersecurity. These sessions provide an opportunity for attendees to engage with individuals they may not have spoken to before, fostering collaboration and the exchange of ideas.

Building bridges between network operators and cybersecurity specialists is considered crucial for establishing an open, stable, and secure internet. Recognising that these two professions utilise different languages, mindsets, concepts, and processes, there is a need to bridge the gap between them. The initiative taken by organisations like ADLI in strengthening the partnership between these communities is highly regarded.

Several challenges in the field of cybersecurity are identified, such as the obstacles related to information sharing. Cyberattacks are often unpredictable, making it difficult to trace their sources. In addition, local regulations and national security issues can complicate the sharing of information. These challenges need to be resolved in order to build strong collaborations and improve cybersecurity practices globally.

Resource limitations and the need for capacity building also pose significant challenges in the cybersecurity sector. Constant monitoring, particularly through cooperation with international entities, requires specialist skills. Given the link between cybersecurity and national security, enhancing capacity building initiatives becomes imperative.

The importance of information sharing and building trusted networks for message exchange is emphasised. It is not only necessary to share information within specific layers of cybersecurity but also between those layers. By doing so, a deeper understanding can be developed, contributing to a more comprehensive and effective cybersecurity framework.

Cyber hygiene, which entails understanding device security, personal security, and learning about cyberspace, is considered essential for maintaining a secure online environment. The responsibility for practicing cyber hygiene extends to all individuals, not just technical experts. By promoting the importance of cyber hygiene, stronger global communities can be built, further enhancing cybersecurity.

In conclusion, the need for greater representation of cybersecurity practitioners in the IGF is highlighted. Proposed sessions and networking opportunities aim to address this need, facilitating knowledge sharing and collaboration among stakeholders. Challenges related to information sharing, resource limitations, and capacity building are identified, emphasising the necessity for proactive measures. The significance of information sharing, building trusted networks, practicing cyber hygiene, and ensuring widespread understanding of cybersecurity principles are all crucial for creating a secure and stable cyberspace.

Hiroki Mashiko

The analysis highlights key points about Entity Data, a prominent system integration company in Japan. It is noted that Entity Data has an internal Computer Emergency Response Team (CERT), known as Entity Data CERT. This CERT is responsible for handling and responding to cybersecurity incidents within the company.

One notable fact revealed in the analysis is that Hiroki Mashiko, an individual associated with Entity Data, works as a forensic engineer at Entity Data CERT. This indicates that Mashiko is involved in investigating and analysing digital evidence related to cyber incidents within the company. The analysis suggests that Mashiko’s role as a forensic engineer emphasises his technical skills and expertise.

Another point made in the analysis is that Mashiko is described as being more focused on technical aspects rather than governance-related matters. This suggests that his strengths lie primarily in technical areas rather than broader aspects of corporate governance. However, the analysis does not provide further information regarding Mashiko’s specific responsibilities or tasks within his role.

The analysis overall has a neutral sentiment, indicating a lack of strong positive or negative opinions or emotions. While it offers valuable insights into Entity Data, Entity Data CERT, and Hiroki Mashiko, it does not draw any further conclusions or assessments beyond these observations.

To summarise, this expanded summary provides a more detailed overview of the analysis. It highlights Entity Data and its internal CERT, Entity Data CERT, as well as Hiroki Mashiko’s role as a forensic engineer. Furthermore, it emphasises Mashiko’s technical orientation and the neutral sentiment of the analysis.

Speakers