[Read more session reports and live updates from the 12th Internet Governance Forum]
The moderator of the session, Ms Lea Kaspar, Global Partners Digital, spoke about a mapping exercise done by the New America Foundation which found and identified over 400 definitions of cybersecurity. She emphasised the importance to discuss the practical dimensions of the multistakeholder approach in cybersecurity.
Mr Amitt Ashkenazi, legal adviser at the National Cyber Directorate of Israel gave an insight on how the Israeli government frames the cybersecurity discussion and policy within the domestic context. Israeli strategy looks at this task through an interface of relationships which the government has within the domestic cybersecurity mission:
Mr Jonah Force Hill, policy specialist at the US Department of Commerce, NTIA, started his intervention with the main features of the multistakeholder approach:
Mr Tobias Feakin, Australian ambassador for cyber affairs, shared his experience in inventing his own position that could embody multistakeholderism in addressing the challenges that Australia was going to face, through its international cyber engagements. He also said ‘we physically relocated our center to a less classified environment to ensure that it was far easier for academia, for the private sector, for just a broader range of stakeholders who understand the technical details of cybersecurity who wouldn't have been able to engage with us in the past’.
Ashkenazi further provided an example of a multistakeholder project in Israeli cybersecurity. He said it is a platform, like a social network, in which companies can share information securely called Cybernet. It is open to companies and to the security community, while government moderate that platform. ‘The need for the government to intervene was to create the platform to make sure it's secure and to create trust, by setting the rules of the road for the use of this platform.’
Hill shared another example. In March 2015 NTIA issued a request for pubic comments - a formal federal government notification process where it put out an open-ended question saying, for any interested party - what are those cybersecurity policy issues where a multistakeholder approach might be beneficial. NTIA received a list of about 12 issues. They started from vulnerability disclosures – ‘it was a transparent process where we actually believed for the first time that hackers and the vendor community came together to come up with public policy solutions for best practices for vulnerability disclosure’. Then NTIA focused on IoT and patchability. He said there was a need to foster a market that offered more device systems that support security upgrades. Hill said that NTIA is now about to start a new process on software component transparency. It means to promote transparency of third-party software components including open-source software.
Mr Jan Neutze, Director of Cybersecurity Policy , Microsoft, mentioned the National Institute of Standards and Technology (NIST) cybersecurity framework as an example of bottom-up approach in contrast to previous ones that originated from governmental initiative.
Ms Allison Gillwald, Research ICT Africa, also shared an example from the Mauritius. ‘We have been working on a paper that looks at public/private interplays in the case of Mauritius where a very successful cybersecurity and critical information infrastructure regulation and governance framework was set up, leveraging the capacity, particular of a very strong financial sector which had sorted out security issues before government intrvention’.
By Ilona Stadnik