[Read more session reports and live updates from the 12th Internet Governance Forum]
The session which was moderated by Dr Jovan Kurbalija, Head of the Geneva Internet platform, and explored the technical and policy related aspects of the current cybersecurity problems and solutions.
Mr Adrian Perrig, the Director of the Network Security Program at ETH Zurich, stressed the importance of finding a technical solution to cybersecurity problems, comparing it to penicillin. He demonstrated his argument by referring to the problem of the Internet kill switch which can turn off the Internet or a subset of the Internet. Unfortunately, it is easy to trigger such kill switches externally so an external hostile entity can cut off the Internet in some regions. To solve this problem, Perrig’s team developed a system that limits the scope of user certificates thereby giving control only to trustworthy entities and creating an isolating domain. The system which in already in use in several banks in Switzerland, has helped them deal with cybersecurity issues.
Ambassador Frank Grütter, Head of the Division for Security Policy, Federal Department of Foreign Affairs, Switzerland, UNGGE 2016-2017 Expert, referred to the lack of an institution in which cybersecurity issues can be discussed globally, apart from conferences like the IGF. In his statement, he reviewed possible options for such an institution. For example, arranging another UNGGE, despite the results of the 2015 UNGGE, establishing an expert committee with a mandate to look at the implementation of the UNGGE reports and make recommendations on how the implementation can be improved, and even creating a new entity, a special UN party for cybersecurity. Regardless of the solution chosen, Grütter concluded by arguing that since cybersecurity is a global issue, these discussions have to take place at the UN.
Mr Alexander Klimburg, Programme Director at the Global Commission on the Stability of Cyberspace, claimed that it does not matter what comes next after the UNGGE, as long as it will be based on the multistakeholder principle. Today, many institutions are working together on different aspects of the problem, but more often, working alone to solve their own individual problems than creating actual co-operation. Klimburg highlighted that he does not believe in one single solution, one single idea that will solve all the problems, not even a technical solution, because there are always going to be security holes that have not been considered, thus it is essential to strengthen the confidence building measures between states.
Ms Katherine W Getao, ICT Secretary at Ministry of Information and Communication and Technology of Kenya, UNGGE 2016-2017 Expert, began her statement by expressing her hope that the UNGGE will continue despite the results of the 2015 UNGGE. She highlighted the fact that the UNGGE should be treated as a capacity building process and that states need time to implement the 2013 and 2015 reports. Furthermore, she emphasised that governments are a very important part of the cybersecurity agenda because of their mandate, structures and resources. Thus, she argued that there in a need for forums in which governments can sit together to come up with a common policy.
Ms Elina Noor, Director of Foreign Policy and Security Studies at the Institute of Strategic and International Studies (ISIS) Malaysia, referred to the so-called failure of the 2015 UNGGE process. Noor argued that the 2015 consensus document offered a lot of clarity on the applicability of international law and what is now debated is the applicability of the specifics of international law, especially concerning less developed and less powerful countries. In regard to her area, South-East Asia, she elaborated that what is missing is not capacity building in the technology field but in policy related matters. She concluded by stating that in the future, there will be a need for more specific provisions of international law, particularly in providing measures to states affected by cyber-attacks.
Mr Belisario Contreras, Cybersecurity Programme Manager at the Organization of American States (OAS), also addressed the results of the 2015 UNGGE by highlighting one of the positive outcomes of the process. The creation of a working group on the regional level to deal with the issue of co-operation and confidence regarding cybersecurity issues. This working group will be open to all member states as well as civil society and the private sector. He emphasised the different challenges developing countries are facing in the matter of cybersecurity, for example in providing training for law enforcement and in information sharing at the technical level as well as the political level.
By Efrat Daskal