IGF 2023 – Day 3 – Open Forum #92 Achieving the SDGs through secure digital transformation – RAW

The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.

***

 

>> MODERATOR: Okay.  Good afternoon, ladies and gentlemen, and welcome to the Open Forum dedicated to the issue of Achieving the Sustainable Development Goals Through Secure Digital Transformation.  This is organized by the Government of Sweden.  So thank you for joining us here and thank you to those joining online.

What we will do today is to kind of discuss how the issues of cybersecurity can be mainstreamed in the development agenda.  It's a topic that is very close to many of the partners of this project that we would be introducing here today and that we hope to get inputs from you on.

So just to recap, this project on mainstreaming cybersecurity and development has the following partners.  It's the Government of Sweden, as I have mentioned, it's ministry, the Global Forum of Cyber Expertise, the GFC, the ITU, and last but not least, Microsoft.

So welcome on behalf of the partners in this consortium.  To start us off maybe a few general remarks, so cybersecurity is often decoupled from other development interventions due to lack of awareness, understanding of how to integrate it or technology concerns.  However, with all of the partners as we have understood also many others around these issues have understood that sustainable digital transformation and cybersecurity, there are some vital cross‑cutting needs there.  For this reason today, we are formally launching this work stream that we have been working on together to facilitate a frank and inclusive discussion amongst stakeholders and distill their recommendations into a multi‑stakeholder compendium that we are planning to launch later this year, and well share more details on later.

So to this end, we plan to bring various stakeholders to a series of workshops, one of them is considered as this one happening at the IGF.  And just to give you a little teaser of the issues we are planning to discuss it's issues such as the role of cybersecurity in supporting safe and secure digital transformation, the importance of digital development as an enabling function to achieving the SDGs.  What are some of the lessons learned from past and ongoing cyber capacity building projects?

How can we use concrete goals and checklists and indicators for the implementation of UN cyber norms, mainstreaming cyber capacity building with various development programmes and funds and also the role of diplomacy?  Creating institutions and mandates to support cyber mainstreaming.

So these are the issues we will be discussing today.  We hope we have a lively discussion that will be reflected in the compendium in the making.  So that was just a very brief introduction of the topic, and now let me introduce also the discussants we will have it take us through them.  So I will start on my left at the end of the table, we have Christopher Painter, who is the President of the GFC foundation board.  We then have Yasmine Hamdar from the ITU.  We also have Johan Ekerhult from Swedish Ministry of Affairs. 

I am Tereza Horejsova.  It will be my pleasure to be your moderator alongside my colleague, Ellen Sabanlog, joining from the Philippines who will be serving as a bridge with the online audience.

I do hope also His Excellency Moctar Yedaly, ex Minister from Mauritania, hopefully, I don't know if we have a confirmation that Mr. Moctar is with us.  Good morning.  I appreciate you being here.  So let's get started.  Each of our panelists will give brief reflections, and then we will go into the discussion and if you allow me I would like to start with you, Johan. 

There is a reason the Government of Sweden has considered this issue of importance.  Could you kick us off on how you see the importance of digital development as an enabling function for the SDGs?  Thank you.

>> JOHAN EKERHULT: Thank you, Tereza, and thank you for all of the partners here today.  From the Swedish Government perspective, we have had a long development journey from a poor Agri country to a revolutionized and industrialized country and that journey has been able to trust.  I think that is where we are coming from.  And what we have felt and seen, and I think we all have seen even more so with COVID and the pandemic, that core parts of our everyday life and our Government functions are digitized, so creating trust and security in how we share information, how we communicate, how we deal with this across borders has become an essential part on a functioning society, on a functioning economy, on a functioning development.

So from our point of view, that is why we see a very strong link with the SDGs and building cybersecurity because if you take an issue like information or disinformation, for example, it's about understanding, believing, trusting and the sources that you have.  Those things are key when we look at it, and I think also for an industry to grow.  We buy and sell things across borders.  If I want to sell something in another country, I would like to be sure that the thing I'm buying is to what I'm ordering.

I also want to make sure that my credit card or whatever I use to pay is not skimmed along the way.  And that, I think, we have a very key issue.  I think especially for small and medium‑sized enterprises in Developing Countries, being able to have security and broadness around the system is key for having the opportunity to grow and develop, and I think that for us are very, very key, key things.  I think when we are looking at it, I think one needs to raise the awareness of cybersecurity.  Might sound technical, but it is essential to allowing other aspects of trust building to get to the SDGs.

And I think I'm very extra happy that we are, all of us here together because I think in order to achieve that, we need to work together.  We as Government need the help of the industry with Microsoft, we need to cooperate together in international organisation and we need a civil society and experts like UTSR to work on taking this forward.  And we cannot do it alone.  Digital is one of those things that doesn't stop at borders so we need to do this together.

Maybe I can touch a little bit, I think what does that mean?  I think, well, it means we need to have common rules.  We need to have the tools for implementation, we need to have the tools for monitoring, and in the end we would probably also have the resources to remedy when things go wrong.  I think you need those aspects and ITU is doing an excellent job on the monitoring part.

We all try to help in providing our input from a national perspective so that we can see what is needed.  We can do that gap analysis.  And from GCFE, you are producing the knowledge base we need to get there.  And the industry is a key partner because they are actually providing the fundamentals which we work through, and we as Governments try to find the right balance between regulation and governance and getting that right.  So I think those are the things that we are working on, and also to be very frank also struggling with.

I think the challenge of doing this is, of course, that it needs that cooperation among us, but also in Governments and to get all of the different key partners to talk together.  So I think those are a little bit how we see the basic points of why this is important and why we need to work together in this setup, so I think what we are looking for is to learn from you and how we can do this better and very much interested in hearing your views on this.  Thank you.

>> MODERATOR: Thank you very much, Johan, also for stressing kind of the multi‑stakeholder importance of these discussions.  There is also no coincidence why this consortium of this project has been set up the way it has been, and later on if our time allows having you as a diplomat in Geneva, it would be useful to hear reflections on how the development and cybersecurity worlds meet at this centre of diplomacy.  But let's leave it for later.

As I have mentioned in the opening remarks, we have had two consultations already at various contexts, at various venues.  The first one is happening in July in New York during the open‑ended Working Group.  The second one was held about two weeks ago virtually in cooperation with the Swedish International Development Agency on trying to bring more of the development practitioners into this discourse.

We have learned quite a lot.  Some, let's say, the concerns or recommendations we have heard in these consultations were expected.  Some were maybe a little bit surprising.  Maybe to set us up for discussion later I would like to get into those briefly and, Michael, if I may turn to you.

What has come up as the main barriers in mainstreaming cybersecurity and development so far.

>> MICHAEL KARIMIAN:  Yasmine and I will reflect on this together and Yasmine and I have similar takeaways from the consultations which speaks to a level of unanimity but from a private sector actor, the strength of the consultations and the common themes coming through time and again.  Firstly, Johan touched upon this it is abundantly that clear digital transformation is essential, and that's true in ways that weren't fully recognized when the SDGs were being drafted, scoped, agreed to over a decade ago.

Snow as we are on the cusp of the post 2030 Agenda and not knowing what that will look like, that in many ways speaks to the timeliness and helping to lay ground work for that.  Before we get to the post 2030 Agenda, we are now in today's interconnected world, it's obvious that secure, trusted and inclusive digital infrastructure is the foundation of economic and social development everywhere, not just lower and middle income countries.

However, that digital transformation journey brings with it a huge range of risks, particularly for nations and regions that may currently last the cyber resilience to counteract the ever evolving cyber threats.  It's imperative to recognize that in order to empower and safeguard all societies from the mounting cybersecurity risks we must practically and comprehensively integrate cybersecurity principles in the agenda.  One recurrent theme that has resonated throughout discussions is the need for a collaborative approach achieving the SDGs.  Secure digital transformation requires active and engaged participation of various stakeholders.  That includes Governments, international organisations, the development community, industry players and civil society which necessitates the pooling of knowledge, expertise, resources because the magnitude of these challenges is too vast to be tackled by one entity in isolation.

I know that's a common theme we hear throughout the IGF.  I think furthermore the consultations have really underscored that capacity building in cybersecurity as not merely a desirable option but absolute imperative and that will be music to Chris' ears but something that he knows and understands well.  It's evident we need to prioritize efforts in building and enhancing cybersecurity risks especially in regions where digital transformation is occurring at an accelerated pace.  Strengthening skills required to navigate the Web of cybersecurity challenges is fundamental to achievement of the SDGs.  The discussions so far have highlighted the importance of mainstreaming cybersecurity into digital development programmes and funding mechanisms.

So to ensure that the SDGs are not only supported but advanced by digital transformation, me must seamlessly integrate into the very fabric into development initiatives.  That includes both at the design level, but ongoing implementation of the projects.  We have learned that the approach to mainstreaming cybersecurity must be adaptable. 

So every region, country faces a range of unique climate changes and requirement on the digital development journey, and such strategies and interventions must be tailored to address those specific context effectively.

On the issue of funding mechanisms, consultations have illuminated critical need to broaden the sources of funding for cybersecurity capacity building.  It's not sufficient to solely rely on defense budgets, for example, to support these endeavors.  It's important that development budgets are mobilized to ensure that digital development projects are fortified with the subsequent security components.

  These are some of the valuable insights from the consultation.  Yasmine will have similar perspectives and maybe more to share.

>> YASMINE HAMDAR:  So indeed these consultations have lifted the lid on things that practitioners don't necessarily consider.  There is also a definition issue sometimes.  We often try as a recommendation to refer to it as cyber resilience because security is a word implies certain things, and this also is partly caused by the fact that cyber capacity building as mentioned by Michael is funded from defense budgets rather than development.

So one recommendation that has been coming since the two workshops we have is to demystify the field because actors, be it development or policy, they often misunderstood it.  They see it as a technical issue or not a consumer or policy issue.  So there is a bit of discomfort from development professionals over the perceived sort of technical nature of it.

One other thing that is important that we often overlook is that it's a very English‑focused field.  There needs to be a little bit more inclusion in terms of languages, and both national and also local dialects need to be reflected.  A recommendation that is important as well is to consider going beyond our usual sort of communities, both at national and international level.

The development community and the cyber capacity building community often do not talk and at national level there is often an interagency friction between mandates and that's the case for numerous countries, so oftentimes we finish into an echo chamber of speaking to cyber diplomats that know the importance of this, but there needs to be, of course, the inclusion also of what we would consider non‑traditional actors like political parties or civil society, of course, and people that are also active in shaping the policy landscape.

So including cybersecurity and cyber resilience is, of course, key to also include in digital development projects.  I can say even in the ITU the approach is still very siloed.  Oftentimes we have digital development projects cybersecurity projects separate even within the same organisation.

So maybe a recommendation that has come out and that I very much agree with is that sometimes cybersecurity can be added as a sort of criteria in audits for development projects, digital development projects, maybe donors can have a role here where they can build cybersecurity requirements into their projects.  So it's a bit of an all hands on deck type of effort, but I think what's really key is to continue to have these conversations and maybe turn over to different actors, maybe some we haven't thought about for understanding some, what can be some good examples we can showcase through this work stream.

>> MODERATOR: Thank you Yasmine.  Thank you very much, Michael.  I will be curious later to hear if this to any extent was surprising to you as well, and if you have other reflections, but before we do, Michael, you have mentioned, for instance, the unique challenges that various regions face.  Yasmine has brought up the issue of languages.  

I would like to turn to you, Moctar.  You, of course, knowing Africa so well, can you share with us a little bit your perspectives of kind of where the intersection of digital resilience and achieving Sustainable Development Goals, how it has unfolded in Africa and what is the situation there regarding the multi‑stakeholder participation that we have heard about as quite an important need?

>> MOCTAR YEDALY:  Can you hear me and see me.

>> MODERATOR: So far you are small, but I believe you will be made big.  Yes.  It's perfect.  Please go ahead.

>> MOCTAR YEDALY:  Thank you very much, and thank you for the opportunity.  It's 4:00 a.m. where I am in Mauritania.  Thank you for having me, and I congratulate the previous speakers for what they have attained, specifically with regard to the connection between SDGs and the cybersecurity and the ICTs in general.  As was mentioned previously, today our lives, we cannot go without using the digital technologies for our development and this effects a lot of our goals with regard to sustainable development.

As previously mentioned, the issue of safe transactions is extremely important.  We have seen the rise of cyber-attacks, cyber threats, and as also mentioned, it is extremely important to see that cybersecurity is being addressed not only from security or defense point of view, but it is addressed from development and specifically sustainable development.

Most African countries do now have the transformation strategies, but very few of them do not connect the digital transformation and the cybersecurity within those approaches.

Second, most of the African countries are actually departments dealing with the digital transformation are most of the time addressing the issue of digital transformation in silo.  Though there is a multi‑stakeholder approach everywhere, but the problem, the only point where the collaboration is not yet there is that national Governments with regard to cybersecurity.

Most South Africa countries are lucky that collaboration among different stakeholders.  The issue of cybersecurity is addressed by probably the Minister of Digital transformation and ICT and the Minister in charge of security, so much different, but other civil society, academia and others as a multi‑stakeholder very seldom being associated or involved in this endeavor related to cybersecurity.

So that lack of national governance with regard to cybersecurity/connected with the SDGs and connected with the digital transformation for the global approach for everybody to work on together, and make sure that as the representatives from Sweden have said that we are all moving toward safety not only in the national bodies, but outside.

The point I wanted to highlight is the fact that the multi‑stakeholders principle doesn't apply most of the time in the area of cybersecurity.  That is one of the number one.  Number two, there is a lack of cyber strategy at the national level, and all see that most South African countries do not have really a very efficient, if I may say, cybersecurity strategy associated with development of digital transformation.

There is an issue of safety of firewalls or antiviruses and we think that is cyber safety, but in fact it is not, what I call is regional safety.  And the third point I wanted to highlight is that Africa has unique specificity of having a lot of young people.  35% of our population is very young.  And these people cyber is not only for Africa, but also for all of us, and I said the issue of cybersecurity is not only for national bodies, but everybody.  And our performance in that stays in cyberspace is only by the weakest link and Africa should not be the weakest link.  So I stop here.  It's just as an introduction, but bottom line, it is extremely important that the multi‑stakeholder principles be applicable also within the framework of cybersecurity.

And Africa should be products that are being manufactured there, and but also should create its own ecosystem in terms of capacities, in terms of cyber industry, and cybersecurity industry.  I stop here and happy to answer your specific question.

>> MODERATOR: Thank you very much.  You have been quite critical about the situation in Africa in regards to this topic, but rest assured we have experienced these challenged be it on siloed approach or maybe not as efficient multi‑stakeholder participation in other parts of the world, and that is also why we want to discuss it here today.  So thank you.

Turning to you, Chris, the Global Forum on Cyber Expertise has evaluated this topic on cyber and development intersection as quite vital or challenging.  To the extent that it has decided to have its partners organize a major Conference on global cyber capacity building that will be happening end of November in Ghana, first of all, why the angle also for the GFC, and how do you expect these issues to be tackled.

>> CHRISTOPHER PAINTER: Thank you, Tereza, and thank every other speaker for their comments.  I agree with what was said before.  It stems from what we have heard from other panelists that there is this divide between the traditional development community and the cybersecurity capacity building community much like there is a divide between the traditional economic and innovation community and security community at a larger scale.  I think it's partly misperception that they think of cybersecurity as too technical, but a lot of development projects are technical, but on the other hand it's a defense thing, a security thing, that's why for the governance we are having in Ghana it's to bolster cyber resilience. 

And the term was to address both communities and something that resonates with both rather than cybersecurity which has resonance within this community but maybe not the development community.

We have seen this play out in different venues.  A lot of countries think that cybersecurity is not ODA‑able, because they think it's a military thing.  It's not, but that's the perception sometimes.  We see even in the negotiations of the UN, I remember in the last, the OEWG we wanted to get language in saying that cybersecurity undergirded the UN development goals which indeed they do.  They may not mention cybersecurity as a separate goal or digitization as a separate goal, but they undergird many of those goals.  But there is a little bit of fear that the development goals are the provenance of the first but not the second Committee.

That's crazy because we are all in the same world, and we have to deal with the same issues.  So the Conference in Ghana, and it's not just a Conference for Africa.  It is being held in Africa.  There will be significant African participation, but it's a global Conference.  One of its chief goals is to bring together the traditional development community and the cyber community as others have said on this panel to mainstream cyber capacity building as a foundational element of development.

We have seen some organisations, one of the co‑organizers of this Conference is the World Bank.  We have the world economic forum, the World Bank, the cyberpeace institute and us, GFC.  We have a Steering Committee of a number of companies and organisations including Microsoft, and so there is this understanding that we need to mainstream this.  We bring the communities together and we have seen the World Bank.  USAID, the British development agency has been on the front foot in the last few years in trying to do this integration, but it's still rare.

And that has implications in terms of you were saying that digitization development projects obviously have a cybersecurity angle but really almost development project does whether water, power, financial systems, almost any foundational thing you can think of, cybersecurity is important.  So we want to bring these together.  We want to build understanding.  We want to have an outcome coming out of this Conference that is action oriented that champions this integration and brings it forward.  It's a Conference.

It's an important marker, but it's really a process going after that to continue to make sure that people, that we bring these communities together because it will make us both stronger.  It will help the development community because if development projects go wrong because they don't have good cybersecurity, that hurts everyone, and it will help the cybersecurity community because it opens, as others have said, more resources, access and mainstreaming.

We are looking forward to the Conference.  It's a big undertaking but I think it will be well worth it.  As I said it's the beginning or maybe the midpoint of the process rather than the end of a process.  It's something I think we will all have to persevere and continue to do.

>> MODERATOR: Thank you, Chris.  So, yes, I like that you also presented that if these two worlds interact a little bit more it should be win/win.  It should be win for both development community and the cybersecurity community.

>> CHRISTOPHER PAINTER: I don't want to be perceived as saying, hey, those development guys don't know what they are doing, they need to embrace us.

We are not good at talking to the development community either.  The division lays on both sides.  So the idea of bringing us together is for both of us to move toward each other and I think that's important.

>> MODERATOR: No.  Totally.  How can we use the development language?  How can the development community use the cybersecurity language more to understand each other better.  At this point I would like to turn to you.  I can recognize some faces in the room.  Many of you have been involved also in various development projects, and maybe come across some challenges when it comes to cybersecurity or vice versa, you have been in cyber projects and maybe struggled with linking it to some of the bigger issue of international development.

We really would like to hear from you, and please don't let us down because this is important, and I hope it's in everybody's interest that the compendium we will publish or any outcomes that will come from the GC3B the Global Conference on Cyber Capacity Building really make a difference.  So if I may ask you to not be shy and come to one of the microphones around the room and share with us some concerns, it would be excellent.

  This is Patrick Pavlack very closely involved in planning the GC3B.

>> AUDIENCE: Thank you for your presentations.  I have a few comments that I think might be interesting as you move forward with thinking about this project.  I have been involved with the European Union on a few projects linked on cyber capacity building, and I think one of them specifically might be relevant, which is the trainings we have been doing with colleagues for the officials of the EU Delegations around the world in different parts of the world.

And that is specifically focused on cyber capacity building.  One of the big challenges that we have seen while doing this training is that diplomats are more and more asked to engage not only on cyber projects but also on digital issues.  There is a lot of digital development projects as you have said.

And the challenge on the ground is that actually very often they do not understand the difference, what is digital, what is cyber and how do the two come together?  So I think as you conceptualize the project and before you even go to the introductions, it would be probably useful to explain how the two come together and where the idea of the mainstreaming sort of comes in, because that might, I mean, that very often poses a challenge.

The second thing maybe I would like to share, and that's, again, from another project I have been involved in is the operational guidance on cyber capacity building that we have been working on for the European Commission.  And there we have really gone through the process of trying to think exactly how different aspects of cybersecurity can be reflected, taken on board in actually developing development projects.  So here I think the European Commission and the international partnership is one of the examples of this development agency if you want that has actually quite eye good understanding of issues because that's the process we have started in 2017.  We had the second edition of this operational guidance, but we are touching on a lot of the points you have flagged, the importance of context, for instance.

One of the key issues that we found is important but very often neglected in these discussions is the importance of enabling environment when you talk about cyber capacity building.  I think that's exactly where mainstreaming and digital projects also come in because we very often say that the two are two sides of the same coin and I think it will be important to reflect on those.

The operational guidance, I think, is going to be published before your report, so I think it might also be useful, but I'm happy to share sort of the job that we had because we go in different direction thinking how cyber capacity building fits to mainstreaming.

There is the derisking approach that we are also looking at.  So I think it might be interesting to think of how those different elements come together.  I will stop here.

Thank you.

>> MODERATOR: Thank you very much Patrick for the excellent inputs and breaking the ice as well.  I think that Johan is quite well placed to tell us the diplomates and how do you make the difference?  Where is the line between cyber and development, and maybe Chris then to you on this general question on what do we mean by mainstreaming cyber and development, and please give me a sign if you want to chip in later.?  Did I misinterpret you?

>> AUDIENCE: No, no, you didn't but I will give one example that will make it very concrete.  For instance, during one of the trainings we got very specific question about Blockchain.  One of the colleagues said, you know, we are asking the delegation to implement a project on Blockchain in the justice system.  How does cybersecurity fit?  How do we actually approach those topics?

And then we say we are neither experts on Blockchain, nor on cybersecurity, so how can we actually manage it on the ground?  I think that's something that would be very interesting to think about as well.

>> JOHAN EKERHULT:  Thanks, Patrick for a challenging question.  I can say that I started out on the cybersecurity side and many years in dealing with a bit more the hard core stuff on the cybersecurity, and now I have been five years in Geneva, and that's much more the digital side of it.

So I can just agree very much with what was said.  I think on the funding side, yes, from a Swedish point of view, we are struggling a little bit because when I came, I said why don't we fund?  And the answer, well, it is UN specialized agencies, they are not development agencies, so that's a problem.

I think what ITU mentioned on getting it together, yes, it's a hassle, and it's a challenge.  What we have been doing now is we have set up a national security advisor in Sweden at the Prime Minister's office so hopefully that will help in integrating these things because it is tricky to get this right.

But I think at least we can see from a national perspective and what we feel in Geneva is that everybody understands that digital is a part of everyday life, and it touches all aspects, so cybersecurity, or if you mandate security needs to be integrated.

And from a Geneva perspective, you have the hard core cybersecurity stuff in that you have cyber PC institute working on how to help implement cybersecurity for, example, NGO's working in humanitarian field.  They have extremely sensitive data.  ICRC suffered a major attack.

So there you have the link directly, but, of course, you also have the issue of digital security, if you would call it that in how we deal with standards in the ITU and in the ISO.  And then, of course, we have the whole human rights angle which also has security implications because I think we talk a lot about bridging the digital divide and we all need to do that, but I think the minute we get there, the first thing I want as a parent is that when my kids go online, that it is a safe and secure environment when they do that.

And then for me that we have trust, security, the basic rights are respected are for me as an individual very fundamental and for Sweden it's fundamental.  That's why we think these are things.  But I think the getting the link right between the development community and perhaps the classical defense community, but I also think the economic community is something that we are struggling with.

So I'm not, but we are working on it, and I think the best thing we can do is to try to build these kind of networks and try to work together.  And I have the privilege of being in Geneva and seeing that.  I mean, I also deal with E‑commerce negotiation WTO.  So today we try to get the overall regulations free for getting trade flows and digital flows going and we have language on cryptography, we have language on cybersecurity in there, and, yes, they will not be specific, but they will actually create a link to what is needed on more implementation side.

So I think we, I see closer and closer integration on it, and I think what you have been doing, Patrick, is excellent because we need a lot of capacity building, and I think we all need that capacity building, and I think the importance of what you are making is that we need a holistic capacity building because we need to be able to explain what are the pieces, but also how the pieces link up.  Thank you.

>> MODERATOR: Thank you very much for this honest assessment.  Chris, if I may turn to you on the intersection and what we mean by mainstreaming.

>> CHRISTOPHER PAINTER: I could give you a couple stories. I remember when I was at the Whitehouse we were doing the U.S. international strategy for cyberspace.  It was the first international strategy on this topic released by any country, but the National Economic Council said you can't call it because it's about cybersecurity and it's not about cybersecurity.  It actually had elements of economics, it has human rights, in fact, we got a bunch of people in a room like this from various agencies in the U.S. Government and they didn't speak the same language.  The human rights folks used one set of words, Internet policy people called it the Internet, the cybersecurity people called it cybersecurity, so just getting the people in a room and meeting and talking together made us release a strategy that really fulfilled that larger goal, a larger goal with each their different areas feeding into it.

So that was very helpful just bringing those communities together.  I remember going, for instance, to another country and we are talking about ITU meetings, and they said we don't go to ITU meetings, that's this other ministry because that's telecommunications.

But as you know, the ITU does much more than that.  So it's breaking down barriers within a country, within Governments, within Governments in the private sector, within the private sector itself, within civil society.  I think it's really changing the way we think about this, and we are seeing good glimmers of that.

For instance, when I was at the State Department and started the cyber diplomacy office we weren't just about security.  We had a Human Rights component, we had an economic component.  Now, that's been institutionalized, and a number of countries, the cyber Ambassador is also the digital Ambassador.

That's a good thing and I think that's one of the ways we need to bring this together, but we have a long way to go to make that a reality.  That helps us each see opportunities on the other side that we haven't seen before.

>> MODERATOR: Thank you, Chris.  Firsthand experience from you.  Yohan was smiling when you were speaking because you recognized a lot happening in other Governments.  Moctar over to you.

>> MOCTAR YEDALY:  Also the comment is extremely important.  In this part of the world, Africa specifically, you can find an excellent diplomat about geo politics, but they don't know anything about technology specifically.  They cannot even the rapid pace of technology coming into our lives is actually for non‑technical person, it is very hard to follow what is happening.

And second, you can find an excellent technical people who knows technology very well, but have no idea about the geo politics and what is happening within the era of diplomacy and so on so even though they want to be part of it, the transformations, the geo political transformation make it very hard.

And I will give an example.  We have a level of development within the digital space thanks to collaboration among all of us, technology, industry, we have had this technical and technology cooperation that needed humanity advances.  Today we are seeing different technologies coming to the end there and the restrictions here and there, and even I may say we are moving a little more and more to really the digital divide in the sense that we do have different setups and technologies in every area of the world, which brings us we are coming into the cold technical war among the biggest countries.  Hence the smaller countries are here following, and I want be surprised in the few times you will have to choose, should I go by this system or that system or that technology or that technology?

And you find the consumers are those who don't have technological ecosystem or have the appropriate capacity to find the phone and rather than carrying one or two, they will be carrying thousands of them around their belts and in order to be connected here and there.  So that bridge between technical and diplomats, and that continuous capacity building, it's a permanent kind of thing.  This is something that has to be capacity building is not one time.  It's not short.  It's something that is permanently being addressed and needs to be addressed because the technology advances so fast, it's so diverse, it's so integrated and so machine‑oriented and controlled that we need to make sure that we as human beings are there technically cooperating and really pushing for the technological corporation for the safety of all.

>> MODERATOR: Thank you very much.  Yes, I know we have a comment online.  Then I will go to Yasmine, then to you Michael.  So joining us from the Philippines, over to you.

>> AUDIENCE: Yes, this is very nice discussion just in time because most countries here in as see Ann are gearing towards digital development, but ASEAN are going towards digital development.  So in an increasingly digitized world where our lives are intertwined with technology, there is a need to have a robust cybersecurity governance, if I may say.

The rise of the digital age has assured unparalleled convenience, but it has also exposed us to unprecedented risk.  So to achieve this seamless digital governance and avert potential disruptions, it's imperative we prioritize cybersecurity governance as a top priority.

And in ASEAN, a basic experience, leaders are not interdisciplinary.  Most of the leaders in the Government are in some areas in ASEAN only understands single expertise.  For example, if you are the policy guy but you are not the technical guy.  I believe what we need to achieve digital transformation and secure digital landscape is to have an interdisciplinary leader who understands all aspects of cybersecurity as well as the digital aspect of development.

So I believe without proper cybersecurity governance, organisations and Governments are in treacherous waters leaving themselves exposed to potentially catastrophic consequences.  Thank you.

>> MODERATOR: Thank you very much, Alan, for that.  And I mean, yes, it comes down to people very often.  That's why we've also brought up the issue of cyber capacity building and capacity building in general so often in the session.  Thank you for reconfirming that.

Just to have an idea how many more comments in the room we will have to plan.  Very good.  So quick reflections to Yasmine, quick reflections to Michael and we go over to you, sir.  You want to go now?  Okay.  Please go ahead then.

>> AUDIENCE: I'm from the Government of Sri Lanka I'm a civil servant and I served in New York as a diplomat by the time the SDGs was formed I was part of the open Working Group.  I know it is challenging to internalize everything on the SDGs but when it comes to development practice and finding partnerships, I'm not sure whether the development community is looking into this aspect and what portion should be allocated in into budgeting and planning on political information infrastructure?  Is there a guideline for certain, or there is a formula or something that can work around this?  I think it would be helpful.  Sri Lanka we adopt the cybersecurity strategy and adopted cybersecurity policy as well.

These things have to go into the standard organizational strategy as development projects.

>> MODERATOR: Excellent question.  Thank you very much for that.  For everybody's information, we have about seven minutes left.  Yasmine, Michael, maybe to share what comes up.  So let's reflect shortly.

>> YASMINE HAMDAR: I will be sure to be brief.

Thank you for the question.  Definitely there needs to be thinking of cybersecurity in development projects.  I'm always sort of adamant in trying to look into other fields for lessons learned and not reinventing the wheel.  So we can look into climate and climate negotiations because it's highly technical, it's specific expertise and it might be very much intimidating for policy people, diplomats but now there is this understanding that is highly interlinked with development as well.

So let's look also into other, you know, lessons learned from other fields.  I mean, holistic views of governance are not something new.  I think it can be done in cybersecurity as well.

>> MODERATOR: Totally agree.  Michael.

>> MICHAEL KARIMIAN: Just a quick reflection on Patrick's example, the example of the diplomat working on a project relating to Blockchain.  We have seen the digitization of core systems.  In some context you will see donor agencies and development practitioners use things like a needs assessment, feasibility assessment, Impact Assessment.  Based on these discussions we should end up with a real assessment of cyber feasibility and sizer needs and impacts.  Chris mentioned the institutionalization of human rights and we have seen variations of those processes.  And the colleague from Sri Lanka, the question on budgets, I think it's important to have a mindset where we don't think of cybersecurity as a cost but investment, one that pays dividends over many years to come.

>> MODERATOR: Thank you very much, Michael.  I'm afraid that the time is really ticking, so Johan, maybe you share briefly what are the next steps of the consortium of the project?

>> JOHAN EKERHULT:  Thank you very much.  I think this was very, very useful discussion.  We take this with us.  We will have another consultation coming up in Singapore, and the aim we are hoping is to produce guidance for this by December so that will be something that we hope to be able to consolidate your point in a way that is useful so we can take this issue forward.  Thank you.

>> MODERATOR: Thank you very much.  If any of you happen to be attending the Singapore international cyber week next week, please let us know so that we make sure to invite you to a consultation that will be taking more in the southeast Asian context.

Please do let us know.  Coming up next will be a session at the GC3B and I mentioned at the beginning we hope publishing the compendium in December.  With that I would like to thank you for listening to all of you who have shared your experience with us no online, Moctar and Alan for your inputs and here in the room to Chris, Yasmine, Michael and Johan.  Have a good rest of the IGF and see you around.  Thank you.