DC-3 & DC-DDHT: Cybersecurity in Community Networks and digital health technologies: Securing the Commons
DC-3 & DC-DDHT: Cybersecurity in Community Networks and digital health technologies: Securing the Commons
Session at a Glance
Summary
This discussion focused on cybersecurity challenges and solutions for community networks and data-driven health technologies. Speakers highlighted the importance of community-driven connectivity initiatives in connecting underserved areas, while emphasizing the need for cybersecurity awareness and practices. Osama Manzar stressed the importance of local, contextual cybersecurity education for new internet users in rural communities. Renata Santoyo discussed Brazil’s regulatory approach to community networks, including asymmetric regulation and cybersecurity guidelines. Leandro Navarro presented a decentralized digital identity system for community network members, addressing security and privacy concerns. Talant Sultanov shared Kyrgyzstan’s experiences in implementing community networks and cybersecurity education initiatives, emphasizing rural-first and local language approaches. The discussion also covered the challenges of implementing cybersecurity measures in resource-constrained environments and the importance of making providers accountable for security practices. In the health technology segment, speakers addressed the paradox of digitalization in healthcare, highlighting improved services alongside increased cybersecurity risks. Dr. Houda Chihi presented various cybersecurity threats in the healthcare sector and provided recommendations for securing health data and infrastructure. The importance of artificial intelligence in enhancing cybersecurity for healthcare was also discussed. Overall, the session emphasized the need for collaborative efforts in implementing cybersecurity measures, raising awareness, and building capacity in both community networks and digital health technologies.
Keypoints
Major discussion points:
– Cybersecurity challenges and solutions for community networks and rural connectivity initiatives
– The importance of education, capacity building, and cyber hygiene for users of community networks
– Regulatory approaches to facilitate community networks while ensuring security
– Decentralized digital identity systems for community network members
– Cybersecurity considerations for digital health technologies and telemedicine
The overall purpose of the discussion was to explore cybersecurity issues and best practices for community-driven connectivity initiatives and digital health technologies, with a focus on serving rural and underserved communities.
The tone of the discussion was informative and collaborative, with speakers sharing experiences and recommendations from different perspectives (regulators, community network operators, researchers, etc.). There was an emphasis on practical solutions and the need to balance security with accessibility. The tone remained consistent throughout, maintaining a constructive approach to addressing challenges.
Speakers
– Luca Belli: Professor at FGV Law School, co-founder of DC3 (Dynamic Coalition on Community Connectivity)
– Renata Santoyo: Telecommunications expert, International Affairs Department of ANATEL (Brazilian telecoms regulator)
– Talant Sultanov: Policy Advocacy Advisor for Global Digital Inclusion Partnership, member of IGF Multi-Stakeholder Advisory Committee
– Osama Manzar: Founder and director of Digital Empowerment Foundation, connected over 35 million people in India
– Leandro Navarro: Co-founder of Pangea.org, academic in connectivity studies and community networks
– Dr. Houda Chihi: Expert on cybersecurity in healthcare
Additional speakers:
– Amali De Silva Mitchell: Coordinator of Dynamic Coalition on Data-Driven Health Technologies
– Wout de Natris: Consultant, runs dynamic coalition on internet standards, security and safety
– Momodu Sombai: Works with telecom regulator in Liberia
– Jörn Erbguth: Member of Dynamic Coalition on Data-Driven Health Technologies
Full session report
Cybersecurity Challenges and Solutions for Community Networks and Data-Driven Health Technologies
This discussion brought together experts from various fields to explore cybersecurity issues and best practices for community-driven connectivity initiatives and digital health technologies, with a focus on serving rural and underserved communities. The speakers shared experiences and recommendations from different perspectives, including regulators, community network operators, and researchers.
Community Networks and Cybersecurity
A central theme of the discussion was the unique cybersecurity challenges faced by community networks. Osama Manzar, founder of the Digital Empowerment Foundation, emphasised the hyper-local nature of community networks, stating, “Internet is global, but users are local. Again, internet is global, but community networks are local. Not only local, it’s hyper-local. And not only hyper-local, but it is used by those who are otherwise unserved by the telcos.”
Renata Santoyo from ANATEL, Brazil’s telecoms regulator, highlighted the importance of asymmetric regulatory approaches to facilitate community networks. She noted, “We have a very asymmetric relationship with this comparing community networks to big providers or small providers because we are not treating them as an equal. And so it’s a possibility to develop more and more the community networks.” Santoyo also mentioned that Anatel has developed a cybersecurity manual to support community networks.
Leandro Navarro presented a decentralized digital identity system for community network members, addressing security and privacy concerns. He realistically assessed the progress and challenges, stating, “We have seen that it’s possible to make it work, although complex, of course. And then, well, I mean, just that many things about the challenges, of course, we are not finished with this. We have just started one year ago.”
Luca Belli discussed the impact of data protection laws on community networks and emphasized the importance of changing default passwords on routers as a basic security measure. He also mentioned the website “comconnectivity.org” where reports on community networks can be downloaded.
Community-Driven Approaches to Cybersecurity
The discussion emphasized the importance of community-driven approaches in cybersecurity. Manzar stressed the need for critical digital literacy for users of community networks, arguing that “The cyber safety, cyber security, and cyber data protection is not only a subject of top-down model, it is a subject of bottom-up social and behavioural norms based cyber capacity building, and somehow, that is not taken into consideration in most of the planning.”
Talant Sultanov highlighted the effectiveness of storytelling and local trainers in delivering cybersecurity messages. He also mentioned initiatives such as the Global Digital Inclusion Partnership and the Women in Digital Economy Fund, which aim to support digital inclusion and security in underserved communities.
Cybersecurity for Digital Health
Dr. Houda Chihi presented various cybersecurity threats in the healthcare sector, including ransomware attacks, data breaches, and insider threats. She provided recommendations for securing health data and infrastructure, emphasizing the need for cybersecurity skills training for healthcare staff. The importance of artificial intelligence in enhancing cybersecurity for healthcare was discussed, along with the need to modernise IT infrastructure security in healthcare organisations.
Jörn Erbguth raised concerns about patient data privacy and consent in digital health applications. The speakers agreed that while telemedicine and e-health services offer significant benefits, they also face substantial cybersecurity risks that must be addressed.
Amali De Silva Mitchell introduced the Dynamic Coalition on Data-Driven Health Technologies, which focuses on addressing cybersecurity challenges in digital health.
Regulatory and Policy Approaches
The discussion highlighted various regulatory and policy approaches to address cybersecurity challenges. Renata Santoyo discussed Brazil’s implementation of asymmetric regulation for community networks. Wout de Natris suggested that exposing weaknesses can make organisations more accountable for their cybersecurity practices and mentioned the internet.nl tool for checking website security.
Luca Belli proposed fiscal incentives to encourage cybersecurity investments, while Momodu Sombai emphasised the importance of collaboration between regulators to share best practices.
Talant Sultanov shared an example from Kyrgyzstan that illustrated the unintended consequences of security measures: “So in Kyrgyzstan they decided to block TikTok. And because it’s such a popular application, people still want to access it and they’ve been downloading VPN to be able to. And, of course, they are not downloading the paid quality VPNs, they are downloading the free ones which come with all kinds of viruses and junk and they are actually becoming more exposed to dangers than before it was blocked.”
In conclusion, the discussion emphasised the need for collaborative efforts in implementing cybersecurity measures, raising awareness, and building capacity in both community networks and digital health technologies. The speakers highlighted the importance of considering local contexts, user behaviour, and resource constraints when developing cybersecurity strategies for community-driven initiatives and digital health technologies.
Session Transcript
Luca Belli: So good afternoon to everyone, my name is Luca Belli, I’m a professor at FGV Law School, we’re at the Center for Technology and Society. I have, I’m one of the co-founders of the DC3, the Dynamic Coalition on Community Connectivity, which is one of the organizers of this event. We have organized this together with another coalition called the Dynamic Coalition on Digital and Data-Driven Health Technologies, led by our friend Amali Mitchen and our co-panelist Amado Spinoza, that should be online. So if we could have actually online, our online speakers on the screen as well, so that we can have a nice family picture, they should be Amado Spinoza, Oda Shoshi and Leandro Navarro. If we can have them, if we can have them on screen, that would be useful. So I’m going to quickly present the speakers and then quickly introduce the team of our session, so that then we can start our conversation. We have here, starting from the left, Renata Santoyo, who is a telecommunications expert and working with the International Affairs Department of ANATEL, the Brazilian telecoms regulator. Welcome, Renata. Then we have Talant Sultanov, who is Policy Advocacy Advisor for the Global Digital Inclusion Partnership, an institution I have the great pleasure of sitting on the board of. Welcome, Talant Sultanov. He is also a member of the MAG, the Multi-Stakeholder Advisory Committee of the IGF. Then we have here Osama Manzar, that doesn’t need introductions for those who are in the connectivity field, so he is the one of the funder and director of the Digital Empowerment Foundation and he also, he is a senior fellow at the, he’s a British Chimney Scholar, International Visitor of the Leadership Program of the U.S. State Department. He is also Advisor of the Women in Digital Economy Fund and many other very interesting hats that he wears, having connected more than 35 million people in India. Then we have our online speakers. I hope they are already here with us. I see On top of my head on the screen, our friend Leandro Navarro. It’s a great pleasure to have you with us, even if only in online. So he’s co-founder of Pangea.org. He’s one of the most well-known academics in connectivity studies and community networks. He also is a member of the Giphynet and Aishokat community networks and has done a lot of very interesting work and studies, also co-chairs the Internet Research Task Force Working Group, GAIA, Global Access to Internet for All. Then we have our friends from the Data-Driven Health Technology Coalition that will be part of the second segment of our session. We will have Amadeus Pinoza, who represents the private sector. He has a strong medical informatics background and he founded the Institute for Medical Informatics at the Autonomous University of Guadalajara in Mexico. And then we will have Oda Choshi. Not seeing them on the screen, but I hope they will arrive. So Oda is from Tunisia Telecom. She is a senior engineer and she is expert also in telecommunications, of course, and cybersecurity. All right. So now that we have introduced all the speakers, let me provide a little bit of introduction as regards to the theme of today’s session in two parts, more or less. The first one, we will present some of the findings of this booklet that you can find here and also available online on the IGF website, which is a pretty Byzantine website. So if you want to have a direct link to all the reports that we have been doing over the past years, there is a website called comconnectivity.org where you can freely download all the reports. This year report. is dedicated to cyber security and community networks. So over the past almost 10 years, nine years actually, we have been working on a lot of different issues exploring community connectivity. So for those who are new in this field, let me just remind that community networks are community-driven, bottom-up, crowdsourced connectivity initiatives that are usually built in the remote area, rural area or peripheral areas or low income area as an alternative option to connect the unconnected or to provide better connectivity to the poorly connected, right? So they could be developed by local communities, a group of individuals that have no technical expertise at all. They could be also driven by local administrations, local entrepreneurs. So it’s really the beauty of the community network is it is an effort driven by the local community for the local community. We have explored over the past years which are how to build community networks, how to regulate them, which funding models are more appropriate for making them sustainable. What is their impact with regard to the promotion of human rights? What is their impact with regard to the promotion of digital sovereignty? They are very good example of community-driven digital sovereignty, meaning the local communities understanding how the technology works, developing it and regulating, self-regulating it. Now, something that we have not analyzed yet until this year where there are the cybersecurity implication of this because there is a double-edged sword to some extent. The fact that the infrastructure is created by people that do not necessarily have a strong technological background means that a lot of open source infrastructure and equipment is used. Maybe not a lot of knowledge as regards. existing legislation that can impinge upon infrastructure like not only telecom regulation, but also we will see data protection regulation that must be complied to and create some cybersecurity issues. So as the beauty of the community network, the fact that they are community driven can become a vulnerability. The fact that the infrastructure is built without thinking to bad faith actors that can hack the infrastructure, that can transform the infrastructure into a botnet or into a easily targeted with distributed denial of service attacks. The fact that even very basic controls of information, security, such as knowing which kind of software you are utilizing, knowing which kind of data you are collecting, having a resiliency plan, having a plan to recovery when you will be attacked because we know very well that pretty much any kind of digital system at some point will be attacked. So if you don’t have a recovery plan, a resilient strategy, you are very likely to be highly disappointed. And so these are very similar challenges what community network face to what also we will see in the second segment, digital data driven technology in health. Ways and very different types of resources as well. Because again, let’s remind that these are community networks are community driven, local community driven. They are not necessarily driven by people with a lot of resources and with a lot of training on cybersecurity or even in with legal training. Some of the points that we raise in the book is that there are almost 160 countries in the world have data protection laws. And if you don’t comply with it, you may be not only a threat to your privacy, liable according to civil law, but in some cases, even responsible according to criminal law. So when you create a network and you don’t consider applicable legislation, basic data information security policies, resilient strategies, plans for recovering in case of cyber attack, mapping the kind of software and data you have at your disposal under your responsibility, well, those are all potential systemic vulnerabilities. Now, after this very long introduction, let me give the floor directly to our speakers. We had planned to start with Renata, but as Osama, who is a very busy man, has to leave us in 15 minutes to go to another session, I would like to redefine slightly our agenda starting with Osama and then going to Renata, hoping that she agrees with this. So Osama, it’s a great pleasure to having you with us again. The floor is yours.
Osama Manzar: Thank you very much. Everybody who knows our work will not expect anything technical that I’m going to talk because I don’t know the technology. We work with communities. I want to give you a little a heads up on this chart. This chart is basically the geomap of all the community networks that we have done in the last 15 years. In India, they are 280. That means, that doesn’t mean that they are the only community network, there are many more, but we have been able to do it and Luca has been able to look at many of those networks and document it also. There are three things that I want to say. Internet is global, but users are local. Again, internet is global. but community networks are local. Not only local, it’s hyper-local. And not only hyper-local, but it is used by those who are otherwise unserved by the telcos. Unserved by, or underserved by any of the normal telecom service providers, and therefore, these are the people who are non-technical, but still user, and the provider of the network of such people are somebody who also have to be appropriated locally, so that you can manage the network. So I just want to give you a scenario that we go to the village, we find that they’re not connected, then we build capacity, then we involve them, and then they build a network, or a Wi-Fi, and then towers, and then we also work with them how to take care of the network. Now, this cyber security is the latest, you know, elephant in the room of all those people, right? And I’m talking to you everything not from the technology service provider, or a server provider, but the people, you know, I am first time introduced to my network, I am getting a message, I am sitting on a computer and working, and my service provider is not AT&T or somebody else, but somebody very local, and then I get a message which says, please click here, and I click that, and I lose money from my bank, right? Then another friend of mine, who is actually had no jobs, is now working for similar kind of job who is actually making people fool locally, and actually doing cyber frauds, you know, by sending you information, and they are collecting the local numbers, local contacts, and giving it to somebody else, and they are getting messages. and since you are first time user, you are being very naive and very simple that, oh, some message has come, I must act.
Luca Belli: Just to stress, he’s a hypothetical friend, so he’s not describing a real friend.
Osama Manzar: No, no, it’s a real, in fact, if you come to the next session, I’m going to explain even in detail, but what I am saying is that cyber safety, cyber security, from technical perspective, but from the user perspective, what is the behavioral change being required? What kind of critical digital literacy we required from the user is the biggest issue of this area, but somehow, most of the work that is going on in the cyber security, cyber safety, is very technical, as if we think that only firewall will solve all the problems, or we think that just identification of something or surveillance or data protection will solve all the problems, but actually it will not, because I, as a user, even without violating, I am getting fleas, I am being compromised, I am being trolled. You know, my online data is being, you know, it’s something like I’m a member of a matrimonial site, I have given my face and everything, and then it is just taken from there, and you are sitting just in the corner of a village and you have no idea how to deal with this one. When you go to cyber crime office and do the complaint, they say that even we don’t know how to trace such people. You know, where are they? So I’m actually, I’m not trying to give any solution, but I want to tell that the cyber safety, cyber security, and cyber data protection is not only a subject of top-down model, it is a subject of bottom-up social and behavioral norms based cyber capacity building, and somehow, that is not taken into consideration in most of the planning. And when we are working in an alternative. community networks, or providing a last mile access, it is very important that we have our own capacity building framework. We have our own content. We have our own local, hyperlocal, contextual content to make people know what are the do’s and don’ts of being connected, to be cyber safe, to be cyber preventive, rather than curative. You must be knowing what are the things that we need to know. And that is what the experience that we are doing in many of our communities. There are three things that we are doing. Number one, we are trying to see if women could take the responsibility of the hyperlocal situation so that they do not indulge into unnecessary information flow than what is needed. Education, domestic issues, business, day-to-day lives, and all that. The second thing what we are doing is that we are creating hyperlocal information trustees, which you can say information trustee is a describing name, but we are trying to create a situation that they become local fact checkers. You know, they actually tell what are the do’s and don’ts of the people who are coming to the center or the place where they get connected. And the third thing is that we are doing a role play of cyber safety security by doing street plays, by doing local language oral content so that it can be disseminated with lots of people. These are the things that I wanted to share, but basically trying to highlight that the global technology, the global access issues, the problems are always local. And when we are talking about cyber capacity, we need to have a local solutions. Thank you.
Luca Belli: Thank you very much, Osama, for this very important words. And again, I think that this is a very key message. that comes in a very recurrent way in cybersecurity discussion about cyber hygiene, capacity building. At scale, we have reports by Microsoft saying that more than 90% of cyber incidents actually happen because of phishing. And for considering what usually it is considered the weak link, which is what stands between the screen and the chair, the human. But actually, I think that one can revert this logic through education and capacity building. The individual becomes the strong link. So when you are the ones understanding and even the basic things about cyber hygiene, like do not use one, two, three, four, five, six as a password, which is still the most used password. So again, if you understand this, you really go much farther than at the very early stage, especially in community network where those who are connected are frequently unconnected. So really is the first approach with technology they have. Now, I would like to give the floor to the regulator. So there is already a lot of norms and regulation people need to comply with. And it can also to some extent guide them into the definition of their policy, architecture and practices. So please, Renata, it’s a pleasure to have you with us. The floor is yours.
Renata Santoyo: Thank you. Thank you very much, Luca. Thank you very much for all for having us here and invite us as Anatel. So I’m speaking from the perspective from the telecom regulator. And first of all, I’d like to do a very brief historic and an update about our history community networks. It was something that we started being more involved from 2020 when we had a memorandum of understanding with UK. And we did a work, sorry, with a partnership with APC. And we have some very interesting outcomes as a policy briefing. with the framework from the regulatory status, and also a manual for lay people with a video that it was very interesting because we had the opportunity to teach and help community that don’t know anything about connectivities or how to deal with regulator to construct their own community network and how to deal with regulator. That’s something very complicated sometimes, which license they need to take, how to use the spectrum to not break any rules. So it was very interesting beginning. After that, we had the opportunity to internalize this work as a temporary committee in Anatel. We had under the presidency of one of our… Hello, hello, hello, one… And they did this work for two years. And it was very interesting because they had the goal to make some regulatory adjustments, hearing from network representatives, Ministry of Communication work together and also subsidy providers. So it was very interesting to map all the situation and the needs and what kind of regulatory measures we need. And it was necessary. And very recently, like two weeks ago, we had this temporary committee. It became a permanent committee and we have now public consultation. That’s also a space to hear from the whole society, all the actors in this environment. And considering the results of this committee, the intention about this is continuing this important work, improving and solving a lot of remains, difficult and challenges. And I can highlight some examples of the proposals that we are doing. First of all, it’s interesting to remind that we have a very asymmetric relationship with this comparing community networks to big providers or small providers because we are not treating them as an equal. And so it’s a possibility to develop more and more the community networks. And in this public consultation that it’s now for 45 days since December 5th, they have the proposal about anticipate some benefits of the new act of authorization of use of radio frequencies. Also evaluate adjustments in the regulation on the spectral use to address possible incompatibilities between the application that the community networks that wish to implement in Brazil and the allocation, the destination of the frequency band of interest. About foundings, we forward the management board
Luca Belli: of telecommunication services, universalization fund. That’s a very old fund that we have and it’s very difficult to use. And they had some change in the law. So we are trying to use it more and more each day for interesting and useful things like community network. Also prioritize the penalties, not with fines but with obligations to do. And prioritizing specific actions aimed at the population served by community networks. And so it’s possible to see that we have a lot of challenges. Lack of financial resources is one of them. Regulatory barriers to the establishment of networks. Difficult in mapping the benefit communities. Obstacles related to geographic isolation. And of course, cyber security. And about cyber security, we have a specific regulation for the whole ecosystem and cyber security. And security of course is a priority for us, especially for a successful model of community networks. And in August of this year, Anatel reviewed the cyber regulation. And a new article that we have in this review, it’s about the telecommunication service providers. They need to communicate any accidents, security incidents to the national data protection authority. This includes community network. That’s the way we think we can maintain all the principles and guidelines that apply to all the actors in those ecosystem. Large and small providers, also community networks. And we believe that this way the ecosystem can flourish. But they’re still being treated as an asymmetric approach. And then we cannot apply the same rules, of course, because they are like, for us, restricted interest. For example, they have a license that’s a private limited service. And big providers are collective interest. And so they don’t have the same obligations. So it’s something. to help and to foster the development of community networks. So the principles were maintained, but as well as this asymmetry in processing this new regulation of cybersecurity. And so we also, to materialize this resolution of cybersecurity, we developed some guidelines that’s very interesting of cybersecurity regulation
Renata Santoyo: applies to the telecommunication sector and approved by the cyber revolution, emphasizing the adoption of good practice and national and international standards related to cybersecurity. It’s all available on the internet, and it promotes the dissemination of a culture of cybersecurity and the safe and sustainable use of telecommunication network and services. This was a work that was developed for our cyber working group, and they prepared also another guide. This one is more basic guide, it’s more accessible for lay people. And we have also another one that incentivates the security by design and the development of the softwares. But in this basic guide, that’s the first one I was talking about, you can have instructions like data protection, access and account control, activating and monitoring your account, data backup, and all this lot of different instructions just to help. And also in the same way about literacy, we have a partnership with OAS and Cisco Academy to capacity building and to also help to teach how to be more safe when you are navigating and connected on the internet. So I think we believe that all these guides and this partnership with academia, with courses, we kind of lead us for the meaningful connectivity, helping and teaching people how to use internet, because I think that’s the third pillar. Because we kind of talk about infrastructure, then security, and now we need an effective way to use community networks. And have the best, they can give you the best performance. And as our friend Ozamat said, it’s not top down. We need to do all together just to see what’s the real needs we have. And we are also involved in the Partner to Connect and ITU. We did a pledge about community networks to being followed on Oasis this year. So it was very, very interesting. And it’s also on the internet. So I think for now, that’s it. Luca.
Luca Belli: Thank you very much, Renata. And very interesting to understand that there are very few regulators in the world that have had this proactive approach to engage with community networks, try to understand them, reduce also the regulatory burden to facilitate them. Because what we have been discussing over the past 10 years is that, of course, you could not have the same regulation for enormous tech giant, sorry, telecom giant, not telecom operators, and small ISPs, micro ISPs, or not-for-profit ISPs. So it’s very good that the Brazilian regulator, Anatel, together with a few others, has had this sensitivity. Now, a very frequent problem in cybersecurity debates is how to identify users, how to make sure that they are not bad faith users, where they are the real user they claim to be. And here, I wanted to bring to the fore the work that Leandro and his colleagues have conducted and is also described in this booklet about decentralized digital identity and verifiable credentials for members of community networks, which is extremely interesting because it gives us an approach and understanding of how technical solutions, even not particularly expensive technical solutions, can be used to enormously help people engaging with community networks. So please, Leandro, I hope you are still here. Yes, I see you now. Can we unmute Leandro so that he can present? Welcome, Leandro. We can see now your presentation, almost. Yes, we see it in full screen. Can you speak?
Leandro Navarro: Yes, can you hear me?
Luca Belli: Yes, we can hear you loud and clear.
Leandro Navarro: Wonderful. So this is the pattern of representation, but instead of decentralized, it could be self-sovereign. Digital identity and verifiable credentials for communities. So this is the work partly funded by the Philippine Commission, which involves, as you see in the heading, several communities, several organizations that were involved in the development. So just to give you a bit of definitions, we are talking about digital identity in ourselves. Ourselves, our themes, our content, our organizations that they want to be identified in the cyberspace, let’s say. And then there is a concept called decentralized identifiers, which allow you to have different identities, different tags, whatever. And once you have an identity, people, organizations can say something about you. Like, for instance, you as a member of a community, you live there, this is your education. You are a vulnerable person and this accreditation from an NGO that knows your situation, something like that. In the end, whatever plays. So this is a bit abstract. And then I’ll give you an example. For instance, this is one of my multiple identities, leandro.art. It is a community project where we collect and refurbish second-hand devices for community members to be connected because, well, I have to connect to the Internet, you need that device. This is my PGP, GPT key ID in case you want to check my names that come really from me or someone else. So my DID could be, it’s not exactly like that formally, but it could be the email leandro.art. And then from that, you could find out my public key, whatever, and then verify an email that I send it to you. So in the decentralized ID world, there are, they call it methods, the web methods for key. And here you have your public key embedded in this long name or identifier, but also there is the did web method that allows you to kind of encode a typical, let’s say, website, which identifies my personal identity in the GiphyNet network. And then you see, again, an ugly kind of JSON data structure that is structured like you imagine, like the source code of an email, where there is a part that says who is saying what. This is the GiphyNet community network that is saying me as a subject that I’m this person with this identifier as member of the GiphyNet community. And then there’s a signature which allows the third party to verify that whatever is said here, who issues the credential, who is the subject of the credential is valid because there’s a signature in it. Well, this is a very technical description of the data structure, but imagine that you have a batch like this, which says that I’m a community member of GiphyNet. You can scan it with a QR code. You can verify that this information hasn’t been tampered with. And this is my email address and public key, okay? So what we can do with this? Well, we can talk about the properties, the rights, the different aspects. What we try to do in this case is we try to develop open source software that works and allows community networks and all the type of communities. providing services on their own. And then, well, you can see that there are strange concepts like the issuer of an organization that says something about me, for instance, so I have a wallet where I can hold these data structures, these badges or credentials, and then different elements that I’m not going to enter into discussion. If you want to know more, we have a, let’s say, public repository on GitHub. You can leave us a star if you like it, and also this is our development repository. So I can tell you a bit more about the pilots, the communities we’ve been working or we are working with them. So for instance, the first three are three NGOs. Pangea is an NGO that I was co-founder for using that identity, which we provide ourselves. Or there is another NGO, also in my neighborhood, let’s say. They can use these credentials to access another online shops from other NGOs and a federation of NGOs that provides different credentials for, for instance, when they go and apply for funding, they can accredit that they are members of La FEDE and you can provide this credential to confirm that this is sure and verifiable. And one particular interesting example in this context is this collaboration between… is an NGO that works in neighborhoods, in vulnerable neighborhoods, and then they know the families, they create… issue credentials for them. They might not even have a legal ID at the time, but they can have an accreditation from this NGO and showing their level of learnability so they can use this credential and go, for instance, to the GIFINET community network or to a cooperative that provides telecom services and submit that credential. And this third party, they call it verifier, is gonna be able to see that this is a vulnerable person according to criteria without revealing details about them and with signature that allows us to see that it’s not themselves who claim being vulnerable, but there is a well-known NGO that accredits that. And the same, we do it for giving computers, laptops to families or children that need them. And then we manage this kind of multi-organization identity management system in the community. So with this, you can show that you are a member of a certain community, you have a credential from someone else and go to third parties and prove that this is true. And this model is based on the European blockchain service infrastructure or identity infrastructure that is a bit complex, but you see that there is a public registry of actors and well, I can have my own credentials issued by imagine like an NGO that has been accredited by the government or whatever. And then you can submit my credential to any organization in let’s say Europe or in the world and be able to prove that this information that I’m submitting is valid and correct. Even though I might not have a, let’s say a legal identification myself, so that’s a self-sovereign part of it. We have seen that it’s possible to make it work, although complex, of course. And then, well, I mean, just that many things about the challenges, of course, we are not finished with this. We have just started one year ago. And then, well, it’s difficult to do for adoption. It’s difficult to manage governance issues. It’s difficult to maintain the software and make it interoperable with third parties and especially with public services, if any. And then, well, there is a lot of things to do in the future and keep working with the communities to understand their needs and to address them and to be able, as with many community members, to solve the problems on your own on using free software that enables people not to just, let’s say, do advocacy, but also solve their problems with some technical means to include not only digitally, but also in the community, but providing whatever services to them. So that’s my presentation. Any comments, questions are welcome. Thank you.
Luca Belli: Thank you very much, Leandro. And to bring this very interesting initiative into the picture and also to highlight that there are challenges, right? It’s a work in progress. And one of the challenges also is to make this adopted by the local community members and to educate them in order to understand that there is this could be a solution for a problem. And as we were mentioning at the very beginning of this session, education, capacity building, and cyber hygiene, to some extent, is very important. So it’s very good that we have here Tant Svortunov speaking about the cyber education and cyber security capacity building. He has been leading in Kyrgyzstan. So please, Tant, the floor is yours. That’s OK.
Talant Sultanov: Thanks so much, Luka. It’s a pleasure to be here to present the case of the Kyrgyz Republic. I’m wearing the hat of a global digital inclusion partnership where I’m working as a policy advocacy advisor. And I’m happy that Luka is a board member. this organization is implementing an initiative called Women in Digital Economy Fund implemented by several organizations, CARE, GSMA, and GDIP. Osama is actually in the advisory board of Women in Digital Economy Fund, so two of my bosses are in this panel, so I better make a good presentation. And the GDIP and Women in Digital Economy Fund identified five core areas where there is a biggest issue with gender gap, and two are related to one is access and affordability, and the second is safety and security, and I’m glad that in this session we are talking about these two issues. And in Kyrgyzstan we have launched community networks, and actually we call Osama the godfather of Kyrgyzstan’s community networks, so he mentioned I think 380 CNs maybe, we can say plus two or three in Kyrgyzstan to this map. And what we felt is that once we are connecting the people to the internet for the first time, they are very trusting of the internet, they believe everything that they see there, they believe the people who are there, and we felt responsibility that if we are helping people to get online, we also should equip them with information and skills on being safe on the internet. And that’s why we in parallel launched a project called Tech for Society or Technology for Society, where we have initiated several activities. One is a help desk where citizens and civil society organizations can call and get advice if they are having any issues with cyber security, and the logic here was that for example private sector can hire cyber security experts, government agencies they have specialized agencies that protect them, but the civil society organizations and ordinary citizens often left vulnerable, and we thought that we should also help protect through the help desk. Second activity that we are doing is cyber hygiene trainings and training of trainers in local levels, so that then they can continue helping the local communities. And the way we are delivering these messages is oftentimes through traditional storytellers, because we are, as Osama mentioned earlier, working with rural communities, and for example these storytellers would explain in very basic terms what cyber hygiene means. So one storyteller said that when you leave your house, you lock your door not once, but twice. Your door and the gate. Same with the password. You should have at least two-factor authentication and a very strong key. Otherwise, your phone can be broken very quickly. And in addition to these activities, we are doing also research. One research we did is on cyber forensics. And we wanted to see if government is actually prepared to deal with cyber crimes. And we developed some recommendations for our policymakers and regulators in this area. And not to take too much time, I just wanted to conclude with several principles that we have been using in our work. One was rural first. So all our work is focused on rural communities. Second is a local language first. So there are lots of materials if you speak, for example, English or Russian is a lingua franca for us. But in Kyrgyz language, which is our local language, there is very little info. So we’ve been doing a lot of information in a Kyrgyz language. And another main principle that we’ve been employing is girls first. So all the activities that we are designing, they should be convenient, safe, and interesting to girls and women in rural communities so that they could be better protected. And with that, I’d like to conclude my part and be ready to respond to questions later on.
Luca Belli: Excellent. So as the next segment of the session will be primarily dedicated to data-driven health technology, I think it would be good now to open the floor for comments, reactions, questions from the floor. If you have any, feel free not to be shy and to raise your hand and ask if a microphone can be… Yes, we have a question here and three questions. Could we kindly ask to… Well, I will give you my mic because I am British. Can we bring a mic for the…
Audience: Am I audible? Yeah. Thank you. A nice presentation from everyone. I have a question for Sanathya if I’m pronouncing it right. I’m interested to know what kind of cybersecurity model have you implemented? The narration that you have, the experience and the narration that you have put the story from your ISPs was nice, but I’m curious more on what kind of models have you implemented in the regulatory processes?
Renata Santoyo: Thank you. Actually, as a regulator in Brazil, we have a working group in cyber because we are not really responsible for cybersecurity. For example, we are more focused on cyber safety and we have different institutions and each one of them has different responsibilities. So we have the army with their responsibilities. We have presidency with their responsibilities and in Anatel, we specifically, we feel focused more in safety. As I told before, you have this manual and with some guidelines that try to educate. It’s focused more in meaningful connectivity as trying to open mind to how to defend yourself when you are using the basic risks, the base cares you need to have. So as a regulator, our responsibility is more focused on this one, on this. Are this material openly accessible to complex? Yes, it is. I just, I’m not sure if it’s on a website. Our website, it’s Anatel, that’s the name of regulator. But yeah, and I’m sure it’s in Portuguese, but unfortunately, I’m not sure if it’s available in English. But yes, it’s all available. Yeah, I can, I don’t know how can I share. I can share like, I can share with you after the session. No problem.
Audience: Thank you.
Renata Santoyo: Thank you.
Luca Belli: Just to, can I just make a quick compliment also to mention that besides making sure that equipment that is used in Brazil is if role of Anatel, also there is a regulation on cybersecurity in the telecom sector that provide, that define specific obligations such as having a cybersecurity policy or having audits of your equipments or having the obligation for providers to change the default password because some of the largest cyber attacks that happened in the past, Mirai attack in Germany, it basically infected 1 million routers in one weekend simply because the seller of the routers had kept the default password. And this was very easy for attackers to identify and then to penetrate the network. So having an obligation, a regulatory obligation to change this is a very simple step that can make a huge difference. So that is, again, most of the steps that help increase cybersecurity are not rocket science and having a regulator that prescribes them, it’s an enormous step forward. I see there is another question there and then there’s a gentleman here. Yes, thank you.
Wout de Natris: My name is Wouter Natris and I’m a consultant in the Netherlands, but I run one of the dynamic coalitions here on internet standards, security and safety. And I think what you’ve just been saying is exactly what we’re trying to promote. As no matter how good the initiatives we’ve been hearing are, this one girl and the whole villages is still a botnet. So yes, we have to train at that level, but at the same time, they’re vulnerable because the service providers higher up do not have a routing security or do not have a DNSX security or they don’t have whatever. So people can be attacked where they don’t have any. influence at all. I can’t change my network to DNS security or put in a routing security or whatever. So I think that that is where other institutions have to become more proactive to not perhaps regulate in a traditional sense with fines or whatever, but in the way to expose weaknesses in networks. And I’ll make a little promotion here, but I’ve been asked to become the coordinator of a community that’s going to be started next year on internet.nl. And internet.nl is a tool, and look it up, internet.nl, and then put in your local bank, for example, and see how secure it is or it isn’t. If we bring organizations together that’s going to implement this tool, it’s going to expose the weaknesses of your institutions and of your internet service providers, etc. And that also means that they become accountable because it becomes visible. And we have to train people not to be gullible, but on the other hand, we have to make the tech organizations, whether they’re small or big or small, more accountable to the tasks that they have and that one of them should be protecting us as end users. So when you move forward with this initiative, I would suggest that you have these two components in it. You keep training, tremendously important, but also start exposing. And when you expose, people become accountable. Thank you.
Luca Belli: This is an excellent comment. And actually the fact, I mean, if we want to add an additional layer on top of your comments, besides training and also making accountable, it’s also, in my experience, also facilitate to some extent the creation, the integration of these practices, which have a cost. So let’s also be honest about it. The reason why most devices or most services may not be cyber secure is because cyber security has a cost and the consumer do not perceive this as a criterion of quality. When they buy something, they want the shiny features. They don’t necessarily want the most secure object or service. And if the most secure object and service costs more, they will go for the cheaper one. And if we want to apply this logic to community networks, they are usually created with very cheap Wi-Fi equipment and not necessarily the most secure, right? So something that actually is very interesting also in Brazil is that if you have costs for cyber security now in Brazil, you can declare them in your fiscal declaration as costs that are deduced from what you have to pay, which is an enormous incentive. Very few people know it actually in Brazil, but actually there is a very… If cyber security becomes a fiscal advantage, then a lot of more people will do it. Because people, I mean, from the individual to the large corporation, their rationale is driven by costs. If something is very costly, even if it is an excellent thing, most people maybe will not have the resource to do it. I think that adding this very interesting discourse, also the fact of help facilitating achieving the regulatory result with financial help or tax cuts could be a very interesting further element. Yes, sir.
Momodu Sombai: Thank you for the lecture. My name is Momodou Sombay. I’m from Liberia, West Africa. I work with a regulator in Liberia, the government. So I was kind of thinking with the community networks, how can we learn from experience, so are you willing to lend us some of the knowledges that you have given, if and when we ask you, or are you willing to help other, like in Africa or in other countries? Thank you.
Luca Belli: You know, there is a thriving community network community, like in South Africa, we can put you in contact with some of the members of this quality work there. I don’t know if talent, because talent has been focusing on Kyrgyzstan, but his work is global. So and then maybe Anatel wants to do a partnership with their Liberian counterpart. We have here two representatives, so we can discuss this. But I’m pretty sure that talent could be your man here.
Talant Sultanov: Yeah, thanks so much. It’s actually a very good question. I’m very glad that you asked. The Women in Digital Economy Fund, where I’m working, areas in addition to funding for women-led organizations is a policy advocate. focusing on governments in Africa and Asia. And we are publishing this document that’s a collection of case studies from around the world on best practices. And one, we would like to disseminate it more widely. I’ll share the link. And also we’d like to collect other promising practices from around the world to learn from. So, yes, we’d like to share the experiences that could be interesting and relevant to you and also learn from you as well. Maybe after the meeting we can exchange contacts. And also I wanted to add one interesting fact about the cost that you mentioned. So in Kyrgyzstan they decided to block TikTok. And because it’s such a popular application, people still want to access it and they’ve been downloading VPN to be able to. And, of course, they are not downloading the paid quality VPNs, they are downloading the free ones which come with all kinds of viruses and junk and they are actually becoming more exposed to dangers than before it was blocked. So that was an interesting lesson for us.
Luca Belli: Thank you for this talent. Now, I think I’m mindful of time and we still have 40 minutes and we have now the, or maybe less, 30 minutes and we have to get into, exactly 30 minutes, and we have to get into the second segment. Can we have again our online speakers on the screen? Can we have our online speakers on the screen? I saw that also Amali. Amali, do you want to provide some introductory remarks to the second segment? Yes. Can we have Amali?
Amali De Silva Mitchell: Yes, please. So I’m the coordinator of the Dynamic Coalition on Data-Driven Health Technologies. I’m located with the IGF as well. And we have a team here. We have Dr. Huda Chehi. We have Yon Abkut. He should be a co-moderator with me online. I think Dr. Amado may not be with us right now. So what we are is we are a group that looks from the patient or really grassroots level user of the internet services to gain health information. Either it’s getting the information or it’s connecting. We all know of the telemedicine that we had recently with COVID. It became very important to use the internet connections to get services maybe from a doctor, maybe from the pharmacy and so forth. Now, for us, when we see reaching the last mile, it means rural areas. It also means communities, vulnerable communities in urban areas who can’t afford to get the service from an expensive telecom. So they often will use a community internet service to get this information or have this access with the doctors and the pharmacy and so forth. We also have people like the local doctor and the local pharmacy. They may also be using just the community network. Now we’re dealing with health data. It’s highly confidential data. And so we are very concerned of the level of security. And it was wonderful to hear all about the initiatives that all of you spoke about. So that’s really something wonderful for us to hear. So that’s just a little spiel on who we are and we welcome everyone to join us. So we are very much grassroots. We’re very much the end user supporting healthcare services. I’m going to pass this on to Yon, actually.
Luca Belli: Just perhaps before Huda Chihi gives his presentation, if you can spend five minutes, I think there was a couple of questions from our own team as well and perhaps some other online questions. Over to you, Yon. Hello, Yon?
Jörn Erbguth: Yes, I’m switching on. Basically, you said it already, privacy is a major concern in health and when data is used for commercial purposes, of course, this is a concern that we should base this on informed consent and not have it done without the consent of the patients.
Amali De Silva Mitchell: Joao, while you were there, would you like to share a comment? Dr. Joao Gomes, are you there?
Luca Belli: Is Joao Gomes here? He must be here with us or online?
Amali De Silva Mitchell: Online, he’s online.
Luca Belli: Do we have Joao Gomes online? We do, we do. Can you allow Joao Gomes to speak? Can you allow Joao Gomes to speak, please? There is a speaker online called… The name is Joao…
Jörn Erbguth: I don’t see that speaker currently. Maybe his connection broke down.
Luca Belli: So, we don’t have Joao Gomes. Alright, okay. Do we have any other speaker from the Coalition on Data-Driven Health Technologies? Do we have any other speaker?
Amali De Silva Mitchell: Dr. Huda Chihi, please. Fantastic. Introduce herself.
Dr. Houda Chihi: Hello, could you hear me, please?
Luca Belli: Very well. Go ahead.
Dr. Houda Chihi: OK. Thank you so much. Hello, everyone. So thank you so much, Emily, for this great introduction. It’s a pleasure participating in such an amazing session. And thank you for joining us. So let me start by sharing my screen and see if it is visible. Could you see it? We are seeing it on the screen, yes. Fantastic. OK, that’s great. OK, that’s great. OK, so my today’s presentation is about cybersecurity tips and recommendations for digital health. First of all, let me start by presenting the roadmap or the content of today’s presentation. I will start by the context. Next, I will highlight the tech solution for health care. After that, I will present what are the different types of cyberattacks in health care sector. After that, I will come up to the importance of cybersecurity in health care. And I will sum up by the different tips and recommendation and best practices for cybersecurity in health care. And I will present the importance of artificial intelligence integration in health care. And by the end, I will conclude by the different key takeaways of my presentation. In fact, here we speak nowadays of a paradox of digitalization. In one side, health care services improvement with the digitalization, but we find also some threats coming up behind this digitalization. So another important thing is we find that there is a transition of health care services due to autonomous application, lots such as artificial intelligence and machine learning that we will see in further slides. And we speak especially due to COVID-19 in different kind of cyber crimes, which is the result of e-health or remote and virtual application of e-health care. So another important issue is there is a lack of awareness and lack of cybersecurity tools application in health care sectors. So, and we find that the majority of health care centers using the legacy tools, which is useless due to a rise of new and emergence of cyber attacks. Every day we find emerging of new threats, especially in health care sectors, because it’s the threat, the life of patients is very important. So nowadays we speak about ransomware as a service. So it’s a very dangerous. For health care sector. Another important center is that they don’t have enough budget to improve their health care infrastructure that we will highlight in next slides with more details. So what are the tech solution application in health care sector? So we speak about, so virtual reality, extended reality or the metaverse application in health care sector. We speak about the blockchain application, the artificial intelligence. intelligence, machine learning, telemedicine, which is based in the data storage of patients in the cloud. And we speak the different of e-health, which is enabled basically in the application of internet of medical things. So all of this technology, so improve the healthcare services due to and make the healthcare services for both the doctors and the patients who suffer from disability, or older people who came to move to hospitals. So in particular, and the application of internet of medical things enable the remote of medical operation and improves the experience of patients. So here we highlight the importance of digitalization, but in other side, it’s very important if we take care of the security threats that we will highlight in the next slide. So digital ecosystem is very important for both patients and both medical sector, but because it’s enabled like a landscape of exchange and opportunity of improving the quality of digital healthcare services. But to improve more the quality of healthcare services, we need to improve the collaboration between the virtual labs and the IT experts that we help healthcare staff to improve the infrastructure with the low costs. And another important thing is we need to improve the skills of healthcare staff to understand the importance of the application and of digital services in safe way without harming the patient life and without harming the infrastructure and leading to disruption of digital healthcare services. So here the digitalisation role here is very important in terms of customer optimisation, quality, service quality improvement and the patient experience improvement. Here another important thing that we need to highlight is the importance is of the adoption and collaboration with the operator or ISPs offering high quality of connectivity such as 5G and beyond to for example that help us to improve services if we are in, if we speak about healthcare in metaverse. So let’s speak now about the facing challenges is we speak about the digital device especially for hospital or rural areas they don’t have the enough connectivity to adopt and to exploit the different digitalisation services. We speak about bias and inequality. Here to overcome such kind of problem we have to convince decision makers, regulators and policies. policy makers to help these rural areas hospitals to have enough connectivity and to exploit and the benefit of digitalization. And another challenge is nowadays with the importance of digitalization, we can’t, we don’t know the different number of connected devices in healthcare sectors, which is a very critical issue. So another challenge is related to cyber security skills gap. So we have to teach all end users, whether it is patients or medical sectors or staff, the importance of exploiting the digital technologies in a safe way, especially when we hear, when we speak about healthcare sectors and as cyber security is very important and it can help us to create more values rather than be suffering from threats of cyber attacks. Another important issue is to take care of the trust of our patient if we overcome the problems of security and cyber attacks. And we can overcome also the problem of financial problems, especially if we open the door for around somewhere that we take, we demand a lot of money if they have access to our data. So here we have three pillars. So we have to teach staffs too about the importance of cyber security. By this way, they will have enough skills to secure the budget of the healthcare sectors. So let’s highlight in this slide or in this step the different cyber attacks that all hospitals or healthcare sectors, they can suffer from it. We speak about distribution, distributed denial of services attacks. It is about digital tasks disruption. I mentioned that we have healthcare staffs doing an operation online or conversation with a patient and we have cyber attacks. So we will have automatic disruption of the operation. And another kind of attacks is related to the overall supply chain. Another kind of cyber risk is related to authorization access to patient data. So some crimes, a kind of cyber crimes is to have access to patient data and they will demand a huge money because they have a different information of the healthcare sectors. So we speak about here of two kinds of threats. We find it’s about external threats. If we speak about the doors or authorization access to patients that data, or attacks related to supply chain. Another kind of cyber attacks is inside attacks is related to healthcare staff behavior, like phishing emails, they open different kinds of URLs without taking without any attention or verification. And they use simple and easy passwords that cybercrimes can find a way to open their emails and have all the data of the overall healthcare organization. Another important thing is the lack of security of healthcare clouds, because with digitalization, the data of different healthcare centers will be stored in the cloud. And if we don’t enable or we don’t do the healthcare cybersecurity tips and recommendations that I will share in further slides, we will lose all our data. Another important risk is the lack of configuration of the different softwares that we exploit in digital healthcare sectors. So here, nowadays, with digitalization, healthcare is about data. So we have to know how to secure this data to save all the healthcare sectors. So here, let’s start by understand step by step, what is the cybersecurity about? It’s about the confidentiality, availability, integrity of the information, we should take care of the information and it is about safety of both the hard and the soft to enable any resiliency of healthcare services and to overcome any problem of disruption. So it’s about redirection of cybersecurity for value creation to healthcare sector. So another important thing that we should understand is the use of telemedicine or e-health in a responsible way and it is about the use and the integration of any digitalization with responsibility. We should test any new technology and any with all the cybersecurity so recommendation before deploying and expose it to all the staff. We should also upgrade continuously regularly all our software and medical devices to support all advanced security tools because vendors always add new features so we should have the necessary infrastructure that supports these upgrades. And another important issue to not lose our data and to not open the door for a ransomware as a service we should always back up and do the necessary storage strategies in the way that we secure our data and we don’t enable others to theft it or to take it. and after that exchange with us and demand a huge amount of money to return our gift. Sorry, hold on. Can we ask you to wrap up? Okay, okay. I forget about the time, sorry. So let’s move to hospital. The importance of hospital IT infrastructure security is about modernization of the IT medical sector. Another important issue is about network segmentation. It is recommended to segment the network and to use virtual private networks and to enable smart spam filtering. Another important thing is to do continuous check of any new device is about adopting zero trust approach. And we should have visibility of all endpoints connected to the internet and used in healthcare sector, of course. We should have the leadership and the mindset shift toward the importance of cyber security and to adopt the necessary policies and decision making toward the cyber security strategy implementation in healthcare sector. And for staff, it’s important or patient or end user in general is important to adopt the strategy of multi-factor authentication and regular password updates. And it’s important to adopt accurate configuration of different softwares and firewall in continuous way. And another important thing. just to wrap up, is to use, to collaborate with operator and vendors of trusts and operator or ISPs that have shown mature security, cyber security solution, for example, who have provided or adopting DNSSEC implementation, which is a protocol of advanced protocol of cyber security. Another important thing is to benefit of artificial intelligence in healthcare. So it’s important to adopt the antiviruses that adopt or integrate artificial intelligence and machine learning because they enable autonomous and advanced monitoring or facing to any threats of cyber attacks. It helps also to improve the threat hunting and threat intelligence assessment. So another important thing we should…
Luca Belli: Hello, Huda. Online, we can’t hear you. Yeah, we cannot hear Huda anymore. But thanks to this very extensive presentation on cyber security tips, risks and tips, I think this is the best possible way to conclude our panel.
Dr. Houda Chihi: Okay. Could you hear me now? Yes.
Luca Belli: Yes, because I forget to… You demanded something to reactivate my micro and I missed it.
Audience: So I can continue with this?
Dr. Houda Chihi: Yes, yes, yes. No, no. I have just a few slides. Yeah, I think we really have to wrap up now. Okay. So just to wrap up, I… spoke about the importance of artificial intelligence integration in healthcare, but in a responsible way. It’s enabled advanced threats or attacks detection in a proactive way, but it should be implemented and integrated in a responsible way to overcome any problem of bias which is basic.
Luca Belli: All right, fantastic. So I think that we now it’s time to wrap up because we are we are almost being kicked out of this room. So we really have to conclude. And also as I have to go to another five minutes, I will have four minutes to go to the toilet between one session. So thank you very much. I would like to really to thank all the participants for their very insightful inputs and for their very good contribution for this session. I also want to remind those who are here with us that you have you can take your complimentary copy of this report that I edited with Dr. Senka Adzic and with the participation of many of the speakers of today on cybersecurity and community networks. The copies are here for you. If you want, you can download them from the website comconnectivity.org where you can find all the material that could be interesting for you and the Liberian regulator. So yes, we are fine with the workshop of today. Excellent discussion. Thank you very much to everyone and see you next year. Bye bye. Yeah. Okay? Thank thank you
Osama Manzar
Speech speed
150 words per minute
Speech length
1006 words
Speech time
400 seconds
Community networks connect underserved areas but face cybersecurity challenges
Explanation
Community networks provide internet access to areas underserved by traditional telecom providers. However, these networks face cybersecurity challenges due to the lack of technical expertise among users and providers.
Evidence
Manzar mentions 280 community networks in India that his organization has helped establish.
Major Discussion Point
Community Networks and Cybersecurity
Agreed with
Renata Santoyo
Leandro Navarro
Agreed on
Community networks face unique cybersecurity challenges
Critical digital literacy is needed for users of community networks
Explanation
Users of community networks, often first-time internet users, need critical digital literacy skills to protect themselves online. This includes understanding basic cybersecurity practices and being aware of online threats.
Evidence
Manzar gives examples of users falling for phishing scams and losing money from their bank accounts due to lack of awareness.
Major Discussion Point
Cybersecurity Education and Capacity Building
Agreed with
Renata Santoyo
Talant Sultanov
Dr. Houda Chihi
Agreed on
Importance of cybersecurity education and capacity building
Differed with
Renata Santoyo
Dr. Houda Chihi
Differed on
Focus of cybersecurity efforts
Renata Santoyo
Speech speed
125 words per minute
Speech length
1001 words
Speech time
478 seconds
Regulatory approaches should be asymmetric to facilitate community networks
Explanation
Regulators should apply different rules to community networks compared to large telecom providers. This asymmetric approach helps facilitate the development of community networks by reducing regulatory burdens.
Evidence
Santoyo mentions that Brazil’s regulator Anatel treats community networks as ‘restricted interest’ services with fewer obligations than ‘collective interest’ services.
Major Discussion Point
Community Networks and Cybersecurity
Agreed with
Osama Manzar
Leandro Navarro
Agreed on
Community networks face unique cybersecurity challenges
Regulators provide guidelines and manuals on cybersecurity best practices
Explanation
Telecom regulators create and distribute guidelines and manuals on cybersecurity best practices. These resources help educate users and providers about cybersecurity risks and mitigation strategies.
Evidence
Santoyo mentions that Anatel has developed basic guides on cybersecurity accessible to lay people, covering topics like data protection and account control.
Major Discussion Point
Cybersecurity Education and Capacity Building
Agreed with
Osama Manzar
Talant Sultanov
Dr. Houda Chihi
Agreed on
Importance of cybersecurity education and capacity building
Differed with
Osama Manzar
Dr. Houda Chihi
Differed on
Focus of cybersecurity efforts
Brazil has implemented asymmetric regulation for community networks
Explanation
Brazil’s telecom regulator Anatel has implemented regulations that treat community networks differently from large telecom providers. This approach aims to reduce regulatory burdens and facilitate the development of community networks.
Evidence
Santoyo describes specific regulatory proposals, such as anticipating benefits for community networks and prioritizing non-monetary penalties.
Major Discussion Point
Regulatory and Policy Approaches
Leandro Navarro
Speech speed
138 words per minute
Speech length
1227 words
Speech time
532 seconds
Decentralized digital identities can help secure community networks
Explanation
Decentralized digital identities and verifiable credentials can enhance security in community networks. This approach allows for secure identification and authentication of network users without relying on centralized authorities.
Evidence
Navarro presents a technical explanation of decentralized identifiers (DIDs) and verifiable credentials, giving examples of how they can be used in community networks.
Major Discussion Point
Community Networks and Cybersecurity
Agreed with
Osama Manzar
Renata Santoyo
Agreed on
Community networks face unique cybersecurity challenges
Talant Sultanov
Speech speed
156 words per minute
Speech length
873 words
Speech time
334 seconds
Rural-first and local language approaches are important for cybersecurity
Explanation
Cybersecurity initiatives should prioritize rural areas and use local languages. This approach ensures that cybersecurity education reaches underserved communities and is easily understood by local populations.
Evidence
Sultanov describes initiatives in Kyrgyzstan that focus on rural communities and deliver cybersecurity messages through traditional storytellers in local languages.
Major Discussion Point
Community Networks and Cybersecurity
Storytelling and local trainers help deliver cybersecurity messages
Explanation
Using storytelling techniques and local trainers can effectively convey cybersecurity concepts to rural communities. This approach makes complex cybersecurity ideas more accessible and relatable to the target audience.
Evidence
Sultanov gives an example of a storyteller explaining two-factor authentication by comparing it to locking both a door and a gate.
Major Discussion Point
Cybersecurity Education and Capacity Building
Agreed with
Osama Manzar
Renata Santoyo
Dr. Houda Chihi
Agreed on
Importance of cybersecurity education and capacity building
Dr. Houda Chihi
Speech speed
99 words per minute
Speech length
1943 words
Speech time
1167 seconds
Telemedicine and e-health services face cybersecurity risks
Explanation
The increasing use of telemedicine and e-health services introduces new cybersecurity risks. These risks include unauthorized access to patient data, disruption of digital healthcare services, and attacks on the healthcare supply chain.
Evidence
Chihi lists various types of cyberattacks that healthcare sectors can suffer, including distributed denial of service attacks and supply chain attacks.
Major Discussion Point
Cybersecurity for Digital Health
Healthcare staff need cybersecurity skills training
Explanation
Healthcare staff require training in cybersecurity skills to protect patient data and maintain the integrity of healthcare systems. This includes understanding basic security practices and recognizing potential threats.
Evidence
Chihi mentions the importance of teaching staff about the importance of cybersecurity and providing them with necessary skills.
Major Discussion Point
Cybersecurity Education and Capacity Building
Agreed with
Osama Manzar
Renata Santoyo
Talant Sultanov
Agreed on
Importance of cybersecurity education and capacity building
Healthcare organizations need to modernize IT infrastructure security
Explanation
Healthcare organizations must update and modernize their IT infrastructure security to protect against evolving cyber threats. This includes adopting advanced security tools and implementing best practices like network segmentation.
Evidence
Chihi recommends strategies such as network segmentation, adopting a zero-trust approach, and continuous monitoring of connected devices.
Major Discussion Point
Cybersecurity for Digital Health
Differed with
Osama Manzar
Renata Santoyo
Differed on
Focus of cybersecurity efforts
Artificial intelligence can help with proactive threat detection in healthcare
Explanation
Artificial intelligence and machine learning can enhance cybersecurity in healthcare by enabling proactive threat detection. These technologies can improve threat hunting and intelligence assessment capabilities.
Evidence
Chihi mentions that AI-integrated antiviruses can provide autonomous and advanced monitoring against cyber threats.
Major Discussion Point
Cybersecurity for Digital Health
Jörn Erbguth
Speech speed
92 words per minute
Speech length
60 words
Speech time
38 seconds
Patient data privacy and consent are major concerns
Explanation
The use of patient data for commercial purposes raises significant privacy concerns. It is crucial to ensure that any use of patient data is based on informed consent.
Major Discussion Point
Cybersecurity for Digital Health
Wout de Natris
Speech speed
150 words per minute
Speech length
348 words
Speech time
138 seconds
Exposing weaknesses can make organizations more accountable
Explanation
Publicly exposing cybersecurity weaknesses in organizations can increase accountability. This approach can motivate organizations to improve their security practices and protect end-users more effectively.
Evidence
De Natris mentions a tool called internet.nl that can be used to check the security of websites and expose weaknesses.
Major Discussion Point
Regulatory and Policy Approaches
Luca Belli
Speech speed
138 words per minute
Speech length
3404 words
Speech time
1478 seconds
Fiscal incentives can encourage cybersecurity investments
Explanation
Providing fiscal incentives, such as tax deductions for cybersecurity investments, can encourage organizations to improve their security practices. This approach recognizes that cybersecurity measures have a cost and aims to offset that cost through financial benefits.
Evidence
Belli mentions that in Brazil, cybersecurity costs can be declared in fiscal declarations as deductible expenses.
Major Discussion Point
Regulatory and Policy Approaches
Momodu Sombai
Speech speed
94 words per minute
Speech length
77 words
Speech time
48 seconds
Collaboration between regulators can help share best practices
Explanation
Collaboration between telecom regulators from different countries can facilitate the sharing of best practices in community network regulation and cybersecurity. This can help countries learn from each other’s experiences and improve their own regulatory approaches.
Major Discussion Point
Regulatory and Policy Approaches
Agreements
Agreement Points
Importance of cybersecurity education and capacity building
Osama Manzar
Renata Santoyo
Talant Sultanov
Dr. Houda Chihi
Critical digital literacy is needed for users of community networks
Regulators provide guidelines and manuals on cybersecurity best practices
Storytelling and local trainers help deliver cybersecurity messages
Healthcare staff need cybersecurity skills training
Multiple speakers emphasized the need for cybersecurity education and capacity building, particularly for users of community networks and healthcare staff. They agreed on the importance of making cybersecurity concepts accessible through various means, including guidelines, storytelling, and local language approaches.
Community networks face unique cybersecurity challenges
Osama Manzar
Renata Santoyo
Leandro Navarro
Community networks connect underserved areas but face cybersecurity challenges
Regulatory approaches should be asymmetric to facilitate community networks
Decentralized digital identities can help secure community networks
Speakers agreed that community networks, while crucial for connecting underserved areas, face specific cybersecurity challenges. They discussed various approaches to address these challenges, including asymmetric regulation and innovative technical solutions like decentralized digital identities.
Similar Viewpoints
Both speakers highlighted the importance of regulatory and fiscal approaches to encourage cybersecurity improvements and support community networks. They emphasized the need for tailored policies that recognize the unique challenges faced by different types of network providers.
Renata Santoyo
Luca Belli
Brazil has implemented asymmetric regulation for community networks
Fiscal incentives can encourage cybersecurity investments
Unexpected Consensus
Importance of local context in cybersecurity approaches
Osama Manzar
Talant Sultanov
Dr. Houda Chihi
Critical digital literacy is needed for users of community networks
Rural-first and local language approaches are important for cybersecurity
Healthcare organizations need to modernize IT infrastructure security
Despite coming from different sectors (community networks, rural development, and healthcare), these speakers all emphasized the importance of considering local context and tailoring cybersecurity approaches accordingly. This unexpected consensus highlights the universal need for context-specific cybersecurity strategies across various domains.
Overall Assessment
Summary
The main areas of agreement included the importance of cybersecurity education and capacity building, the need for tailored approaches to community networks, and the recognition of local context in cybersecurity strategies. Speakers from diverse backgrounds found common ground on these issues, suggesting a growing consensus on the importance of inclusive and context-specific cybersecurity approaches.
Consensus level
There was a moderate to high level of consensus among the speakers on key issues. This level of agreement implies a growing recognition of the importance of cybersecurity in various contexts, from community networks to healthcare. It also suggests that future policy and regulatory approaches may need to consider these shared perspectives, particularly in addressing the needs of underserved communities and sectors.
Differences
Different Viewpoints
Focus of cybersecurity efforts
Osama Manzar
Renata Santoyo
Dr. Houda Chihi
Critical digital literacy is needed for users of community networks
Regulators provide guidelines and manuals on cybersecurity best practices
Healthcare organizations need to modernize IT infrastructure security
Speakers emphasized different aspects of cybersecurity: Manzar focused on user education, Santoyo on regulatory guidelines, and Chihi on modernizing infrastructure.
Unexpected Differences
Overall Assessment
summary
The main areas of disagreement were in the approaches to cybersecurity education and the focus of cybersecurity efforts in community networks and healthcare.
difference_level
The level of disagreement among speakers was relatively low. Most speakers agreed on the importance of cybersecurity in community networks and healthcare, but had different emphases on how to address the challenges. This suggests a need for a multi-faceted approach to cybersecurity that incorporates user education, regulatory guidelines, and infrastructure modernization.
Partial Agreements
Partial Agreements
Both speakers agree on the importance of educating users about cybersecurity, but differ in their approaches. Santoyo advocates for regulatory guidelines, while Sultanov emphasizes storytelling and local trainers.
Renata Santoyo
Talant Sultanov
Regulators provide guidelines and manuals on cybersecurity best practices
Storytelling and local trainers help deliver cybersecurity messages
Similar Viewpoints
Both speakers highlighted the importance of regulatory and fiscal approaches to encourage cybersecurity improvements and support community networks. They emphasized the need for tailored policies that recognize the unique challenges faced by different types of network providers.
Renata Santoyo
Luca Belli
Brazil has implemented asymmetric regulation for community networks
Fiscal incentives can encourage cybersecurity investments
Takeaways
Key Takeaways
Community networks face unique cybersecurity challenges due to limited resources and technical expertise
Regulatory approaches should be asymmetric to facilitate community networks while still ensuring basic security
Cybersecurity education and capacity building are critical, especially for rural and underserved communities
Digital health technologies bring benefits but also significant privacy and security risks that must be addressed
Collaboration between regulators, communities, and technology providers is important for improving cybersecurity
Resolutions and Action Items
Brazil’s regulator Anatel to make cybersecurity guidelines and manuals publicly available
Women in Digital Economy Fund to share case studies on best practices for community networks
Dynamic Coalition on Data-Driven Health Technologies to continue work on cybersecurity recommendations for digital health
Unresolved Issues
How to balance the need for cybersecurity with the resource constraints of community networks
Specific mechanisms for international knowledge sharing on community network cybersecurity
Funding models to support cybersecurity improvements in resource-limited settings
How to effectively implement AI-based cybersecurity in healthcare while addressing bias concerns
Suggested Compromises
Using asymmetric regulation to reduce compliance burden on community networks while maintaining basic security standards
Leveraging local storytellers and trainers to deliver cybersecurity education in culturally appropriate ways
Offering tax incentives to encourage cybersecurity investments by organizations and individuals
Thought Provoking Comments
Internet is global, but users are local. Again, internet is global, but community networks are local. Not only local, it’s hyper-local. And not only hyper-local, but it is used by those who are otherwise unserved by the telcos.
speaker
Osama Manzar
reason
This comment insightfully frames community networks as a hyper-local solution to a global technology, highlighting their unique role in serving underserved populations.
impact
It set the tone for discussing community networks as grassroots initiatives tailored to local needs, leading to further exploration of their challenges and benefits.
The cyber safety, cyber security, and cyber data protection is not only a subject of top-down model, it is a subject of bottom-up social and behavioral norms based cyber capacity building, and somehow, that is not taken into consideration in most of the planning.
speaker
Osama Manzar
reason
This comment challenges the traditional top-down approach to cybersecurity, emphasizing the importance of local context and user behavior.
impact
It shifted the discussion towards the importance of education and capacity building at the local level, leading to examples of community-based cybersecurity initiatives.
We have a very asymmetric relationship with this comparing community networks to big providers or small providers because we are not treating them as an equal. And so it’s a possibility to develop more and more the community networks.
speaker
Renata Santoyo
reason
This comment highlights the regulatory challenges and opportunities in supporting community networks, recognizing their unique position compared to traditional providers.
impact
It led to a discussion of specific regulatory measures to support community networks, showing how policy can be adapted to encourage local initiatives.
We have seen that it’s possible to make it work, although complex, of course. And then, well, I mean, just that many things about the challenges, of course, we are not finished with this. We have just started one year ago.
speaker
Leandro Navarro
reason
This comment realistically assesses the progress and challenges in implementing decentralized digital identity for community networks, acknowledging both achievements and ongoing work.
impact
It prompted a more nuanced discussion of the technical and practical challenges in implementing advanced security measures in community networks.
So in Kyrgyzstan they decided to block TikTok. And because it’s such a popular application, people still want to access it and they’ve been downloading VPN to be able to. And, of course, they are not downloading the paid quality VPNs, they are downloading the free ones which come with all kinds of viruses and junk and they are actually becoming more exposed to dangers than before it was blocked.
speaker
Talant Sultanov
reason
This comment provides a concrete example of how well-intentioned security measures can have unintended consequences, exposing users to greater risks.
impact
It highlighted the complexity of cybersecurity policy decisions and their real-world impacts, leading to a discussion on the importance of considering user behavior in security planning.
Overall Assessment
These key comments shaped the discussion by emphasizing the local and human aspects of cybersecurity in community networks. They shifted the conversation from purely technical solutions to a more holistic approach that considers regulatory frameworks, user education, and the unique challenges faced by community-driven initiatives. The discussion evolved to highlight the importance of bottom-up approaches, adaptive regulations, and the need to balance security measures with practical realities of user behavior and local contexts.
Follow-up Questions
How can community networks implement cybersecurity measures with limited resources?
speaker
Luca Belli
explanation
Community networks often use cheap equipment and have limited funds, making it challenging to implement robust cybersecurity measures.
How can regulators facilitate the integration of cybersecurity practices in community networks?
speaker
Luca Belli
explanation
Regulators could potentially provide financial incentives or tax cuts to encourage the adoption of cybersecurity measures in community networks.
How can the experiences and knowledge from existing community network initiatives be shared with other countries?
speaker
Momodu Sombai
explanation
There is interest in learning from successful community network implementations to apply these lessons in other regions, particularly in Africa.
How can the cybersecurity skills gap in healthcare sectors be addressed?
speaker
Dr. Houda Chihi
explanation
There is a need to educate all end users, including patients and medical staff, on the importance of cybersecurity in healthcare.
How can artificial intelligence be responsibly integrated into healthcare cybersecurity?
speaker
Dr. Houda Chihi
explanation
AI can enable advanced threat detection, but it needs to be implemented carefully to avoid bias and other issues.
How can community networks ensure compliance with data protection laws?
speaker
Luca Belli
explanation
Many countries have data protection laws, and non-compliance can lead to legal issues for community networks.
How can the adoption of decentralized digital identity systems be encouraged in community networks?
speaker
Leandro Navarro
explanation
Decentralized identity systems could provide secure identification for community network members, but their adoption faces challenges.
Disclaimer: This is not an official record of the session. The DiploAI system automatically generates these resources from the audiovisual recording. Resources are presented in their original format, as provided by the AI (e.g. including any spelling mistakes). The accuracy of these resources cannot be guaranteed.
Related event
Internet Governance Forum 2024
15 Dec 2024 06:30h - 19 Dec 2024 13:30h
Riyadh, Saudi Arabia and online