Day 0 Event #161 Preparing Your Internet to Power the Digital of Tomorrow

Summary

This Day Zero session at the Internet Governance Forum focused on preparing internet infrastructure to support tomorrow’s digital economy, featuring speakers from regulatory bodies, technical organizations, and international development agencies. The discussion emphasized that robust internet infrastructure is a strategic necessity rather than a luxury, requiring collaboration across multiple stakeholder groups.

Norway’s representative highlighted their comprehensive approach, including 99.1% broadband coverage at 100+ Mbps, extensive 5G deployment, enhanced cybersecurity regulations aligned with EU directives, and infrastructure resilience through multiple autonomous transmission networks. Croatia’s regulator discussed the importance of balancing economic efficiency with security resilience, noting the challenge of justifying investments in redundant infrastructure that may only be needed during emergencies. The session emphasized agile regulation that supports innovation while maintaining security and trust.

Technical experts from ICANN and the Number Resource Organization stressed the critical role of multi-stakeholder collaboration in maintaining internet stability. They highlighted the importance of routing security through technologies like RPKI (Resource Public Key Infrastructure), which adds cryptographic verification to internet routing but remains underadopted globally. Smart Africa’s representative showcased continental initiatives like the One African Network project, which aims to eliminate roaming charges across 11 countries and demonstrates successful multi-stakeholder cooperation.

The UNDP presented their Digital Professional Development initiative for the Arab region, addressing the fact that 30% of the region remains unconnected. Their approach focuses on three pillars: promoting IPv6 adoption, supporting Internet Exchange Points (IXPs) for sustainable connectivity, and implementing RPKI for security. Throughout the discussion, speakers consistently emphasized that capacity building, education for general users, and long-term partnerships between governments, private sector, and technical communities are essential for creating resilient internet infrastructure that can support emerging technologies like AI and IoT while bridging the digital divide.

Keypoints

## Major Discussion Points:

– **Infrastructure Investment and Connectivity Goals**: Discussion of national broadband strategies, with Norway achieving 99.1% household coverage at 100+ Mbps and targeting universal gigabit access by 2030, while addressing the challenge that 30% of the Arab region (100+ million people) remains unconnected to the internet.

– **Cybersecurity and Regulatory Frameworks**: Examination of comprehensive security approaches including alignment with EU directives (NIS2, Cyber Resilience Act), implementation of sectoral CERT coordination models, and the balance between economic efficiency and national security resilience requirements.

– **Technical Security Standards and Best Practices**: Focus on routing security through RPKI (Resource Public Key Infrastructure) adoption, with current statistics showing 50-60% prefix coverage but less than 25% of networks fully protected, plus discussion of emerging privacy technologies like encrypted DNS and encrypted client hello.

– **Multi-stakeholder Collaboration Models**: Emphasis on partnerships between governments, regulators, private sector, and technical communities, with examples including Smart Africa’s One African Network project spanning 11 countries and various capacity building initiatives across regions.

– **Capacity Building and Digital Skills Development**: Recognition of the need for both basic digital literacy for general users and specialized technical expertise for network operators, with organizations running hundreds of workshops and training programs to address regional-specific needs.

## Overall Purpose:

The discussion aimed to address how internet infrastructure can be prepared to support tomorrow’s digital economy, focusing on the strategic necessity of technical preparedness rather than treating it as a luxury. The session sought to explore connectivity, security, and policy frameworks needed to create robust internet ecosystems globally.

## Overall Tone:

The discussion maintained a consistently professional and collaborative tone throughout. Speakers demonstrated expertise while acknowledging challenges, and there was a strong emphasis on partnership and shared responsibility. The tone remained constructive and forward-looking, with participants sharing concrete examples and actionable recommendations. Technical difficulties with some remote participants briefly interrupted the flow but didn’t detract from the overall positive and solution-oriented atmosphere.

Speakers

– **Chafic Chaya** – Regional Manager for Public Policy and Government Affairs for the RIPE NCC for the Middle East region, Session moderator

– **Frank Stien** – Representative from Norway’s regulator (Norwegian Communication Authority, NKOM), National CERT background

– **Sofia Silva Berenguer** – Representative from the NRO (Number Resource Organization), coordinates activities of the five RIRs

– **Adiel Akplogan** – Representative from ICANN

– **Rodrigue Guiguembde** – Representative from Smart Africa

– **Zdravko Jukic** – Representative from Croatia’s regulator, currently at BEREC (Body of European Regulators for Electronic Communications), member of Cyber Security and Resilience Working Group

– **Dany Wazen** – Online moderator from Jordan, handles UNDP activities in the region

– **Vinicius Fortuna** – Works at Google Jigsaw on internet access, resilience and privacy

– **Audience** – Unidentified audience member asking questions

Additional speakers:

– **Danny Wazin** – Mentioned as online moderator colleague from Jordan (appears to be the same person as Dany Wazen, possibly different spelling)

– **Ilka** – Mentioned as session reporter

# Preparing Internet Infrastructure for Tomorrow’s Digital Economy: A Comprehensive Discussion Report

## Executive Summary

This Day Zero session at the Internet Governance Forum brought together representatives from regulatory bodies, technical organisations, and international development agencies to examine how internet infrastructure can be prepared to support tomorrow’s digital economy. The session was moderated by Chafic Chaya and featured speakers from Norway’s telecommunications regulator (NKOM), Croatia’s regulatory authority, ICANN, the Number Resource Organisation, Smart Africa, and UNDP.

Technical connectivity issues affected several online speakers throughout the session, highlighting the practical challenges of global digital participation. Despite these difficulties, the discussion covered key themes including national regulatory approaches, cybersecurity frameworks, routing security challenges, multi-stakeholder collaboration models, and capacity building initiatives. The session concluded with concrete next steps, including a new partnership between UNDP and RIPE NCC focused on IPv6 adoption, Internet Exchange Points (IXPs), and RPKI implementation in the Arab region.

## National Regulatory Approaches

### Norway’s Infrastructure Strategy

Frank Stien from Norway’s telecommunications regulator (NKOM) presented Norway’s comprehensive approach to digital infrastructure development. He reported that Norway has achieved 99.1% household broadband coverage at speeds exceeding 100 Mbps, with 96.2% having access to gigabit speeds. The country aims for universal gigabit access by 2030, supported by 85% geographic coverage with 4G and 5G networks built on extensive fibre infrastructure.

Stien emphasized that Norway’s cybersecurity approach includes sectoral CERTs across 15 different sectors, all coordinated by the national NCSC. He noted that densely populated areas require at least three independent transmission networks to ensure critical redundancy, and highlighted how national roaming capabilities combining all operational network parts can maintain connectivity during emergencies.

### European Regulatory Coordination

Zdravko Jukic from Croatia’s regulatory authority discussed the European perspective on balancing economic efficiency with security resilience. He articulated a fundamental challenge in infrastructure planning: while regulators typically avoid duplication for economic reasons, resilience requires building connections that may only be used during emergencies—investments that are not economically justified by themselves but are essential for national security.

Jukic highlighted Croatia’s work with BEREC (Body of European Regulators for Electronic Communications), noting that the organization renamed its working group to emphasize resilience. He mentioned Croatia’s early transposition of the EU’s NIS2 directive and the use of the 5G toolbox as an example of flexible European cooperation that provides common standards while allowing national customization.

## Technical Security and Routing Challenges

### RPKI Implementation Gaps

Sofia Silva Berenguer from the Number Resource Organisation addressed critical gaps in routing security, specifically regarding RPKI (Resource Public Key Infrastructure) implementation. Despite RPKI technology being available for over a decade, she reported that while 50-60% of prefix origin pairs are covered by route origin authorizations, less than 25% of networks implement full protection.

Silva Berenguer emphasized that RPKI adds cryptographic verification to BGP announcements, providing essential protection against route hijacking. She noted that implementation gaps often exist between technical teams who understand RPKI’s importance and decision-makers who control budgets and priorities. She also promoted the MANRS initiative as a reputation-based approach to improving routing security.

### DNS Privacy Concerns

Vinicius Fortuna raised concerns about DNS privacy, emphasizing the need to promote encrypted DNS and encrypted client hello technologies. He highlighted serious privacy vulnerabilities where domain names leak in plain text even with HTTPS encryption, creating detailed profiles of user behavior that can be analyzed by AI systems.

## Multi-stakeholder Collaboration and Regional Initiatives

### Continental Approaches

Rodrigue Guiguembde from Smart Africa described the organization’s work representing 40 countries and 1.6 billion people working toward a single digital market vision. He highlighted the success of the One African Network project, which has eliminated roaming charges across 11 countries, demonstrating concrete results from multi-stakeholder collaboration.

Guiguembde emphasized that no single actor can build African digital infrastructure alone due to the complexity of challenges including connectivity gaps, regulatory fragmentation, climate imperatives, and security risks. Smart Africa’s approach includes developing sovereign and green data centers that integrate environmental standards with connectivity goals.

### Global Technical Coordination

Adiel Akplogan from ICANN emphasized that the multi-stakeholder model has been critical for DNS stability over 40 years. He provided a crucial framework for understanding implementation challenges, describing the internet as “a global network made of small independent networks that are connected and operated at the local level.”

Akplogan noted that ICANN conducts over 200 workshops annually with regional focus and ongoing operational support, recognizing that partnership approaches are necessary to reach areas that single organizations cannot cover effectively.

## Development Initiatives and Capacity Building

### UNDP Regional Programs

Danny Wazen from UNDP, participating online from Jordan and serving as online moderator, presented new initiatives addressing digital infrastructure gaps in the Arab region. He reported that 30% of the Arab region’s population—representing over 100 million people—remains unconnected to the internet.

To address this gap, UNDP announced the launch of a Digital Professional Development initiative focusing on three critical pillars: promoting IPv6 adoption, supporting Internet Exchange Points (IXPs) for sustainable connectivity, and implementing RPKI for enhanced security. This initiative includes a new partnership with RIPE NCC for awareness campaigns and capacity building specifically in the Arab region.

### Skills Development Approaches

The discussion revealed different perspectives on appropriate knowledge levels for various stakeholders. Jukic argued that the general population needs basic cybersecurity awareness rather than expert-level technical knowledge, noting that simple practices can resolve 90% of security issues for typical users.

Stien offered a complementary view, emphasizing that broad foundational knowledge combined with specialized expertise through collaboration is essential. He noted the importance of understanding internet fundamentals to identify weak links in complex systems while acknowledging that no individual can understand everything.

## Session Challenges and Q&A Highlights

### Technical Connectivity Issues

The session experienced significant technical difficulties with online speakers, including Sofia Silva Berenguer, Adiel Akplogan, and Rodrigue Guiguembde. These connectivity challenges ironically highlighted the practical importance of the infrastructure resilience being discussed, though moderator Chafic Chaya managed to maintain session flow despite the technical problems.

### Audience Engagement

During the Q&A session, audience members raised important questions about IoT infrastructure management and ensuring that digital transformation projects reach remote areas rather than concentrating on urban centers. An audience member highlighted challenges facing rural communities including poor infrastructure, high data costs, and lack of access to digital devices.

Questions were also raised about appropriate digital skills levels for different populations and the methodology for balancing economic viability for operators with national security requirements for network resilience.

## Key Outcomes and Next Steps

### Concrete Partnerships

The most significant concrete outcome was the announcement of a new partnership between UNDP and RIPE NCC focused on addressing routing security and infrastructure development in the Arab region. This partnership will focus specifically on IPv6 adoption, IXP development, and RPKI implementation through awareness campaigns and capacity building.

### Ongoing Initiatives

Smart Africa committed to continuing expansion of the One African Network beyond its current 11 countries to eliminate roaming charges across the continent. ICANN will continue its extensive workshop program with enhanced regional focus, while the promotion of MANRS and other routing security best practices will continue through regional support.

### Final Speaker Recommendations

In their concluding one-minute summaries, speakers emphasized several key priorities:

– Frank Stien stressed the importance of redundancy and resilience in critical infrastructure planning

– Zdravko Jukic highlighted the need for balanced approaches to economic efficiency and security requirements

– Sofia Silva Berenguer emphasized urgent action on routing security implementation

– Rodrigue Guiguembde called for continued multi-stakeholder collaboration at continental scale

– Danny Wazen outlined the three-pillar approach of the new UNDP initiative

## Conclusion

Despite technical connectivity challenges that affected the session flow, this discussion demonstrated both the complexity of preparing internet infrastructure for tomorrow’s digital economy and the potential for concrete multi-stakeholder collaboration. The session moved beyond problem identification to establish specific partnerships and initiatives, particularly the UNDP-RIPE NCC collaboration focused on the Arab region.

The diversity of perspectives—from national regulators implementing comprehensive frameworks to development organizations addressing digital divides—highlighted common challenges across different contexts while providing practical examples of successful approaches. The emphasis on IPv6, IXPs, and RPKI as foundational technical priorities, combined with the recognition that no single actor can address complex infrastructure challenges alone, provides a framework for continued cooperation.

The session’s practical focus on balancing economic efficiency with security resilience, regional customization of global standards, and multi-level capacity building offers concrete approaches for addressing digital infrastructure development challenges. The partnerships and initiatives established provide mechanisms for sustained progress toward resilient, inclusive internet infrastructure capable of supporting sustainable digital development globally.

Chafic Chaya: On behalf of RIPE NCC and our esteemed speakers, I would like to welcome you to this Day Zero session, Preparing Your Internet to Power the Digital Economy of Tomorrow. My name is Shafiq Shaya, I am the Regional Manager for Public Policy and Government Affairs for the RIPE NCC for the Middle East region, and I will be joined by my colleague Danny Wazin as online moderator from Jordan. Today this session will seek to unpack a critical but often under-emphasized question. How can we ensure that the internet infrastructure is robust enough to support the digital ambition of tomorrow? So the discussion today will be grounded in the belief that technical preparedness is not a luxury but is a strategic necessity. We will discuss connectivity, routing security, IPv6, IXPs, RPKI, collaborative policy framework, capacity building, all these issues that create a robust internet ecosystem. Without any further ado, so please let me introduce and welcome our speakers online and on-site. We have Mr. Frank Steen from Norway. We have Ms. Sofia Silva Berenguer from the NRO. We have Mr. Adiel Aplogon from ICANN. We have Mr. Rodrigue Guagamboide from Smart Africa. And we have Mr. Stravaco Stravic from Croatia. Once again, welcome and thank you for my colleague Ilka who will be the reporter of this session. So I will begin with Mr. Frank, good morning and thanks for hosting the IJF in Norway. My first question for you is how Norway today is addressing the scalability and the security of the internet infrastructure. And we know that you are coming from the regulator from Norway. So we’d like to have your insights to kick off this discussion today.

Frank Stien: Thank you Tjafik. Welcome to Norway everyone. Today we discuss a very critical topic, preparing our internet infrastructure for tomorrow’s digital economy. Norway recognizes that a robust digital infrastructure, both fixed and cellular, is crucial for leveraging emerging technologies such as artificial intelligence, the internet of things and digital services. Firstly, Norway is significantly investing in providing broadband internet to everyone. Today Norway provides at least 100 megabit per second broadband coverage to 99.1% of households with gigabit coverage reaching 96.2%. The ambition is that everyone shall have access to gigabit infrastructure by 2030. 85% of our geographic area has 4G or 5G coverage and practically all households have immediate access to 5G or 4G connectivity. Our extensive fiber optic infrastructure complemented by an aggressive 5G rollout ensures high speed. has already said that the Internet of Things is essential to all bandwidth intensive and latency sensitive applications of AI and IoT. Secondly, cyber security remains paramount. Norway’s government has enhanced regulatory frameworks including aligning with the EU’s NIST2 Directive and the new Security Act. Additionally, starting August this year, the revised Radio Equipment Directive will mandate rigorous cyber security standards for IoT devices such as smartphones, smartwatches and connected toys. Requirements should also include robust authentication, secure storage, encryption and secure update mechanisms. The forthcoming Cyber Resilience Act, the CRA, will further strengthen our cyber security landscape, ensuring resilient and trustworthy digital products. Thirdly, infrastructure resilience is key. We work in close collaboration with the major network operators to actively strengthen the transmission networks with enhanced network redundancy and ensuring multiple autonomous nationwide transmission networks. Specifically, emphasis is laid down in ensuring that densely populated areas will be served by at least three independent transmission networks, providing critical redundancy. Mobile operators are encouraged to diversify their traffic across these networks, significantly boosting reliability. Moreover, proactive spectrum management is crucial in mitigating wireless interference, particularly as IoT adoption expands and our society is increasingly becoming more dependent on it. on wireless communication services both from land and satellite. By effectively detecting and removing unauthorized devices and signal jammers, the spectrum in Norway maintains clean and dependable wireless communications. And finally, regarding AI regulation, Norway has recently defined clear responsibility among Norwegian Communication Authority, NKOM, Norwegian Digitalization Agency, Digdir and Data Protecting Authority, and this collaboration will ensure effective implementation and oversight of the AI Act, fostering responsible AI integration across sectors. So, in conclusion, Norway’s approach combining ambitious infrastructure expansion, comprehensive cybersecurity regulation and robust network resilience and clear regulatory governance for emerging technologies will position us to strongly to power tomorrow’s digital economy, driving innovation and benefit across our nation. Thank you.

Chafic Chaya: Thank you so much, Mr. Frank. Thanks for those insights and remarks. And yeah, this is a good example of how governments with the different stakeholder groups can work hands on hands. Thank you. We’ll stay with the governments and with the regulator and I’ll go to Mr. Zdravko Jukic from Croatia. So, to chain with the same subject, how can agile regulation support internet development in safeguarding the trust and resilience?

Zdravko Jukic: Yes, thanks. Can you hear me? Yes. Okay, excellent. So, you will hear now another regulatory view on this topic. I’m currently at BEREC. BEREC is the body of European regulators, so all national Regulatory authorities are represented there from the European Union, from the candidate countries and some EEA countries. So in BEREC we have several working groups, one of them is Cyber Security Working Group and we recently changed the name of this group to Cyber Security and Resilience Working Group, just to stress the importance of this issue of the resilience. Because normally when you look at the economy and competition from the regulatory point of view, you look at how to motivate market players to cooperate, not to build the double infrastructures, not to duplicate infrastructure which is the most expensive part of the networks. But when it comes to resilience, there we do exactly the opposite, we try to build some connections that should be used maybe in some emergency situation. So they are not economically, let’s say, justified by itself. So this is a really hot topic that at BEREC, Cyber Security and Resilience Working Group, we will be looking at. We have some really good examples among BEREC members, one of them is Iceland, another one is Norway, of course, who have developed some rules and what we would like to do is to develop some kind of methodology that would be really a set of recommendations on how to balance this issue of what is economically safe for operators to invest and what is safe for a country. Because there are several levels of investment. First one is the investment of the operators. They invest network to be optimally to get the return on their investment as fast as possible to earn a lot of money. And if they lose and Zdravko Jukic Jukic. The European Union is a member state. It is not possible to develop any kind of mandatory requirements or regulations at the European Union level without consensus of all member states. Also, one important point, the NIS2 directive in Croatia has been fully transposed. We were one of the first member states to do that. Also, the 5G toolbox is also a good example of this cooperation at the European level, how to develop something that each member state can apply in its national market, so that you have a solution which is flexible, which is agreed by all, and which can be modified. for national situation. One also important topic is the trusted vendor issue and there as regulatory authorities we can only help other authorities in each member state like national security agencies when they do the assessments of which equipment is safe in the national market. So I think that would be to start our panel all from my side for now. Thanks.

Chafic Chaya: Thank you so much. This is a lot to digest. We know that you are busy with all this regulation and policies and you mentioned a lot of interesting topics and issues. Balance, collaboration, agile regulation. So this will be a good start to see or to chain with other stakeholder group, the technical community, with our colleague Sophia from the number resource organization, the organization which coordinates the joint activity between the five RIRs. Sophia, you are with us. We can’t hear you. Can you speak? Still I can’t hear Sophia. So awaiting to fix this technical issue, I will stay with the technical community but with the ICANN with our colleague Mr. Adiel. So Mr. Adiel, to chain with what Mr. Frank and Mr. Zdravko Jukic mentioned now, what role does ICANN for this collaboration with governments and other stakeholders in fostering connectivity and in encouraging the agile regulation and policies. No sound, please. Control room, we can’t hear Mr. Adiel. Can you speak?

Adiel Akplogan: So, thank you again for the question. So, the short answer first is that the multi-stakeholder model is critical for sustaining for a stable, secure and resilient internet infrastructure globally. For us, we can say that because, as you know, one of the critical missions that ICANN has is to coordinate the unique identifier system globally, including the DNS. And the multi-stakeholder model has been at the center of that coordination. And the DNS has been operating for more than 40 years and it has been stable, sustainable, resilient over those years. Which shows that when we bring different parties, different actors around the table to discuss issues related to those critical infrastructures, it works. The DNS glue those identifiers together, of course, and I can, in its operation, as a facilitator and coordinator of policy related to those identifiers, and the DNS particularly, use the different constituencies it has to identify issues related to the resiliency and the security of the DNS, discuss them and translate them into policy, then that operators implement or follow voluntarily. So we’ve seen that it has helped protect that infrastructure globally. The DNS, we usually explain it or define it as a simple address book, but it’s more complex than that. And not only that, over the 40 past years, the DNS has evolved significantly, adding layer of security, privacy, addressing some abuse channels and challenges. But the multi-stakeholder approach has helped work around those issues. Being from the ITF, where new evolution of the DNS has been developed to be implemented on the base DNS to make it more secure, to add privacy to it. Being from its users’ perspective or registration perspective by tackling abuse, for instance. All those evolutions have been developed through a very wide multi-stakeholder approach. So again, it shows that bringing different parties around complex issues helps build solutions that do not disrupt. the stability of the global infrastructure. That is at the global level. But to go back to the context of the previous intervention, that approach needs also to be translated to the local level in how policies are defined locally, because the same complexities apply at the local level. Although the Internet is a global network, it’s a global network made of small independent networks that are connected and that are operated at the local level. So, applying the same multi-stakeholder approach, ensuring that different parties are impacted by the Internet in general, but its operation specifically, are around the table to think, to share ideas and to look at what are the different aspects of implementing or addressing challenges that can be seen. So we, from ICANN’s perspective, continue to promote that multi-stakeholder approach in how we address those issues, but also how we engage at the local level with different operators to ensure that the DNS and the infrastructure in general, the unique identifier operation, remain stable, secure and resilient.

Chafic Chaya: Thank you, Adiel. Thank you so much for these remarks and for highlighting the importance of the multi-stakeholder in working with governments and regulators to secure the Internet infrastructure. So, I’ll go back to Sofia. Let’s see if we have Sofia back online. Can you hear me, Sofia? Sofia? No. No, we can’t hear you. Okay, let me check online if we are okay. Danny, can you hear me? Dany, can you hear me? I believe we have a problem with our online colleagues. We can’t hear them. I will follow up and check with Mr. Rodrigue, Smart Africa, maybe we are lucky if you can say some words to check the voice. No. No. Okay. So I will go back to my esteemed colleagues here and follow up and change with some discussion with you. I go back to Mr. Frank. So we know that you are coming from the national CERT from Norway. How ECOM CERT is coordinating infrastructure security across public and private sectors?

Frank Stien: In Norway we have a bit strange solutions when it comes to CERTs with national coverage and responsibility. We have sectorial CERTs within something like the 15 most important sectors and they are all coordinated by the national NCSC, the national CERT. The reason we are doing that is that we think that the CERTs need sector specific knowledge and they also need to know the sector and also different sectors are different. So these sectorial CERTs are also very, very different. but at the same time we are cooperating the different sectorial search very closely. One advantage is that we can handle incidents and attacks on a very low level, when we don’t need to extend it outside a certain sector. So this helps with scalability. But when attacks or problems are hitting multiple sectors, they will then work together. And of course it’s also very important that the different sectorial search work together, so we’re doing that online more or less all the time. When critical incidents are happening and we need to escalate, then typically the national search will take lead and get support from these sectorial search with all their knowledge and competence about different sectors. So we think that this combination really helps us to combine the private and the public sectors as well as government, important government functions, and it really enables us to handle sophisticated threat actors and sophisticated threats. So this is how we’re doing it here.

Chafic Chaya: Perfect, thank you. And this is how it should be done in collaboration with, once again, you as a regulator, with the other stakeholder group that you are working with. Going to Croatia. The same question, but I want to just reframe it. Can you give us some examples how this works on the ground?

Zdravko Jukic: One of the examples could be, for example, the situation where you have an emergency situation. Some network is down, like there was a situation with big floods in neighboring Slovenia, I think two years back. And then it was very important to enable national roaming for all subscribers in the country, because then you can combine all the parts of the network that are still operating. And it is crucial, it can be life-saving in such situations. So I think we need to have such mechanisms for emergency situations. It is always that you have to build something for an event that happens very rarely but has a huge impact. And then we need to plan in advance and have good measures and tools to deal with that.

Chafic Chaya: Thank you. We know that the awareness can come from the end users, and then this awareness can be encouraged and can be put by the regulators. Is there any collaboration or any, let’s say, education or webinars with the Croatian population, or with the Croatian community or society?

Zdravko Jukic: Yes, indeed we have a lot of such actions in Croatia together with our partners, with the Croatian Academic Network, with the police, with the Ministry of Interior. And we give courses, really, even from HACOM, from the national regulator, regularly to schools, to primary schools, to secondary schools, and to local governments in different counties. in Croatia because as you said it is very important to to have this broad awareness and not just among experts and people working at the operators and they know it is their work it is their job but also among the general populations and the users of the of the

Chafic Chaya: electronic communications services. Thank you, I will take this and go to Sofia. Sofia, can you hear me now? I can hear you. Okay, perfect, thanks, thank you. So once again, Sofia is from the Number Resource Organization, the organization that coordinates the activities of the five RIRs and my question for Sofia is we are talking about security, about resilience, so what you can tell us on the NRO global collaboration on routing security on RPKI

Sofia Silva Berenguer: and how this works with governments? Thank you, Jafik. So I would like to start by setting the context about why it’s necessary to secure the internet routing before I can introduce what RPKI is. As Adiel mentioned, the internet is a network of networks and BGP, Border Gateway Protocol, is the protocol used by those networks to decide where to send the traffic in order for it to reach its destination and the way that networks learn where other networks are is through BGP announcements. The thing is that this protocol, BGP, was not designed with security in mind so there is a need for a layer of security to be added on top to ensure that the traffic reaches its intended destination and that all the systems in the digital economy of today that rely on the internet can still work. So RPKI, which stands for Resource Public Key Infrastructure, adds that missing BGP piece of security and it does that by allowing that prefix holders issue cryptographically verifiable statements on the route intentions and then that information can be used by the routers that receive BGP announcements to verify whether those announcements are legitimate. And so this allows to stop routing issues and stop that routing is redirected or intercepted. RPKI was standardized more than 10 years ago and it is available through each RIR region in the world. However, many organizations have yet to adopt and deploy this technology. A few weeks ago when I checked statistics around 50 to 60 percent of the unique prefix origin pairs were covered by route origin authorizations that are the objects in RPKI used to for establishing that route intention on the origin of routes. And then the other side of things that is using that information to verify BGP announcements is what we call route origin validation and the statistic as of a few weeks ago was that less than 25 percent of those networks in the internet that we call autonomous systems less than 25 percent were fully protected by route origin validation. So as you can see there’s still room for more adoption of the technology to achieve maximum benefit of it and adoption can be encouraged in different ways. Through support, through reputation based approaches like for example the MANRS initiative some people may have heard of through regulation based approaches like the White House’s roadmap to enhancing routing security. In particular the RIRs are supporting adoption through providing training, technical support and resources. Sofia Berenguer, David Huberman, Rodrigue Guiguembde, Zdravko Jukic Jukic

Chafic Chaya: Sofia Berenguer, David Huberman, Rodrigue Guiguembde, Zdravko Jukic Jukic Sofia Berenguer, David Huberman, Rodrigue Guiguembde, Zdravko Jukic Jukic

Rodrigue Guiguembde: Yes, thank you very much. And thank you so much for this question. Sorry about this disconnection earlier. I think at Smart Africa, we believe that the multi-stakeholder partnership, the foundation for this inclusive digital development in Africa, we trust on it. And the alliance currently brings, as you know, 40 countries, 40 member states, representing 1.6 billion people. 1 billion African citizens, all committing on the same vision to create a single digital market. One of the flagship we have currently I wanted to sort out here is the One African Network. It’s a project which currently includes 11 countries and this initiative is still ongoing. And this initiative aims to eliminate roaming, charge and promote cross-border interconnection. It’s jointly developed by regulator, ministries, telcos and regional economic communities. So this is a real good model on this multi-stakeholder approach. It’s an example on that. We are also developing a program for a sovereign data center and green data center. This is another one we can give in terms of example. Building partnership with private and public sectors and designed to meet environmental standards. These projects of course integrate technical, economical, legal and climate resilience consideration which are crucial for Africa data sovereignty. So this is another example. All this one is just to tell you that we are putting in the center this multi-stakeholder approach. And of course currently for the internet governance parts, because the internet is the base of everything, we are trying to launch initiatives called CAIGA, the Council of Internet Governance Authorities. This council we start to build it since 2024. This is a unique mechanism. We wanted to bring the government, regulators, academia, technical experts and civil society to sort of and to make some action for the

Chafic Chaya: Thank you so much, these are great examples and I will come back to you to ask you about how we can balance between the different levels of advancement in the African countries. But I’ll go to my colleague Danny online. So once again, for our audience on site and online, if you would like to ask any question, please put your question in the chat room or just raise your hand. At the end, we’ll have a Q&A session and we’ll be happy to answer your questions. So Danny, any comments, anything we have online? And I’ll leave it for you. I know that you are handling the UNDP activities in the region and you have announcement or you can share with us your plans that’s related to what we are talking about in this session. For you, Danny.

Dany Wazen: Thank you very much, Shafiq, and it’s a pleasure to be on this very esteemed and very important panel to discuss this topic. I see online we have two insights and one question, which is really important, the first insight brought by Timothy and could be a question to the panel. So asking about would it be good if there is an infrastructure to ensure the communication of the IOTs? So to be able to be managed by the owner of the IOTs itself, it could be great if we can have this option. And another question, which is very much related, what are What are the needed digital skills and what are the essential digital skills in the internet-driven future? So we’re talking about all these perspectives and dimensions on how connectivity can prepare for the future. So what are the skills?

Chafic Chaya: Gentlemen, anyone want to take these questions before I give the floor back to Danny?

Frank Stien: Well, I can start with the last one about the skills. I think we will always need people with broad knowledge. My experience from cyber security, as you already know, it’s important to understand the fundamentals because the internet is really complex and in order to find weak links, when you’re putting up a stable, scalable system, is really to understand how this works. But at the same time, no one will ever be able to understand everything. So I think to have specialists in different areas and make those experts working together will always be very, very important and probably more important than actually a few people knowing very much.

Chafic Chaya: Mr. Zdravko Jukic, please.

Zdravko Jukic: Okay, thanks. Just to continue on this line, so I think not everybody has to be really a cyber security expert and know all the techniques and how to hack computers and systems, but what is needed for the general population, for general users, to know some basics. because what problems we face in Croatia and other European member states and I guess everywhere in the world that people receive simple short message like the old short message service and then the message says this is very important that you type in your credit card number and they do it so some basics should be applied and everybody should understand what it means then we will resolve I don’t know maybe 90% of the cases if a very advanced hacker comes into your system by some backdoor that is another issue that is the issue of this company if they have all the methodologies and all the rules in place if they are taking their business seriously because it can happen we will never have absolute security in any corporation in any company but we have to do our best and try to mitigate as much as we can

Chafic Chaya: well stated I think Adel I can do a lot in capacity building so maybe you can share something on this

Adiel Akplogan: yeah definitely we are pretty much engaged on capacity building I just want to mention as well that there are two challenges in capacity building there is one about the usage of the internet that is a more broader capacity and awareness that is needed for users to know that the same questions that they apply in their real life is also something important to bring into the virtual world because it’s not always clear in the mind of the people that capacity needs to be reinforced and the second is the operational part the operating the network making sure that people who operate the network also develop and gradually increase particularly coming from developing and emerging nation beef up their knowledge and expertise on this complex technology in operation so that to be able It is possible to have security and resilience in mind when operating and designing the network. From ICANN’s perspective, we put a lot of emphasis on that. Last year we have run more than 200 workshop and capacity building activities on technical implementation of best practices around the DNS particularly for registry. It is something that we continue doing and we don’t do it at the global level only. We try to bring in a regional flavor to it because we know that the needs are not the same across all the regions, all the countries, the challenges are not the same. So we try to translate our engagement to focus on the need that we see in each region, in each country. And what we have seen bringing more and more positive effort is to beyond the capacity building also providing support to those who are particularly operating those infrastructures that we think are critical for the overall stability to support them throughout their navigation of implementing those best practices. So it’s key to bridge that gap, but it’s also important to us to take it from different angles, local and user and global.

Chafic Chaya: Thank you. You mentioned a lot of interesting, let’s say, words, regional flavor, local capacity building. I go back to Danny with the UNDP and your initiative, which is the main pillar in your initiative that UNDP is now leading, is capacity building and infrastructure development. Can you give us just some or sum up what you are doing and how you are dealing with what Adil said, regional flavor? Yes, thank you very much. I think we may need a very interesting insight. So in UNDP, we have in the Arab region, we have launched recently a new initiative called Digital Professional Development. And as its name says, it’s how we can harness the power of digitalization to advance the SDGs agenda and the different countries and to accelerate the achievement of the goals. And what is it about? It’s a network of partners with convening partners from government, private sector, public sector, NGOs, academia, experts to come together, brainstorm and put and develop together impactful projects for the Arab region. And under each goal, like what can we do on digitalization? And the connectivity and infrastructure is really a delaying foundation for any digital transformation, we can build the most advanced solutions, but without a secure, safe, inclusive connectivity, we cannot advance. And if we look into our region, the Arab region is one of the least connected among the other regions in the world. And 30% of the Arab region, which means more than 100 million are not connected to the internet. And in order to advance this, we have recently launched two initiatives. One of them we are planning now with RIPE NCC as a partnership. So basically, the initiative is about connectivity for digital inclusion and to address these challenges. We wanted to work on bipartite access. The first one is related to scalability, which means scalable connectivity in order to be more inclusive. Second is allow sustainability for this connectivity through a different approach, and thirdly, is a safe and secure connectivity. For the Pillar 1, we want to promote the adoption of IPv6 with the mobile telecom operator and other internet providers in the countries by conducting awareness capacity building and support the transition of this toward the IPv6. On the second pillar, in terms of sustainability, we want to promote, as we heard from our colleague on the panel, the IXPs and the role of this internet exchange points in order to provide less or lower cost, but also reduce the dependence on international links and make further connectivity, and we are planning to support countries as models in the region between UNDP and RIPAC. And finally, the RPKI, as we’ve heard, the security, which is very much important, and we’re looking through this initiative to engage further with more partners on launching awareness campaigns and doing the capacity building for the security of the connectivity. So basically, this is a project that literally will be impactful for the region to increase the connectivity. Another entry point that we are working on for the connectivity and inclusion, digital inclusion, is a new framework, regulatory framework, that we are designing with different partners, the GSMA, Orido Mobile Telecom Operator, and others. It’s basically how we can give countries a legal framework, digital policies framework, that can support the country advancing on their digital economy by investing or designing policies and regulations for the connectivity and for the data centers and using also the data and AI. So basically these are like two main or two key interventions that we are planning into the Arab region and definitely we’re looking to engage further with partners in order to implement it in different contexts. Thank you Danny, thank you so much for this insight. Yes just I want to highlight here that there are some countries in the Middle East and African region that they don’t have yet the basic infrastructure. While here we are discussing AI and Internet of Things and the cloud computing, we still have countries without basic infrastructure and that’s why we are working with the UNDP to just make these countries join the developing countries. So we still have 10 minutes, I see that we have a question but I will give for each speaker one minute to just recap and give me one priority based on the discussion that we have during this session. So Mr. Frank your final remark for one minute please.

Frank Stien: Yes I probably should say something about regulation but my heart is in cyber security. So I think we have addressed for a couple of years the need for intelligence and information sharing among peers and among people across borders and I think we have a way to go in that field. It’s improving, everything goes better but I think I think still there is lots of work to do to cooperate and share information and intelligence, so that would be my point.

Chafic Chaya: Thank you. Mr. Radiel?

Adiel Akplogan: Yeah, I think I will highlight the fact that having a multi-stakeholder approach, bringing different parties around the table to discuss this complex issue, are important. Not only at the global level, and I will put the emphasis on that, we need to translate those into regional and local level in designing each aspect of regulation or technical design that will impact the global stability of the Internet. Capacity building is key. Best practices are also very important. Framing them in a way that people can actually implement them is another key. Sophia mentioned manners. There is also another one for the DNS, which is kindness, which tries to bring those best practices in the framework that can easily be implemented, that will help small operators that don’t have the same resources as a bigger one to look at everything and decide what to do. They can have a simple and easy entry point. The third point I want to highlight is the partnership. Beyond the multi-stakeholder approach, partnership between different players is key in helping advance those. We hear about the UNDP and the RIPE NCC partnership. ICANN has the Coalition for Digital Africa, which is also a very broad framework for partnership for the Africa region. Our partnership with UNESCO and IDN and so on and so forth are a way to actually mutualize our resources to make sure that what we are preaching and what we are advancing reaches an area that one organization alone cannot reach. Let’s continue strengthening this multi-stakeholder approach, and I think we will all contribute to a stable, resilient and stable Internet globally.

Chafic Chaya: Thank you so much. I believe we will have some takeaways from what you said now, but I will give the mic to Mr. Zdravko Jukic.

Zdravko Jukic: Yes, from our discussions it seems like this education for general population and users and capacity building for everyone seems to be very, very important. For us regulators, I would like to stress again, we will be very busy now in the coming days and months with this resilience issue and how to build more resilient networks, how to develop this, what I mentioned, methodology which will enable all national regulators to apply some rules to have more resilient, redundant networks in the end. And also what we can expect, some more discussions at the European level on the issue of trusted vendors, something similar to what we had with the 5G toolbox. So development of some technical and strategic measures, agreeing those measures at the union level, and then each member state would apply them according to the national situations and national judgments and geopolitical situation. So I think that’s all. Thanks.

Chafic Chaya: Thank you. So it’s a collaboration between stakeholders and regulators and collaboration amongst regulators themselves. Sofia, I’ll give you the one minute for you.

Sofia Silva Berenguer: Thank you. I guess from my side, what I would suggest prioritizing is the implementation of best practices. For example, in the space of routing security, to join a program like MANUS, to engage with the RIR for your region and seek support. Also, there’s lots of good documents in the space of IETF documenting best practices. We call them BCP, best common practice documents, because what we’ve heard is that sometimes, although technical people may be very convinced of the importance of technologies like RPKI, it’s hard to convince non-technical decision makers or even commercial sectors, commercial areas within some organizations, because the benefits may not be evident, may not be immediate. So, there is a need, and as the other panelists mentioned, for more capacity building, for more awareness raising. So, yeah, any efforts in that space that will help bridge that gap between very technical content and not so technical content that will allow decision makers to understand the importance of implementing best practices.

Chafic Chaya: Thank you, Sofia. Mr. Rodrigue?

Rodrigue Guiguembde: Yes, thank you very much. We have a lot of things to say, but last year we didn’t. Okay, one minute, sorry. I think that as we are looking for the future, one thing is clear, I think. No single actor can build African digital infrastructure alone. The complexity of the challenge we are facing, connectivity gaps, regulatory fragmentation, climate imperative, and endless risk, require a united, agile, and inclusive approach. This is very important. At Smart Africa, we are committed to turning vision into action by aligning government, the private sector, developing partners, and communities around concrete, high-impact solutions. Whether it is true, it could be true on African networks or in data centers. as I already said, and Armonized Spectrum challenges. We see these partners, not, we see the partnership, sorry, the code, sorry. Yes, we see this partnership not as a choice but a necessity, this is very important. So finally, if we want to prepare our infrastructure for this demand of tomorrow digital economy, we must invest not only in fiber and data centers but also in trust coordination and local capacity. Let’s move forward together with ambition and with purpose. Thank you very much.

Chafic Chaya: Thank you for these words, we’ll keep it in mind. Sorry for keeping you waiting, we have one question in the room, please go ahead. Please, can you introduce yourself? Hello, hello. Can you hear me? Yes, go ahead.

Vinicius Fortuna: My name is Vinicius Fortuna, I actually work at Google Jigsaw on internet access, resilience and privacy. And currently, when you use, even when you use a HTTPS, encrypted HTTP, like your domain name goes in plain text and it leaks. And that’s like with the advancement of AI, that’s becoming a very serious threat. I actually ran an experiment analyzing my own domain names and put it on LLM and create a profile about me and it’s scary, like you can tell the person’s employer, the health conditions, political associations, religion, sexual preferences and gender and all sorts of things. So, and there are two technologies to solve this, like encrypted DNS and encrypted client hello. So I’m wondering like what your organizations can do to help promote an adoption of these technologies by online services or the internet service.

Chafic Chaya: Thank you so much. As we don’t have any more time, I believe we’ll take this after the session ends and I’ll be here with my colleagues to answer your question. But I see another question, please go ahead, for 30 seconds please. But be sure that we’ll answer your questions after the session.

Audience: So, my question is basically going straight to you, NDP and Smart Africa. I was following with a very keen interest, more especially on the projects that are underway to bridge the digital divide, especially in the remote areas. Now, most of the projects, when they are being scaled, they are being done in the urban areas. So, I would really want to find out what are the policies or the laws that you have put in place to make sure that when you are scaling these things about the projects to do with digital transformation, you are channeling these initiatives to reach to the people that are living in the remote areas, because these are the people that are suffering from the poor infrastructure when it comes to internet. At the same time, even the data cost is very costly, which they cannot manage to access. And at the same time, they are also having the issue to do with the digital gadgets. So, that’s my question that I really want to get an answer. Thank you so much.

Chafic Chaya: Thank you so much. I’ll, once again, I will be here with our panelists to answer your question and I’ll be sure to give you the contact of my colleague Danny Wesson, so you can be in direct contact with him. Once again, thanks again for everyone, for our audience in the room, for our audience online, for our speakers. It was a really interesting discussion. We will have some takeaway and some recommendation, but just to summarize, collaboration, partnership, IPv6, RPKI, MANRS, the NSSEC should be in the public infrastructure plan, and the last one is long term investment in capacity building. Once again, thank you so much, and I believe I’m on time. Thank you. Thank you.

Agreement points

Multi-stakeholder collaboration is essential for internet infrastructure development and governance

Speakers

– Adiel Akplogan
– Rodrigue Guiguembde
– Frank Stien
– Zdravko Jukic

Arguments

Multi-stakeholder model critical for DNS stability over 40 years, bringing different parties together for policy development

No single actor can build African digital infrastructure alone due to complexity of challenges

Enhanced regulatory frameworks including EU NIST2 Directive and new Security Act strengthen cybersecurity landscape

Croatia fully transposed NIS2 directive and uses 5G toolbox as example of flexible European cooperation

Summary

All speakers emphasized that complex internet infrastructure challenges require collaboration between governments, private sector, technical community, and other stakeholders. They provided examples of successful multi-stakeholder initiatives and stressed that no single entity can address these challenges alone.

Topics

Legal and regulatory | Infrastructure | Development

Capacity building and digital skills development are critical priorities

Speakers

– Frank Stien
– Adiel Akplogan
– Zdravko Jukic
– Sofia Silva Berenguer

Arguments

Broad foundational knowledge combined with specialized expertise through collaboration is essential

ICANN conducted 200+ workshops focusing on regional needs and providing ongoing operational support

General population needs basic cybersecurity awareness rather than expert-level technical knowledge

Implementation of best practices requires bridging gap between technical and non-technical decision makers

Summary

Speakers agreed that capacity building must occur at multiple levels – from basic user awareness to specialized technical expertise. They emphasized the need for regional customization and bridging the gap between technical and non-technical stakeholders.

Topics

Development | Cybersecurity | Infrastructure

Network resilience and redundancy are fundamental for critical infrastructure

Speakers

– Frank Stien
– Zdravko Jukic

Arguments

Densely populated areas require at least three independent transmission networks for critical redundancy

Emergency situations like floods require national roaming capabilities combining all operational network parts

Summary

Both speakers emphasized the importance of building redundant network infrastructure that can withstand failures and emergency situations. They provided specific examples of how redundancy saves lives and maintains connectivity during crises.

Topics

Infrastructure | Cybersecurity

RPKI adoption is crucial but remains insufficient globally

Speakers

– Sofia Silva Berenguer
– Dany Wazen
– Chafic Chaya

Arguments

RPKI adds cryptographic verification to BGP announcements but adoption remains low at 25% for route origin validation

UNDP partnership with RIPE NCC promotes RPKI adoption through awareness campaigns and capacity building

Key takeaways include collaboration, partnership, IPv6, RPKI, MANRS, DNS security, and long-term capacity building investment

Summary

Speakers agreed that RPKI is essential for routing security but current adoption rates are inadequate. They emphasized the need for awareness campaigns and capacity building to increase implementation.

Topics

Infrastructure | Cybersecurity

Similar viewpoints

Both speakers from regulatory backgrounds emphasized the importance of coordinated cybersecurity responses involving multiple agencies and sectors, with clear roles and responsibilities defined for different stakeholders.

Speakers

– Frank Stien
– Zdravko Jukic

Arguments

Norway implements sectorial CERTs across 15 sectors coordinated by national NCSC for specialized threat response

Trusted vendor assessments require collaboration between regulatory authorities and national security agencies

Topics

Cybersecurity | Legal and regulatory

Both speakers highlighted the massive scale of digital divide challenges in their respective regions and the need for coordinated regional approaches to address connectivity gaps affecting hundreds of millions of people.

Speakers

– Rodrigue Guiguembde
– Dany Wazen

Arguments

Smart Africa represents 40 countries and 1.6 billion people working toward single digital market vision

30% of Arab region population (100+ million people) lacks internet connectivity, requiring scalable solutions

Topics

Development | Infrastructure | Digital access

Both speakers emphasized the critical role of partnerships between international organizations to maximize reach and impact, particularly in addressing digital development challenges in underserved regions.

Speakers

– Adiel Akplogan
– Dany Wazen

Arguments

Partnership approach necessary to reach areas single organizations cannot cover effectively

UNDP launching Digital Professional Development initiative focusing on IPv6 adoption and IXP promotion

Topics

Development | Infrastructure | Legal and regulatory

Unexpected consensus

Balance between economic efficiency and security redundancy in network infrastructure

Speakers

– Zdravko Jukic
– Frank Stien

Arguments

BEREC renamed working group to emphasize resilience, balancing economic efficiency with redundancy requirements

Densely populated areas require at least three independent transmission networks for critical redundancy

Explanation

It was unexpected to see regulators explicitly acknowledging the tension between economic optimization and security requirements, with both speakers recognizing that resilience investments may not be economically justified but are necessary for national security. This represents a sophisticated understanding of the trade-offs involved in infrastructure policy.

Topics

Cybersecurity | Legal and regulatory | Infrastructure

Regional customization of global technical standards and policies

Speakers

– Adiel Akplogan
– Zdravko Jukic
– Dany Wazen

Arguments

ICANN conducted 200+ workshops focusing on regional needs and providing ongoing operational support

Croatia fully transposed NIS2 directive and uses 5G toolbox as example of flexible European cooperation

UNDP developing regulatory framework with GSMA for digital policies supporting connectivity and data centers

Explanation

There was unexpected consensus across different types of organizations (technical, regulatory, development) on the need to adapt global standards to local contexts. This suggests a mature understanding that one-size-fits-all approaches don’t work for complex technical infrastructure challenges.

Topics

Legal and regulatory | Development | Infrastructure

Overall assessment

Summary

The speakers demonstrated strong consensus on fundamental principles including the necessity of multi-stakeholder collaboration, the critical importance of capacity building, the need for network resilience and redundancy, and the urgency of improving RPKI adoption. There was also agreement on the challenges of balancing economic efficiency with security requirements and the importance of regional customization of global standards.

Consensus level

High level of consensus with significant implications for internet governance. The agreement across different stakeholder groups (regulators, technical community, development organizations) suggests that there is a shared understanding of the challenges and potential solutions. This consensus provides a strong foundation for coordinated action on internet infrastructure development, particularly in addressing the digital divide and improving cybersecurity. The alignment between different perspectives indicates that multi-stakeholder initiatives are likely to be more effective and sustainable.

Different viewpoints

Approach to cybersecurity organizational structure

Speakers

– Frank Stien
– Zdravko Jukic

Arguments

Norway implements sectorial CERTs across 15 sectors coordinated by national NCSC for specialized threat response

BEREC renamed working group to emphasize resilience, balancing economic efficiency with redundancy requirements

Summary

Frank advocates for a decentralized sectorial CERT approach with specialized knowledge per sector, while Zdravko focuses on centralized European coordination through BEREC working groups that balance economic and resilience considerations

Topics

Cybersecurity | Infrastructure | Legal and regulatory

Level of technical knowledge required for general population

Speakers

– Frank Stien
– Zdravko Jukic

Arguments

Broad foundational knowledge combined with specialized expertise through collaboration is essential

General population needs basic cybersecurity awareness rather than expert-level technical knowledge

Summary

Frank emphasizes the importance of broad foundational knowledge of internet fundamentals, while Zdravko argues that basic awareness is sufficient for the general population and can resolve 90% of security issues

Topics

Development | Cybersecurity | Sociocultural

Unexpected differences

Privacy and encryption priorities

Speakers

– Vinicius Fortuna
– Other panelists

Arguments

DNS privacy concerns with encrypted DNS and encrypted client hello technologies need promotion

Various arguments focused on infrastructure, routing security, and basic connectivity

Explanation

Vinicius raised advanced privacy concerns about DNS leakage and AI profiling capabilities, which was unexpected given that most panelists were focused on basic infrastructure development and traditional security measures. This highlighted a gap between advanced privacy considerations and fundamental connectivity challenges

Topics

Cybersecurity | Human rights | Infrastructure

Overall assessment

Summary

The discussion showed remarkably high consensus among speakers, with most disagreements being tactical rather than strategic. Main areas of difference included organizational approaches to cybersecurity (centralized vs. decentralized), required knowledge levels for general population, and specific methods for promoting technical standards adoption

Disagreement level

Low to moderate disagreement level with high strategic alignment. The implications are positive as speakers shared common goals of robust internet infrastructure, multi-stakeholder collaboration, and capacity building. The tactical differences actually complement each other and suggest multiple viable approaches to achieving shared objectives. The main challenge identified is bridging the gap between advanced technical capabilities and basic infrastructure needs in developing regions

Partial agreements

Similar viewpoints

Both speakers from regulatory backgrounds emphasized the importance of coordinated cybersecurity responses involving multiple agencies and sectors, with clear roles and responsibilities defined for different stakeholders.

Speakers

– Frank Stien
– Zdravko Jukic

Arguments

Norway implements sectorial CERTs across 15 sectors coordinated by national NCSC for specialized threat response

Trusted vendor assessments require collaboration between regulatory authorities and national security agencies

Topics

Cybersecurity | Legal and regulatory

Both speakers highlighted the massive scale of digital divide challenges in their respective regions and the need for coordinated regional approaches to address connectivity gaps affecting hundreds of millions of people.

Speakers

– Rodrigue Guiguembde
– Dany Wazen

Arguments

Smart Africa represents 40 countries and 1.6 billion people working toward single digital market vision

30% of Arab region population (100+ million people) lacks internet connectivity, requiring scalable solutions

Topics

Development | Infrastructure | Digital access

Both speakers emphasized the critical role of partnerships between international organizations to maximize reach and impact, particularly in addressing digital development challenges in underserved regions.

Speakers

– Adiel Akplogan
– Dany Wazen

Arguments

Partnership approach necessary to reach areas single organizations cannot cover effectively

UNDP launching Digital Professional Development initiative focusing on IPv6 adoption and IXP promotion

Topics

Development | Infrastructure | Legal and regulatory

Key takeaways

Multi-stakeholder collaboration is essential for internet infrastructure development, with successful examples like Smart Africa’s One African Network and UNDP-RIPE NCC partnerships

Infrastructure resilience requires balancing economic efficiency with redundancy – densely populated areas need at least three independent transmission networks

Capacity building must address both general user awareness (basic cybersecurity practices) and technical expertise for network operators

RPKI adoption remains critically low at 25% for route origin validation despite being available for over 10 years, requiring increased awareness and implementation

Regional approaches are necessary as internet challenges vary significantly – 30% of Arab region lacks connectivity while developed countries focus on AI and IoT infrastructure

Sectorial CERT coordination (like Norway’s 15-sector model) provides specialized knowledge while enabling scalable incident response

Regulatory frameworks must be agile and collaborative, with examples like EU’s NIS2 directive and 5G toolbox showing flexible implementation approaches

No single actor can address complex digital infrastructure challenges alone – partnership between government, private sector, and technical communities is mandatory

Resolutions and action items

UNDP to launch Digital Professional Development initiative with three pillars: IPv6 adoption, IXP promotion, and RPKI security implementation

UNDP and RIPE NCC partnership to conduct awareness campaigns and capacity building for routing security in Arab region

BEREC to develop methodology for balancing economic investment with network resilience requirements across European member states

Smart Africa to continue One African Network expansion beyond current 11 countries to eliminate roaming charges

Continued promotion of MANRS initiative and best practices implementation through RIR regional support

Development of regulatory framework by UNDP with GSMA for digital policies supporting connectivity and data centers

ICANN to continue 200+ annual workshops with regional focus and ongoing operational support for DNS operators

Unresolved issues

Technical connectivity problems during session prevented full participation from some online speakers

Question about IoT infrastructure management by device owners remained unanswered due to time constraints

Privacy concerns regarding DNS leakage and need for encrypted DNS/encrypted client hello adoption not fully addressed

Specific policies for ensuring digital transformation projects reach remote areas rather than just urban centers

How to address high data costs and digital device access barriers in underserved communities

Detailed methodology for trusted vendor assessments and implementation across different national contexts

Specific mechanisms for intelligence and information sharing across borders for cybersecurity threats

Suggested compromises

Balance between economic efficiency and network redundancy through BEREC’s proposed methodology allowing flexible national implementation

Sectorial CERT approach combining specialized knowledge with coordinated national response capabilities

Multi-level capacity building addressing both basic user awareness and advanced technical skills rather than expecting universal expertise

Regional flavor in global initiatives allowing local adaptation while maintaining international coordination

Flexible regulatory frameworks like EU’s 5G toolbox that provide common standards while allowing national customization

Partnership-based resource sharing to reach areas single organizations cannot cover effectively

But when it comes to resilience, there we do exactly the opposite, we try to build some connections that should be used maybe in some emergency situation. So they are not economically, let’s say, justified by itself.

Speaker

Zdravko Jukic

Reason

This comment highlighted a fundamental paradox in infrastructure planning – the tension between economic efficiency and resilience. It challenged the typical regulatory approach of avoiding duplication and introduced the complex concept of investing in ‘economically unjustified’ redundancy for security purposes.

Impact

This observation shifted the discussion from technical solutions to the deeper economic and policy challenges of building resilient infrastructure. It introduced the theme of balancing economic optimization with security needs, which became a recurring thread throughout the session.

Although the Internet is a global network, it’s a global network made of small independent networks that are connected and that are operated at the local level. So, applying the same multi-stakeholder approach, ensuring that different parties are impacted by the Internet in general, but its operation specifically, are around the table to think, to share ideas…

Speaker

Adiel Akplogan

Reason

This comment provided a crucial conceptual framework that bridged global and local perspectives. It reframed the internet from a monolithic global entity to a collection of interconnected local networks, emphasizing that global solutions must be implemented locally.

Impact

This perspective fundamentally shaped how other speakers approached their responses, leading to more nuanced discussions about regional variations, local capacity building, and the need for context-specific implementations of global best practices.

And in order to advance this, we have recently launched two initiatives… So basically, the initiative is about connectivity for digital inclusion and to address these challenges. We wanted to work on bipartite access. The first one is related to scalability… Second is allow sustainability… and thirdly, is a safe and secure connectivity.

Speaker

Dany Wazen

Reason

This comment was insightful because it provided a concrete, structured approach to addressing digital divides while integrating the theoretical concepts discussed earlier. The three-pillar framework (scalability, sustainability, security) offered a practical model for implementation.

Impact

This intervention grounded the discussion in real-world application and demonstrated how multi-stakeholder partnerships translate into actionable programs. It shifted the conversation from problem identification to solution implementation, inspiring other speakers to provide more concrete examples.

My experience from cyber security, as you already know, it’s important to understand the fundamentals because the internet is really complex and in order to find weak links, when you’re putting up a stable, scalable system, is really to understand how this works. But at the same time, no one will ever be able to understand everything.

Speaker

Frank Stien

Reason

This comment addressed a critical paradox in cybersecurity and internet governance – the need for both deep technical understanding and collaborative expertise. It acknowledged the inherent complexity while advocating for collaborative approaches to knowledge gaps.

Impact

This observation influenced the discussion on capacity building and skills development, leading other speakers to elaborate on different levels of expertise needed (from basic user awareness to technical specialization) and reinforcing the importance of multi-stakeholder collaboration.

No single actor can build African digital infrastructure alone. The complexity of the challenge we are facing, connectivity gaps, regulatory fragmentation, climate imperative, and endless risk, require a united, agile, and inclusive approach.

Speaker

Rodrigue Guiguembde

Reason

This comment powerfully synthesized the session’s themes while adding the crucial dimension of climate considerations and regional fragmentation. It elevated the discussion beyond technical and regulatory issues to encompass environmental and geopolitical realities.

Impact

This statement served as a compelling conclusion that tied together all the session’s themes – multi-stakeholder collaboration, capacity building, infrastructure resilience, and regional cooperation – while emphasizing the urgency and complexity of the challenges faced by developing regions.

Overall assessment

These key comments fundamentally shaped the discussion by introducing critical tensions and frameworks that elevated the conversation beyond technical specifications to strategic thinking. Zdravko’s economic paradox established the complexity of infrastructure planning, while Adiel’s global-local framework provided a conceptual foundation for understanding implementation challenges. Dany’s practical three-pillar approach demonstrated how theoretical concepts translate into actionable programs, and Frank’s expertise paradox reinforced the need for collaborative approaches. Finally, Rodrigue’s synthesis brought urgency and comprehensiveness to the discussion. Together, these comments created a rich dialogue that moved from problem identification through conceptual frameworks to practical solutions, while consistently emphasizing the interconnected nature of technical, economic, regulatory, and social challenges in building resilient internet infrastructure.

Would it be good if there is an infrastructure to ensure the communication of the IoTs so that they can be managed by the owner of the IoTs itself?

Speaker

Timothy (online participant)

Explanation

This question addresses the need for dedicated infrastructure for IoT device management and communication, which is crucial as IoT adoption expands and becomes more critical to digital infrastructure

What are the needed digital skills and what are the essential digital skills in the internet-driven future?

Speaker

Online participant (via Dany Wazen)

Explanation

This question seeks to identify the specific competencies required for the future digital economy, which is essential for capacity building and workforce development planning

How can organizations promote adoption of encrypted DNS and encrypted client hello technologies to address privacy concerns with domain name leakage?

Speaker

Vinicius Fortuna (Google Jigsaw)

Explanation

This addresses a serious privacy and security concern where domain names leak in plain text even with HTTPS encryption, potentially revealing sensitive personal information when analyzed by AI systems

What policies or laws are in place to ensure digital transformation projects reach remote areas rather than just urban centers?

Speaker

Audience member

Explanation

This question addresses the digital divide and the need for inclusive policies that ensure connectivity initiatives benefit underserved rural populations who face poor infrastructure, high data costs, and lack of digital devices

How to develop methodology for balancing economic viability for operators with national security requirements for network resilience?

Speaker

Zdravko Jukic

Explanation

This represents a key challenge for regulators in determining optimal investment levels for network redundancy that balance commercial interests with national security needs

How can countries balance different levels of digital advancement within regions like Africa?

Speaker

Chafic Chaya

Explanation

This addresses the challenge of coordinating digital development across countries with varying levels of infrastructure and technological advancement

How to improve intelligence and information sharing among cybersecurity peers across borders?

Speaker

Frank Stien

Explanation

This identifies a gap in international cybersecurity cooperation that needs further development to enhance global internet security