Collaborative multistakeholder approaches in cybersecurity

27 Nov 2019 12:00h - 13:00h

Event report

[Read more session reports and updates from the 14th Internet Governance Forum]

Cybersecurity is a human challenge, and needs to be implemented through a collaboration of human actors. Some of the challenges to be addressed are actors working in silos, inefficient international co-operation in cybercrime investigations, gaps in skills and awareness, as well as emerging issues like the security of electoral processes. There are, however, examples of co-operation across Africa, Caribbean, and other regions that successfully address these and other challenges.

Many countries are progressing with the development of national policies and strategies, yet the implementation of these measures is often slow, according to Ms Pinky Kekana (Deputy Minister for ICT from South Africa). To improve the implementation of policies, co-operation across stakeholders is needed, while also taking into account the involvement of women, since ‘women are the best implementers of any public policy’, as put by the session moderator Ms Gisa Fuatai Purcell (Acting Secretary-General, Commonwealth Telecommunications Organization (CTO)). In practice, as noted by Mr Olaf Kolkman (Chief Internet Technology Officer, Internet Society and Commissioner, Global Commission on the Stability of Cyberspace (GCSC)), most of the measures related to cybersecurity are implemented closely involving the users, especially in networks of users, companies, and operators.

CTO countries, covering a third of the world’s population, play an important role in addressing major cybersecurity challenges. In order to improve international co-operation in cybercrime investigations, the Commonwealth Secretariat has established a worldwide network of contact points in national prosecution agencies. According to Mr Matthew Moorhead (Acting Head of the Office of Civil and Criminal Justice Reform, Commonwealth Secretariat), informal contacts among prosecutors improve the otherwise slow exchange of evidence. Together against Cybercrime (TaC), a civil society organisation, provides capacity building activities to enable law enforcement agencies to collect and use evidence appropriately, offers assistance to victims of cybercrime, and conducts awareness raising activities, especially in rural areas, on how to stay safe online but also on how to use existing mechanisms to report cybercrime, Ms Yuliya Morenets (representative of TaC) explained.

According to Ms Nayia Barmpaliou (Head of Public Policy and Initiatives, Centre for Cybersecurity (C4C), World Economic Forum), there is a gap in skills for co-operation on securing technologies. Public-private partnerships are critical in this regard, to develop capabilities on national levels, but also to incentivise the market and drive innovation. Civil society organisations play a role in addressing the lack of policy expertise on cybersecurity, especially among young people, Morenets added. Importantly, we have to continuously revise skill sets in order to keep up with developments, Mr Kevon Swift (Head Strategic Relations & Integration, Latin America and Caribbean Network Information Centre (LACNIC)), underlined.

The work of donors and implementing agencies is often disconnected, and they work in silos, Barmpaliou and Swift observed. A global matchmaking mechanism is needed, and the Global Forum on Cyber Expertise (GFCE) might play an important role in this regard. The IGF also plays an important role in connecting the actors, as was the case with this particular session where different actors working in Africa, as well as in the Caribbean, got together.

The African Union (AU) partnered with the Internet Society (ISOC) to work with the African tech community, such as Internet Service Providers (ISP), local network operator groups, and Computer Security Incident Response Teams (CSIRT), to follow up on the AU Convention on Cyber Security and Personal Data – known as the Malebo Convention. The report ‘Internet infrastructure security guidelines for Africa’ produced by ISOC provided recommendations for measures on all levels, from high-level officials to the tech community:

  • Establishing the AU Cybersecurity Collaboration and Coordination Center (ACS3C) as a multistakeholder group to advise AU policy makers
  • Identifying critical infrastructure and critical internet infrastructure – such as ccTLD operators and Internet Exchange Points (IXP) – and devising protection mechanisms
  • Enhancing the exchange of information about risks and incidents at the national level, in particular through CSIRTs.

At the same time, and building on the Commonwealth Cyber Declaration of 2018, which establishes a commitment by states to co-operate on cyber issues and improve their national frameworks, the Commonwealth Secretariat has been conducting cyber-capability assessments in Gambia, Kenya, and Namibia on general cyber-resilience, and legislative and criminal justice capabilities, and mapped the key areas for legislative changes and developing capacities. In addition, the progress of the cybersecurity programme in Ghana was praised as a good example by Moorhead.

In Latin America and the Caribbean, LACNIC established its WARP unit, which observes risks and issues early warnings about threats, advice on the management of incidents and reducing risks, and provides a trusted space for anonymous reporting of incidents and related details, thereby collecting information about the types and number of incidents. In addition, LACNIC assists CSIRTs from the region to build their defence capacities, and co-operates with the FIRST international network of CSIRTs. While it does not get involved with policy-making, LACNIC connects with local players and assists them to contribute to these processes. In parallel, the Commonwealth Secretariat has worked on building capacities for judges, prosecutors, and investigators in the Caribbean to work with and share electronic evidence.

The Commonwealth Secretariat also addressed emerging threats such as the security of the election processes. Moorhead reminded the group that even though many countries do not have electronic voting systems, the integrity of the elections can be hurt by attacking voter databases, spreading misinformation, etc. To address this challenge, the Commonwealth is developing a guide and conducting workshops, particularly for countries where elections are approaching soon, such as in Ghana.

By Vladimir Radunović