[Read more session reports and live updates from the 12th Internet Governance Forum]
The session organised by Ms Anita Sohan, Senior Programme Officer, Commonwealth Telecommunications Organisation, discussed how countries can allocate resources for cybersecurity activities and challenges and how cybersecurity activities can contribute to the UN sustainable development goals (SDGs) such as education, gender equality and innovation.
The moderator, Ms Shola Taylor, Secretary General of the Commonwealth Telecommunications Organisation (CTO), welcomed everybody and introduced the speakers, saying that the session was a very special Commonwealth forum because the next head of states meeting will be in April 2018 and that cybersecurity is on the agenda. He said that cybersecurity strategies are important because they touch upon all the SDGs and a national cybersecurity strategy gives the best method to protect the cyberspace infrastructure. The CTO supports countries in preparing their strategies which will help them benefit from all the opportunities of ICT for development. He stated that the Commonwealth’s ICT ministers adopted the following principles in developing national cybersecurity strategies back in 2014:
- That they all commit to a safe and effective cyberspace
- That all actions taken in cyberspace are for economic development
- To act both individually and collectively
- That each country decides their rights and responsibilities within cyberspace
He concluded that with financial assistance from the UK government, they ensure countries have a secure cyberspace.
Mr Garvin Willis, UK National Cybersecurity Centre, talked on best practices for cybersecurity. He encouraged countries to have national cybersecurity strategies. He said that their website has cybersecurity guidelines that can help industries operate on a secure, stable and free Internet. He encouraged countries to have a national cybersecurity centre, with experts from all sectors because cybersecurity is a team sport.
He talked about their guidelines for passwords which have changed from the traditional long word and diverse character set, to password managers that hold the many passwords we have for different services and systems. He recommended pass phrases that are longer and contain three irregular words, and that they should be changed when there is compromise. He recommended their guidelines which can help decision making on password policies. The guidelines contain recent publications on 10 steps to cybersecurity, cyber-essentials and managing the risks of cloud technologies. He said that they help governments reduce email spoofing by using a protocol called Dmark, and check UK public service websites for vulnerabilities. Patching systems is also necessary.
The moderator appreciated the guidelines and password analysis and encouraged everyone to take a look at it.
Mr Tracy Hackshaw, ICT & Digital Economy Strategist, Trinidad and Tobago, represented small and developing states on social and economic aspects. He said that social and economic dislocation has caused these states to become breeding grounds for criminal tendencies, and become potential areas of terrorism. In addition, cybercrime and cyber-terrorism are used to expose ethnic conflicts and that cybercriminals are considered heroes in these communities.
Mr Robert Collett, Head of Capacity Building, Prosperity and Cybercrime at the UK FCO, said that improving cybersecurity around the world is contributing to the SDGs, and that they work with commercial sectors and civil societies who are aware of cybersecurity. He appreciated India’s global agenda for cybersecurity and capacity building for countries to coordinate and work together for cybersecurity. He concluded that the Commonwealth is also supporting the use of ICTs for SDGs to respond to the security challenges we face.
The session ended with questions, answers and comments from the audience. Remotely Mr Foncham Denis, rapporteur for the Digital Watch observatory, asked what the CTO has done to train cybersecurity experts in member countries, and the response was that much has been done with government agencies on training staff. Other participants commented on how governments were possibly making systems and services more vulnerable by hacking and expanding surveillance, and on the need to agree on a set of norms which would also address cross jurisdiction.
By Foncham Denis Doh