[Read more session reports and live updates from the 12th Internet Governance Forum]
One of the moderators, Mr Markus Kummer, Former Director at ICANN, introduced the session and said that it would consist of three parts: an overview of the last year, future areas of focus, and concluding remarks. He said that the goal was to further enrich the Best Practice Forum 2017 output document, which will be presented after the IGF.
The second moderator, Mr Maarten Van Horenbeeck, President, Forum of Incident Response and Security Teams (FIRST), outlined what had been discussed over the past year. Through virtual and in-person communication, the community had worked on a range of technical, governmental, and cultural issues. The main focus was on the ability of ICTs and technology to assist in reaching Sustainable Development Goals (SDGs), and connecting the next billion users.
Mr Segun Olugbile, CEO, Continental Project Affairs Associates, gave a brief overview of previous cybersecurity talks during the IGF 2017 which covered empowerment, global cooperation, development and peace, gaps in capacity, and the need for increased cyber hygiene. Human security was particularly taken into consideration, as well as recommendations and cyberspace norms, as presented by Microsoft and the Global Commission on the Stability of Cyberspace.
Van Horenbeeck invited the audience to comment on the final document with the experts present, particularly in the main areas identified for the following year. The first area is safe and reliable access, and securing critical shared services. As an expert on the topic, Ms Cristine Hoepers, CERT.br, stressed the importance of incentives for all players to encourage best practices. Incentives can come from the market, policy, or social responsibility. She also talked about the general mind-set, and raising awareness on the need for a more educated workforce in order to have secure software. Hoepers added that digital literacy and cyber hygiene are connected to general education, coupling cybersecurity with the SDGs.
The second area identified for 2018 is preventing collected information from being reused for inappropriate purposes, and potential abuse by authorities. Mr Benedict Addis, Registrar, Last Resort Foundation, underlined that security and privacy are aligned, and that usually law enforcement is more problematic than legislation. He talked about unforeseen consequences of regulation, and as an example named Russian regulation to geo-localise storage, which has resulted in higher operational costs.
Ms Deborah Brown, Association for Progressive Communications, pointed out that, 'technology can be key to enabling SDGs', but for that people need to feel, and be secure. Brown mentioned the large-scale data projects in this field that carry risks for the most vulnerable groups. Mr Matthew Shears, GP Digital, saw several critical points when dealing with data theft, such as assuring an appropriate range of security in all devices, both in the consumer market and small businesses. 'Market pressures in these areas, particularly cost, will determine the level of security in them,' Shears emphasised.
Policy issues continued by questioning how the BPF community can support discussion on cyber norms and values, and the digital security divide, in upcoming years. Mr Alexander Klimburg, Global Commission on the Stability of Cyberspace, agreed with Hoepers' support for discussion on incentives, and reminded the meeting that norms are not legally binding, but voluntary. Responsible behaviour, according to Klimburg, is a key area for the future. He reflected on the principle-based approach and the ‘do no harm principle’ for core services and product developers, which could be introduced along with the principles of end-to-end, universal access, and open standards. Ms Kaja Ciglić, Microsoft, remarked that Microsoft started talking about norms in 2012, and the Microsoft Digital Geneva Convention is a long-term process critical for the future. She also gave a reminder that one of the goals of Microsoft is to set the norm of non-interference in the electoral process.
By Jana Mišić