WS #84 The Venn Intersection of Cyber and National Security

19 Dec 2024 06:30h - 08:00h

Session at a Glance

Summary

This discussion focused on the critical intersection of cybersecurity and national security in today’s data-driven world. Experts from various countries and organizations explored the challenges and strategies for addressing gaps in policies and practices. The panelists emphasized the importance of trust in digital systems and the need for a multi-stakeholder approach to tackle cybersecurity issues.

Key points included the evolution of cybersecurity from a technical issue to a central national security concern, the importance of aligning national security priorities with rapidly evolving cyber threats, and the need for robust legislative frameworks. Participants discussed the vulnerabilities exposed by cyber threats such as spyware, phishing, and cyber warfare, as well as the potential of decentralized digital solutions to enhance resilience.

The discussion highlighted the importance of international cooperation and information sharing to combat global cyber threats. Panelists stressed the need for capacity building, particularly in developing countries, to address the digital divide and enhance cybersecurity capabilities. The role of public-private partnerships and the importance of involving academia in cybersecurity efforts were also emphasized.

Challenges such as balancing privacy with security, the need for technical literacy among policymakers, and the importance of routinizing threat information sharing were discussed. The conversation also touched on the potential of emerging technologies like AI and IoT to both enhance and complicate cybersecurity efforts.

In conclusion, the discussion underscored the urgent need for stronger policy innovation, collaborative efforts, and a shared approach to addressing cybersecurity challenges in the interconnected global digital landscape.

Keypoints

Major discussion points:

– The intersection of cybersecurity and national security in the modern data-driven world

– The need for international cooperation and information sharing on cyber threats

– Challenges around trust, privacy, and data sovereignty in cybersecurity efforts

– The importance of capacity building, education, and awareness on cybersecurity issues

– The role of government, private sector, and civil society in addressing cybersecurity challenges

The overall purpose of the discussion was to explore the complex relationship between cybersecurity and national security, identify gaps in current policies and practices, and discuss strategies for enhancing cyber resilience through collaborative efforts.

The tone of the discussion was largely collaborative and solution-oriented. Participants shared insights from their diverse perspectives and experiences, acknowledging challenges while focusing on opportunities for cooperation. The tone became more urgent when discussing the need for immediate action, but remained constructive throughout. There was a sense of shared responsibility and recognition that addressing cybersecurity issues requires a multi-stakeholder approach.

Speakers

– MODERATOR: Session moderator

– Ihita Gangavarapu: Cybersecurity expert, works in private sector and contributes to cybersecurity community

– Paula Nkandu Haamaundu: Coordinator and advisor at GIZ African Union, seconded to African Union Commission

– Monojit Das: Experience in academia, media, and government

– Samaila Atsen Bako: Security manager at Code for Africa, director of communication at Cybersecurity Experts Association of Nigeria

– Karsan Gabriel: Coordinator of the African Parliamentarian Network on Internet Governance

– Lily Edinam Botsyoe: PhD candidate in IT at University of Cincinnati, focus on privacy

Additional speakers:

– Sreenath Govindarajan: European Law Students Association, specializes in international law

– AUDIENCE: Representative from the FBI

Full session report

Revised Summary of Cybersecurity and National Security Discussion

Introduction

This panel discussion brought together experts from various countries and organizations, including representatives from the private sector, academia, government agencies, and international organizations, to explore the critical intersection of cybersecurity and national security in today’s data-driven world. The diverse panel, which included an FBI representative, examined challenges and strategies for addressing gaps in policies and practices, emphasizing the importance of trust in digital systems and the need for a multi-stakeholder approach to tackle cybersecurity issues.

Key Themes and Discussion Points

1. Intersection of Cybersecurity and National Security

The discussion highlighted the evolving nature of cybersecurity from a purely technical issue to a central national security concern. Ihita Gangavarapu, a cybersecurity expert from the private sector, emphasized that cybersecurity directly impacts national security and critical infrastructure. Lily Edinam Botsyoe, a PhD candidate in IT, described cybersecurity and national security as “two sides of the same coin in the digital age,” using an analogy of a market and shopkeepers to explain cybersecurity concepts. The FBI representative further highlighted trust as a key factor in the relationship between cybersecurity and national security.

2. Challenges in Cybersecurity Collaboration

Several speakers identified significant challenges in cybersecurity collaboration:

– Lack of trust and information sharing between organizations (Paula Nkandu Haamaundu, GIZ African Union)

– Political factors and changes in government leadership disrupting initiatives (Samaila Atsen Bako, Code for Africa)

– Differences in data localization and privacy policies between countries (Monojit Das, academia/media/government experience)

– Balancing privacy and security concerns (FBI representative)

– Emerging technologies like IoT and AI posing new challenges

3. Strategies for Enhancing Cybersecurity

The panelists proposed various strategies to enhance cybersecurity measures:

– Comprehensive legislative and institutional frameworks (Ihita Gangavarapu)

– Capacity building and implementation focus (Paula Nkandu Haamaundu)

– Improving digital literacy and infrastructure to address the digital divide (Samaila Atsen Bako)

– Developing international cooperation and frameworks (FBI representative)

– Decentralized solutions for cybersecurity challenges

– Youth involvement in cybersecurity efforts

4. Role of Different Stakeholders in Cybersecurity

The discussion underscored the importance of a multi-stakeholder approach, highlighting roles for government, the private sector, civil society, NGOs, and international organizations in developing and implementing cybersecurity solutions.

Country Perspectives

India’s Cybersecurity Initiatives:

Ihita Gangavarapu and Monojit Das provided insights into India’s cybersecurity landscape, discussing the country’s efforts in data localization and the challenges faced in balancing these efforts with global tech companies’ policies.

African Perspective:

Karsan Gabriel mentioned the African Parliamentarian Network on Internet Governance, highlighting regional efforts to address cybersecurity challenges.

International Cooperation and Information Sharing

The panel emphasized the critical need for international cooperation in addressing global cyber threats. The FBI representative advocated for developing international frameworks, while other panelists stressed the importance of information sharing and trust-building between nations and organizations. Specific international forums mentioned included the Global Forum on Cyber Expertise and the Anti-Phishing Working Group.

Specific Cybersecurity Challenges and Solutions

– Education sector identified as a major target for cyberattacks (Ihita Gangavarapu)

– Need for tailored approaches to address unique challenges faced by different nations and sectors

– Importance of addressing the digital divide to enhance overall cybersecurity posture

Key Takeaways and Action Items

1. Explore opportunities for bilateral and multilateral cooperation on cybersecurity issues

2. Develop robust frameworks for sharing threat intelligence and best practices internationally

3. Focus on building trust between nations and organizations to facilitate better information sharing

4. Prioritize capacity building initiatives, especially in developing countries

5. Work towards creating international standards or frameworks for cybersecurity

6. Increase youth involvement in cybersecurity efforts

7. Address challenges posed by emerging technologies like IoT and AI

Conclusion

The discussion underscored the urgent need for stronger policy innovation, collaborative efforts, and a shared approach to addressing cybersecurity challenges in the interconnected global digital landscape. It highlighted the complex interplay between national security, economic development, and technological advancement. The conversation emphasized the need for tailored approaches and multi-stakeholder engagement in cybersecurity efforts, recognizing the diverse perspectives and unique challenges faced by different nations and sectors. Moving forward, continued collaboration and trust-building among all stakeholders will be crucial in effectively addressing the evolving cybersecurity landscape and its implications for national security.

Session Transcript

MODERATOR: I believe it’s a yes here section actually so during this session I’m very happy to be here with you today and I’m very pleased to be joined by Dr. Iheeta and Dr. Manojit. Yes, just to give you a brief introduction of the session, as you may know, over this nine minutes, we aim to explore the intricate and increasingly critical relationship between cybersecurity and cyber security. The goal of this session is to dissect the overlapping challenges within the intersection as well as to identify actionable strategies for addressing gaps in policies and practices. Through cases, case studies, experience sites and collaborative discussions, we will examine how cybersecurity has evolved from being a technical issue to a central issue. We will also explore the challenges of cyber security and how it has contributed to global health. Together we will explore topics such as the vulnerabilities exposed by spyware phishing and cyber warfare and how decentralized digital solutions and robust legislative frameworks can enhance resilience. We will also explore the challenges of cyber security and how it has contributed to global health. We will also invite participants to share their thoughts and questions through the sessions, whether through the chat for those who are online and the Q&A for those who are here on the site. As we focus on the case of cyber security, we will also highlight the challenges posed by cyber crime and its impact on national stability, particularly concerning youth and illicit digital activities. We will also highlight best practices such as cybersecurity by design principles and open sources, decentralization, to build a more secure and sustainable cyber ecosystem. We will also highlight the challenges posed by cyber crime and its impact on national stability, particularly concerning youth and illicit digital activities. We look forward to your active participations in this critical discussion or let’s say conversation. So to welcome the panelists and introduce themselves, I would like to introduce myself. My name is Alvisar. On site, allow me to give the floor to Hita to introduce herself and then move to Paula and then Dr. Manojit. You have the floor, Hita. Thank you so much. My name is Alvisar. I’m the coordinator of the cyber security team. We will be giving five minutes each of you to introduce the panel.

Ihita Gangavarapu: Perfect. Hi, everyone. Thank you so much for joining our session. I am Hita. In addition to this, I work a lot in the cyber security space both as a private sector but also contribute quite actively to the community. Thank you.

Paula Nkandu Haamaundu: Can you hear me now? Okay. A very good morning to you all. Thank you very much for the invitation to be on this panel and thank you for thank you to the audience for joining us. My name is Hita. I’m the coordinator and advisor at GIZ African Union, seconded to the African Union Commission. My role there is basically to enhance the cyber security posture for the African Union Commission and its internal processes. My experience really has been in the private sector, cyber security, and really just working on information security . I am also quite active in the cyber security community. I am primarily focused on enhancing capacity building for young women in cyber security. I am a mentor at cyber girls fellowship which is really a program that’s trying to ensure that we have adequate skills in the young upcoming women. Thank you very much.

Monojit Das: Thank you for having me. I would like to mention a few things that might be relevant to this. I was initially with academia. Then I moved on to media. And then now I switched on to government. So I have practically the experience of all stakeholders and I will be loving to hear what you have to say. Thank you very much. Thank you.

MODERATOR: Thank you. I’m very happy to be also part of this youth supported by GIZ. I was supported on 2022 in Ethiopia, which is a very good participation we had. It was very interesting because you have had to experience all this. Having the heart of civil society, academy, and now you join it officially, the government, which will be very interesting as well. Moving to the online participation, I think we have Sumaila who is online. Sumaila, if you wish to have the floor to introduce yourself, please.

Samaila Atsen Bako: Thank you so much. Thank you for the opportunity to be here. My name is Sumaila. I’m a professional based in Nigeria. In summary, I work with a couple of NGOs. One of them is Code for Africa, which is a continent-wide NGO that focuses on different technology-based initiatives. I work there as a security manager. I’m responsible for in-house security culture and awareness as well as being a subject matter expert on our external projects. I’m also the director of communication at the Cybersecurity Experts Association of Nigeria. It’s a pleasure to be here, and I look forward to engaging with the audience as well. I would like to thank you very much for being here and I would like to thank the other panelists on this important topic.

MODERATOR: Thank you, Samaela, for your introduction. I keep one key word, cyber security. Hopefully you will be sharing very good insights from your country’s perspective how to tackle nationally these issues. Thank you very much. I would like to give a special thank you to Carsten, who is here. Her video is not available based on the geographical difference we have in terms of time. But we have one more last. Shall we connect this online as well? Carsten, are you here?

Karsan Gabriel: Thank you very much. My name is Carsten. I work as the coordinator of the African Parliamentarian Network on Internet Governance. What we do is we empower African legislators in their work of representing the masses, but also in the work of legislation oversight in terms of digital policy and also to make more informed decision-making in terms of the work of the African Parliamentarian Network. We do a lot of research as well as research to get the nuances and differences between different cybersecurity frameworks, but also what it means to our policymakers, and just the context about our session today, it has been highly inspired by Dr. Manojit here, who has a wide tapestry of experience towards national and cybersecurity, and I’m very much looking forward to the next session.

MODERATOR: I think we definitely are eager, I mean, to have your perspective as policymakers in terms of digital policy and legislation. We have felt the importance of having policymakers this year, and I think this time, this is the right moment to have your insights and draft together a resolution or a framework that will enable us to tackle these issues together. If I’m not wrong, I think we have also Ernest. Kazan, can you confirm, please?

Karsan Gabriel: No, Ernest is not available. Let’s proceed.

MODERATOR: Thank you, distinguished panelists, for your introductions. Now we are moving into the discussions. We have, I would prefer to ask two questions, and it’s up to you to answer one of them. The first one is, how can we better align national security priorities with rapidly evolving cybersecurity threat, or what gaps exist between cybersecurity practices and national security agendas, and how can we bring them together? An Indian perspective would be very interesting as well. Thank you.

Ihita Gangavarapu: All right, I’ll be happy to. So a lot of my talk today is about the best practices, and maybe a little bit around the developments that have happened in India in the past decade. So when we talk about cybersecurity, it has direct implications on national security, and there are certain key initiatives and strategies that nations have taken, and my perspective will be purely from an Indian context. Internet infrastructure, spanning across the banking sector, healthcare, BFSI, telecommunications, even education for that matter, so any disruption to these infrastructures can cause catastrophic effects for nations. And there are certain state actors, non-state actors, proxy actors who are continuously seeking ways to exploit these vulnerabilities, and given that we have a lot of national secrets and very strategic assets that are kept online now, it becomes even more correspondent. So this brings us to this critical realization that cybersecurity and national security actually intersect in a Venn diagram that must be sorted out with precision and urgency. So certain key initiatives and strategies that India has taken, I will take you through from a legislative measure and the institutional frameworks for that matter. First, we have the Information Technology Act, which is a new law that has been passed by the Indian government to make sure that cyber incidents are not reported to the public. First, we have the Information Technology Act. So this particularly has provisions that establishes critical entities such as your CERT, as well as your infrastructure protection center in the country that plays a pivotal role in handling and responding to cyber incidents, to the critical internet infrastructure. Then we also have a defense cyber agency, which is an additional level. Then we have the National Cyber Security Institute, which is a new framework that came out very recently in 2024, which offers guidance to organizations to establish a robust cybersecurity architecture. Now, this from a national perspective, we also have sectoral regulations and guidelines that, for example, in the banking sector, we have RBI, which is a reserve bank of India, compulsory cybersecurity training for the senior management, as well as board members of banks. So we have a lot of regulations and guidelines. Then we have a lot of the devices that we’re getting. We need to make sure they’re sourced from a trusted source. So the government mandates that there has to be an induction of trusted and security-certified products in the networks, and the guidelines are also determined by the government. So you mentioned IoT. IoT, the proliferation is increasing. It’s a tremendous deployment in the country now. There’s a lot of visibility into the landscape of IoT deployments in the country, and then that is where trusted telecom becomes very important, trusted components. But we can’t do all of this without awareness. We have something called ICEA program, which is information security educational awareness program. That is for the entire country. It’s free of cost. You can train yourself. And something that has happened very recently is that we’ve had the national annual cyber exercise for all critical sectors, and we’ve had a lot of people come to us and say, hey, we want to do this. And this, I think, these among other inputs, I’m sure Mr. Monojit will be highlighting a few more, has ensured that in the ITU’s global cybersecurity index, earlier, India was at the 47th rank, but right now we’re on the 10th rank, and we are at the 14th rank. So we’re at the top of the list, and we’re very, very excited about how, when you start prioritizing cybersecurity initiatives, there is a tremendous change that you can see, but I also feel like it is not just the government. It is a significant work that the private sector also has to do. So just in the last couple of years, we’ve seen almost 300 plus companies come up in the country looking at cybersecurity solutions and services, and I actually come ââ I work as a consultant in the ITU, and one of the things that I have seen is that there are a lot of companies that are looking at monitoring, and you’ll be surprised to know that one of ââ as per their findings, you’ll be surprised to know that can you maybe guess what sector is most impacted or which sector has had most amount of cyberattacks? It’s the education sector, not banking, not healthcare. So, you know, that highlights the critical point that we need visibility into the threat landscape, we need visibility into the threat landscape, and we need to be able to make targeted strategies, and we need to be able to make targeted strategies, you know, and what are the strategies that we currently have to ensure that we make targeted strategies sectoral or from a national perspective? Thank you.

MODERATOR: Thank you for this wonderful point you have highlighted. I still remember about national cyber framework you have just highlighted. I’m not sure if you can give us a little bit more detail about the implementation of this very interesting framework.

Monojit Das: Well, Anita has already highlighted the majority of the facts, but I would like to give you a perspective that I have managed to acquire through my experience. Initially I was in private sector working with a company, then I moved on to academia to learn, and I did my PhD on the same topic of Internet governance, then I moved on to ICT, then I began my owníê² career of Arts and Sciences outside of architecture. Then I ended up majoring in IT as a technician. I moved on to pursue my law focusing on Cyber law and now in. So my point of discussion here is that cybersecurity today to me was the significant development we have done. Today we are courtesy that again sometimes brings a debate whether, you know, whether the move was good or not, bringing private players to give in data at a very cheaper rate. Today we enjoy one of the cheapest Internet data. Like $4 a month or roundabout of less than $5 a month you get per day 2 GB of data, which is huge. So that creates a lot of data, I mean, user data. That can be used for multiple purposes. Today if you can map a user, it will not be difficult to find out his whereabouts using that. But my point of discussion here is that cybersecurity is not just a technology. It is also a human right. My main suggestion or like a discussion here is that when we talk about the best practices, we need to incorporate that cyber security and national security is not just today rely only on critical infrastructure, but also the other structures as well. Like for example, the submarine cable, it’s other format like you see the emerging players like for example, Starlink, the lower earth orbit satellites, which we are not discussing at that openly, but that it becomes a big challenge to us because it involves multiple agencies and also potentially ruining the bilateral relation. When I mean in this case is that suppose you see the scenario when a lower orbit satellite, whether it is Starlink or any other company that the space debris is caused, it can impact the other space objects that are there. So what can be the repercussion in this? So not only we are going to have, but at the same time we’re going to have a strained relationship between the bilateral, which again going to ruin the relations, not just digitally, but also in the physical, I mean among the countries. But at the same time, you see internet or the technology at large, we are trying to fix it in the form of a like a software diplomacy as well. Today, Indian government releases a large number of scholarships in form of ICCR, Indian Council for Cultural Relations. So we have this specific support to African countries through African scholarships overseas as a part of software diplomacy. Now understanding the importance of cyber security and as you know, diplomacy plays a key role in ensuring the national security, we have been giving us a very high number of scholarships for studying computer security only. I mean the cyber security. Similarly, we have a dedicated program of ITEC. So through ITEC, it’s again under the Minister of External Affairs Division, we train the foreign, I mean the friendly countries IT experts. So just to ensure the best practices are shared among us. And at the same time, I’d like to also share that the gap in understanding the legislation, the existing legislation, my colleague Aita pointed out, that the IT Act assert, you know establishments are there, but they do lack a coordinated approach because the elements of cyber security or the acts are transnational. We need a thorough coordination and collaboration with all of the partner countries because the origin of a server, you know, it can be a step don’t have an extradition treaty. Suppose, for example, even we can trace it, the location to be somewhere, but we don’t have an extradition treaty, how do we do that? So we need a very coordinated approach and again, acknowledgement of regional bodies or for example, if we take the example of NATO or you see international criminal court, many countries don’t recognize it. You know, taking cases of other incidents when you have a person blacklisted or he’s under the, you know, arrest list that he will be arrested, the first country don’t comply to that. So how do we focus on it? So considering this, all the hindrances that we have, I feel that we need to focus on some converging areas, which all the countries who don’t really agree to this point, whether they’re signatory to such extraditions or not, but can agree to minimum points that includes like, for example, preventing child pornography, like this, this few topics that are convergent to everyone, you know, everybody will agree. While others may not agree, like for example, cyber offense to another country because there is no mention of a threshold. Like if you see today, United States and NATO, they say that if at all there is an attack on the critical infrastructure, they will be retaliating in full scale. But they don’t explain that what is the threshold to it, like into what sense. So with this, I’d like to pass on so that, you know, next when you come across, I can share a little more. Thank you so much.

MODERATOR: Thank you, Dr. Menojit, for your insight and collaborations in the multi-stakeholder approach is really essential, I mean, to tackle these issues. Before to give you the floor, Paula, to talk to us about how international organizations and more specifically, GIZ support these mechanisms, let me introduce our online speakers, Lily, who might be recorded as well. So can you just share, please, Lily?

Lily Edinam Botsyoe: Hi everyone, my name is Lily Edenabotre, and I’m excited to be joining you today online. And this is one of the reasons why we are so thankful for the gift of the internet. And like I mentioned, my name is Lily, I’m originally from Ghana, but I’m right now, I’m a PhD candidate in IT at the University of Cincinnati. And so for a topic like this one, I’d love to share from a point of interest, which is my interest in privacy, because that is what my dissertation is about. I’ll start with an analogy to get us to understand what it is we’re talking about. Because usually, when we talk about cybersecurity, sometimes it feels far-fetched and it looks as though it’s only something that people and technology should care about. So I’m going to start with this analogy and move from there. So imagine walking to a very busy market, right, and every shopkeeper locks up their stall and their portion of the market. At the end of the day, that is not just to protect their goods only, it’s also to ensure that the whole market remains a safe space for commerce or for business. Think about it. You lock your space, it’s secure, then the whole market probably is locked up. If it’s an open market, it puts everything away, so nobody comes in to be able to steal from you, right? Now, maybe the cyberspace and this global market, which is our generation, our time, and this revolution where everything is characterized by digital tools. So in this space, there is data, not goods, that is traded. So it’s not just physical goods. We have real data that has been sent across many networks. Many things are happening. So just like this single lock stall in a market can probably jeopardize the whole market, it looks like what our cybersecurity looks like. In the same way that if you don’t protect a very small part of what you are supposed to take care of, it can lead to a breakdown of the whole. So for instance, somebody gets into a particular spot in the market and can go through and join another or enter another shop. It means that everything has been replicated. So when we talk about the cyberspace, cybersecurity in relation to national security, it means it called for this stakeholder angle. And usually, we say it’s kind of repetitive, but really, that is what it is. It’s actually very protected. So now, how do we see that what I’ve described really merges with our cybersecurity world? So the question I’m going to be answering now is, how do we see this cybersecurity measure in national security in a data-driven age? And it’s one of our policy questions. So in this data-driven age, cybersecurity is also a big part of national security. And the reason being that governments now depend on data to protect borders, to conduct diplomacy, and manage critical infrastructure. This is very true. So the threats no longer come in solely from physical attacks at all, but also from invisible threats. And they exploit all of these vulnerabilities in the networks. And it can come from anywhere. Usually, even misinformation that we see on different platforms can lead to people doing things that can literally jeopardize national security. So from things like ransomware that is crippling hospitals, to disinformation campaigns, to targeting elections, to cybersecurity breaches, all of these have the potential to, in essence, destabilize an entire nation. And that is why this conversation is important. So cybersecurity really merges with national security when safeguarding data becomes as critical as protecting your borders. Let’s also think about what is a national defense strategy. And that could include some things that would make sure that your country is safe, both online and offline. So some of these things include just being proactive in protecting the online assets you have so that you can prevent attacks and anything that can undermine sovereignty and public trust. You want to take proactive steps towards it. So in that sense, I also want to go to answer the topic of what the intersection is between policy and security in the cyberspace. So policy and security are two sides of the same coin in the cyberspace world, right? And policies establish a framework for behavior, for accountability, and racism. On the other hand, enforces that these frameworks, true technology, or it enforces the framework through technology and practice. So that’s what it looks like. And policies guide how we share intelligence, how we regulate encryption standards, and how we set even penalties for cybercrimes. In essence, what is the penalty if somebody does something wrong? And then at this intersection, we need the effective collaboration between policymakers and security aspects to ensure that the regulations are both realistic and enforceable. And in that sense, you don’t just pick anything. and their systems in place for it. And there are people who also have expertise to be able to implement them. And when we are talking about one of our policy questions that deals with how do we improve synergy to enhance cybersecurity legislation in the Global South. As somebody from the Global South myself, I feel like this is a burning topic and something that is really important. And policymakers have to pretty much redouble their efforts in this area. And all of us are playing a role to be able to have this conversation started. So in this area, there’s an improving synergy in the Global South, which requires addressing three key areas. One of the very first ones is capacity building. We’ve been talking about it a lot, but very much important. We are equipping, how do we equip policymakers and institutions to craft informed legislation. They didn’t know what’s happening in the cyber world. Can they bring expertise even to their policymaking space? And then there’s also another critical area, which is the public-private partnership. So we have to encourage a collaboration between government, the private sectors, and civil society to leverage diverse expertise and resources. And another very crucial one is regional cooperation. So in that case, we’ll be fostering cross-border alliances to share best practices and respond to trends that really maybe cause national boundaries to pretty much be at risk. And so all of these would also be linked to international support and funding for these initiatives to ensure that they create foundation for sustainable improvement in cybersecurity legislation. I think there’s another question about, in our policy question that detailed, what is a defining base of parameters for shaping inclusive cyber laws and prioritizing digital security and national security policies? I know there are many times we’ve said as Africans, or spoken about the Malabo Convention, and spoken about how countries haven’t ratified it, despite the importance of cybersecurity, right? But when we are building some of these inclusive cyber laws, we must prioritize accessibility, especially in the area of making it applicable and understandable to all citizens, and not just only people who are technical aspects, right? And we also have to look at equity in the sense that we have to address the digital divide so that marginalized groups are not disproportionately impacted by cybersecurity measures. And then we also have to think about resilience and even the ability to bounce back. And a big part for me, like I said, I love privacy. So we also have to have a balance between security and individual rights so that we avoid any overreach and build public trust. And so with all that I’ve said, there is a need for us to emphasize all of these principles, taking into consideration humans, what we have as our national assets, what we have as our online assets, and expertise so that people understand that this is something that we are collectively doing and everybody should be a part. So in our digital age, security is no longer just about locked doors and guarded borders. It goes way beyond that. It also includes what we do online. It includes fostering collaboration and building frameworks to protect both individuals and nations. And one person saying one thing online, if not checked, can cause the chaos. And sometimes you’ve seen all of these upheavals coming without any implications, but it’s time for us to rethink it. So by treating cyber security as an integral part of national security, countries in Asia, in Africa and whatnot, we can create a resilient, inclusive policy or policies that safeguard our collective digital future. I hope this gives some light to some of the discussions we’re having and gives an intersection, like we call it a Venn intersection, between what we have as national security and cyber security. Thank you so much, and I hope you do have a good time interacting with the rest of our speakers. Thank you.

MODERATOR: Thank you, Lili, for your presentation. I have to tell you that Lili is one of the very young youth coordinators to bring youth into the Internet governance ecosystem. Before we move to Paula, Kazan, if you may prepare yourself to tell us a little bit about how, I mean, legislation or how, what does, I mean, legislation play in strengthening the nexus between cyber security and national security in Tanzania? Allow me to give the floor to Paula. Tell us a little bit more about how this international organization can contribute to support the mechanism towards financial assistance or capacity building program,

Paula Nkandu Haamaundu: whatever you think it’s going to be. Thank you. Thank you, Dr. Jose, and maybe just to open up my perspectives on the topic. Hope you can hear me. Yes, just to open up my perspectives on the topic. When it comes to cyber security, I always try to think, what is the end goal? Okay, we’re protecting infrastructure, we’re protecting systems, we’re protecting this data, but what is the end goal? And for me, the end goal is trust, trust in the systems, trust that the data that I’m seeing is correct data, trust that the data that is available to me has not been tempered with. So we put across all these measures, all these controls, because we want to be able to trust the systems and want to be able to trust the data that we’re getting from these systems. In the context of national security, obviously every country has to define what is critical infrastructure to them, best of their culture, best of their needs, and really an assessment of what’s important to them. And so for the government to be able to trust whatever systems they are using, for instance, if it’s like from the perspective of the health sector, trusting that data in order to make informed decisions, we need to put in place cyber security. And that’s where, for me, I see the link between cyber security and national security, meaning it’s one side of the same coin, so to say. You can’t have one without the other in this current data-driven age. But in terms of what international organizations can do to enhance the cyber security posture, I will refer to â so GIZ has a program called Global Cyber Security Program, and there’s a particular project called Partnership on Strengthening Cyber Security, which is funded by the German Federal Foreign Office. This particular project is working and collaborating with the various partners to enhance cyber security across the globe. There has been a lot of progress. For instance, if you look at the ECOWAS region, the ECOWAS region just recently adopted three CBMs, confidence-building measures, and these CBMs really are to the context of the region itself. And so the partnership between GIZ and between ECOWAS is really to enhance cyber security in that region and or rather reduce the rates of cyber crime. One of the things that has been done is really to capacitate the policy makers with an understanding of what cyber security is. So there’s a lot of discussions around cyber diplomacy, ensuring that the member states are able to interact and cooperate with the Organization for Security and Cooperation in Europe, which was one of the first to have the CBMs. So you see that there’s a lot of cooperation that’s happening, and this is why international organizations can come in to partner with various member states to ensure that cyber security posture is enhanced. I think Yuta had mentioned the issue to do with having an understanding of the threat landscape and the data to make informed decisions. I like to think about cyber security more from the cyber risk management perspective because it’s almost impossible to ensure that there’s 100% cyber security. And so sometimes you have to weigh, okay, what are we able to do? Then there’s trade-offs that are going to happen. What are we able to do? What can we do in the next few years? And you identify what’s really critical for you or what’s high risk, and then you address those issues. So another form of collaboration that I would say is happening between GIZ and the ECOWAS region is to enhance the ECOWAS region’s threat data to understand what their assets are, what their vulnerabilities are, and just try to improve how they make decisions based off of their risk management that will come from a cyber security perspective.

MODERATOR: Thank you, Paula, for sharing this wonderful point and initiative that we wish you can have also the opportunity to work on. Kazan, can you tell us about what is going on in Tanzania in terms of cyber security and how to deal with these challenges? We will also have our last speaker on the line, Laila, who should also be speaking about how can decentralizing data national security, if so, how? And then we will open the floor to the audience to ask questions. Kazan, are you here?

Karsan Gabriel: Yes, I’m here. Thank you very much. It’s quite a pleasure to listen to the different nuances that have been shared by my previous speakers. When we drove into the question at hand, the critical intersection of cybersecurity and national security in today’s data-driven world, it’s more than a Tanzanian question. I think it’s all global, just like the internet, because the digital age has already connected in an unimaginable way. But these connections do come with a lot of vulnerabilities, and these vulnerabilities transcend borders, institutions, and even generations, because we do have almost 60 years with the internet now. We need to start by acknowledging that the reality, the boundaries are blurred between cybersecurity and national security. A single vulnerability, like, for example, the log4j flaw, can expose a lot of government data and disrupt critical infrastructure, but in the end, jeopardize citizens’ safety. As they say, the weakest element in any cybersecurity chain is the user. It’s important when we yield our solution to the person, people-centeredness. So cybersecurity is no longer just a technical issue, but it is a matter of national resilience. Consider Tanzania now. We have a very youth-driven population, and they’re vulnerable to phishing and online scams, and many people are being exploited in terms of the financial systems, and the core element of understanding and literacy still does not exist. We see countries like Nigeria also have problems with big attacks on biometric databases, which have raised a lot of national security concerns, and both these issues are tied to a lot of human and institutional behaviors. So to understand the connections between the human and institutional behaviors, we see they align directly to how the user might interact with the system, hence cause the risk. It’s important when we bridge the gaps. In terms of the policy intersections, I think where the cybersecurity initiative meets is in areas of critical infrastructure, because cybersecurity policy operates now at intersections of very many competing resources. Example, the protection of individual rights, like the privacy and freedom of expression issue, is mostly part of the cybersecurity question, protecting also the critical infrastructure, like power grids, financial systems, and the digital backbone infrastructure of many nations, and also ensuring national sovereignty, because a lot of national resources are also protected online in this globalized area of digital threats. So in Tanzania, we do have a cybersecurity role that has become operational since 2020, and a lot of people have been pulling towards the understanding of what it really means to protect their resources, their platforms, and their processes, but it has been highly connected to the different regional cyber acts, like the Malabo Convention, but also the EU Act, in creating more sustainability and cross-border interoperability of the data, because to protect oneself, we need to have a good understanding on how trust is shared cross-border, and one of the best practices we have been exploring involves the building of cyber resilience, because to strengthen cybersecurity and national security, we need to prioritize critical strategies, such as security by design, use of open source decentralization, but also education and inclusion, and because policy and systems must be embedded with a security angle from the start, incorporating encryption, but also regular assessments on the systems, but as well as the people’s understanding. Think of it like building a house with fireproof materials, instead of throwing the sprinklers when the fire starts, it’s good when you have prevention, because prevention is always better than cure. Decentralized systems are also harder to compromise, for example, new technologies such as blockchain, with good transparent and decentralized enhanced security, can also be applied, and applying these principles of decentralized infrastructure could mitigate a lot of points of failure to most systems, but in the end, literacy programs can help, especially for Africa, with a youth tech-savvy population, to be prepared for threats and cyber security issues that happen, but also turn them into assets of fighting and protecting. Imagine a program which can train a lot of African youth, or the so-called yahoo boys, to become ethical hackers, and to see the bigger picture in building stronger systems. I think these practices are not just technical, but they are a big shift on how we see security, because security now in the digital world is a bigger question. It’s a technology property and characteristics. Thank you.

MODERATOR: Thank you for sharing your points. I think we just missed having your picture on the screen. Sorry, we wish to know who is behind the screen, talking about such interesting points. So, for the next stage, for sure, we wish to have you as a video. Now, we will move to Samaila, if you can please tell us about how can decentralized digital solutions enhance national security, and if so, how?

Samaila Atsen Bako: Thank you so much for throwing the mic to me at this point. I think, just before I go into my own comments, I would say the speakers before me have done an excellent job. I think issues around issues around the use of cyber measures, and even understanding the impact of emerging technology, it’s critical in this conversation. I just want to add that when we talk about this topic, cybersecurity and national security, you realize that it’s really from the angle of diplomacy that most of these issues are even political than they are actually technology-based or people-focused, in fact. And so, what that means is that the bulk of the efforts lies in the government. The issue there is, are they people who are intellectual, young enough to think of the future, and so are they more focused on governance, or are they more focused on building power? Because that will determine to a large extent where their priorities lie. And if you talk about efforts, whether in Nigeria or even regionally, I think Paula mentioned ECOWAS, and when you talk about ECOWAS now, the number is about to drop in January, right? So, the measures that have been adopted or used in the last, would I say, 18 months when there have been some risks in the region to douse tensions and make sure that there’s better collaboration. So, I feel like if you now compare that with what happens in Europe, where there’s been collaboration for decades, and there’s trust, there’s information sharing on a very high scale and things like that, you see that the results speak for themselves. And so, I think that’s a huge missing piece regionally, especially from the West African or African perspective. And so, for me, there’s a cap on what private sector or civil society or end users can do. But now, let me go back to my own question, which, again, is a similar answer in the sense that whatever you’re building may still be limited by government, or we still be at the mercy of the government. You know, if you talk about solutions, you look at how certain governments are more focused on things like maybe surveillance, for instance, or they’re always looking for ways to bridge people’s privacy, as opposed to maybe funding the national program on serocity awareness, or even, in fact, even improving the budgets for academia to make sure we build distance on a larger scale. So, what I’ll say at national level, there are decentralized approaches that have been taken, and I think a bit similar to India from what one of the earlier speakers have mentioned, where there’s a structure in place to have what we call emergency response teams in different sectors, from the telecom sector to the banking sector, moving forward for the government agencies and the defense industry as well, which helps when you also now have a coordinating body called the National Cyber Security Center. So, it gives a bit of structure, and then when you’re adding things like laws and you empower the regulators, you know, you give them the capacity and you build their skills so they are able to actually give the right directions to the organizations within their build a certain level of resilience for the country at the central level. At the end of the day, it’s always good to have direction. We’ve seen cases where there are laws or there are agencies being built up, but there’s no structure. instance, who do people report incidents to, or if you notice something wrong in terms of cyber security, you know, who do you report it to, or who coordinates the response to those issues. So it’s very important that the structure in place makes sense. There’s a very important need for a link between academia, a link between academia and users. A lot of the times these groups of people feel left out, simply because sometimes it seems as if even the government itself targets, you know, civil society and end users, or while academia may feel like they don’t get enough funding, you know, some countries don’t have a good R&D culture. I’m just trying to, I keep saying some countries, but I don’t want to specify a particular country, but yeah, and even the private sector often feel like government is just on their toes to tax their money to a level. So I feel like the direction the government takes plays a huge role about these issues. And like I said earlier, for me, these issues are usually more political and rely on diplomacy than they are about technology itself. At the end of the day, if you have leaders who do not understand the criticality and even the devastation that can be caused when security is not taken seriously, or cyber security in particular is not taken seriously, then you’ll find your country languishing in so many kinds of issues. I think I will yield the mic at this point, so we can move on to the others. Thank you.

MODERATOR: Thank you, Samaira, for sharing with us this very interesting perspective. And we all know that this, I mean, discussion is very sensible and we have to get in collaboration. Now I will open the Q&A to have questions from the audience. And hopefully, our distinguished panelists will be able to answer these questions. So who might be the first? Yeah. Can you just introduce yourself and ask the question, please?

Sreenath Govindarajan: I’m Srinath Kovindarajan from the European Law Students Association, and I specialize in international law. And my question is targeted towards India, but I would appreciate a global perspective on it, too. So the talent manual on cyber attacks is largely undecided on what critical and when you look at regional powers, does India view its neighbors and ever coming to an agreement on what CIs are in the future? It’s a blanket question.

MODERATOR: Thank you for your questions. I think I see Dr. Manojit is always ready to answer kind of questions. Or perhaps, Yehita, you wish to go for it?

Monojit Das: My views will be mine. It’s not the stand of the government. But the very first line you said, you know, is very important that it’s nothing is, you know, constructive or nothing, you know, is fixed. As I mentioned, if you can kindly recollect, that if you see even the threshold for a cyber war is not defined. Many countries, as I mentioned, that they have the provision written very much clearly that we will retaliate in a full scale if at all any war is raised on our critical infrastructure. But to at what point? Because we have seen the Office of the Personal Management in a large scale, but still that was not. Again, we have seen a Stuxnet attack. That was in a very large scale. But then what exactly will be the highest threshold? And to your context of asking whether there will be trust, you know, in cyberspace, you can’t trust anyone. With any country, there were instances, you know, five eyes spying on each other, whether it is a ten eyes, every eyes will be spying on the other eye. Coming to this factor that, you know, particularly if you talk about India, you will have a doubtedly the world’s largest democracy at this stage. There may be some questions that sometime calls it to be a one-sided, but given the large fact that internet-wise or data-wise, you know, people are very largely connected to internet. You have to agree to this part, irrespective of the differences in opinion that may be circulating in the good morning messages that is very popular in India, the good morning culture. But if you see the problem that comes with democratic country like India is that the debate between initially getting defense versus development, when one section used to say focus on defense, other section used to focus on development. There’s a huge gap in that outcome you see, you will experience it today. But today the debate largely lies on privacy versus security. So at one side, the government urges that if you want a total privacy, security, then in some cases you have to give the control to us. Like in what happens when you see your building infrastructure, you just or a society at large, you see, we have not just the security personnel outside the premises, but inside also we have the armed guards. So in a case when I have my medium-scale or large-scale enterprise, if I want myself to be, you know, secured from a transnational threat that origins from another country, in somehow, if I wish my government to safeguard me, like how we give control to third-party softwares or third-party companies to audit our firm, to have a third-party firewall. So we have to give the same liberty for the government to come inside and to have a control on that so that even they can save. But at the same time, when it is a government enterprise, you see, we will have that inner thought between whether they are going to make the data go against us or not. So that apprehension, because cyber skepticism is still alive. One of the very senior researchers who still believes that AI is not very much popular and AI doesn’t have potential, like you see, to disrupt the proceedings. But it is seen, you know, cyber has the potential to disrupt. That’s why Stuxnet happened. And so we have to realize that cyber holds potential. There used to be people who are researchers, you know, the very culture of doing a selfie like this, and these people have, you know, managed to draw the fingerprint and, you know, through silicon printing, they have managed to unlock phones. So nothing is impossible. It’s possible, but the same argument I’d like to put, and since you are focusing more on international law, I’d also like to request to let things come from your side as well, you know, the challenges that does exist. Suppose, for example, the submarine cable breakouts that are happening nowadays, it forms a very critical… The talks are there, if at all submarine cable, then who is handling? It’s the Navy, the naval forces, then again it comes to the Ministry of Defense. So the Ministry of Defense coming and securing the submarine level, then where is Ministry of IT? Because in every country almost, the ministries are different. There is nowhere a coordination that talks about the Ministry of IT will be focusing on Ministry of Defense and guiding them what they will do, because the bureaucratic hassle everywhere, you know, they will be, you know, it’s my job, I am the superior, then it comes the cadre and then it comes the services in every way. So we need to understand this, and that’s why even if you talk about the lower orbit satellites, you know, it’s going to be disruptive for sure. So we need to focus on this international dimension. And okay, so I’ll not take much time. Thank you.

MODERATOR: Thank you, Doctor. We do face interlinked issues. I think it’s also important to hear from the perspective of African high-level sites, and I wish to hear from Kazan. How do you deal with the low-levels that address critical infrastructure, cyber attacks? Kazan, are you around?

Karsan Gabriel: Kazan, are you around? Yes, I am. And thank you for your question. To be honest, we are still at a very entry phase in building critical infrastructure. And this is not just for Africa, it’s mostly for the world. We’re still tied within these paradigms of global north or global south issues, but the cybersecurity context is always about the person. So if we center it around the person, then we can get the nuances of the cultural element. For example, in Tanzania, we’re still building our infrastructure. We’re still shaping how our infrastructure will be enabled, especially being a young country. It means that it’s the youth who will be the actual utilizers, and they will get the context if they’re based on principles. But the principles of cybersecurity and security should be the same for any human being. You’re protecting your resources for the best interest in terms of utility and passing it on in terms of sustainability to the next generation. So our culture is highly around the issue of create, curate, and disseminate based on the interest of the specific person. And we want, first, our demographic to be literate in terms of using the resources that are available in a place where still there’s a big population that still has no basics of computing or digital literacy in itself. Security by design and a competent civil service or policy element that is people-centered and understands the nuances of the culture are important. And I think this is for any country or every country. So in Tanzania, we are still based on the same element that collectively build, but also collaboratively enhance the knowledge of the people in understanding the core pillars of security, confidentiality, integrity, and availability of all the resources in their best interest. Those are my remarks.

AUDIENCE: I’m hearing a lot about, I think, the shared approach to cybersecurity, national security, and that intersection. Do you feel like we are adequately sharing globally the indicators of compromise and the threat side? Do you think there’s more to make sure we’re making it more difficult for our global adversaries who are targeting all of our networks?

MODERATOR: Thank you so much for your questions. But we also wish to hear from you as a US perspective. How do you deal with national security?

Ihita Gangavarapu: Yes, I think that’s an incredible question. And yes, there you are. So we’d love to hear from you, of course. But this is just one thing I wanted to highlight, is when you look at, from a cybersecurity or threat intelligence perspective, all of us tend to focus on the indicators of compromise. There’s an attack, which is more proactive. So when you look at a cyber kill chain, you have, let’s say, at the reconnaissance stage when you’re gorging the entire threat landscape, then you’ll have an initial attack once you have some initial entry into the chain or in the ecosystem. And finding the exact initial attack vector, your indicator of attack, it makes a lot of difference because a compromise is post. So sharing best practices and ensuring that we have a repository or data around what are the potential indicators of attack will ensure that there is more national perspective, even sectoral for that matter. Maybe I’d like to hear from you if you want to add something to this.

AUDIENCE: Yes, I think, so from the FBI’s perspective, absolutely, I agree with you. Looking at and going back, the only challenge, I think, and this is where the public-private partnership becomes so important, is that many times it’s really taken a lot of work for us. I love that you all use the word trust because I think that’s really what this all comes down to. And so building the trust with also our private sector companies that we’re here for them to protect them, but that way they feel comfortable they’ve actually had attacks. And of course, that’s how we’re seeing a lot of this. And then we can go back, and I’ll use a US term, but reverse engineer or go back to look for what were the attack indicators. I think that’s right. And that’s why I wanted to find out, I’m not sure we’ve connected specifically with those of you around the table and online with our African nation partners to make sure we’re connected. And we’re sharing those best practices and those indicators of attack and the compromise as well so that we are, again, tightening. Because I think what we’re also finding is there are global advanced persistent threat actors. There are global criminal enterprises and they’re targeting all of our networks because for financial, we all have financial resources. We all have defense resource. I’m not sure we’ve knitted the cybersecurity community globally. So I wanted to hear from you and your perspectives. Do you feel that way? I can definitely see some room for growth after hearing your perspectives. And so just wanna make sure we’re doing our part.

Paula Nkandu Haamaundu: I just wanna add to that from my experience in the private sector. And so I worked in the financial services industry and I’ll give an example of what would normally happen. Bank A experiences a cyber incident. Two days later, it’s going to be Bank B experiencing the same type of cyber incident with the same order of brandy. Three days later, the next bank and so on and so forth. And the biggest challenge for me was that we didn’t have a community of sharing information. And when we would bring this up to the regulator, the collective issue was that there was no guiding principle on how we’d be able to share this information. Mostly with the private sector, if you share is that it’s going to go out to the public and the public will know you’ve been hit and then you’re going to lose your reputation and things like that. So if we have a guideline of sharing threats So if we have a guideline of sharing threat intel, that would still safeguard the company. I think we’d see more organizations coming forth and reporting these incidents. I also just wanted to add that there is an organization called Shadow Saver, and they work with different governments and countries and search to share threat intelligence across the globe. So you could, and then they’ll be able to share what they’re seeing from there and to ensure that your understanding of the threats that are coming to you is better enhanced.

AUDIENCE: on how we’re working with you, but certainly in the international space, we’re very active. But let me tell you sort of how we do it domestically and regionally, because I love that you all share those perspectives. For us, I think what we’re really finding is you sort of can’t have enough representation. And for us, that’s at the national level. So we’re also trying to influence policy and development and make intelligence as well as sort of all of the designs around critical infrastructure, that they’re all factored. And I loved what one of you mentioned, I apologize, I don’t remember, but you said you need to have sort of technical literacy with your policymakers. So we’re at that strategic level. And then internationally, also trying to share it. That’s why I’m here, by the way, is we’re getting more active in the standards bodies to try to bring this perspective into it. But separately, we even go out down to our field office level. We have 55 field offices, and we have this group called InfraGard. And the whole design behind InfraGard was to bring private sector partners into the fold and be able to share with them what we’re learning even from the international community down to, okay, here’s how to protect your business. We do a ton of public service announcements where we’re going out. In fact, I know many of you, I was gonna ask this. I know you’re hearing about Salt Typhoon, our recent targeting of our telecommunications industry. We just have been going out with messaging over the last week, week and a half to share a guide of that, and then giving guidance on how to protect. So I think that’s an area, too, where we’re going out to our international partners to say, are you also seeing this type of vector, this type of targeting, this type of presence in the networks, and what that looked like? And if you are or are not, what were the actions that were taken? And again, how do we make sure that there can be detection? And I think that’s a huge part of this. I don’t know if I adequately answered your question. I was just trying to give you a flavor for how we kind of take it, as you all said, from the local to the regional to the national to the international. And I think that’s, and I think you’ve all said it here, too, there’s a bottom-up approach to cybersecurity, and there’s a top-down. And we have to make sure that those are intersecting in the most meaningful ways. And it is difficult. I say it, it sounds so easy to say the problem, but it is very difficult in practice for all the reasons that you just said. You’re right, admitting that you have been attacked means you have admitted to vulnerability in the eyes of the private sector. And our citizens and our users. That is not what we want. But there has to be a little bit of openness to be able to ensure the next victim is not vulnerable, and that there’s, you know, we stop the harm. But those are some of the local groupings. And again, there are international forums. I just, I’m not sure if we’ve, I’ll use the word routinized, like we’ve made it a part of always practice to just always go back to the default to share. Who needs to know this, and how quickly can I get it to them?

MODERATOR: Thank you so much. I always. said, openness and international access is essential, I mean, I mean, as stakeholders to be able to collaborate together to tackle these issues. We have just heard a perspective from the FBI on how these mechanisms work. Ismaile, can you tell us how can we collaborate together to make sure that these challenges can be addressed in a multi-stakeholder or let’s say international cooperation?

Samaila Atsen Bako: Thank you for the question. I would say there are quite a number of multi-stakeholder, sorry, I can hear an echo, this is kind of distracting, but anyways, I would say there are quite a number of events and conversations. For instance, even the IGA is one of those discussions. There’s the GC3B and some other ones. And I mean, personally, again, speaking for myself, personally, I think that these conversations can go on, but at the end of the day, what happens when it comes to implementation? You know, I feel like sometimes because we tend to rely on government effort, it can be a problem because, for instance, when power changes from one government to the other, who may be heading certain agencies, who may retire, or who may be posted to other jobs. And so sometimes because the effort is usually sometimes on the investment in a particular department or agency, when they leave, those efforts tend to either stall or even regress. But that being said, right, that being said, I think there’s some promise in the sense that we see the efforts of the private sector. I mean, even META in Nigeria tends to do a lot around child online protection, anti-fraud efforts, a lot of, a whole lot of non-profits. I think Paula mentioned she mentored in the Cyber Girls program. There are so many other NGOs like the Cyber City Foundation and the ones I’m part of that do a lot of things on digital literacy, on raising awareness, engaging with governments when they are coming up with regulations and laws, helping to give them the end-user perspective to make sure that they are not just looking at it from maybe from the angle of how to serve you, you know, people and things like that. So everyone has a role to play. General, like I said, after these conversations are had, the priority or the focus or the goal of the implementing people or organizations is what usually takes precedence. If a law is, if for instance they want to create a Data Privacy Act, but they are targeting maybe funding that can be added to the law, it means that at the point of implementation, the goal would be to make sure that that funding does come in, not necessarily how do we guarantee data privacy, even though the law itself is a privacy law. That’s why I say a lot of these things tie back into the political that drive it. But we can’t give up as, you know, end-users, as private sector, as professionals in the industry. We have to keep pushing, keep speaking out of what should be, hoping that these things do come into play. From a practical perspective, I would say the key thing is to fix the education curriculum, fix the infrastructure deficits. Within our region, there’s a lot of what we call digital divide, you know, and if people can’t come on four devices, or they don’t have access to even networks at all, then how do they come into the data, or how do we bring them into the data? How do we even make them part of the global economy, for instance, nationally and things like that? So I think we need to start from the basics, we need to get to a point where infrastructure itself is good, where the necessary funding is put towards things like academia, you know, instead of just a fraction of the budget. And we build an R&D culture where, you know, it’s in the second nature to do research so much within the continent, not just relying on what comes from outside. I mean, we have open source things that can be leveraged as well. So I think if we take the conversation from this perspective, you know, as the global south, you know, then it helps us to build capacity as a whole, as a region, as a country, and then from there, even your citizens tend to benefit from the economic side of things. So I think those are my ideas on how we can move things forward and collaborate.

MODERATOR: Thank you, Samaila, for addressing this important collaboration between the global south and the global north. Dr. Melejit, if we consider the FBI’s ambition to collaborate, the three points on which we can work on, on the top of the list?

Monojit Das: In addition, by our esteemed, I’d like to say now you are more than a part of our speaking panel only. You have added a very new dimension. So let us be on to the reality that, you know, relation between India at large and the U.S. has been very cordial, given the few instances that has happened geopolitically, whether you live in 1971, 1999. But, you know, trust, when you talk about trust in terms of cyber security, you see big giants like Meta, Google, they have an agreement with the U.S. government that it bounds them to share the information or at large the data. But we attempted the same with one of our startups. We failed miserably, and that attempt was largely highlighted by the U.S. government. So, by the so-called the West to ensure, you know, India is trying to bring on surveillance, but in other way, because whenever we attempted anything from our side, we never got that same support. Just to ensure that, you know, monopoly or duopoly from the West is never harmed. We actually don’t intend to harm anyone, you know. All is that we want our indigenization because we are really progressing and we attempt to do in that way. What I feel that a greater collaboration in terms of really trustworthy, when I mention this word trustworthy, it should be not in exchange of, you know, we support in exchange of data, but really we support the ideas of data localization. Let the data be within us. If you need, you kindly request and we are always ready. We have several exchange agreements, whether you’re starting from the agreement of supporting your shifts in limo or we have all sorts of agreements. We can do that, but not to take data from the other way around. I feel that digital cooperation and certainly we have very flagship initiatives like of ensuring digital divide or I like to say overcoming the digital, I’m sorry, that we have developed some applications that are by the Ministry of Education that calls Anubhavini app. Like that translates, and I’m really happy to say far better than even Google to ensure the language, the whatever India we speak English in a very courtesy of population. So I feel this type of applications, we not only promote 22 languages of India, but also other 9 and 10 overseas languages. So if this can be potential area of collaboration where we together can, you know, outreach this to our African brothers and sisters so that they can get in touch because you have the outreach, we have the product and we can certainly do so. So this can be one. And other than cyber security, as you mentioned, the APT are advanced persistent threat. So I feel this is the one of the key area because you see our neighborhood, Bangladesh, the Bangladesh Bank highest, you know, it remains by the so-called North Korean actor. As we thought, like, you know, it was not managed, if you can recollect kindly. So this type of, you know, the collaborations can certainly help in preventing because today India’s money or like every people in India, every person at large will have a phone pay, Google pay or all sort of, you know, payment mechanism, BIM, government doesn’t know. So we are largely dependent on mobile pay or QR everywhere. So just to ensure safeguarding in this line as well. So these three can be the one and largely what through your embassy, the United States can do is undertake cyber security. Otherwise it does a very good work. Like the United States embassy has been very active in India, promoting culture through your scholarship and other methods. But I feel cyber security awareness can also be taken as a part and we can do so.

MODERATOR: Thank you. Thank you, Dr. Going back to the FBI. I mean, cyber issues is quite like climate change today is internationally or on common interest. We need to collaborate together as we have been highlighting. I mean, like that collaborate work on from the FBI perspective, do you think we should have international cyber security framework or a bilateral cooperation can be enough to change or establish kind of capacity programs?

AUDIENCE: Yeah, thank you. And thanks to my colleague from India, those were great points and I will actually take that back because our legal attache, of course, there at the embassy could likely be very helpful to you. So if you’d like to answer the question, I think we need bilateral cooperation for those areas, like to bring this back to national security. Sometimes there are, you know, certain things that are sensitive because it’s, you know, maybe targeted a very sensitive part of your critical infrastructure and sharing could actually open up additional targeting or, you know, vulnerabilities to be identified. So I think there are certain times when bilateral cooperation, particularly in national security is probably required, but more so than that, I think what you’re getting at, and again, the colleague here as well, the financial systems part of this are ubiquitous, ubiquity. I don’t know if it translates to everyone’s language, but it’s this idea of it’s everywhere now, it’s persistent. I think there’s a ubiquity of certain things like financial services, I think like the applications for communication, where there’s a great opportunity for international cooperation on really trying to understand and evaluate, and I think one of you mentioned it too, this idea of the intersection between privacy and security. I think everyone wants to make that about things like, you know, and I’ll say it from our point of view at the FBI, they want to make it, you know, solely about encryption or solely about, you know, as though that’s it. And in reality, I think we all understand sometimes it’s sort of security versus security, which is if you want absolute privacy, then that means there’s absolute sometimes anonymity, right, of a person and all of their activities. I think that’s where we’re trying to find a little bit of balance and understanding so that we can make sure that users, whatever their level of digital literacy, and companies, whatever their level, are thoughtful and deliberate about just making those decisions, where an individual going into a global common, it’s such a powerful, wonderful thing, and it’s huge for economies. I think you mentioned that for economies, it is about my colleague online. But there is now, I think, I agree with the person who said, you know, security is now the next real challenge. It’s out there, it’s real, and everyone’s sort of paying attention now because there’s been levels from individual to corporations and governments. So that’s where I think the international piece has to play a more prevalent role. That’s why I use that word routinization or routine. We have to make it a common fabric that we’re consistently trying to make the opportunity smaller for our adversary. And there are a lot of ways to do that. But it is also one difficulty is we are in information overload from, I think, individuals, you know, there’s so much information hitting us every day, but also at the government level and probably on the, certainly on the private sector side, as they try to understand also the markets. So as we possibly can, and I feel like it’s been growing out of control for a while. So anything we can do to shrink that would be welcome.

MODERATOR: Thank you so much for sharing this very important point and for your presentation, let’s say, because we have learned a lot from you, and we are eager to continue to learn more and more. I think we only have three minutes left, so I will be giving the floor to all the speakers, I mean, for 30 seconds to perhaps answer any questions you think, or for your comments, perhaps answer any questions you think, or for your closing remarks. So let’s start with our distinguished leader.

Ihita Gangavarapu: All right, I’ll keep it short. I think I appreciate the point around reducing the size of the attack surface. And given that we have so many emerging technologies coming in and the cyber security threats that they’re posing, I don’t, I think cyber security should have just started giving it a priority a long time ago. Given now that, especially with AI and IoT and all, so the applications that are coming in, we have to be very cautious. The other thing I just want to address with respect to the different forums that are there, two that I’ve been engaged with in some capacity is the Global Forum on Cyber Expertise. We have GFC, where a lot of organizations, including governments and private sector, come together to discuss best practices. Then you also have, for a more nuanced kind of cyber issue discussion, is the APWG, which is the Anti-Phishing Working Group. I think these, and I’m sure there are a lot more if somebody would like to highlight. Yeah, I think with this, I’d like to hand it over to my colleagues to close it.

Paula Nkandu Haamaundu: I’ve really enjoyed the discussion today, and I do more of understanding from the different perspectives, such as India and the USA. But in my closing, I just wanted to mention three points, which is cooperation, capacity building, and implementation. So from the perspective of cooperation, I think we can’t deny the need for different regions, different partnerships to happen. For instance, from the perspective of GIZ, the Partnership for Strengthening Cyber Security is a project that’s really trying to ensure that all our partners have enhanced cyber security postures. I think the gentleman there had asked a question on international law in the cyber space, and had adopted the common position on international law, on application of international law in the cyber space. And one of the things that they’ve been doing to ensure that member states in Africa build their capacity is to hold roundtable workshops, where they can get different perspectives from the different member states and have that conversation, because it’s very important. I was in one of the workshops, and a lot of conversations came up, but especially around data sovereignty. So there’s a lot of conversations there. Okay, I see I’m being given time. But essentially, cooperation is very important. We can’t deny that. Capacity building, we need to ensure that from the technical perspective, we, from the policymakers, from the cyber diplomats, we have that capacity built. And lastly, implementation. I think Samahila had mentioned how important it is. That one we can’t deny. We can talk, talk, talk, but if we don’t implement, then we’re not going to go anywhere.

MODERATOR: Thank you so much, Paula. Ednas, let’s say Kazan, please, you have 10 seconds to tell us like about

Karsan Gabriel: what don’t. Yes. Great. Thank you very much. I think, I think, for me, the most important part should be based on trust. That trust should be a principle that is building all of our security architecture and access policy. So when we have trust in systems which are implemented, I think we can have a good intersection with cyber protection and cyber security.

MODERATOR: Thank you so much, Kazan. Over to Samahila. 10 seconds as well.

Samaila Atsen Bako: Maybe I should just ask you a question. In my closing remarks, in all the times we find out that the attackers aggressed governments, so what can we do? It’s a question to all of us. What can we do to use or stop government from attacking people, attacking different political interests? To all, or perhaps to the FBI, I may say anything. No, no, no, to everyone. I can’t just…

MODERATOR: Thank you so much. Based on the experience, I think the FBI can answer this question. So, Dr. Menejit, please, 10 seconds.

Monojit Das: Well, terming it as a closing remark, but I’d love to make it as an opening path for our first, you know, possible discussion henceforth, and as highlighted by our participants and guest special invitee here, I consider. So I feel we can collaborate and at least have the common ground where we can convergence. We have convergence and sort out, start focusing on that because they become a tool for geopolitical aspect as well. So differences will be there, and that will be used for, you know, what you call surveillance, reconnaissance, and whatever the other factor, but let us find some common ground as a part of converging area, and we collaborate. And let’s start from today once we are done with the session, and I feel there’s more to it. Thank you.

MODERATOR: Thank you so much. As we conclude this insightful session on the VN intersection of cyber and national security, I would like to thank you, panelists, for your expertise and all participation to the discussion as highlighted, the critical and growing overlap between cyber security and national agencies, emphasizing the urgent need for stronger policy innovation, innovative practices, and collaborative effort to address the challenges we face in this digital age. Thank you, participants, and thank you, LFBI, for your also participation in this very interesting discussions. Thank you so much all. Group photo, please.

Ihita Gangavarapu

Speech speed

217 words per minute

Speech length

1220 words

Speech time

337 seconds

Cybersecurity directly impacts national security and critical infrastructure

Explanation

Ihita Gangavarapu emphasizes that cybersecurity has direct implications on national security. She points out that any disruption to internet infrastructure across various sectors can have catastrophic effects on nations.

Evidence

Mentions sectors like banking, healthcare, BFSI, telecommunications, and education as critical infrastructure that needs protection.

Major Discussion Point

Intersection of Cybersecurity and National Security

Agreed with

Lily Edinam Botsyoe

Karsan Gabriel

Agreed on

Cybersecurity is integral to national security

Implementing comprehensive legislative and institutional frameworks for cybersecurity

Explanation

Ihita Gangavarapu discusses various legislative measures and institutional frameworks implemented in India to enhance cybersecurity. These include the Information Technology Act, defense cyber agency, and National Cyber Security Institute.

Evidence

Mentions specific initiatives like CERT, infrastructure protection center, and sectoral regulations for banking sector.

Major Discussion Point

Strategies for Enhancing Cybersecurity

Private sector involvement is essential for developing cybersecurity solutions

Explanation

Ihita Gangavarapu highlights the significant role of the private sector in developing cybersecurity solutions. She mentions the emergence of numerous companies in India focusing on cybersecurity solutions and services.

Evidence

States that over 300 companies have emerged in India offering cybersecurity solutions and services in recent years.

Major Discussion Point

Role of Different Stakeholders in Cybersecurity

Karsan Gabriel

Speech speed

151 words per minute

Speech length

1244 words

Speech time

492 seconds

Cybersecurity is not just a technical issue but a matter of national resilience

Explanation

Karsan Gabriel emphasizes that cybersecurity goes beyond technical aspects and is crucial for national resilience. He stresses the importance of building critical infrastructure and shaping it with a focus on security.

Evidence

Mentions the need for security by design and a competent civil service that understands the nuances of culture in implementing cybersecurity measures.

Major Discussion Point

Intersection of Cybersecurity and National Security

Agreed with

Ihita Gangavarapu

Lily Edinam Botsyoe

Agreed on

Cybersecurity is integral to national security

AUDIENCE

Speech speed

158 words per minute

Speech length

1477 words

Speech time

558 seconds

Trust is a key factor in the relationship between cybersecurity and national security

Explanation

The audience member (FBI representative) emphasizes the importance of trust in cybersecurity efforts. They highlight the need for building trust between public and private sectors to effectively share information about cyber threats and attacks.

Evidence

Mentions the challenge of private sector companies feeling comfortable admitting they’ve been attacked and sharing that information.

Major Discussion Point

Intersection of Cybersecurity and National Security

Balancing privacy and security concerns is a key challenge in cybersecurity

Explanation

The audience member discusses the challenge of finding a balance between privacy and security in cybersecurity efforts. They point out that absolute privacy can sometimes conflict with security needs.

Evidence

Mentions the debate around encryption and the need for thoughtful decision-making about privacy and security trade-offs.

Major Discussion Point

Challenges in Cybersecurity Collaboration

Differed with

Monojit Das

Differed on

Data localization and privacy policies

Developing international cooperation and frameworks for cybersecurity

Explanation

The audience member emphasizes the need for international cooperation in cybersecurity efforts. They suggest that while bilateral cooperation is necessary for sensitive national security issues, there’s a great opportunity for international cooperation on common cybersecurity challenges.

Evidence

Mentions the need for cooperation on issues like financial services and communication applications that are ubiquitous across countries.

Major Discussion Point

Strategies for Enhancing Cybersecurity

Agreed with

Paula Nkandu Haamaundu

Agreed on

Need for international cooperation in cybersecurity

Lily Edinam Botsyoe

Speech speed

167 words per minute

Speech length

1496 words

Speech time

536 seconds

Cybersecurity and national security are two sides of the same coin in the digital age

Explanation

Lily Edinam Botsyoe argues that in the data-driven age, cybersecurity is inseparable from national security. She explains that governments now rely on data for various critical functions, making cybersecurity essential for national security.

Evidence

Provides examples of how cyber threats can impact national security, such as ransomware crippling hospitals and disinformation campaigns targeting elections.

Major Discussion Point

Intersection of Cybersecurity and National Security

Agreed with

Ihita Gangavarapu

Karsan Gabriel

Agreed on

Cybersecurity is integral to national security

Paula Nkandu Haamaundu

Speech speed

164 words per minute

Speech length

1324 words

Speech time

482 seconds

Lack of trust and information sharing between organizations hinders cybersecurity efforts

Explanation

Paula Nkandu Haamaundu highlights the challenge of insufficient information sharing between organizations regarding cyber incidents. She explains that fear of reputational damage often prevents companies from sharing information about attacks they’ve experienced.

Evidence

Provides an example from the financial services industry where banks experience similar cyber incidents but don’t share information due to lack of guiding principles for information sharing.

Major Discussion Point

Challenges in Cybersecurity Collaboration

Focusing on capacity building and implementation of cybersecurity measures

Explanation

Paula Nkandu Haamaundu emphasizes the importance of capacity building and implementation in cybersecurity efforts. She argues that while discussions and frameworks are important, actual implementation of cybersecurity measures is crucial.

Evidence

Mentions the need for capacity building from technical, policymaker, and cyber diplomat perspectives.

Major Discussion Point

Strategies for Enhancing Cybersecurity

Agreed with

Samaila Atsen Bako

Agreed on

Importance of capacity building in cybersecurity

International organizations facilitate cooperation and knowledge sharing in cybersecurity

Explanation

Paula Nkandu Haamaundu discusses the role of international organizations in facilitating cybersecurity cooperation. She highlights how organizations like GIZ work to enhance cybersecurity postures across different regions and countries.

Evidence

Mentions specific initiatives like the Partnership for Strengthening Cyber Security project and roundtable workshops for member states in Africa.

Major Discussion Point

Role of Different Stakeholders in Cybersecurity

Agreed with

AUDIENCE

Agreed on

Need for international cooperation in cybersecurity

Samaila Atsen Bako

Speech speed

162 words per minute

Speech length

1752 words

Speech time

647 seconds

Political factors and changes in government leadership can disrupt cybersecurity initiatives

Explanation

Samaila Atsen Bako points out that political factors and changes in government leadership can hinder the implementation of cybersecurity initiatives. He argues that when power changes hands or key personnel are moved, cybersecurity efforts can stall or regress.

Major Discussion Point

Challenges in Cybersecurity Collaboration

Improving digital literacy and infrastructure to address the digital divide

Explanation

Samaila Atsen Bako emphasizes the need to address the digital divide by improving digital literacy and infrastructure. He argues that without access to devices and networks, many people cannot participate in the digital economy or benefit from cybersecurity measures.

Evidence

Mentions the need to fix education curriculum and infrastructure deficits to address the digital divide.

Major Discussion Point

Strategies for Enhancing Cybersecurity

Agreed with

Paula Nkandu Haamaundu

Agreed on

Importance of capacity building in cybersecurity

Civil society and NGOs contribute to awareness and capacity building in cybersecurity

Explanation

Samaila Atsen Bako highlights the role of civil society organizations and NGOs in raising awareness and building capacity for cybersecurity. He mentions various initiatives focused on digital literacy, awareness raising, and engaging with governments on regulations.

Evidence

Mentions specific organizations like META, Cyber Girls program, Cyber City Foundation working on child online protection, anti-fraud efforts, and digital literacy.

Major Discussion Point

Role of Different Stakeholders in Cybersecurity

Monojit Das

Speech speed

175 words per minute

Speech length

2617 words

Speech time

895 seconds

Differences in data localization and privacy policies between countries pose challenges

Explanation

Monojit Das discusses the challenges arising from differences in data localization and privacy policies between countries. He highlights the tension between India’s attempts at data localization and the policies of Western tech giants.

Evidence

Mentions India’s failed attempt to implement data sharing agreements similar to those between U.S. tech companies and the U.S. government.

Major Discussion Point

Challenges in Cybersecurity Collaboration

Differed with

AUDIENCE

Differed on

Data localization and privacy policies

Government plays a crucial role in setting policies and frameworks for cybersecurity

Explanation

Monojit Das emphasizes the critical role of government in establishing policies and frameworks for cybersecurity. He discusses various initiatives and strategies implemented by the Indian government to enhance cybersecurity.

Evidence

Mentions specific programs like ICCR scholarships for cybersecurity studies and ITEC program for training IT experts from friendly countries.

Major Discussion Point

Role of Different Stakeholders in Cybersecurity

Agreements

Agreement Points

Cybersecurity is integral to national security

speakers

Ihita Gangavarapu

Lily Edinam Botsyoe

Karsan Gabriel

arguments

Cybersecurity directly impacts national security and critical infrastructure

Cybersecurity and national security are two sides of the same coin in the digital age

Cybersecurity is not just a technical issue but a matter of national resilience

summary

Multiple speakers emphasized the inseparable link between cybersecurity and national security, highlighting how cyber threats can significantly impact critical infrastructure and national stability.

Need for international cooperation in cybersecurity

speakers

AUDIENCE

Paula Nkandu Haamaundu

arguments

Developing international cooperation and frameworks for cybersecurity

International organizations facilitate cooperation and knowledge sharing in cybersecurity

summary

Speakers agreed on the importance of international cooperation and knowledge sharing to address global cybersecurity challenges effectively.

Importance of capacity building in cybersecurity

speakers

Paula Nkandu Haamaundu

Samaila Atsen Bako

Role of non-governmental organizations in cybersecurity

speakers

Samaila Atsen Bako

Paula Nkandu Haamaundu

arguments

Civil society and NGOs contribute to awareness and capacity building in cybersecurity

International organizations facilitate cooperation and knowledge sharing in cybersecurity

explanation

While government and private sector roles were expected to be discussed, the emphasis on the role of NGOs and international organizations in cybersecurity efforts was an unexpected area of consensus.

Overall Assessment

Summary

The main areas of agreement included the integral relationship between cybersecurity and national security, the need for international cooperation, the importance of capacity building, and the roles of various stakeholders including government, private sector, and NGOs.

Consensus level

There was a moderate to high level of consensus among the speakers on the fundamental aspects of cybersecurity and its relationship to national security. This consensus suggests a shared understanding of the challenges and potential strategies for addressing cybersecurity issues, which could facilitate more coordinated and effective approaches to cybersecurity at national and international levels.

Differences

Different Viewpoints

Data localization and privacy policies

speakers

Monojit Das

AUDIENCE

arguments

Differences in data localization and privacy policies between countries pose challenges

Balancing privacy and security concerns is a key challenge in cybersecurity

summary

Monojit Das highlights tensions between India’s data localization efforts and Western tech companies’ policies, while the FBI representative emphasizes the need to balance privacy and security concerns globally.

Unexpected Differences

Focus on education sector in cybersecurity

speakers

Ihita Gangavarapu

Samaila Atsen Bako

arguments

Private sector involvement is essential for developing cybersecurity solutions

Improving digital literacy and infrastructure to address the digital divide

explanation

While most speakers focused on critical infrastructure like finance and healthcare, Ihita Gangavarapu unexpectedly highlighted the education sector as the most impacted by cyberattacks. Samaila Atsen Bako, on the other hand, emphasized improving digital literacy and infrastructure, which indirectly relates to the education sector but from a different perspective.

Overall Assessment

summary

The main areas of disagreement revolved around data localization policies, the balance between privacy and security, and the specific approaches to involving the private sector in cybersecurity efforts.

difference_level

The level of disagreement among speakers was moderate. While there was a general consensus on the importance of cybersecurity for national security, speakers had different perspectives on implementation strategies and priorities. These differences reflect the complex nature of cybersecurity challenges and the need for diverse approaches tailored to specific national contexts.

Partial Agreements

All speakers agree on the importance of private sector involvement and trust in cybersecurity efforts, but they differ on how to achieve this. Ihita Gangavarapu focuses on private sector solutions, Paula Nkandu Haamaundu emphasizes the need for better information sharing frameworks, and the FBI representative stresses building trust between public and private sectors.

speakers

Ihita Gangavarapu

Paula Nkandu Haamaundu

AUDIENCE

arguments

Private sector involvement is essential for developing cybersecurity solutions

Lack of trust and information sharing between organizations hinders cybersecurity efforts

Trust is a key factor in the relationship between cybersecurity and national security

Similar Viewpoints

Both speakers highlighted the importance of collaboration between the private sector and government in developing and implementing cybersecurity measures.

speakers

Ihita Gangavarapu

Monojit Das

arguments

Private sector involvement is essential for developing cybersecurity solutions

Government plays a crucial role in setting policies and frameworks for cybersecurity

Both speakers emphasized the critical role of trust in facilitating information sharing and collaboration between different stakeholders in cybersecurity efforts.

speakers

AUDIENCE

Paula Nkandu Haamaundu

arguments

Trust is a key factor in the relationship between cybersecurity and national security

Lack of trust and information sharing between organizations hinders cybersecurity efforts

Takeaways

Key Takeaways

Cybersecurity and national security are deeply interconnected in the digital age

Trust is a critical factor in cybersecurity collaboration between organizations and nations

A multi-stakeholder approach involving government, private sector, and civil society is needed to address cybersecurity challenges

Capacity building, especially in digital literacy and infrastructure, is crucial for improving cybersecurity in developing nations

International cooperation and information sharing are essential for combating global cyber threats

Resolutions and Action Items

Explore opportunities for bilateral and multilateral cooperation on cybersecurity issues

Develop more robust frameworks for sharing threat intelligence and best practices internationally

Focus on building trust between nations and organizations to facilitate better information sharing

Prioritize capacity building initiatives, especially in developing countries

Work towards creating international standards or frameworks for cybersecurity

Unresolved Issues

How to balance national security interests with the need for international cooperation on cybersecurity

Addressing the challenges of data localization and sovereignty in a globalized digital world

Finding the right balance between privacy and security in cybersecurity policies

How to effectively combat state-sponsored cyber attacks without escalating international tensions

Developing a universally accepted definition of critical infrastructure in cyberspace

Suggested Compromises

Focus initial international cooperation efforts on universally agreed-upon issues like combating child exploitation online

Develop bilateral agreements for sensitive national security matters while pursuing broader multilateral cooperation on general cybersecurity issues

This comment highlighted the role of private sector and non-profit organizations in addressing cybersecurity challenges.

impact

It broadened the discussion beyond government efforts to consider the multi-stakeholder nature of cybersecurity solutions.

Overall Assessment

explanation

This question addresses concerns about government-sponsored cyber attacks and how to prevent them.

Disclaimer: This is not an official session record. DiploAI generates these resources from audiovisual recordings, and they are presented as-is, including potential errors. Due to logistical challenges, such as discrepancies in audio/video or transcripts, names may be misspelled. We strive for accuracy to the best of our ability.