Meeting Spot for CSIRT Practitioners: Share Your Experiences | IGF 2023 Networking Session #44
Event report
Speakers and Moderators
Speakers:
- Masae Toyama, JPCERT/CC, Civil Society, Asia-Pacific Group
- Hiroki Mashiko, NTTDATA-CERT, Private Sector, Asia-Pacific Group
- Bernhards Blumbergs, CERT.LV, Government of Latvia, Western European and Others Group
- Adli Wahid, APNIC, Technical Community, Asia-Pacific Group
Moderators:
- Masae Toyama, JPCERT/CC
- Hiroki Mashiko, NTTDATA-CERT
- Adli Wahid, APNIC
- Bernhards Blumbergs, CERT.LV
Table of contents
Disclaimer: It should be noted that the reporting, analysis and chatbot answers are generated automatically by DiploGPT from the official UN transcripts and, in case of just-in-time reporting, the audiovisual recordings on UN Web TV. The accuracy and completeness of the resources and results can therefore not be guaranteed.
Knowledge Graph of Debate
Session report
Full session report
Audience
In the analysis, the speakers emphasised the importance of building bridges between different communities to contribute to an open, free, stable, and secure internet. They highlighted the need for increased interaction and adoption of each other’s languages and processes between network operators and cybersecurity specialists. This closer collaboration would facilitate a more effective response to incidents and enhance overall information sharing in the field of cybersecurity.
The speakers also stressed the significance of finding a balance between security and stable communication. They acknowledged that while security is essential for protecting networks and data, it should not hinder the smooth flow of communication. Striking this balance ensures that individuals and organisations can communicate freely while maintaining a safe online environment.
Cooperation at both the national and global level was identified as highly beneficial for internet security. The analysis indicated that different regions have various experiences that can be shared for mutual benefit. Adopting a “defend locally, share globally” approach contributes to wider global security and promotes cooperation in tackling cybersecurity challenges.
Furthermore, the speakers discussed how geopolitical issues can both challenge and strengthen the cooperation of Computer Emergency Response Teams (CERTs). While geopolitical tensions can potentially hinder cooperation, recent events have highlighted how the commitment to keeping the internet secure has strengthened certain relationships despite these challenges.
The analysis also highlighted the crucial role of sharing information in tracing the origins of cyberattacks. However, it was noted that this can be difficult due to factors such as local laws and regulations and the intersection between cybersecurity and national security. Despite these challenges, the speakers emphasised the importance of sharing information to effectively combat cyber threats.
Resource limitations were identified as a constraint to international cooperation. The analysis suggested that having expert-level communication specialists is necessary for continuous monitoring and maximising resource findings. Addressing resource constraints would facilitate more effective international cooperation in the field of cybersecurity.
In times of global crises, such as the current pandemic, the speakers emphasised the need to continue information sharing. They viewed the pandemic as a blueprint for global information exchange during crisis situations. Even amid geopolitical tensions, the speakers concluded that the continuation of information exchange is vital to effectively address cybersecurity challenges.
Overall, this comprehensive analysis underscored the importance of building bridges between different communities, striking a balance between security and stable communication, and promoting cooperation at both national and global levels. It also highlighted the challenges and opportunities presented by geopolitical issues, the significance of sharing information, the constraints of resource limitations, and the importance of continuing information sharing during global crises.
Bernhards Blumbergs
A recent meeting addressed the importance of freedom, openness, and security on the internet. While acknowledging that achieving all three aspects simultaneously may not always be possible, participants stressed the need for ongoing efforts to strive for them. The argument put forth was that the internet should be a space that promotes freedom of expression, ensures open access to information, and prioritizes user security and privacy.
Regarding information sharing, participants highlighted its crucial role in the development and progress of the internet. Even during times of geopolitical tension, it was emphasized that continued information sharing is vital. Peter Koch from the German top-level domain registry specifically emphasized the significance of maintaining information exchange despite any underlying political conflicts. Additionally, the meeting discussed how the COVID-19 pandemic served as a blueprint for prioritizing global information exchange during a crisis, showcasing that challenges can be overcome to facilitate the flow of information.
The meeting also underscored the need to understand and prioritize device and personal security. Participants agreed that enhancing cybersecurity requires individuals to have a deeper understanding of device security and personal security practices. Furthermore, they recognized the essential nature of practicing good cyber hygiene at both personal and national levels to create a safer internet environment.
Importantly, it was emphasized that information sharing should not be restricted to specific layers within the internet infrastructure. Participants argued that sharing information should extend beyond technical, operational, and strategic layers and instead be facilitated between these layers. Building understanding and effective communication across different levels of the internet infrastructure were highlighted as crucial aspects of successful information sharing.
In conclusion, the meeting highlighted the importance of striving for freedom, openness, and security on the internet, despite the challenges of achieving all three simultaneously. It also emphasized the critical role of information sharing, particularly during periods of geopolitical tension and crises. Additionally, understanding and prioritizing device and personal security, along with facilitating information sharing across various levels of the internet infrastructure, were identified as key factors in creating a better and more secure internet environment.
Adli Wahid
Adly Wahid, a security specialist at the Asia-Pacific Network Information Centre, is actively engaged with the CERT and C-CERT community in the Asia-Pacific region. This engagement allows him to interact with various stakeholders involved in cybersecurity, fostering collaboration and knowledge sharing.
Previously, Adly Wahid has gained valuable experience working for the National CERT, Malaysia CERT, and a CERT dedicated to the financial institution. These prior positions have equipped him with a strong background in handling cybersecurity incidents and implementing effective security measures.
The importance of cooperation between CERTs and CSIRTs at both national and global levels is paramount, as it ensures a wider exchange of experiences and technologies to effectively combat cyber threats. By collaborating and benefiting from one another’s expertise, CERTs and CSIRTs can enhance their capabilities in dealing with cybersecurity incidents. Despite global problems and adversarial geopolitical issues, cooperation between these entities has actually been strengthened, showcasing their commitment to making the internet a secure and safe place.
Recent geopolitical issues have played a positive role in strengthening the cooperation between CERTs and CSIRTs. The analysis reveals that these geopolitical issues have actually heightened the commitment to collaboration, as stakeholders recognize the shared interest in safeguarding cybersecurity. By uniting, these entities are better equipped to address the evolving challenges in the digital landscape.
Overall, Adly Wahid’s expertise and experience, combined with the increased cooperation between CERTs and CSIRTs, contribute to ongoing efforts to ensure cybersecurity at various levels. This insight highlights the significance of international collaboration and knowledge sharing in effectively tackling cyber threats and promoting a secure digital environment.
Masae Toyama
Masae Toyama, a cybersecurity practitioner, has drawn attention to the pressing need for increased representation of cybersecurity workers in internet governance forums. In these spaces, Toyama noticed a distinct lack of voice for professionals in the field of cybersecurity, and they encountered difficulty in connecting with others who shared similar backgrounds during previous forums. This experience prompted Toyama to recognize the necessity for a dedicated platform where cybersecurity meets internet governance.
Toyama firmly believes that cybersecurity practitioners play a fundamental role in upholding a secure and stable cyberspace. However, despite their significance, their presence and voices are not as prominently heard among the various stakeholders within internet governance forums. Drawing attention to this disparity, Toyama advocates for a stronger representation of cybersecurity experts within these platforms.
Toyama’s positive stance emphasizes the importance of creating a space where the intersection of cybersecurity and internet governance can be realized. By fostering a greater inclusion of cybersecurity professionals within forums like the Internet Governance Forum, the collective knowledge and expertise of the cybersecurity field can be harnessed to effectively address the challenges and concerns of internet governance.
In summary, Masae Toyama highlights the pressing need for a more robust representation of cybersecurity workers in internet governance forums. Their personal experience revealed a lack of voice for cybersecurity professionals, and they emphasize the essential role they play in maintaining a secure cyberspace. Toyama advocates for the creation of a platform where cybersecurity and internet governance intersect, in order to strengthen the presence and voices of cybersecurity practitioners within these influential forums. This perspective offers valuable insights into the ongoing dialogue surrounding the intersection of cybersecurity and internet governance and underscores the significance of including diverse perspectives in shaping the future of the digital landscape.
Moderator
The need for increased representation of cybersecurity practitioners in the Internet Governance Forum (IGF) is emphasised. Currently, there is a lack of individuals with backgrounds in cybersecurity, such as those working at CERT or actively involved in cybersecurity, participating in the IGF. This lack of representation results in their voices not being heard as loudly as other stakeholders.
A proposed session by a speaker is recognised as beneficial for all participants. The session aims to address the need for greater involvement and voice of cybersecurity practitioners in the IGF. It is expected that such sessions will provide a platform for cybersecurity professionals to share their expertise and insights among the various stakeholders involved.
Networking sessions are also implemented to encourage participants to interact and discuss their experiences and views on cybersecurity. These sessions provide an opportunity for attendees to engage with individuals they may not have spoken to before, fostering collaboration and the exchange of ideas.
Building bridges between network operators and cybersecurity specialists is considered crucial for establishing an open, stable, and secure internet. Recognising that these two professions utilise different languages, mindsets, concepts, and processes, there is a need to bridge the gap between them. The initiative taken by organisations like ADLI in strengthening the partnership between these communities is highly regarded.
Several challenges in the field of cybersecurity are identified, such as the obstacles related to information sharing. Cyberattacks are often unpredictable, making it difficult to trace their sources. In addition, local regulations and national security issues can complicate the sharing of information. These challenges need to be resolved in order to build strong collaborations and improve cybersecurity practices globally.
Resource limitations and the need for capacity building also pose significant challenges in the cybersecurity sector. Constant monitoring, particularly through cooperation with international entities, requires specialist skills. Given the link between cybersecurity and national security, enhancing capacity building initiatives becomes imperative.
The importance of information sharing and building trusted networks for message exchange is emphasised. It is not only necessary to share information within specific layers of cybersecurity but also between those layers. By doing so, a deeper understanding can be developed, contributing to a more comprehensive and effective cybersecurity framework.
Cyber hygiene, which entails understanding device security, personal security, and learning about cyberspace, is considered essential for maintaining a secure online environment. The responsibility for practicing cyber hygiene extends to all individuals, not just technical experts. By promoting the importance of cyber hygiene, stronger global communities can be built, further enhancing cybersecurity.
In conclusion, the need for greater representation of cybersecurity practitioners in the IGF is highlighted. Proposed sessions and networking opportunities aim to address this need, facilitating knowledge sharing and collaboration among stakeholders. Challenges related to information sharing, resource limitations, and capacity building are identified, emphasising the necessity for proactive measures. The significance of information sharing, building trusted networks, practicing cyber hygiene, and ensuring widespread understanding of cybersecurity principles are all crucial for creating a secure and stable cyberspace.
Hiroki Mashiko
The analysis highlights key points about Entity Data, a prominent system integration company in Japan. It is noted that Entity Data has an internal Computer Emergency Response Team (CERT), known as Entity Data CERT. This CERT is responsible for handling and responding to cybersecurity incidents within the company.
One notable fact revealed in the analysis is that Hiroki Mashiko, an individual associated with Entity Data, works as a forensic engineer at Entity Data CERT. This indicates that Mashiko is involved in investigating and analysing digital evidence related to cyber incidents within the company. The analysis suggests that Mashiko’s role as a forensic engineer emphasises his technical skills and expertise.
Another point made in the analysis is that Mashiko is described as being more focused on technical aspects rather than governance-related matters. This suggests that his strengths lie primarily in technical areas rather than broader aspects of corporate governance. However, the analysis does not provide further information regarding Mashiko’s specific responsibilities or tasks within his role.
The analysis overall has a neutral sentiment, indicating a lack of strong positive or negative opinions or emotions. While it offers valuable insights into Entity Data, Entity Data CERT, and Hiroki Mashiko, it does not draw any further conclusions or assessments beyond these observations.
To summarise, this expanded summary provides a more detailed overview of the analysis. It highlights Entity Data and its internal CERT, Entity Data CERT, as well as Hiroki Mashiko’s role as a forensic engineer. Furthermore, it emphasises Mashiko’s technical orientation and the neutral sentiment of the analysis.
Session transcript
Masae Toyama:
May I share my screen? Thank you. All right then, yeah, before we get started, I’d like to ask the moderators to briefly introduce themselves. So first, I’d like to pass the mic to Mashiko-san, and then later on online, Ali and Vivi. So off you go, please.
Hiroki Mashiko:
Hi all. Hello, I’m Hiroki Mashiko from Entity Data CERT. Entity Data is one of the major system integration company in Japan. And Entity Data CERT is the internal CERT of the Entity Data. Actually, I’m a forensic engineer of Entity Data CERT. So actually, I’m a technical-oriented people, more than governance-oriented, and so on. But maybe you know, the governance itself is strongly connected to my work as well. So I’m looking forward to hearing your opinions of today’s discussions. So let’s make a great discussion today. OK, thank you.
Masae Toyama:
Thank you, Mashiko-san. May I pass the floor to Ali?
Adli Wahid:
Yep. Ohayou gozaimasu. Good morning, everyone. My name is Adly Wahid, and I am with the Asia-Pacific Network Information Center as a security specialist. I do a lot of engagement with the CERT and C-CERT community. in this region, including helping to establish newer CERTs. And in the past, I have used to work for National CERT, which is a Malaysia CERT, and a CERT for the financial institution. So looking forward to discussing and chatting with everybody today. Thank you.
Bernhards Blumbergs:
Thank you, Adli. So last but not least, Bibi Sam, please. Minna-sama, oihou gozaimasu. Welcome, everyone. Good morning. My name is Bernhards, but everyone calls me Bibi, so please follow these guidelines. I am here in Japan in Nara Institute of Science and Technology doing my postdoc, but I am a member of the National CERT team of Latvia, so CERT LV, and also I’m affiliated with the NATO Cooperative Cyber Defense Center of Excellence in Tallinn. I’m the ambassador and former researcher for that center of excellence. Well, I’m looking forward to moderating and having a productive conversations with you.
Masae Toyama:
Thank you, Bibi-san. The more strict guideline is presented, so please follow. Well, thank you. So my name is Masaya Toyama from JP CERT Coordination Center. I became part of CERT community four years ago, and my first IGF was 2020, which was fully online. Then in the last IGF in Ethiopia, actually it was so hard for me to find people with similar backgrounds, namely working at CERT or doing cybersecurity. So my idea was to break out of this situation and create a place where your day-to-day work in cybersecurity meets internet governance. While cybersecurity practitioners plays an important role in keeping secure and stable cyberspace, their voice in the IGF is not that loud enough amongst various stakeholders in IGF. So I think that the more fellows we get, the louder our voice would be so that we know what needs to be done. This is the background story of why I decided to submit the IGF session proposal. I am delighted that the IGF found my proposal beneficial to participants. Well, however, if they really care about us, I think the session should be set for. later, not kicking off at 8.30 in the morning. Anyway, I don’t want to spend too much time on me speaking. So now I’d like to listen to participants’ self-introduction. So would you please? Yes, I will pass the mic. Online first. Well, thank you. So let’s have some voice from online participants. So I’d like to open the floor, especially for online. So please, participants, if you’d like to start. OK, so let me read out the names. And if you can turn on your microphone on, you can have a brief self-introduction. So let me call out the name. Is there Kenny Chantre? Hello? Hello. Hi. Thank you for coming. Would you please introduce yourself and what made you come to this session? Hello.
Moderator:
My name is Kenny Chantre. I am Cape Verdean, living in Cape Verde in these moments. My interest to come to this meeting is to know it’s. to know more about internet governance. For now, I am ambassador from Pan-Africa Young, ambassador for internet governance. And my interest is to know more about internet governance. Thank you. All right, thank you so much. So let’s move on to, sorry, my pronunciation. Captioner Terrarin. Hello. Oh, sorry. I just messed up. So let me move on to the next person, who is Francisco Mostedosa. Hi. Hello, nice to meet you. My name is Francisco from Ecuador. It’s very important, the networking, the initiative of the multi-stakeholder. But in my country, it’s important to promote these actions and these events for all stakeholders. Thank you so much. Thank you very much. So let’s move on to the next person, Amir Adas Mohammadi Koushiki. Thank you. Hello. May I ask you to introduce yourself very briefly? I’m sorry, Amir, we cannot hear you. Right. So in this case, let me, uh, thank you so much for, uh, for, uh, for, uh, for, uh, Thank you so much for, uh, putting yourself on mute. We will, uh, ask you to later on to have yourself in the breakout discussion. So the last person at the moment is Saudia Pina Mango. Hello. Good morning. If you can turn on your microphone, we will ask, ask to introduce yourself very briefly. But if not, we will move on to the introduction for online participants, on-site participants. Right, okay, she’s gone. So now we have some people, which is much better than in the beginning compared to the beginning. So, um, okay, so let’s move on. Let’s go back to the original agenda so that we can proceed the breakout discussion. So, um, let’s move on. Here’s a little bit of housekeeping. Let me try to keep it short. So as I said, this networking session is, uh, asking you to, uh, stand up and walk freely to talk to someone you have not yet spoken to. Maybe it’s difficult, especially on, on, uh, on site, but yeah, please try. We will have two or three short sessions. Each session will be 10 minutes. Seven minutes short discussion plus three minutes comment. Comment section is trying to interact with people in on site and online. So we will exchange our comments and try to understand what was going to be discussed. And please cooperate with the moderators for timekeeping, especially because we changed the agenda. The instruction might be different from the original slide. So please, thank you for your cooperation. And we prepared some guiding questions to facilitate the conversation. But besides the guiding question, of course, you can introduce your name and your identification or what makes you to come to this IGF. Yes, of course, you can talk about this kind of icebreaking. And as I see, we have less than 10 participants on site. But I can see the sticky notes on your chest or whatever. So you can identify who to talk. So watch the sticky notes. All right, so let’s go to the first discussion. I will pass the mic to Mashiko-san. OK, so I will read the question. And I will keep the time on this session. So thank you for your cooperation. Good, so after I introduced myself, I finished to read the question. This introduction is only for on-site participants. Please make some two groups, I think. Two or three. Two or three groups, yeah, I think. And start the discussion, please. OK, so the first guiding question is, when do you feel that your commitment to cybersecurity is creating and sustaining an open, free, and secure internet? Yeah, this is a bit difficult question, I guess. Maybe it’s especially difficult for the brain in the morning. Yeah, but yeah, let’s. Yeah, actually, I tried to put the easiest one on the site. So yes.
Audience:
Hi, my name is Pablo. I work with Adly in APNIC. And perhaps we can just have an open conversation here around these questions, because we kind of know each other or not. But perhaps it is good to contribute on the record for also leaving this on the webcast and transcript. So I would like to tell you a little bit about when I feel that our commitment to cybersecurity creates and supports an open, stable, and secure internet. And I think it’s all about bridges. In our case, our community is mostly by network operators, internet service providers. And early on, around 10 years ago, we thought about how the network operators need to interact more with the cybersecurity specialists. And we also realized that these are kind of two different professions. and how to build those bridges between them. So in order to create cross-pollination between communities, it is important to be ready to explain yourself in a language not necessarily yours. And both network operators and cybersecurity specialists use very particular language, mind frames, concepts, processes. And the processes of incident response are very different from the processes of patching and connecting networks as well. So in order for these communities to interact, they need to struggle a bit to explain themselves to each other and build that bridge. And we have found that fascinating. And ADLI has been an incredible bridge among these communities, but also as well with other communities, such as the policymakers and other parts of the technical community as well. So something that we have learned throughout the years is that the best way to contribute to an open, free, stable, and secure internet is not only by doing your work very well within your area of specialty, but actually to really build those bridges. And something that is very important in incident response is cooperation and information sharing one way or another. And the more obstacles and blockages we put to this transfer of information and collaboration, the least we contribute to an open, stable, and secure internet. In summary, I think it’s all about bridges. And I think this is an effort to bridge between different colors and specialties. And thank you for organizing this very cool workshop.
Moderator:
Thank you, thank you for great comment. I believe that the creating networking in this session is much important because of your opinion. I totally agree with your opinion, thank you. So okay, so let’s create groups, some groups and have a discussion of the topic. So I think the online participants, it’s already separated to some breaking out rooms, I guess. So for on-site participants, please stand up, gathering and talking, start talking, thank you. Hi, I’m here to join the group. The group? Breaking out room? But please stop talking. And please pay attention. Can you show it to me? OK. So I would like to pass the mic to some people, one people from on-site and one people from online, and ask your opinion of the guiding question. OK, so does anyone have an opinion of the first guiding question? Or what kind of opinions did you exchange during the chatting?
Audience:
OK, go. Go, please. So I’m the government-side person, so I’m talking about what we focus on the dialogue on the global conversation. We, Japan, I’m a senator from the Japanese government, and I focus on the, when I talk the oral experience, I focus on the balance of the security and stability communication. So the best solution to security is, one of the best solutions is shutting down, but to connect stably is also important. So when we talk with the other government people, we would like to focus on the balance of the security of communication and stability of communication. That’s my experience. OK, thank you very much. Can you please introduce yourself, or name and? I’m Masaki Nakamura from the Ministry of Internal Communications. International Affairs and Communication of Japan. Thank you.
Moderator:
OK, thank you very much. OK, so I would like to pass the mic to online participants. Adele-san, can you please give the mic to one participant from online? Thank you for waiting, online participants. So I suppose there’s a conversation in online participants. Adele-san or Bibi-san, is there anything that you listen to? I’ll just stop the timer and have some time for online participants. Thank you. Thank you. I’m afraid that online participants cannot hear the voice from the on-site, I guess, because they’re all in breakout room. OK. OK. I think so. Because they’re all in breakout room. And someone is talking. Bibi-san is talking. OK. OK. So. All right, online participants, are you audible? Are you listening to the on-site voice? Can you talk to the mic? OK. So the online participant is now having a conversation, and back in five seconds. Sorry for the logistics. Hello, online participants. We are back. We are back. Sorry. No worries. So I would like to ask opinions for the guiding question from an online participant. Okay. Maybe this time and for the next question, Adly will take the lead, but for this, so we were discussing not only the question itself about how is our work impacting the Internet and the security, but also how is it impacting the user experience. So I would like to ask Adly to take the lead. Okay. Thank you.
Bernhards Blumbergs:
So I would like to ask Adly to take the lead on not only the Internet and the security, but also addressing the question. The question within the question, can it actually be open, free, and secure at the same time? And I think that well, I think it’s not always possible to have all of these three things together, but we can always strive to reach the freedom, openness, and at the same time, security. With this I pass on the floor back.
Moderator:
Okay. Thank you very much. So online participants, I guess you’re already talking about the guiding question, too, right? No, we were talking about one, yes. Okay, okay. Good, good. So let’s move on to the guiding question number two. The question is, what international geopolitical issues prevent CSIRT from an open, free, and secure digital cyberspace in engaging with cybersecurity? And if we cooperate, how can we address this? This is also a bit difficult question for morning brains, but yeah, let’s start talking. OK, so let’s start talking. So for onset participants, please do not talk with your friends. Please make a new networking in this session. OK, so please stand up and gather again.
Adli Wahid:
So there was just three of us in the session. So we discussed a couple of things. But the first part was basically participant sharing the need to always cooperate. So both at the national level as well as globally, because definitely we can benefit from one another. We have different experiences. And when it comes to security, it is important to share quickly. So defend locally, but share globally, so that whatever experience we have in dealing with incidents or security or technology or tools can benefit others so that they can be secure as well. The second part on the geopolitical issues, yes, they do have an effect to the cooperation of the CERT. But in some of the recent events, the geopolitical issues have, in fact, strengthened the cooperation between CERTs and CSERTs. So this is a good sign, because it shows that despite what is happening around the world, there is a community that is committed to making sure that the Internet remains secure and safe for everyone. So that is it. If I missed anything, Bibi, you can jump in quickly. All right. That’s all. No. It’s all good. Oddly covered all the things. Yes. Thank you.
Audience:
Cheers. Okay. Thanks. So next, I would like to hear a voice from on-site participants. Does anyone… Okay. Please. Can you hear me right? Okay. Sorry. Yeah. Okay. My name is Dilnath Dishanayake from Sri Lanka CERT. Actually, my colleague, what the discussion we had. So if I summarize, so first one is, it is kind, you know, the sharing, as the online participation mentioned, it is sharing the information. Because when the cyberattacks happen, it is a sudden one, so we need to share the information. Because we don’t know where the source is coming from. Because it may happen for Sri Lanka context, but the origin is from another country. So finding this source is very difficult. So the sharing information is very challenging. And it’s also affecting with the local context, legal and the regulations, again, because it is actually cybersecurity is in line with the national security sometimes. So sharing information is one thing. And the resource limitation, because when we are cooperation with international, definitely we have to have the expert level communication specialist or something like that. Then only we can just have this. continuous monitoring or whatever the resource find that we can. And also, again, the capacity building, the national and international engagement. So those kind of things that we were discussing, and so at the moment, yeah, I’ll stop here. Okay?
Moderator:
Okay. Thank you very much. Yeah, it’s a very interesting opinion for me as well, but sorry, we do not have so much time. Let’s move on to the next guiding question, so can you please make a slide? Okay. So then question number three is, to promote cybersecurity, what is a key message you would like to convey at this IGF, which is attended by a wide range of stakeholders? Okay, yeah. We can see the many participants from many corporations on this IGF, so yeah, this question is important, I guess. So okay, so let’s stand up and gathering and talking again, please. So please find someone who have not yet spoken to. This is a networking session, so please don’t stick to your friends.
Audience:
Okay, thank you very much for your cooperation. So, this time I would like to ask remarks from on-site first. So, does anyone make remarks of this question? If any of you heard something interesting, told by someone, others, you can share as well. Thank you, thank you. Thank you for putting me on the spot. That was the price to pay for my smile, I guess. So, good morning. My name is Peter Koch. I work for the German top level domain registry and we are engaged a bit with the German CSER network. And in this round, we had a conversation about, yes, the message, but that’s hard in seven minutes, of course. So, take this with a grain of salt, but I think what we agreed on was that it is important that even in the face or maybe because we are facing so many geopolitical tangents, it is important to keep up the information sharing or continue information sharing and maybe the pandemic is a blueprint in a way where there is global crisis, but at the same time, global information exchange. So we need to keep up that information sharing. Thank you.
Bernhards Blumbergs:
Okay, thank you. Thank you very much. So next, I would like to hear the voice from online participants. All right, I will take this one. So this time we were four of us and we tried to exchange a lot of information. This was a very productive breakout session. So although there are multiple things and we encouraged every participant to bring in new viewpoints, so I think this can be summarized in two general key directions. So first of all, this is nothing new. We already touched upon this multiple times, information sharing, but this is not only about information sharing. This is facilitating also where to share the information, trusted networks, building the infrastructure for message exchange, but also designing the groups that can and may share the information because having just people in the group doesn’t make sense. You have to make sure that this information is there and everyone is engaged. Also information sharing, not only within just certain layers like technical, operational and strategic, but also between those layers so that to build the understanding and clarify in simple and understandable terms what this information or how this particular problem resonates also to operational and strategic levels. I’m talking from the bottom up, I’m mostly techie, so that’s why I take it from bottom up, from tech to the higher levels. So this is first one, but the second part is directly related to this. And what we identified is also understanding how to make the internet a better place, understanding the device security, personal security, learning about cyberspace, because if we are. using these tools we have to be well versed and understand how to use this in a best manner possible but also how to use it securely. This comes down to personal cyber cyber hygiene. So we start with just a single entity. But also this is expanded to the nation. It’s not also it’s not only related to experts. It’s related to everyone who is part of the society understanding cyber hygiene and getting to the national level and thus building a stronger global community. Oddly if there’s anything else you add these. Nothing good. You covered everything. Maybe. Thank you. All right. Thank you.
Moderator:
Thank you very much. Yeah it’s a very interesting opinions from me. And yeah it’s impressive for me that the cyber hygiene is important for not only the technical people but also but also all people in the world. And yeah it’s impressive for me and that totally agree with you. OK. Thank you very much. And this is the last question of the three decision. And so I will pass the mic to them again. OK. So I heard some interesting topics covered on site and online as well. So I hope this session had a was a good exercise for your morning brains. And I truly hope that you hope you enjoy the idea of 2023 just because today is a day day one. So I’d like to thank again the moderators supporters and everyone here for making the session happen to embrace the meeting spot for CSAT practitioners at this IGF and to exchange insightful views of each of you of Internet Governance. Thank you very much. Thank you very much. Bye-bye. Bye. Awesome. Well done. Very. .
Speakers
Adli Wahid
Speech speed
162 words per minute
Speech length
322 words
Speech time
119 secs
Arguments
Adli Wahid is a security specialist at the Asia-Pacific Network Information Center
Supporting facts:
- Adly Wahid introduced himself as a security specialist at the Asia-Pacific Network Information Center
Topics: Cybersecurity, Asia-Pacific Network Information Center
Adli Wahid is involved in the engagement with the CERT and C-CERT community in the Asia-Pacific region
Supporting facts:
- Adly Wahid does a lot of engagement with the CERT and C-CERT community in the Asia-Pacific region
Topics: CERT and C-CERT community, Cybersecurity in Asia-Pacific region
Adli Wahid has previously worked for National CERT, Malaysia CERT and a CERT for the financial institution
Supporting facts:
- Adly Wahid has used to work for National CERT, Malaysia CERT, and a CERT for the financial institution
Topics: National CERT, Malaysia CERT, Financial Institution CERT
Importance of cooperation at national and global level for different experiences to ensure cybersecurity
Supporting facts:
- There’s a need to benefit from one another for different experiences and technologies in dealing with cybersecurity incidents
- Geopolitical issues have strengthened the cooperation between CERTs and CSERTs despite global problems
Topics: Cybersecurity, CSIRT, Geopolitical Issues, Cooperation
Report
Adly Wahid, a security specialist at the Asia-Pacific Network Information Centre, is actively engaged with the CERT and C-CERT community in the Asia-Pacific region. This engagement allows him to interact with various stakeholders involved in cybersecurity, fostering collaboration and knowledge sharing.
Previously, Adly Wahid has gained valuable experience working for the National CERT, Malaysia CERT, and a CERT dedicated to the financial institution. These prior positions have equipped him with a strong background in handling cybersecurity incidents and implementing effective security measures.
The importance of cooperation between CERTs and CSIRTs at both national and global levels is paramount, as it ensures a wider exchange of experiences and technologies to effectively combat cyber threats. By collaborating and benefiting from one another’s expertise, CERTs and CSIRTs can enhance their capabilities in dealing with cybersecurity incidents.
Despite global problems and adversarial geopolitical issues, cooperation between these entities has actually been strengthened, showcasing their commitment to making the internet a secure and safe place. Recent geopolitical issues have played a positive role in strengthening the cooperation between CERTs and CSIRTs.
The analysis reveals that these geopolitical issues have actually heightened the commitment to collaboration, as stakeholders recognize the shared interest in safeguarding cybersecurity. By uniting, these entities are better equipped to address the evolving challenges in the digital landscape. Overall, Adly Wahid’s expertise and experience, combined with the increased cooperation between CERTs and CSIRTs, contribute to ongoing efforts to ensure cybersecurity at various levels.
This insight highlights the significance of international collaboration and knowledge sharing in effectively tackling cyber threats and promoting a secure digital environment.
Audience
Speech speed
134 words per minute
Speech length
1063 words
Speech time
475 secs
Arguments
Building bridges between different communities is key to contributing to an open, free, stable, and secure internet
Supporting facts:
- Network operators and cybersecurity specialists need to interact more and adopt each other’s languages and processes
- Efforts to foster information sharing and collaboration are essential to incident response
Topics: Internet governance, Community collaboration, Cybersecurity
There should be a balance between security and stable communication
Supporting facts:
- The speaker represents the government’s opinion
- In his experience, the best solution to security is shutting down but at the same time stable connection is also important
Topics: Security, Global Communication, Stability
Cooperation both at the national and global level is highly beneficial for internet security.
Supporting facts:
- Different regions have different experiences that can be shared for mutual benefit.
- The ‘defend locally, share globally’ approach can contribute to wider global security.
Topics: Internet Security, Global Cooperation
Geopolitical issues can affect the cooperation of CERTs, but have also strengthened some relationships.
Supporting facts:
- Recent events have shown a community committed to keeping the internet secure despite geopolitical issues.
Topics: Geopolitical Issues, CERT Cooperation
Even in geopolitical crisis, it is important to continue information sharing
Supporting facts:
- The speaker referred to the pandemic as a blueprint for global information exchange in times of crisis.
- The speaker works for the German top level domain registry and is engaged with the German CSER network.
Topics: Cybersecurity, Information Sharing, Global Crisis
Report
In the analysis, the speakers emphasised the importance of building bridges between different communities to contribute to an open, free, stable, and secure internet. They highlighted the need for increased interaction and adoption of each other’s languages and processes between network operators and cybersecurity specialists.
This closer collaboration would facilitate a more effective response to incidents and enhance overall information sharing in the field of cybersecurity. The speakers also stressed the significance of finding a balance between security and stable communication. They acknowledged that while security is essential for protecting networks and data, it should not hinder the smooth flow of communication.
Striking this balance ensures that individuals and organisations can communicate freely while maintaining a safe online environment. Cooperation at both the national and global level was identified as highly beneficial for internet security. The analysis indicated that different regions have various experiences that can be shared for mutual benefit.
Adopting a “defend locally, share globally” approach contributes to wider global security and promotes cooperation in tackling cybersecurity challenges. Furthermore, the speakers discussed how geopolitical issues can both challenge and strengthen the cooperation of Computer Emergency Response Teams (CERTs). While geopolitical tensions can potentially hinder cooperation, recent events have highlighted how the commitment to keeping the internet secure has strengthened certain relationships despite these challenges.
The analysis also highlighted the crucial role of sharing information in tracing the origins of cyberattacks. However, it was noted that this can be difficult due to factors such as local laws and regulations and the intersection between cybersecurity and national security.
Despite these challenges, the speakers emphasised the importance of sharing information to effectively combat cyber threats. Resource limitations were identified as a constraint to international cooperation. The analysis suggested that having expert-level communication specialists is necessary for continuous monitoring and maximising resource findings.
Addressing resource constraints would facilitate more effective international cooperation in the field of cybersecurity. In times of global crises, such as the current pandemic, the speakers emphasised the need to continue information sharing. They viewed the pandemic as a blueprint for global information exchange during crisis situations.
Even amid geopolitical tensions, the speakers concluded that the continuation of information exchange is vital to effectively address cybersecurity challenges. Overall, this comprehensive analysis underscored the importance of building bridges between different communities, striking a balance between security and stable communication, and promoting cooperation at both national and global levels.
It also highlighted the challenges and opportunities presented by geopolitical issues, the significance of sharing information, the constraints of resource limitations, and the importance of continuing information sharing during global crises.
Bernhards Blumbergs
Speech speed
180 words per minute
Speech length
634 words
Speech time
211 secs
Arguments
Striving to reach freedom, openness, and security on the internet
Topics: Internet, Security, Freedom, Openness
Importance of information sharing
Supporting facts:
- Peter Koch from German top-level domain registry mentioned the importance of continued information sharing in spite of geopolitical tensions.
- Mentioned that the pandemic could serve as a blueprint, indicating a situation where despite crisis, global information exchange was maintained.
Topics: Cybersecurity, Global information exchange, Pandemic as blueprint
Understanding device and personal security
Supporting facts:
- In the breakout session, it was identified that understanding device security and personal security is key to making the internet a better place.
- Emphasized on the importance of understanding and learning about cyberspace and practicing good cyber hygiene at the personal and national level.
Topics: Cybersecurity, Cyber hygiene
Report
A recent meeting addressed the importance of freedom, openness, and security on the internet. While acknowledging that achieving all three aspects simultaneously may not always be possible, participants stressed the need for ongoing efforts to strive for them. The argument put forth was that the internet should be a space that promotes freedom of expression, ensures open access to information, and prioritizes user security and privacy.
Regarding information sharing, participants highlighted its crucial role in the development and progress of the internet. Even during times of geopolitical tension, it was emphasized that continued information sharing is vital. Peter Koch from the German top-level domain registry specifically emphasized the significance of maintaining information exchange despite any underlying political conflicts.
Additionally, the meeting discussed how the COVID-19 pandemic served as a blueprint for prioritizing global information exchange during a crisis, showcasing that challenges can be overcome to facilitate the flow of information. The meeting also underscored the need to understand and prioritize device and personal security.
Participants agreed that enhancing cybersecurity requires individuals to have a deeper understanding of device security and personal security practices. Furthermore, they recognized the essential nature of practicing good cyber hygiene at both personal and national levels to create a safer internet environment.
Importantly, it was emphasized that information sharing should not be restricted to specific layers within the internet infrastructure. Participants argued that sharing information should extend beyond technical, operational, and strategic layers and instead be facilitated between these layers. Building understanding and effective communication across different levels of the internet infrastructure were highlighted as crucial aspects of successful information sharing.
In conclusion, the meeting highlighted the importance of striving for freedom, openness, and security on the internet, despite the challenges of achieving all three simultaneously. It also emphasized the critical role of information sharing, particularly during periods of geopolitical tension and crises.
Additionally, understanding and prioritizing device and personal security, along with facilitating information sharing across various levels of the internet infrastructure, were identified as key factors in creating a better and more secure internet environment.
Hiroki Mashiko
Speech speed
129 words per minute
Speech length
106 words
Speech time
49 secs
Arguments
Hiroki Mashiko works as a forensic engineer at Entity Data CERT
Supporting facts:
- Entity Data is a major system integration company in Japan
- Entity Data CERT is the internal CERT of Entity Data
Topics: Cyber security, Forensic Engineering
Report
The analysis highlights key points about Entity Data, a prominent system integration company in Japan. It is noted that Entity Data has an internal Computer Emergency Response Team (CERT), known as Entity Data CERT. This CERT is responsible for handling and responding to cybersecurity incidents within the company.
One notable fact revealed in the analysis is that Hiroki Mashiko, an individual associated with Entity Data, works as a forensic engineer at Entity Data CERT. This indicates that Mashiko is involved in investigating and analysing digital evidence related to cyber incidents within the company.
The analysis suggests that Mashiko’s role as a forensic engineer emphasises his technical skills and expertise. Another point made in the analysis is that Mashiko is described as being more focused on technical aspects rather than governance-related matters. This suggests that his strengths lie primarily in technical areas rather than broader aspects of corporate governance.
However, the analysis does not provide further information regarding Mashiko’s specific responsibilities or tasks within his role. The analysis overall has a neutral sentiment, indicating a lack of strong positive or negative opinions or emotions. While it offers valuable insights into Entity Data, Entity Data CERT, and Hiroki Mashiko, it does not draw any further conclusions or assessments beyond these observations.
To summarise, this expanded summary provides a more detailed overview of the analysis. It highlights Entity Data and its internal CERT, Entity Data CERT, as well as Hiroki Mashiko’s role as a forensic engineer. Furthermore, it emphasises Mashiko’s technical orientation and the neutral sentiment of the analysis.
Masae Toyama
Speech speed
111 words per minute
Speech length
433 words
Speech time
234 secs
Arguments
Masae Toyama highlights the need for a greater voice for cybersecurity practitioners within internet governance forums
Supporting facts:
- Toyama is part of JP CERT Coordination Center and felt a lack of representation for cybersecurity workers in these spaces. His first IGF experience was fully online in 2020. In the last IGF, he found it hard to find people with similar backgrounds
Topics: Internet Governance Forum, Cybersecurity, CERT community
Report
Masae Toyama, a cybersecurity practitioner, has drawn attention to the pressing need for increased representation of cybersecurity workers in internet governance forums. In these spaces, Toyama noticed a distinct lack of voice for professionals in the field of cybersecurity, and they encountered difficulty in connecting with others who shared similar backgrounds during previous forums.
This experience prompted Toyama to recognize the necessity for a dedicated platform where cybersecurity meets internet governance. Toyama firmly believes that cybersecurity practitioners play a fundamental role in upholding a secure and stable cyberspace. However, despite their significance, their presence and voices are not as prominently heard among the various stakeholders within internet governance forums.
Drawing attention to this disparity, Toyama advocates for a stronger representation of cybersecurity experts within these platforms. Toyama’s positive stance emphasizes the importance of creating a space where the intersection of cybersecurity and internet governance can be realized. By fostering a greater inclusion of cybersecurity professionals within forums like the Internet Governance Forum, the collective knowledge and expertise of the cybersecurity field can be harnessed to effectively address the challenges and concerns of internet governance.
In summary, Masae Toyama highlights the pressing need for a more robust representation of cybersecurity workers in internet governance forums. Their personal experience revealed a lack of voice for cybersecurity professionals, and they emphasize the essential role they play in maintaining a secure cyberspace.
Toyama advocates for the creation of a platform where cybersecurity and internet governance intersect, in order to strengthen the presence and voices of cybersecurity practitioners within these influential forums. This perspective offers valuable insights into the ongoing dialogue surrounding the intersection of cybersecurity and internet governance and underscores the significance of including diverse perspectives in shaping the future of the digital landscape.
Moderator
Speech speed
114 words per minute
Speech length
1687 words
Speech time
885 secs
Arguments
There is a need for more representation of cybersecurity practitioners in the Internet Governance Forum (IGF), to ensure secure and stable cyberspace
Supporting facts:
- The speaker noticed during the last IGF in Ethiopia, that there were not enough people with similar backgrounds, namely working at CERT or doing cybersecurity
- Cybersecurity practitioners play an important role in maintaining secure and stable cyberspace, but their voice in the IGF not that loud enough amongst various stakeholders
Topics: Representation, Cybersecurity, Internet Governance Forum
The session proposed by the speaker has been considered beneficial for all participants
Supporting facts:
- The IGF found the speaker’s session proposal beneficial
Topics: Internet Governance Forum, Cybersecurity
This networking session allows participants to interact and discuss their experience and views cyber security
Supporting facts:
- Participants in the networking session are encouraged to stand up and talk to someone they have not yet spoken to
- There will be two or three short sessions, each session will be 10 minutes
Topics: Internet Governance Forum, Networking Session, Cybersecurity
Building bridges between different professions, like network operators and cybersecurity specialists, is crucial for an open, stable, and secure internet.
Supporting facts:
- 10 years ago, it was noted that network operators need to interact more with cybersecurity specialists
- These are two different professions that use very particular language, mind frames, concepts, processes
- The processes of incident response are very different from the processes of patching and connecting networks
- ADLI has been a great bridge between these communities
Topics: Cybersecurity, Internet Service Providers, Network Operators, Cooperation
Challenge in cybersecurity with regards to sharing of information
Supporting facts:
- When cyberattacks occur, it’s unpredictable and the source can be difficult to trace
- Sharing information is complicated by local regulations and sometimes national security issues
Topics: Cybersecurity, Information Sharing
Resource limitation and capacity building in cybersecurity
Supporting facts:
- Cooperation with international entities requires specialist skills for constant monitoring
- Cybersecurity is linked with national security, making capacity building crucial
Topics: Capacity Building, Resource Management, Cybersecurity
importance of information sharing and building trusted networks for message exchange
Supporting facts:
- Information sharing should not be only within certain layers but also between those layers to build understanding.
Topics: internet governance, cybersecurity
Cyber hygiene should be practiced by all individuals for a secure online environment
Supporting facts:
- Understanding device security, personal security, and learning about cyberspace are crucial.
Topics: cybersecurity, digital privacy, cyber hygiene
Report
The need for increased representation of cybersecurity practitioners in the Internet Governance Forum (IGF) is emphasised. Currently, there is a lack of individuals with backgrounds in cybersecurity, such as those working at CERT or actively involved in cybersecurity, participating in the IGF.
This lack of representation results in their voices not being heard as loudly as other stakeholders. A proposed session by a speaker is recognised as beneficial for all participants. The session aims to address the need for greater involvement and voice of cybersecurity practitioners in the IGF.
It is expected that such sessions will provide a platform for cybersecurity professionals to share their expertise and insights among the various stakeholders involved. Networking sessions are also implemented to encourage participants to interact and discuss their experiences and views on cybersecurity.
These sessions provide an opportunity for attendees to engage with individuals they may not have spoken to before, fostering collaboration and the exchange of ideas. Building bridges between network operators and cybersecurity specialists is considered crucial for establishing an open, stable, and secure internet.
Recognising that these two professions utilise different languages, mindsets, concepts, and processes, there is a need to bridge the gap between them. The initiative taken by organisations like ADLI in strengthening the partnership between these communities is highly regarded. Several challenges in the field of cybersecurity are identified, such as the obstacles related to information sharing.
Cyberattacks are often unpredictable, making it difficult to trace their sources. In addition, local regulations and national security issues can complicate the sharing of information. These challenges need to be resolved in order to build strong collaborations and improve cybersecurity practices globally.
Resource limitations and the need for capacity building also pose significant challenges in the cybersecurity sector. Constant monitoring, particularly through cooperation with international entities, requires specialist skills. Given the link between cybersecurity and national security, enhancing capacity building initiatives becomes imperative.
The importance of information sharing and building trusted networks for message exchange is emphasised. It is not only necessary to share information within specific layers of cybersecurity but also between those layers. By doing so, a deeper understanding can be developed, contributing to a more comprehensive and effective cybersecurity framework.
Cyber hygiene, which entails understanding device security, personal security, and learning about cyberspace, is considered essential for maintaining a secure online environment. The responsibility for practicing cyber hygiene extends to all individuals, not just technical experts. By promoting the importance of cyber hygiene, stronger global communities can be built, further enhancing cybersecurity.
In conclusion, the need for greater representation of cybersecurity practitioners in the IGF is highlighted. Proposed sessions and networking opportunities aim to address this need, facilitating knowledge sharing and collaboration among stakeholders. Challenges related to information sharing, resource limitations, and capacity building are identified, emphasising the necessity for proactive measures.
The significance of information sharing, building trusted networks, practicing cyber hygiene, and ensuring widespread understanding of cybersecurity principles are all crucial for creating a secure and stable cyberspace.