[Read more session reports and live updates from the 12th Internet Governance Forum]
The session was opened by Mr David van Duren, Head of the Secretariat, Global Forum on Cyber Expertise (GFCE). Mr van Duren briefly introduced the GFCE as a global platform for countries, international organisations, and private companies to exchange best practices and expertise on cyber capacity building. He provided an update that the GFCE membership has grown from 42 in 2015 when the GFCE was founded, to 65 members today. GFCE now has 17 initiatives covering most relevant cyber topics for cyber capacity building, with an Advisory Board involving experts from academia, civil society and the technical community. Most recently, the GFCE has developed the Global Agenda for Cyber Capacity Building (Global Agenda) as an instrument to strengthen international cooperation, and ensure the use of common resources. In addition, the GFCE has prepared a set of Global Good Practices (GGPs). In 2018, the GFCE is preparing to implement the Global Agenda.
Ms Carmen Gonsalves, Head, International Cyber Policy, Ministry of Foreign Affairs of the Netherlands, and a Co-chair of the GFCE, outlined five key pillars of the Global Agenda: cybersecurity policy and strategy; incident management and infrastructure protection; cybercrime; implementation of cybersecurity standards; and cybersecurity culture and skills to raise awareness and empower the population. She added that the initiatives have prepared an inventory of GGPs. On top of that, the Delhi Communiqué on a GFCE Global Agenda for Cyber Capacity Building was endorsed by 60 members at the Global Conference on Cyberspace (GCCS) in Delhi in November 2017, highlighting existing principles as guidelines for capacity building (including broader ones such as the applicability of international humanitarian law to cyberspace, and respect of human rights online). She invited members and other partners to contribute to discussions on the action plan for the implementation of the Global Agenda.
Mr Vladimir Radunovic, Director of e-diplomacy and Cybersecurity Programmes, DiploFoundation, and Member of the Advisory Board of the GFCE, presented some of the main GGPs developed by the initiatives, with the facilitation of DiploFoundation. He explained that the GFCE has a number of hands-on results and practices developed under its umbrella:
- Tools for testing the application of existing Internet standards in web services, which can increase overall security of systems, developed by the Internet Infrastructure Initiative.
- Health metrics tools, mitigation recording and situational awareness outputs for policy-makers, developed by the CyberGreen Initiative.
- Models for developing national and regional capacities of law enforcement authorities, through establishing national teams and regional hubs, implemented by the Glacy+ initiative.
- Formats of awareness raising campaigns on cybersecurity, such as Cybersecurity Month, implemented by the global campaign to raise cybersecurity awareness.
- Maturity models for assessment of existing cyber capacities in countries, developed and implemented by the initiative on assessing and developing cybersecurity capability.
He invited everyone to read the GGP document, and use the interactive visual navigation to select GGPs of particular interest to particular stakeholders.
Mr Paul Nicholas, Senior Director, Global Security Strategy and Diplomacy, Microsoft, observed that it is easy to talk about capacity building but hard to implement it, and shared experience of Microsoft work in capacity building. He emphasised the role of the GFCE as a platform for people to share things in a politically and technologically neutral way. He reminded the audience, however, that it is not about sharing what one knows, but about learning from others, which is the main merit of the GFCE.
Mr Robert Collett, UK Foreign and Commonwealth Office, provided examples of how his daily work related to capacity building, including with the GFCE, and how this can bring tangible benefits for institutions. He explained that, due to partnership with an Indian institution which managed honeypots, the UK had early information about the Wannacry incident. The Organisation of American States and International Association of Prosecutors, with which the UK cooperates on capacity building, also provided valuable assistance with regards to technical data and prosecution issues. Collett said that structured communities such as the GFCE can help in identifying needs, and actions to be undertaken, and that a multistakeholder process like the GCCS can help in building the global agenda, which can then be endorsed by heads of governments, for instance within the Commonwealth. In summary, he reiterated the UK’s support for the GFCE.
Ms Lea Kaspar, Head of Global Partner Digital (GDP), and a Co-chair of the GFCE Advisory Board (AB), warned that it is important to ensure that the “partnership of equals” doesn’t turn into some being more equal than others. He explained that therefore the AB was created to ensure the participation of other stakeholders that are not members – civil society groups, academia, and the technical community. Looking back at the work of the AB, she reported that with internal procedures established, AB contributed to developing the GFCE Roadmap, to the Global Agenda and the GGPs, as well as the Delhi Communiqué, and that it will contribute to the Action plan in 2018. As an example of the effect of this, she presented the principle of inclusive partnerships which is included in the Delhi Communiqué. She also gave an example of the cross-sectoral partnerships which emerged from the GFCE cooperation, namely the projects of GDP with OAS on developing national cybersecurity strategies. Finally, she informed the audience that the mandate of the current AB is coming to an end and that the call for renewal and new members will be launched soon, inviting all to apply.
Arnold van Rhijn, Netherlands Ministry of Economic Affairs, and member of the Multistakeholder Advisory Group (MAG) of the IGF, stressed the importance of open standards and the work of the I* organisations – IETF, IEEE, ICANN, ISOC and others. Following up on Mr Radunovic’s presentation of the GGPs related to Internet standards, he presented the internet.nl tool, to test if a website or email applies all the standards, and invited everyone to try it. He gave updates on plans to conduct five workshops starting in 2018 on implementation of open standards, together with the technical community and local authorities, clarifying that more workshops could be organised around the world if these prove successful. He also underlined that the Netherlands is ready to support such a project financially.
A request from a Netherlands delegate was made for a better sync of the outputs of various forums, such as the Best Practices Forum of the IGF and the GGPs of GFCE. Mr van Duren reminded everyone of the work of the Oxford Portal on capacity building, as a useful mapping tool which can help better sync. Mr van Rhijn, wearing his hat as a MAG member , invited people to discuss such issues under the IGF, as well as the GFCE to continue being present at the IGF.
Another comment from a delegate from Kenya was about raising the importance of bringing more technical people and policymakers together, because policies can impact technology and technology impacts policies. Ms Kaspar suggested the creation of a repository of good practices at national levels, with member countries that have certain challenges being able to consult with the GFCE, which could help with a particular best practice from another country. Mr Collett added that the GFCE could also bring needed experts and organisations to assist at the local level. Mr Radunovic suggested that the GFCE Annual Meeting is a good opportunity for cross-stakeholder discussions, and that the AB could be a vehicle for connecting stakeholders and their needs with good practices throughout the year.
Ms Gonsalves concluded that the international organisations are also members of the GFCE, which should help the coordination among various actors and forums.
By Vladimir Radunovic