Open Forum #53 Safeguarding Critical Infrastructure Beyond Borders

Summary

This panel discussion focused on safeguarding critical infrastructure beyond borders, exploring how diplomatic and technical communities can collaborate to address cybersecurity threats. Experts from various regions shared insights on protecting transnational critical infrastructure like energy grids, subsea cables, and satellite systems.

Key points included the need for stronger cooperation between national technical and diplomatic communities to enable better international collaboration. Panelists emphasized the importance of capacity building, particularly in developing countries, to enhance cybersecurity capabilities. The discussion highlighted the interconnected nature of critical infrastructure across borders and sectors, necessitating a coordinated approach to protection.

Speakers noted the evolving threat landscape, with cyberattacks on critical infrastructure potentially having far-reaching consequences for international peace and security. The importance of regional cooperation and harmonization of approaches was stressed, particularly in Africa’s energy sector. Panelists also discussed the role of public-private partnerships in infrastructure protection, given the increasing privatization of critical assets.

The discussion touched on the need for clear national frameworks defining critical infrastructure and roles of different stakeholders. Awareness-raising about transnational critical infrastructure was identified as a crucial first step for many countries. The panel concluded by calling for increased multistakeholder dialogues and capacity development initiatives to enhance the protection of critical infrastructure across borders.

Keypoints

Major discussion points:

– The importance of protecting transnational critical infrastructure, especially in sectors like energy and telecommunications

– The need for greater collaboration between technical and diplomatic communities at national, regional and international levels

– The value of capacity building and information sharing to strengthen cybersecurity for critical infrastructure

– The role of regional frameworks and harmonization in protecting cross-border infrastructure

– Opportunities for multi-stakeholder cooperation to improve critical infrastructure resilience

Overall purpose:

The goal of this discussion was to explore how diplomatic and technical communities can work together more effectively to safeguard critical infrastructure across borders, using concrete examples from different regions to identify challenges and best practices.

Tone:

The tone was collaborative and solution-oriented throughout. Speakers shared experiences openly and built on each other’s points constructively. There was a sense of urgency about the need for greater cooperation, but also optimism about the opportunities to make progress through multi-stakeholder efforts.

Speakers

– Marie Humeau: Moderator, working at the Dutch mission in Geneva on digital and cyber issues

– Orhan Osmani: Head of the Cyber Security Division at the ITU Telecommunication Development Bureau

– Shariffah Rashidah Syed Othman: Director of Policy and International Cooperation at the National Cyber Security Agency of Malaysia

– Towela Nyirenda-Jere: Head of the Secretariat at the Africa-EU Energy Partnership

– Franziska Klopfer: Principal Project Manager for Cyber Security Governance at DCAF (Geneva Center for Security Sector Governance)

– Wenting He: Associate Researcher with the Security and Technology Program at UNIDIR

– Tereza Horejsova: Senior Outreach Manager at the Global Forum for Cyber Security Expertise

Additional speakers:

– Audience member: Unnamed person from Austria who asked a question

Safeguarding Transnational Critical Infrastructure: A Multifaceted Approach

This panel discussion, moderated by Marie Humeau from the Dutch mission in Geneva, explored the challenges of protecting transnational critical infrastructure and the potential for collaboration between diplomatic and technical communities to address cybersecurity threats. Experts from various regions and organisations shared insights on safeguarding critical assets that span national boundaries.

Key Threats and Vulnerabilities

The panellists highlighted the increasing vulnerability of critical infrastructure to cyberattacks, with potentially far-reaching consequences for international peace and security. Wenting He from UNIDIR emphasised the particular vulnerability of subsea cables and satellite systems, while Towela Nyirenda-Jere from the Africa-EU Energy Partnership stressed the growing importance of energy sector interconnections as targets. Shariffah Rashidah Syed Othman from Malaysia’s National Cyber Security Agency noted that attacks on critical infrastructure could have cascading effects across borders.

The discussion underscored the interconnected nature of critical infrastructure across borders and sectors, necessitating a coordinated approach to protection. Shariffah Rashidah provided a thought-provoking perspective, noting that critical infrastructure “does not exist in vacuum” but relates to the specific risks and defining characteristics of each country. She elaborated on Malaysia’s approach, which involves the National Cyber Coordination and Command Center in defining and protecting critical infrastructure.

International and Regional Cooperation

Wenting He discussed the UN Open-Ended Working Group (OEWG) and its emphasis on the risks of malicious ICT activities targeting critical infrastructure. Shariffah Rashidah highlighted the ASEAN Cyber Cooperation Strategy, including the establishment of the ASEAN Regional CERT, as an example of regional cooperation. Towela Nyirenda-Jere stressed the need to incorporate cybersecurity considerations in Africa’s continental power systems master plan.

The importance of regional cooperation and harmonisation of approaches was a recurring theme. Franziska Klopfer from DCAF, working specifically in the Western Balkans region, emphasised the value of informal networks between national Computer Emergency Response Teams (CERTs) in building trust.

Bridging Technical and Diplomatic Communities

A central theme was the urgent need for stronger cooperation between national technical and diplomatic communities. Orhan Osmani highlighted a “huge gap” between these communities at the national level, which he argued “blocks future collaboration on an international level”. Shariffah Rashidah proposed developing institutionalised training programmes in cyber diplomacy for diplomats before their international postings, including initiatives like the Women in Cyber Fellows program.

Capacity Development and Awareness Raising

Capacity development, particularly in developing countries, was identified as crucial for enhancing cybersecurity capabilities. Orhan Osmani suggested changing the term “capacity building” to “capacity development” and highlighted the ITU’s focus on the Global South. Tereza Horejsova from the Global Forum for Cyber Security Expertise emphasised the importance of involving the technical community in policy dialogues and capacity development initiatives for developing countries.

Franziska Klopfer raised the important point that awareness-raising about transnational critical infrastructure is a crucial first step for many smaller countries that may not be fully aware of their role in or dependence on such systems.

Multistakeholder Cooperation and Public-Private Partnerships

The panel emphasised the role of public-private partnerships in infrastructure protection, given the increasing privatisation of critical assets. Towela Nyirenda-Jere advocated for structured public-private partnerships. Tereza Horejsova called for increased multistakeholder dialogues and more meaningful involvement of the technical community in these discussions.

Challenges and Future Directions

Wenting He highlighted the ongoing challenge of attribution in cyberattacks, emphasising the need for continued research and international cooperation in this area. Shariffah Rashidah mentioned the upcoming final discussions of the OEWG and the focus on developing a permanent mechanism for cybersecurity at the UN.

The panel concluded by calling for continued efforts to strengthen collaboration between states and the technical community, explore multistakeholder dialogues on protecting transnational critical infrastructure, and work towards developing more effective international mechanisms for addressing cybersecurity challenges in critical infrastructure protection.

Marie Humeau: Yeah. Good morning. Thank you very much for being here. My name is Marimo. I’m working at the Dutch mission in Geneva on digital and cyber issue, and I’m very pleased to be your moderator today for this session on safeguarding critical infrastructure beyond borders. Actually, the entire idea behind this session is really to look at how we can better work between the diplomatic and the technical community and how to strengthen those efforts with a very concrete example on the critical infrastructure. So through this concrete example, we would like to look at the different region, and we have esteemed experts on our panel to help us guide through how it’s working today, how the diplomatic and technical community are working to address the threats that they are facing and how in the future we should really endorse those relation to make our cyber environment even more resilient. So as you know, there’s malicious activities that are targeting critical infrastructure. Unfortunately, those activities can have a spillover effects, and we really need to work on fostering resilience and cyber resilience. For this, we need to build capacity, we need to increase those collaboration, and really this relation between the diplomatic and the technical community is key, and that’s what we’re going to try to explore. At the moment, we are still like working a bit in silos, but we have seen some changes in the past, and we are hoping with our experts on the panel to explore how from their perspective they’ve tried to address those issues and they’ve tried to reach the gap between the technical and the diplomatic community. We will guide you through three different themes. So just so you’re aware before we start, there is a journey that we are going to have together. We will first look at the cyber threats, and then the policy response that we have now, and then the opportunities for a greater collaboration. So on the panel that I’m very pleased to moderate, we have Mr. Oran Osmani, who is with us online. He is the head of the cyber Security Division at the DITU, the International Telecommunication Union in the Telecommunication Development Bureau. So he’s leading lots of capacity building around the world on the cyber activities. We will also have Sharifa Rashida Syed Othman, Director of Policy and International Cooperation at the National Cyber Security Agency of Malaysia. And she really has a specific role because she is sitting in a technical agencies, but she’s also following lots of those UN development and discussion. So she is, I would say, one of the incarnation of how you can also make the link between the technical and the diplomatic community. We will also have Dr. Tawela Nirendra Jere, Head of the Secretariat at the Africa-EU Energy Partnership. And we also have Franziska Klopfer. She works at DCAF, the General Geneva Center for Security Sector Governance. And she is the Principal Project Manager for Cyber Security Governance. She works a lot in the Western Balkans. So we already have like different perspective and we know how crucial it is at the regional level, not only at the international level, but to work together. And it will be interesting to see if there are some differences in the approach that are being adopted in the different region. And then finally, we have Ms. Wenden He, Associate Researcher with the Security and Technology Program at UNIDO. And she has been, she’s like an expert on those issues. So she will provide us also with a great scene setter before we all dive into the discussion. And then, because the panel wouldn’t be like finalized with Tereza Oriyezova, she’s Senior Outreach Manager at the Global Forum for Cyber Security Expertise. And that will help us make the most out of the discussion and everything that we will hear in the next in the next hour. So, so, so those are my, my, my, my panelists and we will together like go through this journey on on where we are what has been done and also where we can do better and improve our work together. So, as I said, we will follow like the three steps approach. And we will start with actually going through the ICT threats framework, and then how this, this, this, the threats are really targeting critical infrastructure and how it impacts international peace and and security. So for this I’m going to first ask wanting to give us a bit of a scene center about what are the different components of critical infrastructure that facilitate the provision of essential services across borders. So what are the issue, like with the jurisdiction, but also what kind of type of stress, and how you’ve seen the evolution of, of the, the landscape, but also how can those malicious activities actually impacts international peace and security. So the floor is yours to like give us a bit of a background.

Wenting He: Thank you so much Murray. I hope you can all hear me and these are very important questions. While critical infrastructure designations vary across jurisdictions, there is this broad recognition of certain sectors as critical or important. So this includes energy transportation telecommunications commercial and financial systems, among other things. Many of these sectors provide essential services across national borders, for example, transnational energy pipelines operates national regional and international critical information infrastructure, in particular, refers to information and communication systems and networks, whose disruption or damage, who severely impact essential societal functions. So, this type of infrastructure. includes subsea cables, satellite systems, and cloud infrastructure, such as data centers. All of which support critical information and communication services across multiple states. For the interest of time, I will focus on subsea cables and satellite systems. But if you are interested in, you know, the cloud side of things, Unidear is publishing some reports on this topic very shortly. So please check out our website. So it’s no exaggeration to say that subsea cables really form the backbone of global communication. They transmit over 95% of international data traffics. And they enable reliable, efficient, cost-effective data transfers between data centers globally, which supports cloud services that we are all benefiting from. However, these cables are particularly vulnerable to physical threats. According to the International Cable Protection Committee, so each year, approximately 150 to 200 cable faults occur globally, primarily due to accidental human activities such as phishing and anchoring. Additionally, cable infrastructure also faces cyber risks. And this include potential hacking of the remote network management systems used for monitoring and managing cable activities. Satellite systems also play a very critical role in global communication. They provide internet connectivity in, you know, like large areas of the globe, particularly in remote or underserved areas. However, over, you know, recent- years, disruptions to space assets are becoming increasingly common. Potential threats include denial of service attacks, command injection, malware, signal interference, and physical damage to the satellite components. So in terms of the evolving threat landscape, attacks on international critical infrastructure and critical information infrastructure can disrupt essential cross-border services with increased complexity and impact. This challenge is especially pronounced in the increasingly digitalized world where such attacks, especially those targeting critical information infrastructure, including the relevant ICT supply chains and service providers, can significantly amplify both the reach and consequences of malicious activities, thus making such actions, thus making this type of infrastructure a compelling target for attackers. Additionally, the transnational nature of this infrastructure adds further complexity to its protection, making international collaboration a very essential element of effective safeguards and responses. And I know we will delve into this further and I will, so now I will turn to the, you know, the international security and peace implications of malicious activities targeting transnational CI or CII, so critical infrastructure and critical information infrastructure. Well, I don’t know how familiar you are with, you are familiar with, you know, the ongoing processes at the UN on cyber security, but the ongoing UN Open-Ended Working Group or OECD. BWG on ICTs through its annual progress reports emphasize that malicious ICT activities targeting critical infrastructure and critical information infrastructure can have cascading effects at national, regional and international levels. Such activities can pose heightened risks to populations across regions and can be also escalatory. In particular, the OEWG highlighted the need to secure subsea cables and satellite communication networks from malicious activities, which could cause significant disruption and damage to telecommunications and also potentially affect the technical infrastructure essential to the availability and integrity of the internet in large areas of the globe. Subsea cables have historically been targeted during conflict as a means to disrupt an adversary’s communication. For instance, at the beginning of the First World War, one of the British military’s first moves was actually to sever Germany’s undersea telegraph cables. Today, subsea cable networks have become increasingly complex and interconnected, transmitting vast volumes of data for both military and civilian purposes. Malicious attacks on these dual-use critical infrastructure pose significant risks to global connectivity, but also to international security. Attribution challenges further complicate the issue as it is often very difficult to determine who is behind the cable damages. This uncertainty could… to lead to accusations and potentially escalating tensions between states, even when the disruption may in fact be unintentional. So in the current environment of heightened geopolitical tensions, national security surrounding subsidy cables can drive further technological competitions over cable ownership, construction, and lending points, with important implications for global and also regional stability. Furthermore, satellite systems also play a very vital role in armed conflict, supporting critical military functions, including communication, navigation, and also intelligence gathering. Attacks targeting satellite networks and ground stations have the potential to disrupt adversaries, critical military operations, thus increasing the likelihood of such actions in conflict scenarios. Moreover, due to the dual use and transnational nature of satellite services, cyber attacks can have far-reaching consequences. This impact may extend far beyond the warring parties to affect also civilians and civilian services internationally and across sectors. I will stop here, Marie, and over back.

Marie Humeau: Thank you very much, Wenting. So now we kind of have the parameters of the journey we are going through, but like as in any journey, there’s unexpected things that can happen. So I would like to ask my panelists, I know we’ve prepared some questions, but if you feel the willingness to interrupt or to ask other questions or compliment what is being said, please feel free. We’re looking at you also on the screen. So just like wave, and then we will give you the floor accordingly. But as any journey, it’s always more interesting when- it’s when everybody can participate. So maybe I will now turn first to Rashida. And maybe you can give us a bit of your perspective actually from the Asian Pacific region and what kinds of threats you’re like experiencing on critical infrastructure and the potential impact of cyberattacks targeting such sectors on a national and regional level. So the floor is yours Rashida. And thank you for joining us because I know you’re not also on the same time zone.

Shariffah Rashidah Syed Othman: Thank you very much. A very good afternoon here but I just want to flag everyone that currently there is an azan for the prayer time in Malaysia where I could not lower the volume. It’s in the building. If it’s okay with the audience I can proceed or else can I just wait for just one minute to make sure this ends. If it’s okay for all of you.

Marie Humeau: It’s as you prefer. Honestly it’s part of the journey I guess. So if you want to do it now please feel free. The sound is good on our side.

Shariffah Rashidah Syed Othman: All right. So of course let me just if it’s okay can I just wait because it’s quite very loud here. So I will continue. Thank you very much. I’m sorry.

Marie Humeau: So I see Tawela has now joined online. So maybe we’ll start our journey with Africa then. And then if Tawela can you just maybe share with us your experience on So I see Tawela has now joined online. So maybe we’ll start our Africa’s energy sector. And could you. She will need permission to speak.

Towela Nyirenda-Jere: Hi. Good morning. Good afternoon. afternoon. Oh, yes. Now it’s working. We can hear you. Yes. Okay. My apologies. I’ve been struggling a little bit with the connection on this side. But I’m definitely happy to be joining you all. Let’s see if I can turn on my camera. Yes. We can hear you. Now we can see you. Perfect. Well, thank you for doing this. So maybe you can give us a bit of your experience from the African energy sector. Thank you very much. And good morning, again, to everyone. Good afternoon, as well. And fellow panelists, likewise. So I’m joining you from Addis Ababa in Ethiopia. And for those that may not know, I am currently now leading the Africa-EU Energy Partnership, which looks at promoting collaboration between the two continents on issues relating to energy and adjust energy transition. I think in terms of this topic around critical infrastructure in Africa, and very, very specific in terms of the energy sector, I think one of the things that is very evident, perhaps is that within the ICT ecosystem, the issues around critical infrastructure are well known and well discussed. And perhaps in energy, the conversation is a little bit different, but at the same time, needs to be brought perhaps to the same level as the discussions that we are having in the digital space. So when you look at Africa’s energy landscape, currently, of course, we know that, you know, 55 member states, five geographic regions, each of which has their own systems and ways of connecting and interconnecting through the different power pools that exist. And what has been done now is that the level of the EU is that there is an effort now to look at interconnecting the entire continent by really putting in the relevant infrastructure that would connect countries and regions. At the same time, looking at the harmonization of the different regulatory elements that would make that possible. And the whole idea is to be able to facilitate the flow of energy across the continent, and beyond in terms of meeting Africa’s energy needs, but also being able to then export excess capacity outwards. What this then means is that there’s a lot of emphasis being put on these interconnections that are cross border and trans boundary. And when we start talking about this particular interconnection, and the idea that we will need some form of smart grids to be able to manage this whole system, issues around being able to then define critical infrastructure in the energy sector become important, because these cross border links are very critical in so far as making the system work. At the same time, the aspects of cybersecurity and how we secure that infrastructure also become very important. And these are some of the things that in my previous job at AUDNEPAD, we had looked at as we were developing this continental power systems master plan. And one of the recommendations we made was to from the very beginning to incorporate this understanding of cybersecurity, and the need to make sure that within the energy sector, we were actually also looking at developing adequate capacities in terms of cybersecurity. So I think where we are now is that as a continent, there hasn’t yet been any kind of overarching framework, so far as critical infrastructure from an energy perspective. And that is one of the things that we will start looking at now. Different countries, of course, have some policies that are looking at critical infrastructure. South Africa is a good example. I believe Kenya is also another example. And the idea then would be that to learn from these experiences. to look at regional frameworks and then ultimately to have a continental framework that looks at critical infrastructure from the perspective of the energy sector. Back to you, Marie.

Marie Humeau: Thank you very much, Dawila. I think it’s, as you said, that the more you interconnect with those critical infrastructures such as the energy, the more also you will need each other to make sure that those cyber threats do not impact your network as well. So, thank you very much for sharing your initial perspective. And maybe now, I think, Rashida, you can provide your perspective from the Asia Pacific. Thank you very much.

Shariffah Rashidah Syed Othman: Thank you very much, Marie, for the introductions. And I also want to thank Wenting for giving and setting the scene and also has given a perspective of the ongoing discussions at the OEWG as well as the development and what actually the importance of critical infrastructure that strengthens international peace and security. And also, to allow that actually explain in terms of how energy sector is important and the initiative that has been done. And earlier, Marie introduced me that I came from an organization that implements cyber security. And also, I also want to acknowledge this is an opportunity and also benefits that I got from the Women in Cyber Fellows where I think GFCE is also actually facilitating this hosting and facilitating this event. And because of that, it actually made me understand and also a learning experience as well in terms of connecting between the importance of how national levels need to implement the framework of responsible state behavior and how best we can. do that in actionable item or actionable action. So coming back to the questions earlier regarding critical infrastructure sectors across border in Asia-Pacific region, I think earlier Wenting described about two things, which is the subsea cables as well as the satellite system, which I think it is global to any other region of the world. But one thing that I also want to connect and relate what actually happened at national level, which I think Toela mentioned specifically on energy. Because one is we hear earlier, depending on the country, how actually they determine the critical infrastructure and the critical infrastructure does not or CII does not exist in vacuum. It actually relates to the risk that the country face and also what actually define the country, the country’s importance. For example, in Malaysia, for our cyber security act, we define critical infrastructure, 11th sector in our cyber security act, we define infrastructure as a computer or computer system, which destructive disruption or destruction of the computer or computer system would have a detrimental impact on the delivery of any services essential to the security, defense, foreign relations, economy, public health, public safety and public order of Malaysia, or on the ability of the federal government or any of the state’s governments to carry out its function effectively. And coming back to the sector specific of critical infrastructure, even at national level, they actually exist vertically and horizontally. In terms of horizontally, for example, energy, regardless how strong our subsea cable, how strong our satellite system, if energy is out, you cannot even operate the cyber environment. That’s how the importance of the interdependency of each and every critical infrastructure. At the same time, depending on which part of the world you are, if the energy comes from the water, hydro or water will become another part of important things of the country and goes back to what is the resource of the energy. Coming back to how actually we develop and how actually at ASEAN Pacific and why actually specifically in ASEAN, how we put the importance of critical infrastructure in ASEAN, we actually have produced an ASEAN Cyber Cooperation Strategy, where in the strategy, one of the dimensions, it says about advancing cyber readiness cooperation, where two important things being put. One is the SERT cooperations and coordination, where recently we have established and launched our ASEAN Regional SERT together with all ASEAN member states. And secondly, of course, the focus is on the coordination of regional CII protection. So in a nutshell, the discussions that happening at the UN actually complements the work that we do at national level. And having been in an organizations that actually do both, we actually work together with our Ministry of Foreign Affairs and see how this thing can actually interconnected, interdependency, and also it will reflect not only at national level, regional level and at the global level. Apparently, I will stop here.

Marie Humeau: Thank you very much, Rashida. And thank you for sharing your personal experience as well. I think you are a good example on how the technical community and the diplomatic community, as well as we should look at the national, regional and international level altogether. And I think you made a great point about the complementarity of those different approaches. As well, I think one important point about how you at national level define critical infrastructure. I think that’s also an important point for each and every one of us to better understand what other countries and what critical infrastructure on top of what we are discussing at international level. So maybe we will move on in our journey to Actually, and what you mentioned, Rashida, with your national experience, I think, and your regulatory framework, is actually the perfect path through our next step in our journey, which is really looking at the policy responses and the lesson learned from good practices on the protection of critical infrastructure. I saw you, Oran, I think I saw some of the ping that you did popping in onto our screen that we have here. So I feel like you are now, like it’s time for you to step in and then to tell you a bit more about how to strengthen the protection of transnational critical infrastructure. Is there a scope for the diplomatic and technical community to work together to actually mitigate those ICC incidents? Oran, the floor is yours.

Orhan Osmani: Thank you, Marie, and good afternoon and good morning to everyone. It’s a pleasure to be on this panel. I think, you know, as your question points, is there a scope between diplomatic and technical community to work together to mitigate these incidents? I think there is always, if there is a will, always there is a way to do things. So I think, you know, I stand by that. But I think what we need to do is basically, probably we need to take a step back and on national level, connect these two communities, because we see huge gaps between diplomatic and technical community on national level. And that one basically blocks the future collaboration on international level. So, you know, if we are clear on national level, where we stand in terms of cybersecurity from diplomatic and technical point of view, I think we can basically strengthen collaboration and we can work together towards, you know, an understanding that, you know, some of the critical infrastructures which serve the essential services in the countries needs to be protected and they must be protected. Because, you know, we are talking about, you know, people who are now, I know more and more people are on. medical devices which you know basically the life-supporting devices and know any energy let’s say any energy attack it attacks those devices we are keeping people alive so I think you know we need to we need to really we need to be have compassion towards those those people I think we need to promote more let’s know what is at risk there and I think you know besides you know I think you know I heard venting she was talking about you know mainly focusing on on state state to state challenges they have on on but also we have the big group of those who are making money than all the cyber criminals who are basically it’s a big industry so it’s is bigger than anything and and cybercrime threats are bigger than any natural disasters around the world so basically no it’s something we need to deal with and I think we need to increase more and more collaboration between technical community but also diplomatic community probably also what we need to work on on on more is attribution because you know often you know this is my personal view I see often the attributions happen very quickly but from technical perspective you know I understand you know to attribute an attack to someone is going to be very challenging because you know you need to have more more evidence you need to spend more time to ensure that you know that the attribution is correct and know when you attribute something to someone which is not which is not kind of true or it’s or it’s misleading then the challenge is basically collaborating how to work together so I think you know we need to work more on capacity development so basically I mean often I I go against the term of capacity building because capacity buildings we build capacity where there is no capacity but I think now we need to continue development because I think you know all regions have capacity but we need to continue development of the capacity so you know probably we need to change the language how we approach and another thing you know which I think we can strengthen protection of critical infrastructure is that know if government community and member states work together in terms of you know, collaborating and kind of, you know, coordinating the activities, aligning each other, you know, how we can, how we can work together and basically, you know, support the development of the world, because I think, you know, I mean, we are having all these national and transnational conflicts. But I think, you know, something which is coming after all the world is the climate change. And I think, you know, we need to we need to promote more of, you know, actually what is happening to us as a world, and probably, you know, the political tensions we will reduce, and we can work better on cybersecurity and other and other challenges we face as a world. So I think, you know, probably, you know, this is my input. I don’t know, let’s see, you know, how conversation goes. And I’ll probably add and chip in with other views. Thank you.

Marie Humeau: Thank you, Orhan. So it’s, it’s about strengthening our capacity. But, and also, I think, indeed, the link between the technical and the diplomatic community, sometimes we don’t speak the same language. So it’s also about, I guess, strengthening our common understanding of each other, and maybe learning how to, like speak the language of all the others. So you can work better together as well. And thank you very much for for this perspective. I think we will now in our journey throughout the world, jump into the Western Balkans region with with Francisca. And you have been working with the technical community, the certs in that region, and you’ve helped him set up informal networks, where actually it’s about like getting to know each other, building trust, sharing information. And I think that’s relates a bit to what Aran was saying also about the need for, for, for, for to build on our capacity and also to better exchange information. Can you tell us a bit more about how can such networks of technical experts help protect the critical transnational political infrastructure?

Franziska Klopfer: Thank you very much, Marie. And Hello, everyone. Very pleased to see you, see you again. Indeed, we have my organization, the Geneva Center for Security, the governance have been working for quite some time in the Western Balkan region in Europe. And one of the areas that we work with is organizing regional events for national certs. And indeed, this has helped through a long term process to facilitate communication and build trust. And now led to what one can describe as an informal network of where the staff of this certs communicate. I want to kind of take up on what the previous speakers have said, that there is a lot that can be done by different communities. And I think it is important definitely to see the potential of the technical community to also get involved in, you know, transnational international processes. But I think it is very important to to then go back to see, as Arhan had said, what’s happening at the national level. Because these certs, they also they cannot work in a vacuum. They cannot do diplomacy or in a vacuum. They are part of a national structure where they, I think, have a, for example, the certs have a very interesting role that they can play. They are usually in countries, either the certs or the national cybersecurity agencies, in charge of also supporting and coordinating with critical infrastructure and critical information infrastructure. So they are really there to support and to help them and to enforce cybersecurity standards and also to exchange information and information that might have also received from friendly neighbors on cyber threats. But I think this cannot be done. in a vacuum or outside of diplomatic processes, as you know. I mean, we’ve talked quite a bit about agreements, bilateral or regional or international, about coordination between different countries on protecting of CII. And I think this is, we know that there are different actors involved in it and there’s on the one hand the diplomatic community and then technical community can come in with their expertise. But it is very important that in a country, the roles of diplomats, of technical community, or for example, CIRTS and other actors are clearly defined. And it’s clear what the role they play in, for example, in this process of protecting transnational critical infrastructure. And that it’s also clear how they communicate, coordinate and communicate with each other. Because as has already been mentioned, I think this is a big problem. You have different actors working on similar topics, but there’s no clarity about how they should cooperate. They often don’t even meet regularly in meetings. So I think that’s one of the areas, but when we talk about also capacity building or capacity development, that we should not see these different actors in isolation. But I think part of the capacity development would be to strengthen the links, clarify roles and responsibilities and strengthen links between those different stakeholder groups at national level.

Marie Humeau: Thank you, Franziska. I think the message is clear that we need to strengthen our capacity, everyone’s capacity also at national level first. And then that would also allow for better engagement, I think at regional and then international level. But let’s put everything one step at a time and start with the strengthening at national level of this collaboration also between the technical and the diplomatic community. Maybe I’ll move back to Willa. and look at from your perspective on the Africa’s energy sector. Can you share with us some good practices, good example at your level, at the African Union level, and what kind of further steps would you think governments and industry stakeholders in the region can take to better protect the energy infrastructure? I think it’s always good to have a look at concrete sectors. So Tovela, the floor is yours to share your perspective on this.

Towela Nyirenda-Jere: Thank you very much. Maybe let me just start by appreciating I think Rashida’s intervention and especially the idea of the fact that critical infrastructure perhaps will be looked at and prioritized differently within different member states and regions, depending on what is obtaining in the region and also in terms of how regions work and are organized. And I think also to Orhan’s point about the fact that capacity building but maybe enhancing and going further in terms of capacity endowments and looking more at very deliberate strategies for capacity development I think are very important points. So I think turning to the case of Africa and looking at good practice and maybe trying to do a bit of a balancing act between the energy sector but also all the other infrastructure sectors as well. I think one thing that I would cite as good practice that I think this is also to Rashida’s point but also in terms of the way Africa works and is structured is the idea of really being able to foster and promote regional cooperation and harmonization across the different regions because that then makes it easier when we now want to start implementing different policy frameworks if there is some way in which there’s a bit of harmonization but also that there is some cooperation. Within the energy sector. Of course, there’s, and as with other sectors, there’s a myriad of stakeholders that are involved in all of this. So you will have utilities at the national level, you have the power pools, you have the regional economic communities, you have other private sector entities perhaps that are responsible for grid development. And then obviously you have the African Union itself. So there is a need for a very balanced cascading of cooperation, both from top going down, but also from the bottom going up. And being able to structure this in a way that makes sense, I think is important. And I think for the energy sector, I think Africa has managed to do this in a very coherent way by bringing together all these different actors to look at the sector critically and identify the different areas where harmonization and standardization is needed, but also establishing the relevant cooperation frameworks. When we now look maybe very specifically at the issues of cybersecurity, I think we’re all aware that the African Union has its convention on cybersecurity and personal data protection, which has now entered into force, and which also sets, I think, a very good framework in terms of how the continent wants to approach issues of cybersecurity, issues of privacy, issues of data protection. And I think what is important then as we move forward is making sure that this convention is seen not as an ICT instrument or an ICT device, but that it really has importance across the entire infrastructure landscape, and obviously beyond when we start looking at just general issues of people’s day-to-day lives as well. To the point about capacity and the capacity endowments, really, when we now look at how we operationalize the convention, again, very important to make sure that we’re not losing sight. of the fact that in addition to the digital cyber experts, if I can call them that, that we need to make sure that our experts that are managing our different utilities, whether it’s in water, whether it’s in energy, and those that are managing our other infrastructure, you know, in terms of transport, in the water sector, that all of these are adequately equipped with the understanding of, you know, cyber security measures, but also that there is some element of coordination and cooperation across the different sectors within countries at regional level, and then also at a continental level as well. And then lastly, I think that, you know, in terms of the practice, I think the GFCE perhaps mentioned this a little bit, just in terms of this idea of being able to provide a framework where one can actually have a way in which to match the capacity needs in terms of cyber capacity building, and linking that to where expertise and experts lie and being able to make those connections and offer that platform that enables this flow of expertise and experts between regions and between countries, so as to enhance the cyber security posturing across the globe. Back to you.

Marie Humeau: Thank you very much, Jawila. I think you, you, you, you touch upon another important point is also sharing best practices across sectors, and it’s that the cooperation need not only to happen between the technical community and the diplomatic community, but also across sectors, because the more we get connected, the more we rely on each one sector rely on the other. But also, I think each sector can learn from the best practice of the other. And I think you point out your best practice from the energy sector, and I’m pretty sure a lot of other sectors can learn from how you are trying to like put things together and to be able to share better the information to make your, your infrastructure also more resilient. And I think that’s exactly what we are. trying to do here and I can I can see on the screen of one thing that they’re already some exchange of of willingness to exchange information about what everyone is doing so I think that’s the objective is really to share our experience here, and to connect and continue that discussion also after after this session so I’m quite excited about what I see on the screen on my left. And it’s not only happening in the room. So maybe we’ll guide you through the next step in our, in our journey which is our nearly final stop, because we will then open the floor to everyone to ask questions, but apparently someone wants to take the floor. Yes, Rashida please do.

Shariffah Rashidah Syed Othman: Thank you very much, Marie, I just want to just connect and give some response with regards to Francisca’s views as well as Toela. About the importance of structuring and position. While we are talking about the technical community in terms of sets and giving them a proper place at the national level, as well as how Toela mentions the importance of making sure that the things are being interconnected in such a way, where I think the experience that we took in terms of making sure the discussions between the technical people and diplomat, as well as the people that look into the policy at national level. This is also the experience that we got from the exposure from the learning curve that we got from the OEWG, and other activities that we, we see at national level, as well as at regional level, specifically on the third part. the chief executive of my organization, the National Cyber Security Agency, has the responsibility to maintain the National Cyber Coordination and Command Center, which is our national CERC, and the act actually give an importance of the designation of sector lead, where they are being empowered to designate the national critical infrastructure with the processes, then they are a compulsory notification of incident, where the coordination can actually be swiftly being done at national level. This is also complement the works that, and the development that is happening at national level, where the national CERC, which is the NC4 itself, is also being submitted at the UN OEWG as the technical global point of contact. This is where I think the learning curve our country takes in terms of understanding and connecting the dots between the discussion with the technical people, the policy people at the domestic level, as well as the diplomat that works at the United Nation. Another part that I also want to touch is the opportunity that we have in terms of capacity building, where one of the thing that we managed to work together, especially with UNIDIR, and at national level, we get a blessing from our management to do that, where we will develop and institutionalize a proper training in our institute that train the diplomat before they are being stationed internationally in terms of cyber diplomacy or tech diplomacy, so that the people that face when they go overseas, the diplomat have the clear understanding of when to connect the dots and how actually they can bring back the discussion that they see and they negotiate at any platform, bilaterally or multilaterally, back to the organization. in organizations that look and lead national cybersecurity initiative at national level.

Marie Humeau: Thank you. Thank you very much Rashida. I think indeed it’s important to know who to contact and where in those points of contact are key and crucial. And thanks for sharing your best practices. I think your point about capacity building and the training of diplomats is an amazing one. And I’m very pleased as well that our co-organizer today are being mentioned by so many of you on their best practices as well, because I do think that UNIDIR and GFCE are doing lots of work to try to strengthen those capacity as well. And indeed, the women in cyber, we can see here that we have quite a panel with lots of women. So it’s also nice to see this because it’s not always the case, but thank you around for bringing a bit of men balance in this discussion as well. So maybe, or no, no, yes. I know sign on it from the virtual room, but so maybe we’ll, yeah. Maybe we’ll step in in our last topic. And before I give the floor to everyone and to some questions. So maybe what are the, so we will step in for the future and where we are heading next step in our journey. So maybe, Francisca, you want to start with what are the opportunities for greater cooperation? And do you see, I think you started like answering that question a bit already, but do you see like ways to reach out and to set up mechanism to better be prepared and equipped for those, for greater collaboration? And that includes also the role for the multi-stakeholder community in those discussion.

Franziska Klopfer: Yeah, I think that’s a really good question. I think that’s a really good question. I think that’s a really good question. I think that’s a really good question. I think that’s a really good question. Yes, I think we’ve spoken quite a lot about this already, so I’ll keep it short and I think maybe just a very practical step, and Rashida already mentioned it, I think a very good first step would be when you do training of cyber diplomats, actually one of the most essential things, make them aware of what’s happening in their country, who’s in their country, who they need to coordinate with, who they need to consult, also to establish national priorities, because these are the national priorities that we will bring to the international discussions, including discussions on CII, and also engage with the multistakeholder community in order to identify indeed and to work with CII. I think I’ll leave it at that in the interest of time, just two first practical steps that I would recommend to take.

Marie Humeau: Thank you. I think we are running, we only have a few minutes left, so maybe what I’ll do, if that’s fine, I’ll look at the room and see if there are some pressing questions coming from the room. Yes, I see a gentleman at the back. Excuse me? Mike, yes, please. Thank you. It’s coming from you, Ben. No, Mike. Thank you.

Audience: Hello. Yes, so I’m into you from Austria, and I’m curious to know how many of you, so I guess that you’re coming from, each of you are coming from different countries, so how many of you have seen policy documents that actually addresses transnational critical information infrastructure and talk about whether your government is allowed to or planning to attack in case of emergencies or in case of contingencies, especially if it’s relevant? if you have seen any documents published by the military administration. So is your country, especially the military department, allows or take into consideration the possibility they would be able to attack critical influence structures in other countries?

Marie Humeau: Is there any question also on the chat? No? Okay. So maybe we’ll take your question. And because we also have two minutes left, at the same time, I’ll ask the speakers to answer your question and then to give their final remarks before Theresa wraps it up and do our photo album of our journey together. So maybe I’ll give you the floor one by one, and then you can address the question that has been asked. But also you can bring us a bit of your flavour, and Francisca, you’ve already started to do so, on what are the opportunities in the future, be it at national, regional, or at international level, for greater collaboration? But also, what can stakeholder bring to the table in terms of the protection of critical infrastructure, and the importance of actually this multi-stakeholder cooperation that is needed to be better equipped and to have a more resilient critical infrastructure? Maybe I’ll start at the bottom right with Oran, and then I’ll go to Toela, to Francisca, and to Rashida and Francisca. So Oran, you have the floor.

Orhan Osmani: So can you hear me, I think? So I think the question of the gentlemen, honestly, I don’t have an answer, because ITU is a government agency, so we keep supporting member states to build the capacity. So… know, we are focused on Global South, where we, you know, run cyber drills, where we bring communities together, so technical communities. Now we are trying to bridge the gaps, bringing diplomatic community to our meetings and have a discussion among them. So in principle, you know, I don’t have an answer for him on that regard. But you know, all comes down to, you know, collaboration, information sharing. So we have often, you know, even countries which are aligned to each other, they don’t share all the information. So basically, you know, I think, you know, I think quite a lot needs to be done, I think, trust needs to be built. And so we need to we need to work around around that. So I think, you know, the opportunities are there to to increase collaboration, but are we going to take and take action on really putting the citizen at the center, because I think, you know, what is happening now we are putting at the center other things. But if you put the citizen at the center, you know, those who need the essential services, those who benefit from those essential services, and those who contribute back to the society, I think, you know, then I think quite a lot of things can be solved. But you know, I’m very idealistic in that regard. So I think, you know, I’m not sure, you know, what, what would work the best, but you know, we keep continuing to work together with a global South building the capacity which is needed to support the digital developments of the countries. We, you know, help women in cyber, through mentorships, through capacity building, and so on. I mean, a lot to be done, honestly, you know, a lot to be done. And we need to sit down as development agencies or partners or stakeholders on building capacity, developing capacity. So we need to sit down and kind of decide who’s going to be doing what, because I think a lot of duplication of efforts is happening in on the same area. So I think we need to kind of spread the net and try to cover most we can, because the resources are limited in terms of financial and human. And I think, you know, can be done a lot if just there is a will to sit down and lower our egos and work together. I mean, that’s, that’s all. Thank you.

Marie Humeau: Thanks. Thanks, Oren. So I think And as you said, a lot needs to be said and done, but we are also pressured with time. So I will give each of you 15 seconds, and then, Teresa, I can wrap up. I’m really sorry, but maybe we can have another session on the next IGF to continue the discussion, because apparently so much needs to be done and so much needs to be said. And we are seeing this initial cooperation that are taking place now. So maybe, Doela, if you can give us in 50 seconds a short snap of what you think we should be doing.

Towela Nyirenda-Jere: Okay. Thank you very much. Very quickly, I think, as we see now that there’s a large move towards privatization of a lot of infrastructure, whether it is in-country or transnational infrastructure, this means then that, on the one hand, there will be a need for stronger collaboration between private sector and governments through very structured PPPs that focus on this issue of the protection of that infrastructure, but at the same time, governments, I think, need to then continue setting the container in terms of the relevant policy and regulation mechanisms, but making sure that these are things that can be implemented and that are enabling the protection of the infrastructure, but also, I think, as Aura has said, making sure that we’re not losing sight of putting people at the center of what we’re doing. Thank you.

Marie Humeau: Thank you, Doela. Rashida, you have 15 seconds.

Shariffah Rashidah Syed Othman: I’m going to be short and quick, but I just want to touch on, just now earlier, we mentioned about OEWG discussions. So one of the things that we are doing right now, we are in the final lap of the OEWG. The central of the discussion before next July is to ensure what will be the future permanent mechanism, where we want to actually, together with all the states, to develop a permanent mechanism on how we want to position cybersecurity at the UN. This is where an important discussion starts, where actually we want to position the stakeholder so that they can contribute. to execute effectively in the permanent mechanism that we wanted to do. One thing we talk a lot today is about energy from where if we want to talk about energy, be sector specific, bring the right stakeholder, bring the right skill, then we can solve the right specific question in sector specific problems at the at that level that it can be escalate at regional and national level.

Marie Humeau: I’m going to pass it over to Francesca.

Franziska Klopfer: And just to add to what everything has been said, maybe go back to the beginning. I think there’s still also some work to be done to just raise awareness of the existence of this transnational critical infrastructure and a lot of I think smaller countries might not be aware or they might not be aware of where these often these critical national transnational infrastructure on their protection. So I think that’s a good step for the very very beginning. That’s still I think necessary.

Marie Humeau: Thank you Francesca. I will give my last words to to Teresa. But before this, I would like to thank all the panelists for being with us and sharing your your expertise. And this is just the beginning. But I’ll give the floor to to Teresa.

Tereza Horejsova: Thank you, Mary. So we put this session together because we thought there was a lack of understanding of what benefit involvement of the technical community can have in multistakeholder dialogues on these topics. We have felt from our experience that sometimes these multistakeholder consultations have been more a tick-the-box approach, which is not what we want, because they are stakeholders in addition to the myriad of other stakeholders as was already said at this session. So we hope that this technical community can get involved, especially next year, in the in the regulational dialogues. We had some great examples from from Africa. Africa, from Asia, from Western Balkans, with some concrete challenges, including the definition on the national level of what is actually critical infrastructure, some efforts for regional cooperation as well. So I will not be able to go through all these details, but if you allow me, there are a few kind of calls for action that I think can shape the continuation of our discussion on this topic. The first is that we do need to strengthen the collaboration between states and the technical community, and we will be able to explore more in detail how, be it third-to-third cooperation or in the framework of the open-ended working groups. We do need to build capacities, especially for developing countries. We have heard the capacity building or capacity development, as Orhan clarified, has been coming up in the discussion in relation to these topics. And another idea that I think we can play with is how can we further convene multistakeholder dialogues on protecting transnational critical infrastructure, which is something that we will look into and we will try to come up with some ideas, be it in the form of a series of workshops or other initiatives. So I will have to stop here because I know we are over, but thank you very much for being part of this.

Marie Humeau: Thank you and have a good day. Thank you so much. Thank you. Bye-bye. Thank you. Bye-bye. Thank you. Bye-bye.

Agreement Points

Critical infrastructure protection is crucial for international security

speakers

Wenting He

Towela Nyirenda-Jere

Shariffah Rashidah Syed Othman

Orhan Osmani

arguments

Subsea cables and satellite systems are key vulnerable components

Energy sector interconnections are increasingly important targets

Attacks on critical infrastructure can have cascading effects across borders

Cybercrime threats to infrastructure are greater than natural disasters

summary

Speakers agree that protecting critical infrastructure, including subsea cables, satellite systems, and energy interconnections, is vital for international security due to their vulnerability and potential for cascading effects across borders.

Need for collaboration between technical and diplomatic communities

speakers

Shariffah Rashidah Syed Othman

Orhan Osmani

Franziska Klopfer

Tereza Horejsova

arguments

Cyber diplomacy training for diplomats is crucial

Bridging gaps between technical and diplomatic communities

Value of informal networks between national CERTs to build trust

Need to involve technical community in policy dialogues

summary

Speakers emphasize the importance of fostering collaboration and communication between technical experts and diplomats to address cybersecurity challenges effectively.

Similar Viewpoints

Both speakers advocate for structured cooperation mechanisms, either at the regional or international level, to address cybersecurity challenges more effectively.

speakers

Towela Nyirenda-Jere

Shariffah Rashidah Syed Othman

arguments

Need for regional cooperation and harmonization of approaches

Permanent UN mechanism for stakeholder contributions on cybersecurity

Unexpected Consensus

Citizen-centric approach to infrastructure protection

speakers

Orhan Osmani

Towela Nyirenda-Jere

arguments

Putting citizens at the center of infrastructure protection efforts

Structured public-private partnerships for infrastructure protection

explanation

While coming from different perspectives (ITU and energy sector), both speakers emphasize the importance of considering citizens’ needs and involving the private sector in infrastructure protection efforts.

Overall Assessment

Summary

The speakers generally agree on the importance of protecting critical infrastructure, the need for collaboration between technical and diplomatic communities, and the value of regional and international cooperation mechanisms.

Consensus level

There is a moderate to high level of consensus among the speakers on the main issues discussed. This consensus suggests a shared understanding of the challenges and potential solutions in protecting transnational critical infrastructure, which could facilitate more coordinated efforts in policy-making and implementation at national, regional, and international levels.

Different Viewpoints

Focus of capacity building efforts

speakers

Orhan Osmani

Towela Nyirenda-Jere

arguments

We keep supporting member states to build the capacity. So…know, we are focused on Global South, where we, you know, run cyber drills, where we bring communities together, so technical communities.

Need for regional cooperation and harmonization of approaches

summary

Orhan Osmani emphasizes capacity building focused on the Global South through cyber drills and bringing technical communities together, while Towela Nyirenda-Jere stresses the need for regional cooperation and harmonization of approaches in Africa.

Unexpected Differences

Overall Assessment

summary

The main areas of disagreement were subtle and primarily focused on different approaches to capacity building and bridging gaps between technical and diplomatic communities.

difference_level

The level of disagreement among the speakers was relatively low. Most speakers presented complementary perspectives on protecting critical infrastructure and enhancing cybersecurity cooperation. The differences in approaches reflect the diverse regional and organizational contexts of the speakers, rather than fundamental disagreements on goals or principles. This low level of disagreement suggests a general consensus on the importance of protecting transnational critical infrastructure and the need for multi-stakeholder cooperation, which is positive for advancing global cybersecurity efforts.

Partial Agreements

Both speakers agree on the need to connect technical and diplomatic communities, but they propose different approaches. Orhan Osmani suggests bringing diplomatic communities to technical meetings, while Shariffah Rashidah Syed Othman emphasizes specialized training for diplomats in cyber diplomacy.

speakers

Orhan Osmani

Shariffah Rashidah Syed Othman

arguments

Bridging gaps between technical and diplomatic communities

Cyber diplomacy training for diplomats is crucial

Similar Viewpoints

Both speakers advocate for structured cooperation mechanisms, either at the regional or international level, to address cybersecurity challenges more effectively.

speakers

Towela Nyirenda-Jere

Shariffah Rashidah Syed Othman

arguments

Need for regional cooperation and harmonization of approaches

Permanent UN mechanism for stakeholder contributions on cybersecurity

Key Takeaways

Critical infrastructure like subsea cables, satellite systems, and energy grids are increasingly vulnerable to cyberattacks with potential cascading effects across borders

There is a need for greater collaboration between technical and diplomatic communities to address cybersecurity threats to critical infrastructure

Regional cooperation and harmonization of approaches is important for protecting transnational critical infrastructure

Capacity building and training, especially for developing countries, is crucial for improving critical infrastructure protection

Multistakeholder cooperation, including public-private partnerships, is necessary for effective protection of critical infrastructure

Resolutions and Action Items

Explore ways to strengthen collaboration between states and the technical community, including through CERT-to-CERT cooperation

Look into convening multistakeholder dialogues on protecting transnational critical infrastructure, possibly through a series of workshops

Work on developing a permanent UN mechanism for stakeholder contributions on cybersecurity issues

Unresolved Issues

Specific mechanisms for improving information sharing between countries on critical infrastructure threats

How to effectively involve the technical community in policy dialogues beyond a ‘tick-the-box’ approach

Ways to address the duplication of efforts in capacity building initiatives

How to balance national security concerns with the need for international cooperation on critical infrastructure protection

Suggested Compromises

Focusing on putting citizens and essential services at the center of critical infrastructure protection efforts rather than solely on national interests

Developing structured public-private partnerships that allow for private sector involvement while maintaining government oversight on critical infrastructure protection

We need to take a step back and on national level, connect these two communities, because we see huge gaps between diplomatic and technical community on national level. And that one basically blocks the future collaboration on international level.

speaker

Orhan Osmani

reason

This comment highlights a fundamental challenge in addressing cybersecurity issues – the disconnect between technical and diplomatic communities at the national level, which hinders international cooperation.

impact

It shifted the discussion towards the importance of national-level coordination as a prerequisite for effective international collaboration on cybersecurity.

Critical infrastructure does not exist in vacuum. It actually relates to the risk that the country face and also what actually define the country, the country’s importance.

speaker

Shariffah Rashidah Syed Othman

reason

This insight emphasizes the contextual nature of critical infrastructure, highlighting that its definition varies based on each country’s specific risks and priorities.

impact

It broadened the conversation to consider how different countries might approach the protection of critical infrastructure based on their unique circumstances.

We need to promote more let’s know what is at risk there and I think you know besides you know I think you know I heard venting she was talking about you know mainly focusing on on state state to state challenges they have on on but also we have the big group of those who are making money than all the cyber criminals who are basically it’s a big industry so it’s is bigger than anything and and cybercrime threats are bigger than any natural disasters around the world

speaker

Orhan Osmani

reason

This comment broadens the scope of the discussion beyond state-to-state challenges to include the significant threat posed by cybercriminals, comparing it to natural disasters in terms of impact.

impact

It expanded the conversation to consider non-state actors as a major threat to critical infrastructure, adding complexity to the discussion of protection strategies.

Part of the capacity development would be to strengthen the links, clarify roles and responsibilities and strengthen links between those different stakeholder groups at national level.

speaker

Franziska Klopfer

reason

This insight emphasizes the importance of clear roles and communication channels between different stakeholders at the national level as a key aspect of capacity building.

impact

It refocused the discussion on the need for structured coordination and clear responsibilities among various actors involved in protecting critical infrastructure.

We will develop and institutionalize a proper training in our institute that train the diplomat before they are being stationed internationally in terms of cyber diplomacy or tech diplomacy, so that the people that face when they go overseas, the diplomat have the clear understanding of when to connect the dots and how actually they can bring back the discussion that they see and they negotiate at any platform, bilaterally or multilaterally, back to the organization.

speaker

Shariffah Rashidah Syed Othman

reason

This comment introduces a concrete solution to bridge the gap between technical and diplomatic communities through specialized training for diplomats.

impact

It provided a practical example of how to address the disconnect between technical and diplomatic communities, moving the discussion towards actionable solutions.

Overall Assessment

These key comments shaped the discussion by highlighting the complex, multi-faceted nature of protecting critical infrastructure across borders. They emphasized the need for better coordination between technical and diplomatic communities at both national and international levels, the importance of context-specific approaches to defining and protecting critical infrastructure, and the necessity of capacity building that includes clear role definition and specialized training. The discussion evolved from identifying challenges to exploring potential solutions, with a focus on practical steps to improve collaboration and communication between various stakeholders.

How can we better structure and position the technical community (e.g. CERTs) at the national level to improve coordination with diplomats and policymakers?

speaker

Franziska Klopfer and Shariffah Rashidah Syed Othman

explanation

This is important to improve communication and coordination between technical and diplomatic communities at the national level, which can then enhance international cooperation.

How can we develop more comprehensive training programs for diplomats on cyber diplomacy and technology issues before they are stationed internationally?

speaker

Shariffah Rashidah Syed Othman

explanation

This is crucial for ensuring diplomats have a clear understanding of cyber issues and can effectively engage in international discussions and negotiations on these topics.

What are effective ways to raise awareness among smaller countries about the existence and importance of transnational critical infrastructure?

speaker

Franziska Klopfer

explanation

This is important because many smaller countries may not be aware of their role in or dependence on transnational critical infrastructure, which is crucial for effective protection efforts.

How can we better coordinate capacity building efforts among development agencies and partners to avoid duplication and maximize impact?

speaker

Orhan Osmani

explanation

This is important for making the most efficient use of limited resources in building cybersecurity capacity globally.

What mechanisms can be developed for stronger collaboration between private sector and governments through structured public-private partnerships focused on critical infrastructure protection?

speaker

Towela Nyirenda-Jere

explanation

This is crucial as there is a trend towards privatization of infrastructure, requiring new forms of cooperation to ensure protection.

How can we design a permanent mechanism at the UN level for positioning cybersecurity that effectively incorporates multi-stakeholder contributions?

speaker

Shariffah Rashidah Syed Othman

explanation

This is important for ensuring long-term, structured global cooperation on cybersecurity issues, including critical infrastructure protection.