This session addressed the concern over the rise of cybercrime and its consequences for privacy and security online, as well as the resulting lack of trust among consumers and governments to adopt digital technology. The topic was introduced by the moderator, Ms Cécile Barayre, Economic Affairs Officer at UNCTAD, who stressed the transformational nature of e-commerce, generating both opportunities and challenges.
Barayre then went on to introduce H.E. Ms Rahman Ahmad Khan, Minister of State for Information Technology and Telecom, Pakistan, who outlined some of the critically important areas for addressing cybercrime:
- Looking at enhanced co-operation between states and other stakeholders.
- Building consensus around agreed international protocols that ensure the realisation of an open, secure, and reliable cyberspace.
- Implementing capacity building for countries that lack expertise.
According to Ahmad Khan, users must have the same rights and protection online as they do offline in order for user trust to be restored.
Next, Prof. Ian Walden, Queen Mary University of London, addressed the legal aspects of responding to cybercrime. For state response to be effective, there needs to be a harmonisation of criminal justice systems, for example around the Council of Europe’s Budapest Convention, and criminal justice relations need to be regulated in such a way as to enable the co-operation between law enforcement agencies. Policing cyberspace should focus on prevention and disruption, rather than prosecution, and needs to happen in collaboration with third parties, such as service providers and the Internet industry. Effective cybersecurity strategies need to address prevention and cultural shifts to change the culture of insecurity. Finally, legal and regulatory responses should include criminalising conduct, enhancing law enforcement powers (while taking into account the need to safeguard privacy rights), and putting into place cybersecurity frameworks that include prevention and permit active defence.
With a view from the private sector, Mr Yuejin Du, Vice-President of Alibaba Security, outlined the key cybersecurity challenges:
- Technological challenges: loopholes can never be fixed and the number of vulnerabilities are countless.
- Human challenges: the weakest link is always there.
- Opponents are big, organised, advanced, and globalised actors.
To combat these challenges, Du provided several examples of the technological measures taken by Alibaba Security, as well as its efforts to build a ‘security alliance’ with other actors in the e-commerce ecosystem. Finally, co-operation with law enforcement is inevitable.
Zooming in on one solution against cybercrime, Prof. Nir Kshetri, Bryan School of Business and Economics, University of North Carolina, explained the role of blockchains in strengthening security of the Internet of Things. He compared the potential of blockchains with cloud-based services, and highlighted their decentralisation as a particular advantage. Another solution was provided by Mr David Satola, Lead ICT Counsel, World Bank, who introduced a portal for capacity building for emerging countries, available at www.combattingcybercrime.org. Its aim is to enhance the capacity in developing countries of the policy, legal, and criminal justice aspects of building an enabling environment to combat cybercrime. The portal consists of a toolkit, an assessment tool, and a virtual library. Mr Gustav Lindstrom, Head of the Emerging Security Challenges Programme, Geneva Centre for Security Policy, presented a similar project: the National Cybersecurity Strategy (NCS) Guide. This project is spearheaded by the ITU in collaboration with 14 partners from different sectors, and aims to produce a reference guide for developing and implementing a national cybersecurity strategy. The guide covers the overarching principles of a NCS, an overview of good practices, and a practical guide for the strategy formulation process.
Finally, Ms Marilia Maciel, Digital Policy Senior Researcher, DiploFoundation, presented the trends, challenges and opportunities of capacity development in cybersecurity. First, she highlighted the changing social context in which individuals and societies are becoming cyber-dependent. As digital services become increasingly complex, complete security will never be possible and risk will always be present. Therefore, it is key to make the environment around cybercrime more secure. She pointed at the surging number of bilateral agreements on cybersecurity, as well as some of the multilateral instruments in place, which all refer to the need for capacity building.
She then presented a number of lessons learned from DipoFoundation’s capacity development initiatives:
- Capacity development needs to reflect the multidisciplinarity of the topic.
- Capacity development needs to allow for knowledge-sharing across professional cultures.
- There are extensive gaps in capacity building in different regions and among different stakeholders. This can be overcome by frameworks for regional co-operation, and by involving different sectors.
- Comprehensive capacity building needs to address individual competences, institutional development, organisational development, and networks development.
- Horizontal and vertical policy coherence needs to be ensured as decisions in one place influence other countries and policy-areas.
Finally, she introduced the Digital Commerce course developed by the Geneva Internet Platform, the International Trade Sector, CUTS, and UNCTAD.