Achieving the SDGs through secure digital transformation | IGF 2023 Open Forum #92

Yasmine Idrissi

The analysis reveals several key points about cybersecurity. Firstly, there is a pressing need to demystify the field and dispel the misunderstanding that it is solely a technical issue. It is important for actors, including development professionals and policymakers, to understand that cybersecurity is not just a technical problem, but also a consumer and policy issue. By broadening the perception of cybersecurity, it becomes more accessible and relatable to a wider audience.

The analysis also highlights the need for inclusion and diversity within the field of cybersecurity. Currently, cybersecurity is predominantly English-focused, which excludes other languages and dialects. To promote inclusivity, it is crucial to reflect and incorporate other languages and both national and local dialects in the field. This ensures that people from diverse backgrounds can fully engage with and contribute to cybersecurity.

Furthermore, the analysis suggests that non-traditional actors, such as political parties and civil society, should be included in shaping cybersecurity policies. On a national level, there can often be interagency friction between mandates, and involving these non-traditional actors can help to bridge the gap and ensure comprehensive and effective policies. By broadening the participation and perspectives in cybersecurity policy discussions, a more holistic and inclusive approach can be achieved.

The integration of cybersecurity into digital development projects is another crucial aspect. The approach to digital development and cybersecurity has often been kept separate within organizations, resulting in a siloed approach. By integrating cybersecurity into digital development projects, organizations can ensure that the security of digital systems and infrastructure is prioritised from the outset. This can be achieved by incorporating cybersecurity as a criterion in audits for development projects.

Donor-funded projects also have a role to play in integrating cybersecurity requirements. By building cybersecurity requirements into their projects, donors can contribute to the overall security and resilience of the projects they fund. This includes considering cybersecurity as an integral part of the project design and implementation process.

Additionally, the analysis suggests that cybersecurity can benefit from incorporating lessons from other fields, such as climate change. Both fields involve technical complexities that can be intimidating for policymakers and diplomats. By learning from the approaches and strategies used in climate change negotiations, cybersecurity can adopt a similar mindset of collaboration, knowledge sharing, and multidisciplinary thinking.

In conclusion, the analysis highlights the need to demystify cybersecurity, promote inclusion and diversity, involve non-traditional actors in shaping policies, integrate cybersecurity into digital development projects, and learn from other fields. These measures will help create a more comprehensive and effective approach to cybersecurity, ensuring safety, progress, and resilience in the digital world.

Allan S. Cabanlong

The ASEAN region is currently facing disruptions and ransomware issues as it strives to progress in digital development, highlighting the essential need for robust cybersecurity governance. The digital age has brought about unprecedented risks and vulnerabilities, necessitating ASEAN countries to address these growing threats effectively.

Interdisciplinary leadership plays a vital role in achieving a secure digital landscape and digital transformation. Based on the experiences of ASEAN, it is observed that leaders often lack interdisciplinary knowledge and expertise, which hinders effective digital governance. To govern digital development successfully, leaders should have a comprehensive understanding of all aspects of cybersecurity and its intersection with digital advancements.

Furthermore, the absence of proper cybersecurity governance exposes organizations and governments to significant risks, potentially resulting in catastrophic consequences. It is essential to establish clear policies, frameworks, and regulations to safeguard against cyber threats and protect sensitive information. Implementing robust cybersecurity governance measures enables organizations and governments to mitigate risks and ensure the security of their digital infrastructure.

In summary, the ASEAN region faces disruptions and ransomware challenges in its pursuit of digital development, highlighting the need for strong cybersecurity governance. Leadership with interdisciplinary knowledge is crucial for achieving a secure digital landscape and digital transformation. Neglecting cybersecurity governance can expose organizations and governments to severe consequences. Therefore, taking proactive measures to establish comprehensive cybersecurity governance is vital for the safety and stability of digital ecosystems.

Audience

The discussion highlighted the importance of budgeting and planning for the development of critical information infrastructure. A civil servant from the Sri Lankan government, involved in the formulation of the Sustainable Development Goals (SDGs), emphasised the significance of this aspect in achieving sustainable development. Sri Lanka has already taken steps in this direction by adopting a cybersecurity strategy and developing a cybersecurity policy.

The integration of policies and strategies for information infrastructure and cybersecurity into standard organisational structures and periodic development projects was proposed as a key step. This integration is crucial for the successful implementation of SDG 11 (Sustainable Cities and Communities) and SDG 17 (Partnerships for the Goals). By integrating these priorities into existing structures and projects, a more effective and streamlined approach can be taken to address information infrastructure and cybersecurity challenges. This will promote the development of sustainable cities and communities and foster partnerships for achieving the SDGs.

The supporting evidence for these proposals includes Sri Lanka’s existing adoption of a cybersecurity strategy and the development of a cybersecurity policy. These initiatives demonstrate the country’s commitment to addressing the challenges posed by information infrastructure and cybersecurity. Comprehensive policies and strategies help Sri Lanka tackle these issues in a more systematic and holistic manner.

Overall, the discussion took a neutral sentiment, with an emphasis on the practical importance of budgeting and planning. This suggests a pragmatic approach to addressing information infrastructure and cybersecurity challenges, highlighting the need for careful consideration and foresight in resource allocation and strategic decision-making.

In conclusion, the discussion highlights the crucial role of budgeting and planning in the development of critical information infrastructure. Sri Lanka’s efforts in adopting a cybersecurity strategy and policy serve as positive examples. To successfully implement the SDGs, it is essential to integrate policies and strategies relating to information infrastructure and cybersecurity into standard organisational structures and periodic development projects. By doing so, Sri Lanka aims to achieve sustainable cities and communities while fostering partnerships for the SDGs.

Moctar Yedali

The analysis highlights several important points regarding cybersecurity challenges in Africa and the need for greater attention and inclusive approaches. Firstly, while many African countries have digital transformation strategies, cybersecurity is not sufficiently integrated within them. This is a concerning issue as cybersecurity is crucial for protecting digital assets and ensuring the safety and integrity of digital infrastructure. The responsibility for addressing cybersecurity primarily falls upon ministers in charge of digital transformation and security/defense, with limited involvement from other stakeholders. This raises concerns about a lack of multi-stakeholder participation in cybersecurity discussions and decision-making processes.

In addition, there is a significant lack of efficient cybersecurity strategies in many African countries. This poses a significant risk as cyber threats continue to evolve and become more sophisticated. Without effective strategies in place, African countries may be vulnerable to cyber attacks that can have detrimental impacts on their economies, infrastructure, and overall stability.

On a positive note, the analysis suggests that African youths have the potential to play a critical role in addressing cybersecurity challenges. With 35% of Africa’s population being young, there is a sizable pool of talent that can be trained to become cyber guardians. By providing appropriate education and training, young people can contribute to safeguarding digital spaces in Africa and beyond.

Furthermore, the analysis stresses the importance of Africa not merely being a consumer of cybersecurity products but creating its own ecosystem for cybersecurity. By fostering domestic innovation and collaboration, Africa can establish itself as a hub for cybersecurity solutions, ultimately enhancing its resilience and capabilities in the face of cyber threats.

Moreover, the analysis highlights the insights shared by Moctar Yedali regarding the rapidly changing nature of technology and its implications. He emphasizes the need for continual capacity building to keep pace with technological advancements. Yedali warns about the potential of an impending digital divide, where consumers may have to choose between different systems or technologies. This could lead to a “cold technical war” among more influential countries, while smaller countries follow without much choice.

In conclusion, the analysis sheds light on the unique cybersecurity challenges faced by Africa and highlights the need for more attention and inclusive measures to address them. It calls for the inclusion of multi-stakeholders in cybersecurity discussions, the development of efficient cybersecurity strategies, the training of African youths as cyber guardians, and the creation of a robust ecosystem for cybersecurity in Africa. Additionally, it underscores the importance of continual capacity building and technological cooperation to bridge the digital divide and ensure socio-economic progress.

Johan Eckerholt

The COVID-19 pandemic has highlighted our heavy reliance on digital methods of communication and governance, revealing the critical importance of trust and security in these processes. As our everyday lives become increasingly digitalized, it becomes essential to ensure the integrity and safety of our digital systems.

Global cooperation plays a crucial role in achieving sustainable digital transformation. Digital issues transcend national borders, making collaborative efforts necessary to address them effectively. Partnerships between governments, the industry, international organizations, and civil society are key to tackling digital challenges.

The growth and development of small and medium enterprises (SMEs) rely on a broad and secure digital system. Secure digital processes that enable cross-border transactions are crucial for the success of industries. Ensuring the safety of digital transactions fosters the growth and expansion of SMEs.

Finding the right balance between regulation and governance is critical for the growth of the digital economy. The involvement of organizations like the International Telecommunication Union (ITU) and industry leaders is vital. The ITU monitors digital activities, while the industry provides the necessary technological foundations. A collaborative approach can facilitate digital progress and innovation.

To build trust in digitalization, common rules, effective implementation tools, robust monitoring mechanisms, and resources for remediation are essential. Clearly defined and universally agreed-upon rules, comprehensive implementation tools, rigorous monitoring processes, and adequate resources can instill confidence in digital systems.

Cybersecurity is an integral part of our digital lives. It is crucial to integrate cybersecurity measures into digital systems to ensure a safe and secure online environment. Protecting personal data, financial transactions, and sensitive information is of utmost importance.

Improving the link between the defense, economic, and development communities is a challenge that needs to be addressed. Strengthening connections and fostering collaborative efforts between these communities is essential to tackle global issues and achieve sustainable economic growth while reducing inequalities.

A consortium project is currently underway, aiming to provide guidance through consultation. This project includes a consultation in Singapore and aims to produce relevant guidance by December. The consortium brings together expertise and perspectives to address key digital challenges.

Johan Eckerholt, a participant in the project, acknowledges the value of prior discussions and plans to incorporate the points discussed into future project proceedings. This demonstrates their openness to feedback and commitment to improving the project based on valuable insights.

In conclusion, the COVID-19 pandemic has underscored the significance of trust and security in digital communication and governance. Sustainable digital transformation requires global cooperation, a secure digital ecosystem for SMEs, a balanced approach to regulation and governance, common rules and tools, integrated cybersecurity measures, improved collaboration between different communities, and consortium-led guidance initiatives. Through collaborative efforts, we can build a safe, secure, and prosperous digital future.

Patryk Pawlak

There is a clear confusion on the ground regarding the differences and intersections between the terms ‘digital’ and ‘cyber’. Patryk Pawlak’s experience in European Union (EU) projects revealed this confusion, highlighting the need for clarification on these terms and how they integrate.

Furthermore, Pawlak emphasized the importance of mainstreaming in the context of understanding ‘digital’ and ‘cyber’. Mainstreaming refers to incorporating these concepts into various aspects of project implementation. EU engagements have demonstrated that mainstreaming can be a solution to the challenges faced on the ground in relation to digital and cyber projects.

The enabling environment is often overlooked in cyber capacity building, as stated by Pawlak. In his work on operational guidance on cyber capacity building for the European Commission, he identified the enabling environment as a key issue. This highlights the need to consider the broader context within which capacity building initiatives take place.

Pawlak’s involvement in the generation of operational guidance and strategic directions for cyber capacity building for the European Commission reflects the importance placed on considering different aspects of cybersecurity in the development of projects. This highlights the need for comprehensive and strategic approaches to cybersecurity development.

Delegates are faced with a dilemma when it comes to dealing with blockchain and cybersecurity. A colleague in the delegation was tasked with implementing a project on blockchain in the justice system, but also needed to incorporate cybersecurity measures. This highlights the challenges that arise when these two complex and distinct areas intersect.

It is evident that expertise in both blockchain and cybersecurity is needed to aid delegates in addressing these challenges. The colleagues in the delegation mentioned by Pawlak were not experts in either of these fields. Therefore, the involvement of experts becomes crucial in order to navigate the complexities and ensure the effective implementation of projects.

In conclusion, the analysis highlights the confusion surrounding the terms ‘digital’ and ‘cyber’, the importance of mainstreaming in project implementation, the often overlooked enabling environment in cyber capacity building, and the need for expertise to address the challenges posed by the intersection of blockchain and cybersecurity. These insights emphasize the need for clear definitions, comprehensive approaches, and the involvement of knowledgeable experts in the field.

Christopher Painter

There is a significant divide between the development and cybersecurity communities, as the development community tends to perceive cybersecurity as too technical and defensive. However, it is argued that cybersecurity is actually a foundational element of development, with almost every development project having a cybersecurity aspect.

One of the main challenges is the fear of crossing committees in the UN negotiation process. Countries view cybersecurity capacity building as a military thing, rather than as an area suitable for official development assistance. This perception contributes to the segregation between different communities in development and cybersecurity.

To address this divide, a conference is being held in Ghana. This conference aims to bring together the development community and the cybersecurity community, and is co-organized by global organizations, including the World Bank, World Economic Forum, and the Cyber Peace Institute. The conference’s objective is to build understanding and champion the integration of cybersecurity in development.

It is argued that there is a need for interaction and communication between the development and cybersecurity communities. The cybersecurity community also needs to improve its communication with the development community. The division between the two communities is seen as a barrier that hinders effective collaboration and response to cybersecurity threats.

Furthermore, it is highlighted that combining diverse sectors and breaking down barriers is essential to understanding and effectively responding to cybersecurity threats. Issues in cyberspace require the contribution of different sectors, including security, human rights, and economics, in order to handle them effectively. This approach emphasises the importance of collaboration and integration across various fields.

Notably, there are also instances where organisations and regions misunderstand their roles and responsibilities regarding cybersecurity and digital matters. For example, an unnamed country did not attend International Telecommunication Union (ITU) meetings because they viewed it as solely related to telecommunications, despite it covering broader areas such as cybersecurity. This misunderstanding underscores the need for clarity and coordination in understanding the scope and responsibilities of different entities in addressing cybersecurity challenges.

In a positive development, some countries have institutionalised the merger of digital and cybersecurity roles. This practice involves integrating various aspects of the digital realm, with the role of the cyber ambassador aligned with that of the digital ambassador. This integration aims to create a more comprehensive and coordinated approach to dealing with digital and cybersecurity matters.

In summary, there is a clear divide between the development and cybersecurity communities, with the development community perceiving cybersecurity as too technical and defensive. However, it is argued that cybersecurity is a foundational element of development, and projects in the development field often include a cybersecurity aspect. The conference in Ghana is a significant effort to bring the two communities together and improve understanding and collaboration. It is crucial for both communities to interact, communicate effectively, and integrate diverse sectors to effectively respond to cybersecurity threats.

Michael Karimian

In order to achieve the Sustainable Development Goals (SDGs), it is necessary to focus on two key areas: secure digital transformation and collaboration among various stakeholders. Secure, trusted, and inclusive digital infrastructure is fundamental for economic and social development. This requires integrating cybersecurity principles into the digital development agenda. By doing so, societies can be safeguarded and potential risks can be mitigated.

Collaboration among different stakeholders is also important. Active participation from governments, international organisations, industry players, and civil society is crucial for a successful multi-stakeholder approach. In order to address the complex challenges associated with digital transformation, it is necessary to bring together the expertise and resources of different actors. By working together, synergies can be created and comprehensive solutions can be developed to tackle cybersecurity issues effectively.

Furthermore, there is a need to mainstream cybersecurity into digital development programs and broaden the funding sources for cybersecurity capacity building. It is imperative to seamlessly integrate cybersecurity considerations into the design and implementation of digital and development initiatives. By prioritising cybersecurity from the outset, potential vulnerabilities can be identified and addressed proactively. Additionally, expanding funding sources for cybersecurity capacity building can ensure that the necessary resources are available to build robust and resilient digital systems.

Another important aspect highlighted is the importance of conducting real assessments of cyber needs, feasibility, and impacts in development projects. This involves evaluating the cybersecurity requirements and implications of digital initiatives. By conducting thorough assessments, potential risks can be identified, and appropriate measures can be taken to enhance security and mitigate threats. For instance, in the digitisation of court systems, assessments can help identify the cybersecurity measures needed to protect sensitive data and ensure the integrity of the judicial process.

Additionally, it is crucial to view cybersecurity as an investment rather than simply a cost. Cybersecurity should not be seen as an expense but as a strategic investment that can yield long-term benefits. By investing in robust cybersecurity measures, organisations can protect their data, systems, and users from cyber threats. This investment can lead to increased trust, business resilience, and economic growth in the digital era.

In conclusion, achieving the SDGs requires a focus on both secure digital transformation and collaboration among various stakeholders. By integrating cybersecurity principles, adopting a multi-stakeholder approach, mainstreaming cybersecurity in development programmes, conducting thorough assessments, and viewing cybersecurity as an investment, societies can build secure, resilient, and inclusive digital ecosystems that foster sustainable development.

Tereza Horejsova

The Global Forum on Cyber Expertise (GFC) has emphasized the importance of incorporating cybersecurity into development initiatives. It has been observed that cybersecurity is often disregarded due to a lack of understanding on how to integrate it into other development interventions. Recognizing this disconnect, the GFC aims to initiate discussions to mainstream cybersecurity in the development agenda. All partners involved in the forum understand the connection between sustainable digital transformation and cybersecurity, highlighting the need for a comprehensive approach.

To address this, a multi-stakeholder approach is deemed essential in formulating a comprehensive cybersecurity plan. The Government of Sweden, Ministry of Foreign Affairs, Global Forum on Cyber Expertise (GFC), International Telecommunications Union (ITU), and Microsoft are partnering in this initiative. They plan to bring in various stakeholders to contribute to the discussions. By involving a diverse range of perspectives, expertise, and resources, a more holistic cybersecurity strategy can be developed.

A specific plan has been laid out for a series of workshops that will focus on discussing various aspects of cybersecurity and its role in digital transformation. These discussions aim to explore the importance of digital development for achieving the Sustainable Development Goals (SDGs), learn from past and ongoing cyber capacity projects, implement UN cyber norms, and consider the role of diplomacy. The intention behind these workshops is to gather insights and formulate suitable cybersecurity strategies that align with the broader development agenda.

The Global Forum on Cyber Expertise operates under the Swedish Government’s initiative and seeks to incorporate the feedback received during these discussions in a multi-stakeholder compendium. By engaging stakeholders from different sectors and countries, it aims to foster collaboration and ensure that cybersecurity remains an integral part of development efforts.

Moreover, the division and misunderstanding between the development and cybersecurity communities are acknowledged and seen as a challenge. To address this, the Forum encourages communication and interaction between these two communities. By bringing them together and facilitating a shared understanding, it aims to bridge the gap and move towards common goals. This alignment is considered essential, as both communities have a role to play in achieving sustainable development.

In addition to engaging stakeholders, the Global Forum on Cyber Expertise also emphasizes the need for audience participation and involvement. It appeals to the audience to share their experiences, concerns, and challenges regarding cybersecurity and development. This approach seeks to collect a wide range of perspectives and ensure that the discussions take into account the diverse needs and experiences of different stakeholders. The Global Conference on Cyber Capacity Building (GC3B) is highlighted as an opportunity to further enrich these conversations, and expectations are set for its outcome to contribute to the overall understanding and progress in bridging the gap between cybersecurity and development.

In conclusion, the Global Forum on Cyber Expertise recognizes the importance of incorporating cybersecurity into development initiatives. It advocates for a multi-stakeholder approach to formulate a comprehensive cybersecurity plan and has outlined a series of workshops to discuss various aspects of cybersecurity in relation to digital transformation and the SDGs. By improving communication and engaging with stakeholders and the audience, the Forum aims to bridge the divide between the development and cybersecurity communities, fostering collaboration, and achieving better outcomes in sustainable development efforts.

Tereza Horejsova:
to the issue of achieving the sustainable development goals through secure digital transformation. This open forum is organized by the government of Sweden. So thank you for joining us here and thank you to those of us joining us online. What we will do today is to kind of discuss how the issues of cybersecurity can be mainstreamed in the development agenda. It’s a topic that is very close to many of the partners of this project that we would be introducing here today and that we hope to get inputs from you on. So just to recap, this project on mainstreaming cybersecurity in development has the following partners. It’s the government of Sweden, as I have mentioned, it’s Ministry of Foreign Affairs, it’s the Global Forum on Cyber Expertise, the GFC, it’s the International Telecommunications Union, the ITU, and last but not least, Microsoft. So welcome on behalf of all of the partners in this consortium. To set us off maybe just a few general remarks. So cybersecurity is often decoupled from other development interventions due to lack of awareness, understanding of how to integrate it, or dual use technology concerns. However, what all of the partners and as we have understood also many other around these issues have understood that sustainable digital transformation and cybersecurity, there are some vital cross-cutting needs there. And for this reason, today, we are formally launching this work stream that we have been working on together to facilitate a frank and inclusive discussion among stakeholders and distill their recommendations into a multi-stakeholder compendium that we are planning to launch later this year. And we will share more details on later. So to this end, we really plan to bring various stakeholders to a series of workshops. One of them is considered as this one happening at the IGF. And just to give you a little teaser of the issues that we are planning to discuss. It’s issues such as the role of cybersecurity in supporting safe and secure digital transformation, the importance of digital development as an enabling function to achieving the SDGs. What are some of the lessons learned from past and ongoing cyber capacity building projects? How can we use some concrete goals or checklists and indicators for the implementation of UN cyber norms, mainstreaming cyber capacity building with various development programs and funds, and also the role of diplomacy in creating institutions and mandates to support cyber mainstreaming? So these are some of the issues that we will be discussing today. We do hope that we will have a lively discussion that will then be reflected in the compendium in the making. So that was just a very brief introduction of the topic. And now let me introduce also the discussions that we will have to take us through that. So I will start on my left. At the end of the table, we have Christopher Painter, who is the president of the GFC Foundation Board. We continue with Yasmin Idrissi from the International Telecommunications Union. We also have Johan Eckerholt from the Swedish Ministry of Foreign Affairs and Michael Karamanian from Microsoft. My name is Teresa Horejsova, also with the Global Forum on Cyber Expertise, and it will be my pleasure to be your moderator alongside my colleague Alan Sabanlong, who is joining us from the Philippines, who will be serving as a bridge with the online audience. And I do hope also His Excellency Mokhtar Yedali, ex-minister from Mauritania, joining us from there at hopefully 4 a.m. in the morning. I don’t know if we have a confirmation if Mr. Mokhtar is with us. He is. So very good. Good morning, Mokhtar. I really appreciate you being here. So let’s get started. Each of our panelists will give some brief reflections, and then we will go into the discussion. And if you allow me, I would like to start with you, Johan. There is a reason why the government of Sweden has considered this issue of importance. So could you maybe kick us off on how you see the importance of digital development as an enabling function for the SDGs? Thank you.

Johan Eckerholt:
Thank you, Teresa, and also thanks to all the partners from NGC, FE, and ITU, and Microsoft here today. I think from the Swedish government perspective, we have had a long development journey from a poor agro-country to a relatively industrialized and digitalized country. And I think that journey has been able to do with trust. I think that is where we’re coming from. And what we have felt and seen, and I think we’ve all seen it even more so with the COVID and the pandemic, that core parts of our everyday life and our governance functions are digitalized. So creating trust and security in how we share information, how we communicate, how we deal with this across borders have become an essential part on a functioning society, on a functioning economy, on a functioning development. So from our point of view, that is why we see a very strong link with the social SDGs and building cybersecurity. Because if you take an issue for like information or disinformation, for example, it’s about understanding, believing, trusting in the sources that you have. Those things are key when we look at it. And I think also for an industry to grow, we today buy and sell things across borders. If I want to sell something in another country, I would like to be sure that the thing I’m buying is what I’m ordering. I’d also want to make sure that my credit card or whatever I used to pay is not skimmed along the way. So in that, I think we have a very key issue. And I think especially for small and medium sized enterprises in developing countries, being able to have that security and that broadness around the system is key for having the opportunity to grow and to develop. And I think that for us are very, very key things. And I think when we are looking at it, I think one needs to raise the awareness of cybersecurity because it might sound technical, but it is essential to allowing the other aspects of this trust building to get to the SDGs. And I think I’m very extra happy that we are all of us here together because I think in order to achieve that trust, we need to work together. I mean, we as governments need the help of the industry with Microsoft.We need to cooperate together in international organization and we need a civil society and the experts like you, Teresa, to work on taking this forward. And we cannot do it alone. And I think digital is one of those things, we all know it. It doesn’t stop at borders. So we need to do this together. I think I’ll stop here a little bit. Maybe I can touch a little bit on how we see it. I think, what does that mean? I think, well, it means that we need to have common rules. We need to have the tool for implementation. We need to have the tool for monitoring. And in the end, we will probably also have the resources to remedy when things go wrong. So I think you need all those aspects. And I think, I mean, ITU is doing an excellent job on the monitoring part. I mean, we all try to help in providing our input from a national perspective so that we can see what is needed. We can do that gap analysis. And I mean, from GCFE, I mean, you’re producing the knowledge base that we need to get there. And the industry is a key partner because they are actually providing the fundamentals of which we work through. And we as governments try to find the right balance between regulation and governance and getting that right. So I think those are the things that we are working on. And also, to be very frank, also struggling with because I think that the challenge of doing this is of course that it needs that cooperation among us, but also in governments and to get all the different key partners to talk together. So I think those are a little bit how we see the basic points of why this is important and why we need to work together in this setup. So I think what we are looking for is to learn from you and how we can do this better. And I’m very, very much interested in hearing your views on this. Thank you.

Tereza Horejsova:
Thank you very much, Johan. Also, for stressing kind of the multi-stakeholder importance of these discussions. There is also no coincidence why this consortium of this project has been set up the way it has been. And you know, later on, if our time allows, having you as a diplomat in Geneva, it would be really useful also to hear some reflections from you on how the development and cyber security worlds actually meet at this center of diplomacy. But let’s leave it for later. As I have mentioned in the opening remarks, we have had two consultations already with various contexts at various venues. The first one was happening in July in New York during the open-ended working group. The second one was held about two weeks ago virtually in cooperation with also the Swedish International Development Agency, SIDA, on really trying to bring more of the development practitioners into this discourse. And we have learned quite a lot. Some, let’s say the concerns or recommendations that we have heard in these consultations were expected. Some were maybe a little bit surprising, yes. So maybe to also set us up for the discussion later, I would like to get into those briefly. And Michael, if I may turn to you, you know, so what has come up as the main barriers in mainstreaming cyber security and development so far?

Michael Karimian:
Sure thing, thank you, Teresa. Being a moderator and of course your hard work in preparing today’s session. And Yasmin and I will reflect on this together and I think Yasmin and I have very similar takeaways from the consultations, which in a way speaks to a level of unanimity, both from an international organization actor and a private sector actor, the strength of the consultations and the common themes that are coming through time and again. Firstly, and Johan touched upon this, it is abundantly clear that secure digital transformation is absolutely essential in our pursuit of the SDGs. And that’s true in ways which weren’t fully recognized when the SDGs were being drafted and scoped and agreed to well over a decade ago. And now as we’re kind of on the cusp of the post 2030 agenda and not quite knowing what that will look like, that in many ways speaks to the timeliness of this project and helping to lay the groundwork for that. But even before we get to the post 2030 agenda, right now in today’s interconnected world, it’s obvious that secure, trusted and inclusive digital infrastructure is the very foundation of economic and social development everywhere actually, not just low and middle income countries. However, that digital transformation journey also brings with it a huge range of inherent cybersecurity risks, particularly for nations and regions that may currently lack the necessary cyber resilience to counteract the ever evolving cyber threats. So it’s imperative to recognize that in order to empower and safeguard all societies from the mountain cybersecurity risks, we must of course proactively and comprehensively integrate cybersecurity principles into the digital development agenda. One recurrent theme which has clearly resonated throughout the discussions is the need for a collaborative and inclusive approach as just exactly as Johan said, achieving the SDGs through secure digital transformation requires the active and engaged participation of various stakeholders and that includes governments, international organizations, the development community, industry players and civil society, which necessitates the pooling of knowledge, expertise, resources, because of course the magnitude of these challenges is just simply too vast to be tackled by one entity in isolation. I know that’s a very common theme which we hear throughout the IGF. I think furthermore, the consultations have really underscored that capacity building in cybersecurity is not merely a desirable option, but an absolute imperative and in some ways that’ll be music to Chris’s ears, but something that he already knows and understands very, very well. It’s evident that we need to prioritize efforts in building and enhancing the capacity to manage and mitigate cybersecurity risks, especially in regions, again, where digital transformation is occurring at a really accelerated pace. Strengthening the skills and the knowledge required to navigate the intricate web of cybersecurity challenges is fundamental to the achievement of sustainable development goals. Additionally, the discussions so far have highlighted the importance of mainstream and cybersecurity into digital development programs and funding mechanisms. So to ensure that the SDGs are not only supported, but indeed advanced by digital transformation, we must seamlessly integrate cybersecurity considerations into the very fabric of digital and development initiatives. And that includes both at the initial design level, but also ongoing implementation of these projects. And we’ve learned that the approach to mainstreaming cybersecurity must be adaptable and context specific. Of course, there’s no one size fits all solution. So every region and country faces a range of unique challenges and requirements on their digital development journey. And as such, strategies and interventions must be tailored to address those specific contexts effectively. Lastly, but certainly not least, on the issue of funding mechanisms, that’s clearly an issue that has come to the forefront. The consultations have illuminated the critical need to broaden the sources of funding for cybersecurity capacity building. It’s not sufficient to solely rely on defense budgets, for example, to support these endeavors, is imperative that development budgets are also mobilized to ensure that digital development projects are fortified with the necessary cybersecurity components. So aligning funded mechanisms with the specific needs and objectives of digital development initiatives is essential too. I think these are just some of the valuable insights from the consultation so far. Yasmin, I think we’ll have similar perspectives and maybe more to share.

Yasmine Idrissi :
Thank you so much, Michael. And thank you, Teresa. So indeed, these consultations have also lifted the lid on some things that as cybersecurity practitioners you don’t necessarily consider. There’s also a definition issue sometimes that we often try as a recommendation to refer to it as cyber resilience, because security as a word implies certain things, of course, and this also is partly caused by the fact that cyber capacity building, as mentioned by Michael, is often funded from defense budgets rather than development. So one recommendation also that has been coming since the two workshops that we’ve had is to demystify the field, because actors, be it development or policy, they often misunderstand it. They see it only as a technical issue or not a consumer issue or policy issue. So there’s a bit of a discomfort from development professionals over the perceived sort of technical nature of it. And one other thing that is important that we often overlook is that it’s a very English-focused field. There needs to be a little bit more inclusion also in terms of languages, and both national and also local dialects need to be reflected. A recommendation that is important as well is to consider going beyond our usual sort of communities, both at national and international level. The development community and the cyber capacity building community often do not talk. And also at national level, there is often an interagency friction between mandates, and that’s the case for numerous countries. So oftentimes we finish into an eco-chamber of speaking to cyber diplomats that obviously know the importance of this, but there needs to be, of course, the inclusion also of what we would consider non-traditional actors, like political parties or civil society, of course, and people that are also active in shaping this policy landscape. Yeah, so including cybersecurity and cyber resilience is, of course, key to also include in digital development projects. So I can say that even in the ITU, the approach is still very siloed. Oftentimes we have digital development projects as one thing and then cybersecurity projects as separate, even within the same organization. So I wouldn’t imagine elsewhere. So maybe a recommendation that has come out and that I very much agree with is that sometimes cybersecurity can be added as a sort of criteria in audits for development projects, digital development projects, and maybe donors can have a role. here where they can build cybersecurity requirements into their projects. So it’s a bit of a all hands on deck type of effort. But I think what’s really key is to continue to have these conversations and maybe turn over to different actors, and maybe some that we haven’t thought about for understanding what can be some good examples that we can showcase through this work stream. Thank you.

Tereza Horejsova:
Thank you very much, Yasmin. Thank you, of course, also Michael. I will be curious later to hear if this, to any extent, was surprising to you as well, and if you have other reflections. But before we do, Michael, you have mentioned, for instance, the unique challenges that there are various regions face. Yasmin has brought up the issue also of languages. I would like to turn to you, Mokhtar. You, of course, knowing Africa so well, can you share with us a little bit your perspectives of worthy intersection of digital resilience and achieving sustainable development goals, how it has unfolded in Africa, and what is the situation there regarding the multi-stakeholder participation that we’ve heard about as quite an important need. So 4 a.m. for you, good morning, but we hope you’re fresh and ready to share something with us.

Moctar Yedali:
Indeed. Can you hear me very well now? Yes, we can. Do you see me? So far, you are small, but I believe you will be made big. Yes, it’s perfect. Please go ahead. Thank you very much, and thank you for the opportunity, and good day to you, because it’s morning, it’s 4 a.m. here where I am in Mauritania. And thank you for having me, and I congratulate the previous speakers for what they have contributed with, specifically with regard to the connection between SDGs and the cybersecurity and the ICTs in general. As it has mentioned previously, today our lives cannot go without really using the digital technologies for our development, and this affects a lot of our goals with regard to the sustainable development. As previously mentioned, the issue of safe transactions and the safe use of technology for development is extremely important. We have seen in the world the rise of cyber attacks, cyber threats here and there. And as mentioned also, it is extremely important to see that cybersecurity is being addressed not only from security or defense point of view, but it is addressed from really safety and development, and specifically sustainable development. Most of the African countries do have now their digital transformation strategies, but very few of them do not connect the digital transformation and the cybersecurity within those approaches. Second, most of the African countries or actually departments dealing with the digital transformation are most of the time addressing the issue of digital transformation in silo, which though there is a multi-stakeholder approach everywhere, but the problem, the only point where the collaboration is not yet there is that national governance with regard to cybersecurity here. Most of the African countries are lacking that collaboration among different stakeholder. The issue of cybersecurity is addressed by probably the ministers in charge of digital transformation, the ICTs, and the ministers in charge of security slash defense, but other civil society, academia, and others as a multi-stakeholder are very seldom being associated or involved in this endeavor related to cybersecurity. So that lack of national governance with regard to cybersecurity slash connected with the SDGs and connected with the digital transformation for how can I say, global approach for everybody to work on together and make sure that as the representatives of Sweden, I say, have said that we are all moving toward safety, not only within the national borders, but also outside of our board decision. So the point here I wanted actually to highlight is the fact that the multi-stakeholders principle doesn’t apply most of the time in the area of cybersecurity. That is one of the number one. Number two, there is a lack of cyber strategy at the national level. And you will see that most of the African countries do not have really a very, how can I say, efficient, if I may say, cybersecurity strategy associated with development of digital transformation and making together. There is an illusion of safety with regard to buying their firewalls or antiviruses or whatever. And we think that is really the cyber safety, but in fact, it’s not. It’s just what I call generally the illusion of safety. And the third one point I wanted to highlight is that Africa has unique specificity of having a lot of young people. Most of our, 35 of our population is actually very young. And these people, if are very well used and trained, they can be the cyber guardian, not only for Africa itself, but also for all of us. Because I said, the issue of cybersecurity is not only within the national borders, but also everybody. And our performance within that space or the cyberspace is just by the weakest link. So, and Africa should not be really the weakest link in all that. So this, I stop here is just as an introduction, but bottom line, it is extremely important that the multistakeholder principles be applicable also within the framework of cybersecurity. That is the main things. And Africa not should be a net consumer of products that are being manufactured here and there, but also should create its own ecosystem in terms of human capacities, in terms of cyber industry and cybersecurity industry as well. I stop here and I’ll be glad to answer some specific question. Over to you, Tania.

Tereza Horejsova:
Mokhtar, thank you very much. You’ve been quite critical about the situation in Africa when regards to this topic, but rest assured that we have experienced these challenges, be it on the siloed approach or maybe not as efficient multistakeholder participation in other parts of the world. And that’s also why we want to discuss it here today. So thank you. Turning now to you, Chris, the Global Forum on Cyber Expertise has, let’s say, evaluated this topic of cyber and development intersection as quite vital or challenging, to the extent that it has decided alongside its partners to organize a major conference on global cyber capacity building that will be happening at the end of November in Accra, Ghana. So first of all, like, why the angle also for the GFC and how do you expect these issues to be tackled in the discussions there?

Christopher Painter:
Thank you, Teresa. And thank every other speaker for their comments. I agree with what was said before, certainly. And I think it stems from what we’ve heard from the other panelists, that there is this divide between the traditional development community and the cybersecurity capacity building community, much like there’s a divide between the traditional economic and innovation community and the security community on a larger scale. And I think it’s partly misperception that they think of cybersecurity as too technical, but a lot of development projects are technical. But on the other hand, I think they think it’s a defense thing, it’s a security thing. That’s why, you know, for the conference we’re having in Ghana, it’s to bolster cyber resilience. And the term was chosen specifically to address both of those communities. It’s something that resonates with both rather than using the term cybersecurity, which has resonance within this community, but maybe not that much resonance within the development community. And we’ve seen this play out in a lot of different venues. You know, a lot of countries think that cybersecurity capacity building is not, as they say, ODA-able, because they think it’s a military thing. It’s not, but that’s the perception sometimes. We see, even in the negotiations in the UN, I remember in the last, the first WWG, we wanted to get some language in saying that cybersecurity undergirded the UN development goals, which indeed they do. They may not mention cybersecurity as a separate goal or even digitization as a separate goal, but they undergird many of those goals and they’re foundational to it. But there was a little bit of fear that, oh, the development goals are the province of not the first committee, but the second committee. And it’s like, that’s, you know, that’s kind of crazy when you think about it because we’re all in the same world and we all have to deal with these same issues. So the conference in Ghana, and I should emphasize it’s not just a conference for Africa. It is being held in Africa. There’ll be, you know, significant African presence and participation, but as a global conference, it’s for really all over the world. And really one of his chief goals is to bring together that traditional development community and the cyber community to, as others have said on this panel, to mainstream cyber capacity building as a foundational element of development. Now we’ve seen some organizations, one of the co-organizers of this conference is the World Bank. We have the World Economic Forum, the World Bank, the Cyber Peace Institute and us, GFC. We also have a steering committee of a number of countries and organizations, including Microsoft. And so there’s this understanding that we need to mainstream this. We bring these communities together and we’ve seen the World Bank, USAID, the British Development Agency, I think has been on the front foot in the last few years in trying to do this kind of integration, but it’s still rare. And that has implications in terms of, you know, you were saying, for instance, that digitization development projects obviously have a cybersecurity angle, but really almost every development project does, whether it’s water, power, financial systems, almost anything foundational thing you can think of, cybersecurity is important. So we wanna bring these together. We wanna build more understanding. We want to have something, an outcome coming out of this conference that is action-oriented, that really champions this integration and really brings it forward. This is a, you know, it’s a conference, it’s an important marker, but it’s really a process going after that to continue to make sure that people, that we bring these communities together because it will make us both stronger. It will help the development community because if development projects go wrong because they don’t have good cybersecurity, that hurts everyone. And it will help the cybersecurity community because it opens, as others have said, more resources, more access, and more mainstreaming. So we’re really looking forward to the conference. It’s a big undertaking, but I think it’ll be well worth it. And as I said, it’s really the beginning or maybe the midpoint of a process rather than the end of a process. It’s something which I think we’re gonna have to all persevere and continue to do.

Tereza Horejsova:
No, thank you very much, Chris. So yes, what I like that you also presented it, that if these two worlds interact a little bit more, that it should ultimately be win-win. It should be win for both the development community and the cybersecurity community.

Christopher Painter:
I don’t wanna be perceived as saying that, hey, those development guys don’t know what they’re doing and they need to embrace us. We’re not good at talking to the development community either, the division lays on both sides. And so the idea of bringing us together is for both of us to move toward each other. And I think that’s important.

Tereza Horejsova:
Thank you, Chris. No, totally. How can we use the development language more? How can the development community use the cybersecurity language more to understand each other better? At this point, I would actually like to turn to you. I know I can recognize some faces in the room. I know many of you have been involved also in various development projects and maybe come across some challenges when it comes to cybersecurity or vice versa. You have been in cyber projects that maybe struggled with linking it to some of the like bigger issue of international development. We really would like to hear from you. And please don’t let us down because this is important. And I hope it’s in everybody’s interest that the compendium we will publish or also any outcomes that will come from the GC3B, the Global Conference on Cyber Capacity Building really make a difference, yes? So if I may ask you to not be shy and come to one of the Microsoft, not Microsoft, microphones. Sorry. I didn’t know you guys bought that. To the microphones around the room and share with us some concerns, it would be excellent. Because if not, you will just be listening to us. Please, Patrick, if I may ask you. So this is Patrick Pawlak, very closely involved in planning of the GC3B. So what do you have to tell us? Thank you.

Patryk Pawlak:
Yes, thank you. I’ll break the ice and hopefully others will follow. So thank you for your presentations. I have a few comments that I think might be interesting as you move forward with thinking about this project. I’ve been involved with the European Union in a few projects that are linked on cyber capacity building. And I think one of them specifically might be relevant, which is the trainings we’ve been doing with colleagues for the officials of the EU delegations around the world in different parts of the world. And that’s specifically focused on cyber capacity building. But one of the big challenges that we have seen while doing those training is that diplomats are also more and more asked to engage not only on cyber projects, but also on digital issues. There is a lot of digital development projects, as you have said. And the challenge on the ground is that actually very often they do not really understand the difference. What is digital, what is cyber, and how do the two come together? So I think as you conceptualize the project, and before you even go to the introductions, it would be probably very useful to explain how the two come together and where the idea of the mainstreaming sort of comes in, because that very often poses a challenge. The second thing maybe I would like to share, and that’s again from another project that I’ve been involved in, is the operational guidance on cyber capacity building that we’ve been working on for the European Commission. And there we have really gone through the process of trying to think exactly how different aspects of cybersecurity can be reflected, taken on board, in actually developing development projects. So here I think the European Commission and the International Partnerships is actually one of the examples of this development agency, if you want, that has actually quite a good understanding of those issues, because that’s the process we have started in 2017. We had the second edition of this operational guidance. But we are touching on a lot of the points that you have flagged, the importance of context, for instance. One of the key issues that we found is important but very often neglected in those discussions is the importance of enabling environment, for instance, when we talk about cyber capacity building. And I think that’s exactly where mainstreaming and digital projects also come in, right? Because we very often say that the two sides of the same coin. And I think it will be important to reflect on those. The operational guidance, I think, is going to be published before your report. So I think it might also be useful, but I’m happy to share sort of a job that we have had, because we actually go in different direction, thinking how cyber capacity building fits. So mainstreaming is one of them. There is the risking approach that we are also looking at. So I think it might be interesting to think of how those different elements come together. But yeah, I’ll stop here.

Tereza Horejsova:
Thank you. Thank you very much, Patrick, for the excellent inputs and breaking the ice as well. I think that Johan is quite well placed to tell us something on kind of the diplomats, you know, and how do you make the difference? Where is the line between cyber and development? Maybe, Chris, then to you on this like general question on what do we mean by mainstreaming cyber and development? And please give me a sign, Michael or Yasmin, if you want to chip in later. Please, Johan. Yes, Patrick? Did I misinterpreted you?

Patryk Pawlak:
No, no, you didn’t, but maybe I’ll give. one example that will make it very, very concrete. So for instance, during one of the trainings, we got very specific question about blockchain, right? So one of the colleagues said, you know, we are asked in the delegation to implement a project on blockchain in the justice system. How does cybersecurity fit? How do we actually approach those topics? And then they say, you know, we are neither experts on blockchain nor on cybersecurity. So how can we actually manage that on the ground? And I think that’s something that would be very interesting to think about as well.

Johan Eckerholt:
Thanks Patrick for a very challenging question. I mean, I can just say that, I mean, I started out on the cybersecurity side and spent many years in Brussels dealing with more the hardcore stuff on the cybersecurity and now I’ve been almost five years in Geneva and that’s the much more the digital side of it. So I can just agree very much with what’s said. I think on the funding side, yeah, from a Swedish point of view, we are struggling a little bit because when I came, I said, but why don’t we fund? And the answer got, well, these are UN specialized agencies. They are not development agencies. So that’s a problem. And I think what you mentioned on getting it together, yeah, it’s a hassle and it’s a challenge. What we have been doing now is we have set up a national security advisor in Sweden and that’s at the Prime Minister’s office. So hopefully that will help us in integrating these things because it is tricky to get this right. But I think what at least we can see from a national perspective and what we feel in Geneva is that everybody understands that digital is a part of everyday life and it touches all aspects. So cybersecurity, or if you mean digital security, needs to be integrated. And I think from a Geneva perspective, I mean, yes, you have the hardcore cybersecurity stuff in the sense that you have Cyber PC Institute working on how to help implement cybersecurity. For example, NGOs working in humanitarian field, they have extremely sensitive data. ICRC suffered a major attack. Also have, so there you have the link directly, but of course you also have the issue of digital security, if you would call it that, in how we deal with standards in the ITU and the ISO. And then of course we have the whole human rights angle, which also has security implications because I think we talk a lot about bridging the digital divide and we all need to do that. But I think the minute we get there, the first thing I want as a parent is that when my kids go online, that it is a safe and secure environment when they do that. And then for me, that we have trust, security, that the basic rights are respected, for me as an individual, very fundamental. And for Sweden it’s fundamental, so that’s why we think these are things. But I mean, getting the link right between the development community and, so to say, perhaps the classical defense community, but I also think the economic community is something that we are struggling with. So I’m not, but we are working on it. I think the best thing we can do is to try to build these kind of networks and try to work together. And I have the privilege of being in Geneva and seeing that, because I mean, I also deal with e-commerce negotiations in WTO. So there we try to get those overall regulations that are key for getting trade flows and digital flows going. And we have language on cryptography, we have language on cybersecurity in there. And yes, they will not be specific, but they will actually create that link to what is needed on more the implementation side. So I think we, I see a closer and closer integration on it. And I think what you have been doing, Patrick, is actually excellent, because we need a lot of capacity building. And I think we all need that capacity building. And I think the importance of what you’re making is that we need a holistic capacity building, because we need to be able to explain what are the pieces, but also how the pieces link up. Thank you.

Tereza Horejsova:
Thank you very much for this honest assessment. Chris, if I may turn to you on the intersection, and you know what we mean by mainstreaming, and then over to Mokhtar.

Christopher Painter:
So I can give you a couple stories. I remember when I was at the White House and working at the National Security Council, we were doing the international, US international strategy for cyberspace. It was the first international strategy on this topic that had been released by any country. But the National Economic Council people said, you can’t call it that, because it’s about cybersecurity. And it’s not about cybersecurity. It actually had elements of economics, it had human rights. In fact, we got a whole bunch of people in a room very much like this together from various agencies in the US government. And they didn’t speak the same language, the human rights folks used one set of words. Internet policy people called the internet, the security people called it cybersecurity. And so just getting those people in a room and meeting and talking together released a strategy that really fulfilled that larger goal, a larger goal with each of their different areas feeding into it. So that was very helpful, just bringing those communities together. I remember going, for instance, to another country, and we’re talking about ITU meetings. And they said, oh, we don’t go to ITU meetings, that’s this other ministry, because that’s telecommunications. But as you know, the ITU does much more than that. And so it’s breaking down barriers within a country, within governments, within governments in the private sector, within the private sector itself, within civil society, I think it’s really changing the way we think about this. And, you know, we are seeing good glimmers of that. For instance, when I was the State Department and started the Cyber Diplomacy Office, we weren’t just about security, we had a human rights component, we had an economic component. Now that’s been institutionalized, you know, in a number of countries, the cyber ambassador is also the digital ambassador. So that’s a good thing. And I think that’s one of the ways practically we need to bring this together. But we have a long way to go to really make that a reality. And that helps us each see opportunities on the other sides that we haven’t seen before.

Tereza Horejsova:
Thank you, Chris. First hand experience from you, and Johan was kind of smiling when you were speaking, because I think you recognized quite a lot also happening in other governments. Mokhtar, over to you, please.

Moctar Yedali:
Thank you, Teresa. And actually, the question raised or the comment raised by Patrick is extremely important. In this part of the world, Africa specifically, you can find a very excellent diplomat, they know exactly about the geopolitics, what is happening here and there. And you have, but they don’t have anything, they don’t know anything about techniques, technology. Specifically, they cannot even, even if they are very interested on that, the rapid pace of technology coming into our lives is actually for non-technical person, it is very hard to follow what’s happening. And second, you can find an excellent technical people who knows technology very well, but have no idea about the geopolitics and what is happening really in the area of diplomacy and so on. So even though they want to really to be part of it, the transformations, the geopolitical transformation today make it also very hard. And I just give an example, we have reached this level of development within the digital space, thanks to collaboration among all of us, technology, industry, we have had this technical and technology cooperation that made us reach the humanity advance. Today, we are seeing something that is different, we are seeing different technologies coming here and there, and the restrictions here and there. And even I may say, we are moving a little more and more to already the digital divide in the sense that we do have different setups and technologies in every area of the world, which bring us, we are coming into the cold technical war among the biggest countries. Hence, the smaller countries are just here following. And I wouldn’t be surprised if in the few times here, you will have to choose, shall I go by this system or that system or that technology or that technology? And you find the consumers that are those who don’t have a technological ecosystem or have the appropriate capacity, find them following, and rather than carrying one or two phones, they will be carrying thousands of them around their belts, and just in order to be connected here and there. So that technological cooperation and that bridge between technical and diplomats, and that continuous capacity building, not only continuous, it’s a permanent kind of thing. This is something that has to be, capacity building is not one time, it’s not a short period, it’s something that is permanently being addressed and needs to be addressed because the technology is so fast, so diverse, so integrated, and so machine oriented and controlled that we need to make sure that we as a human being are there, technically cooperating, and also really pushing for the technological cooperation for the safety of all. I stop here.

Tereza Horejsova:
Thank you, thank you very much. I apologize. Thank you very much, Mokhtar. Yes, I know we have a comment online, then I will go to Yasmin, then to you, Michael, okay? So Alan, Sabanlong would like to give us some perspectives from the ASEAN region, joining us from the Philippines, over to you.

Allan S. Cabanlong:
Hello, Tamiza, and hello, everyone. Yes, this is a very nice discussion, just in time, because most of the countries here in ASEAN are gearing towards digital development. But however, with disruptions, ransomware and everything, these developments are affected. So in an increasingly digitized world, where our lives are intertwined with technology, there’s a need to have a robust cybersecurity governance, if I may say. The rise of the digital age has ushered unparalleled inconvenience, but it has also exposed us to unprecedented risk. So to achieve this seamless digital governance and avert potential disruptions, it is imperative that we prioritize cybersecurity governance as a top priority. And in ASEAN, based on experience, leaders are not interdisciplinary. As we have said, most of the leaders in the government, or in some areas in ASEAN, only understands a single expertise. For example, if you’re the policy guy, but you’re not a technical guy. But I believe what we need to achieve digital transformation and secure digital landscape is to have an interdisciplinary leader who understands all aspects of cybersecurity and as well as the digital aspect of development. So I believe without proper cybersecurity governance, organizations and governments are akin to sailing without a rudder in treacherous waters, leaving themselves exposed to potentially catastrophic consequences. Thank you, Teresa.

Tereza Horejsova:
Thank you very much, Alan, for that. Yes. And I mean, yes, it comes down to people very often. That’s why we’ve also brought up the issue of cyber capacity building and capacity building in general so often in the session. So thank you for reconfirming that. Just to have an idea, how many more comments in the room we will have to plan? One. Very good. So quick reflections to Yasmin. Quick reflections to Michael. And then we go over to you, sir. Yes. If you want to go now. Okay, please go ahead then.

Audience:
I’m from the government of Sri Lanka. I’m a civil servant and I served in New York as a diplomat by the time the SDG was formed. I was part of the open working group. I knew that it is challenging to internalize everything under SDGs, but when it comes to development, practicing and funding partnerships, I’m not sure whether the development or the community is looking into this aspect and what portion should be allocated in the budgeting and planning on critical information infrastructure. Is there a particular guideline for certain fund seekers and other partners or if there is a formula or something that can work around this, I think it would be helpful. So Sri Lanka, we adopted the cybersecurity strategy and developed the cybersecurity policy as well. These things have to go into the standard organizational structures as well as periodic development projects as well. That’s my comment.

Tereza Horejsova:
Excellent question. Thank you very much for that. For everybody’s information, we have about seven minutes left. Yasmin, Michael, Johan, maybe to share with us what comes next and then 20 seconds for wrap up. So let’s reflect shortly. Thank you.

Yasmine Idrissi :
I’ll make sure to be very brief. Thank you for your question. So definitely there needs to be thinking of cybersecurity in development projects and I’m always sort of adamant in trying to look into other fields for lessons learned. We cannot look into climate, for example, in climate negotiations because it’s also highly technical. It’s also quite, there’s a specific expertise and it might be very much intimidating for policy people, diplomats. But now there’s this understanding that it’s obviously highly interlinked with development as well. So let’s look also into other lessons learned from other fields. I mean, holistic views of governance are not something new and so I think it’s important and so I think it can be done in cybersecurity as well. Totally agreed. Michael? Sure thing. Thank you.

Michael Karimian:
So just a quick reflection on Patrick’s example and the colleague from Sri Lanka as well. Patrick, your example of the diplomat being asked to work on a project related to blockchain in judiciary. We’ve seen the digitization of court systems. In some contexts, you will see donor agencies and development practitioners use things like a needs assessment and a feasibility assessment and an impact assessment. Surely, based on these discussions, we should end up in an end point whereby there is a real assessment of the cyber feasibility and the cyber needs and the cyber impacts. Chris mentioned the institutionalization of human rights, took a long time to get to that point, but we’ve seen that in those sorts of processes or variations of those processes. Hopefully we can end up in a similar point with cyber too. And the colleague from Sri Lanka, the question on budgets. I think it’s important to have a mindset whereby we don’t think of cybersecurity as a cost, but as an investment. The one that pays dividends over many years to come.

Tereza Horejsova:
Thank you very much, Michael. I’m afraid that the time is really ticking. So, Johan, may you share with us briefly what are the next steps of the consortium of the project?

Johan Eckerholt:
Yes, thank you very much. I think it was a very, very useful discussion. We take this with us and we will have another consultation coming up in Singapore. And the aim that we are hoping is to produce guidance for this by December. So that will be something that we hope to be able to consolidate your points in a way that is useful so we can take this issue forward. Thank you.

Tereza Horejsova:
Thank you very much, Johan. If any of you do happen to be attending the Singapore International Cyber Week next week, please let us know so that we make sure to invite you to a consultation that will be taking place more in the kind of Southeast Asian context. Please do let us know. Coming up next will also be a session at the GC3B. And as I mentioned at the beginning, we hope to publish the compendium in December. With that, I would like to thank all of you for listening, to all of you who have shared your experience with us, to online Mokhtar and Alan for all of your inputs, and here in the room to Chris, Yasmin, Michael and Johan. Have a good rest of the IGF and see you around. Thank you. Thank you.