Multistakeholder collaborations in cybersecurity response

Event report

[Read more session reports and live updates from the 12th Internet Governance Forum]

The moderator of the session Dr Wan S. Yi, Korea Internet & Security Agency (KISA), started his welcome address with examples of how vulnerable companies are to cyber-attacks without proper incident response. The first was about a Korean company that had to pay 1 million in bitcoins to get decryption keys, but where ultimately all the data couldn’t be recovered. Another case was successful when KISA helped a company respond to the WannaCry ransomware through proper instructions to staff. Wan also stressed the importance of working closely with manufacturers because a vast majority of Korean IoT devices suffer cyber-attacks.

Ms Jung Hee Kim, Korea Internet & Security Agency, made a presentation on the main activities of KISA. This government agency supports the private sector and protects Internet users and businesses which provide online service for profit. KISA helps to build out a cyber-attack when it occurs; works with developers and ISPs to take action when the service has security vulnerabilities; and provides online and offline technical support for users when an  incident response is received. She also stressed the close partnership with other national CERTs, as well as with AP CERT to conduct annual cyber-drills. In addition, Kim mentioned ongoing initiatives for enhancing trust and capacity building with partners: the Global Cybersecurity Center for Development, the Cybersecurity Alliance for Progress, and the Government Security programme with Microsoft. In conclusion she restated the borderless nature of cybercrime which makes it necessary for the security community to work across national boundaries in protecting cyberspace from malicious activity.

Mr Charles Mugisha, IT Operational Division Manager, Rwanda Development Board, participated remotely in the session. He gave an overview of how Rwanda is developing its national cyber strategy, and protecting its critical public infrastructure, as well as establishing a government top-down cybersecurity authority to control all these activities.

Dr Jianping Wu, Department of Computer Science, Tsinghua University, made a presentation on Chinese cybersecurity human resources development. Though China is a big country, it is still weak in the technological capacities to protect itself. Existing human resources in the IT sector are not enough to design secure systems, but only to passively respond to incidents. Being a professor, Wu gave a university perspective on the problem. Until 2014, the preparation of IT specialists was initially in the maths and cryptography fields, and information protection. After that universities began to offer graduate and PhD programmes in cybersecurity. Now there are about 29 universities offering this.

Ms Jing De Jong-Chen, General Manager, Global Security Strategy, Microsoft, shared some programmes and concerns that Microsoft has on the issue. Two major types of cyber-attacks they are dealing with on a daily basis are cybercrime and cyberwarfare. There is a growth of state sponsored attacks on civilian infrastructure, hospitals, energy, and other public services. Furthermore, Jong-Chen explained that the Microsoft approach is to develop trust in their services and products. This comprises a special security platform in the Microsoft environment, intelligence analysis from customer feedback on cyber-incidents, and work with governments around the world on cybersecurity policy. ‘It is very critical for a government to develop a set of security best practices, because governments should set an example as a role model before telling the public what to do,’ she said. Microsoft also uses forensic activities and legal means to pursue attackers, to help ensure that law enforcement can take matters through to prosecution. ‘It is important for a government to keep that in mind when the private sector is regulated on a national basis. It may be forgotten that there are times when we have to deal with global issues, not just in one country.’ She said that Microsoft collaborates with CERTs to provide capacity training. In conclusion, Jong-Chen stressed that, ‘You can have a national border in terms of the regulation, the data, the services, and cybercriminals will have no problem with any of that. They will launch an attack anywhere they want. What really becomes an issue is that law enforcement has to prosecute or investigate cases outside of their jurisdiction. We see that struggle all the time. As a global company, it is our job to make sure that we assist and support these efforts, but at a national government level that’s not something the private sector can address.’

By Ilona Stadnik