Closing Plenary of Global Roundtable

Global Roundtable on ICT Capacity Building concludes with calls for inclusive and strategic cybersecurity approaches

The Global Roundtable on ICT Capacity Building concluded with a closing session that brought together participants to reflect on the discussions and insights from two focused breakout groups. The Chair commenced the session by noting the robust participation and the interactive and substantive nature of the discussions, despite the groups operating concurrently. The Chair awaited updates from the rapporteurs of the groups, indicating a positive sentiment towards the contributions expected.

Ms. Lenka Filipova from UNIDIR provided a detailed summary of the first breakout group’s discussions, which centred on the theme of strengthening governance policies and processes. The group’s dialogue revolved around the criticality of developing national cyber strategies and regulatory instruments, as well as improving governance structures to bolster cybersecurity. The group included a diverse array of stakeholders, including Ms. Karin Barrett from the OAS, Chris Painter from the Global Forum on Cyber Expertise, and Engineer Abdulrahman Ben Ali Al-Farahid Al-Malki from Qatar’s National Cyber Security Agency. The panel, moderated by Dr. Giacomo Persi-Paoli, explored the risks associated with the absence of such strategies and dedicated structures for implementation. The discussion also delved into the challenges of implementing the framework, the essential policies and regulations needed, and the role of civil society, the private sector, and academia in these efforts. The group concluded that national cyber strategies are vital for prioritising cybersecurity within a country and for guiding efforts towards cyber resilience.

The second breakout group’s summary was presented by Ms. Amna Rafiq, who highlighted the discussions on Developing Technology, Talent, and Partnerships. This group examined foundational cyber capabilities and the essential pillars of cyber capacity building, including the role of public-private partnerships and the exchange of good practices. The session featured an expert panel that discussed the importance of operational and technical capabilities, talent pipelines, and partnerships for various aspects of cybersecurity, such as law enforcement, threat intelligence sharing, and critical infrastructure protection. Challenges such as lack of trust, geopolitical issues, and resource limitations were identified. The group’s recommendations included promoting south-to-south cooperation, treating cybersecurity as a prerequisite for digital transformation, and establishing cybersecurity funds at various levels.

The Chair, in their closing remarks, expressed deep appreciation for UNIDO’s facilitation of the breakout sessions and the signature panel, highlighting UNIDO’s indispensable partnership in the domain. The Chair also thanked the ministers, deputy ministers, and high-level officials for their attendance and commitment to capacity building. Reflecting on the day’s discussions, the Chair underscored the cross-cutting nature of capacity building, its role as a confidence-building measure, and its function as an enabler for strengthening the normative framework. The urgency for immediate action was emphasised, given the rapidly evolving international threat landscape in ICT security.

The Chair stressed the need for a long-term and sustained approach to capacity building, the importance of a multi-stakeholder approach, and the necessity for a coherent and holistic response to capacity building challenges. The Chair also highlighted the importance of pragmatic responses to evolving technology and threats, the significance of regional efforts, and the need for efficient use of funding and resources.

In conclusion, the Chair reflected on the success of the Global Roundtable in providing political impetus for capacity building and fostering a sense of community and partnership among participants. The Chair encouraged swift action and partnerships to support digital transformation and cybersecurity and concluded the session by inviting final announcements and wishing participants a safe journey home.

Overall, the session underscored the collective determination to progress in the realm of ICT security capacity building, with a clear recognition of the need for inclusive, strategic, and practical approaches to governance, technology development, talent cultivation, and partnerships. The discussions highlighted the importance of national strategies, multi-stakeholder engagement, and the urgency of addressing the evolving digital threats through sustained and collaborative efforts.

Chair:
I think participants are returning to the conference room here to take their seat just before we resume the closing session of the Global Roundtable. I’m also waiting for the two rapporteurs of the two breakaway groups, and I have been told that the participation in the two breakout groups was very good. There was a very good number of participants in both groups, even though both sessions were being held in parallel. That is a very good sign, and there was also, I am told, very good and substantive discussions in a very interactive format. So we will await the two rapporteurs to take their seat, and we will give them a chance to give an update on the two breakaway sessions. And then I’ll make some final concluding remarks, and then we will bring this Global Roundtable to a close. Let me just check if the rapporteurs are ready to give us their summaries. Very good. Our rapporteurs are ready to go. So let’s start with the first working group, which had for its focus the topic of strengthening governance policies and processes. So I’d like to invite the rapporteur, Ms. Lenka Filipova from UNIDIR, to give us her summaries. Please. Thank you.

UNIDIR:
Thank you, Chair. Good afternoon, everyone. First of all, I would like to thank you, Chair, on behalf of UNIDIR, for inviting us to the inaugural Global Roundtable on ICT Capacity Building. We were delighted to support the event, particularly the signature panel this morning, moderated by UNIDIR Director Dr. Robin Guise, as well as participating in the two breakout sessions this afternoon. The first breakout group, focusing on strengthening governance policies and processes, featured discussions on developing national cyber strategies and regulatory acts, and on improving governance structures. This breakout group included a diverse set of stakeholders, such as Ms. Karin Barrett, Cybersecurity Program Manager of the OAS, Chris Painter, President of the Global Forum on Cyber Expertise, and Engineer Abdulrahman Ben Ali Al-Farahid Al-Malki, President of the National Cyber Security Agency of Qatar. In the first set of questions, UNIDIR Moderator Dr. Giacomo Persi-Paoli asked all panelists why it is important to develop national cyber strategies and other regulatory instruments. We also explored the risks associated with not having such instruments or dedicated structures in place for their implementation. During the open discussion, the panelists addressed a range of questions concerning the implementation of the framework. They first discussed which policies, regulations, and structures are crucial for implementing various elements of the framework, and why these elements are essential. This led to an examination of which aspects of the framework are the most challenging to implement in terms of policies and regulations, delving into the reasons for these difficulties. Further inquiries focused on what resources Member States require to effectively strengthen these policies, regulations, and structures. The discussion then shifted to the potential role of civil society, the private sector, and academia in these efforts. The panel also covered questions about good practices to strengthen policies and regulations necessary for the framework’s implementation, as well as effective methods for establishing or improving national structures to support this implementation. The speakers recognized that national cyber strategies are essential for establishing cybersecurity as a priority within a country. They also emphasized the need for these strategies to guide and prioritize cybersecurity efforts. National cyber strategies are crucial for mobilizing resources, gaining funding, and ensuring the sustainability of cybersecurity efforts. There is agreement that cyber strategies must evolve to address these increasingly sophisticated threats. Without a national cyber strategy, countries may lack a structured response to cyber threats, leading to disjointed and inefficient handling of cyber incidents. There has also been an emphasis on the practical aspects of implementation and the need for a step-by-step approach to avoid overambition, which can itself be a risk if not managed properly. We need to make sure the development of strategies is done in an inclusive manner, involving private sector and other stakeholders from civil society. It was emphasized how strategies alone are not sufficient if they are not designed with implementation in mind and matched with an adequate implementation plan. Thank you very much for your attention, and I will now hand over to my colleague who will provide the summary for the second breakout group.

Chair:
Thank you very much, Ms. Lenka Filipova. So we now will get a summary of the second breakout group, which had as its topic Developing Technology, Talent, and Partnerships, and by Ms. Amna Rafiq, please.

UNIDIR:
Honorable Ministers, Excellencies, distinguished delegates, experts, ladies and gentlemen, good afternoon and welcome to the closing session. Let me take this opportunity to express my gratitude for the chair for inviting UNIDO to support this landmark inaugural Global Roundtable on ICT Security Capacity Building. It was our honor to facilitate the deliberations of the signature panel and two breakout sessions. The second breakout session deliberated on the foundational cyber capabilities and how they can support the implementation of the framework, as well as the essential pillars of cyber capacity building. The session also featured discussion regarding role of public-private partnership, civil society, academia, and exchange of good practices to counter challenges in all five core pillars of technology, talents, partnerships, and networks, policies and regulations, processes, and structures. The minimum capability requirements constitute a baseline on top of which more redefined and comprehensive responses can be developed. These include national cyber security strategy, national coordination, national and regional service, access to specialized skills, and private sector inclusion. The expert panel for the second breakout session included Mr. Lee Peeling, head of strategy at Interpol Singapore, Mr. Hitoshi Tojima, chief digital officer, Japan International Corporation Agency, and Ms. Tema Shuto, digital policy lead, International Chamber of Commerce. In addition to significance of developing operational and technical capabilities, the first round of discussion addressed the need for growing talent pipelines and partnerships. The experts and participants agreed that technical capabilities and partnerships are essential for cyber law enforcement at operational level, threat intelligence sharing, preservation of digital evidence, cyber security of critical infrastructure, supporting sustainable developments to digital transformation, raising cyber risk awareness, outsourcing for efficient resource management, protecting supply chains and investment, quick incident recoveries. They also reiterated the need to adapt systematic, continuous, and need-based multistakeholder and multidisciplinary approach for prevention, mitigation, and cyber resilience. During the open discussion, the experts and participants recognized lack of trust, global geopolitics, and block formation, different security cultures and standards, politicization at regional level, absence of geographical clusters, inconsistency, priority divergences, and limited resources as major challenges of developing technologies, partnerships, and talents for capacity building. Cyber apprenticeship, certification, standardizations, courses, national centers were identified as key resources MS should employ for developing essential technologies, talents, and partnerships. With reference to good practices regarding growing and retaining talents and partnership, participants highlighted importance of meeting people where they are, developing free cyber security toolkits, cyber training pipelines, effective crisis management, prioritizing internal agreement or national consensus, building trust ahead of time, transferring ownership to relevant local stakeholders, prioritizing action-oriented approach, customized threat assessments, search operation, tabletop exercises, and ongoing ground drills, information sharing among national and regional search with transparency and privacy, formation of special cross-sectional interest group. Finally, the experts and participants came up with five key recommendations. First, promote south-to-south and triangular cooperation. Second, treating cyber security as a prerequisite to the digital transformation. Third, establishing cyber security funds at national, regional, and international level. Fourth, bridge the digital gap between the developed and least developing countries. Fifth, treating cyber security as investment rather than expenditure. In closing, I am grateful to each of you for your time, support, dedication, and for this roundtable and patient hearing. Thank you so much.

Chair:
Thank you very much, Ms. Amner, for the very good summary, as well as to Ms. Lenker for the earlier summary. Excellencies, distinguished guests, we have come almost to the close of the session, and I wanted to give some closing remarks in my capacity as chair of the OEWG. And the first thing I want to say is to express my deep appreciation to UNIDO for facilitating the two breakout sessions earlier this afternoon, and also for having moderated the signature panel earlier this morning. And I think UNIDO, given its vast expertise in this particular domain, in my view is an indispensable partner for the work of the OEWG. So I want to, first of all, acknowledge my appreciation and gratitude to the UNIDO team. Secondly, I want to also express my appreciation to the ministers, deputy ministers, as well as high-level officials who came from capital for the purpose of attending the global roundtable. I think your presence here this morning, and also this afternoon, and it’s a Friday afternoon at UN headquarters in New York, and it’s so gratifying to see so many high officials, as well as representatives, still in conference room two. And I think this shows your commitment and your collective determination to make progress on the issue of capacity building. So my deep appreciation to the ministers, deputy ministers, high officials, and of course to all the representatives who have participated at this session throughout this day. There are a lot of points that I’m sure that we will all take back. And I wanted to say also that what I’m – wanted to share some reflections, but please do not treat what I would say as reflections as an exhaustive summary. UNIDIR will prepare a report as reporter for the entirety of the global roundtable. So they will go through the various remarks and interventions made, and therefore I encourage you to submit your statements in writing. I will also go through my own notes. So the report from UNIDIR will serve as a reference document. It’s not an official UN document. We are not certainly going to negotiate that. But I think that the UNIDIR report will be very useful for us. And I hope that UNIDIR will also take into account my own reflections as you prepare the reporters’ report. First I think the discussions throughout the day, plus the ministerial breakfast meeting we had very early in the morning for the ministers, reinforce a few key points. One, capacity building is a cross-cutting issue, and we have said that in our annual progress report of the OEWG. Second, capacity building is a confidence-building measure. And we have also acknowledged that in our annual progress report. And thirdly, and equally importantly, capacity building as an enabling tool to strengthen the normative framework. And these are three elements which, in my view, kept coming again and again in various comments and interventions. And what is encouraging is that these are also elements that have come into the discussions of the OEWG. So the fact that these same points have come in the roundtable context, to me, is a signal that we are on the right track as far as the OEWG is concerned. So that’s the first reflection that I wanted to share. Another common point across the various interventions today is the need for urgent action. The international threat landscape in the area of ICT security is rapidly evolving. I think everyone has spoken about the urgency and necessity of doing capacity building now rather than tomorrow, immediately rather than later. So I think in a context where technology is rapidly evolving, the threat landscape is rapidly evolving, so must capacity building not only be done quickly, but capacity building must also evolve and be adapted to the changing context and circumstances. The other reflection I wanted to share was that it was very gratifying for me that everyone spoke about what they were already doing, which shows that a lot is already happening at the national level. And what we need to do is to give impetus to what is already happening at the national level, regional level, and global level. And so that’s what I wanted to share with you. this sharing of actions already underway is very gratifying, but also gives us a basis to be hopeful and optimistic that we are on the right track, but we need to go further, we need to go faster, and this is where capacity building can be an accelerator to make us go further and faster in terms of putting in place an ecosystem of policies and institutions at the national level so that countries are cyber resilient and the other point that was very clear is that, and as we just heard from one of the breakout groups, we need to make cyber security and cyber resilience a prerequisite for digital transformation, so in a sense as the world is racing towards digital transformation, we need cyber resilience, and cyber resilience requires that we have very good policies for ICT security and cyber security, and so this whole dimension of mainstreaming cyber security and cyber resilience into the development agenda is something that came out very strongly in the discussions and obviously in the breakout groups as well, so I would think that this is a point that all of us need to reflect collectively, and this is happening at a time when the UN is talking about a global digital compact. This is not part of the work of the OEWG, but the global digital compact is intended to provide a global framework for international collaboration in the area of digital technologies, and ICT security is a crucial component of that, so if the global digital compact is to be a reality, it is to be operationalized, we need to make sure that the work we do in this working group in terms of ICT security is further accelerated and supported through adequate resources and adequate capacity building. There were so many other points. Many of you emphasized the importance of multi-stakeholder approach to ICT security and cyber resilience and capacity building in this domain, and the fact that we have the stakeholders here, I also want to take this opportunity to express my gratitude to them for their efforts. It’s also clear that they are doing so many things. Many of you referenced the Accra call. Many of you also spoke about various conferences that you have organized in your own regions and countries. That’s very gratifying to know that a lot is already happening. So the multi-stakeholder approach needs to continue, because ultimately we need to work with private sector, foundations, academic institutions, research institutions, and everyone else who has expertise and knowledge and who are prepared to work in partnership with countries. One other point that I want to mention is that right at the beginning of the Global Roundtable, the Secretary General and the President of the General Assembly India spoke about a coherent approach and a holistic approach to capacity building, and I think given the multitude of action and programs and initiatives already underway, that is a good thing. The Secretariat has also done a mapping exercise, which showed that the landscape is rich. That is a good thing. So what we need to do is not try and replicate or duplicate. What we need to do is complement and promote synergy and create a network approach where we connect the dots to make sure that each of the ongoing activities support each other, complement each other, but in that context, if there are gaps, we must not be hesitant to fill those gaps. So we must take a pragmatic approach such that if there are gaps, if there is an area that has been neglected, either unwittingly or through oversight, we must fix that. If there is an area that needs additional work, we must do that because the landscape is evolving, technology is evolving, the threat landscape is evolving, and therefore we cannot afford to take the approach that existing capacity building programs are fine and good, there are so many things happening, so we don’t need to do anything. I think we must be pragmatic about it because we must evolve with what is needed. That’s where the demand-driven approach comes in. If technology and circumstances evolve such that new offers of capacity building are needed and new avenues are needed or new platforms are needed, we must not hesitate to do what is necessary to respond to the needs of countries, especially developing countries, small countries, vulnerable countries. So this coherent, holistic approach that also is dynamic in terms of responding to the needs and responding to the context, I think is very important in my view. The other point that was very clear is that we need a long-term and sustained approach because this is going to be with us for generations. Technology is going to evolve rapidly and already we are talking of the next generation of technology, AI, quantum computing, how that will impact our city security. So we can’t look at capacity building on a project basis, on a short-term basis, but we need to take a long-term approach, adopting an ecosystem approach so that we help countries, not in terms of project X and Y, which is implemented and then the partners say thank you very much, this is the key to the project and over to you. I’m simplifying, but what we need is a sustained partnership because capacity building is an ongoing exercise and that means that here at the UN we need to have this continuing conversation to monitor, to review, to see whether we are on the right track. So this is going to be very important. The question of funding and resources came. I think it also came up in one of the breakaway groups. I think it has also been coming up in the open-ended working group. So obviously funding and resources are scarce these days, even for the development agenda. Naturally, one needs to see how we can optimize the resources that are already allocated, how we can mobilize additional resources, how we can build partnerships to synergize and leverage on existing resources. So I think we need to think of a variety of ways to solve the challenge, but I think we should avoid a situation where we think that more money will solve the problem. I think we need to be efficient in how we do things, we need to be effective, we need to be targeted, and we need to work with a wide range of partners to mobilize the resources that are going to be needed to do the things that we need to do. So that was the other point that I wanted to share with you. Another element that came across as well is regional efforts. Regions, sub-regions, regional organizations doing so many things, and that is also a very good thing. So we will have to have that interaction between the national, the regional, and the global. And this interaction between the layers or levels is not one way. It’s not going to be top-down where the OEWG says to all the regions, this is the plan you implemented. It can’t work that way because different regions are different, different sub-regions, different countries, so we can learn best practices at the national, sub-regional, and regional levels. And what we have here at the Global Roundtable is at a macro level, but here too we can learn lessons and take it back to our sub-regions and national levels. So it has to be an iterative and interactive because that is how we learn from each other and share best practices. I want to conclude with two last points, which is that one of the strongest takeaways for me is that this Global Roundtable has given a very strong political impetus to the work that we are doing in the Open-Ended Working Group in the specific area of capacity building. And the urgency that was underlined by ministers and high-level officials is something that we need to take into account in the work of the Open-Ended Working Group. So in some ways we need to accelerate our pathway towards implementing capacity building. We need to accelerate partnership building in order to help countries that are looking for help, whether it’s in terms of formulating national strategies, whether it’s in terms of building digital infrastructures, whether it’s in terms of trying to create an ecosystem at the national level. We need to take into account the urgency that was underlined by ministers and high-level officials. We need to accelerate and push faster. I think that has been one of the big takeaways for me from this Global Roundtable. So in a sense, we can’t say that this Working Group, the mandate finishes in 2025 and there’s going to be another permanent mechanism in future. So we cannot afford to take the approach that, well, let’s continue discussing these are very interesting topics, because this is not a theoretical or academic exercise. So I am very keen as Chair and very determined as Chair of the Open-Ended Working Group to encourage and push everyone towards faster action, faster partnerships. And some of these partnerships may not happen in the UN or through the UN, but these things must happen. But the UN, too, must play a role. This is where the proposal put forward by some countries with regard to the role of the OEWG and the role of the UN with regard to capacity building is something that we need to discuss very seriously. I think there was a proposal put forward by India for a global cybersecurity cooperation portal, which India also made reference to. I think the Philippines has also put forward a proposal for an ICT security capacity building catalogue, which I believe is a proposal now endorsed by the region as a whole, ASEAN. So there are some proposals to sort of strengthen also the role of the OEWG, the role of the UN in terms of creating a more coherent approach, in terms of creating a network approach to capacity building. So that’s something that I’m very determined to do, move faster, move quickly towards capacity building, because I think there’s a lot of expectation that we move faster and show results. So I think let’s all keep that in mind. It’s not intended as a criticism that things are not moving fast. It is not intended as a criticism that country X or country Y is not doing enough. I think let’s look at it all collectively. There’s this expectation out there that we need to move fast. The digital transformation is shaking and shaping the world. How do we respond to it? So I think this is something for all of us to take back. The last, last point that I want to make, and the point I want to make is, in fact, a confession. When we had this idea to do a global roundtable, it was an experiment. We were not sure that it would succeed. And whether this global roundtable has succeeded is not for me to decree from the podium. Each one of you will take back your own conclusions as to whether this global roundtable has been meaningful for you. But I want to share with you my reflection that this global roundtable has given not only a political impetus to the work that we are doing, not only has it underlined the urgency for us to move faster, but it has also, in my view, really provided a platform for ministers, deputy ministers, heads of delegations, high-level officials to meet and interact. Because throughout the day there have also been various bilateral meetings, discussions on the sideline, because ultimately partnerships are not going to be decreed or legislated on paper. It has to be the result of dialogue and meetings and face-to-face discussions. So it is my modest hope, and also my humble assessment, that this roundtable has made a small contribution in terms of strengthening the sense of community, strengthening the sense of partnership among states and also between states and the stakeholders in making us move forward towards creating an open, secure and stable ICT environment and towards creating resilient, cyber-resilient states and societies which are ready for the digital transformation which is coming our way. And so with those comments, Distinguished Delegates, Excellencies, my dear friends, I thank you so much for your attention, for your presence and participation, and I know it is a Friday evening and I do not wish to detain you longer than necessary, so I would like to, at this point, adjourn the meeting. But let me check with the Secretariat if there are any other final announcements. Good. She says we can go home. So I want to thank you all once again, and please have a safe trip home. And for those of you who are going to be here next week for the dedicated informal sessions, I will see you around. Otherwise, have a pleasant weekend and have a safe trip home. Thank you very much.