IGF 2017 - Day 2 - Room IX -WS100 Bridging Digital Divides Through Cybersecurity Capacity Building

 

The following are the outputs of the real-time captioning taken during the Twelfth Annual Meeting of the Internet Governance Forum (IGF) in Geneva, Switzerland, from 17 to 21 December 2017. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 

***

 

>>> Welcome, everybody.  We're going to be discussing bridging Digital Divides through cybersecurity capacity today.  And our session's going to take place in two different parts.  The first part of the session we're going to have our wonderful speakers discuss what they're doing in their different programs ‑‑ maybe I should ‑‑ and then the second half of our session, we're going to actually have a breakout where we're going to get into different groups and discuss some of the key issues that came up during the presentations but also use the questions in the papers that you see around you as well.  And when that time comes, I'll just let you know how to organize yourselves.  And then after that we'll report back and we'll just have some final closing comments. 

So this session, just to let you know, is due to go on to about 1:20 P.M.  So we have a good amount of time to go through everything and to have our speakers speak and to have all of you get engaged with this, in particular.  So the purpose of the workshop is to bring together cybersecurity experts to raise awareness on a lot of multistakeholder projects and partnerships that are going on right now in cybersecurity.  And I know from some of these panelists that there's quite a lot going on.  And I know personally from my work, there's a lot that the GSMA engages in as well.  So I look forward to hearing about other projects. 

The workshop will look forward to the digital future and discuss a lot of the issues, maybe some of the challenges, how to scale and leverage different learnings and possibly best practices as well.  And we'll look at sort of a wide range and a geographical range of where these issues are being addressed. 

So I have a great set of speakers today.  And I apologize in advance if I don't pronounce your name correctly.  So on my sheet or actually I'll start with Carmen Gonsalves, head of international cyber policy in the Netherlands government.  Thank you.  Welcome.  And Lillian Nalwoga, is that correct?  Great.  President of the Internet society's Uganda chapter.  I also have Belisario Contreras, organization of American States.  I have Sadie Creese, who is the founding director of the Global Cybersecurity Capacity Centre at the university of Oxford.  And last but not least is Audrey Plonk, director of government policy at Intel. 

So Lillian, I'd like to start with you.  Let me give you a couple of questions and maybe some thoughts before we start so that you can respond to.  So why is cybersecurity capacity building important for bridging Digital Divides, and in particular, in Africa, in your experience?  And how can multistakeholder efforts actually support this, and what have you seen if Africa?  Thank you. 

>> AUDREY PLONK: Thanks, Dominique.  I don't know if it's still morning ‑‑ yes.  Good morning, everyone, and thank you for joining us today for this session.  We hope to add more than what you have to share. 

From the Africa perspective, one is I think to ask to understand what is happening in Africa and other initiatives, we need to understand what is cybersecurity capacity building and more so what is cybersecurity.  I know everyone here may have a definition, you're an expert by the very fact you're here.  But when we talk about cybersecurity capacity building, we are looking at a set of initiatives that different stakeholders from individuals' governments private sector need to do to realize the benefits that digital technologies offer. 

This is important in Africa because, one, we still have very few people who are connected, and we are talking about getting the next, I don't know, billion, 20 billion connected online.  And just about 1% of the entire African population has access to Internet.  And the few, just as it sounds 20%, the remaining, I guess, 79 still is unconnected.  Whereas when we look at the few that are connected, they still have challenges in how they access the systems, the security of the systems.  One ‑‑ from one stakeholder group, we still have a challenge in how governments are securing critical infrastructure or how businesses are reacting to these cybersecurity concerns. 

So it is important for us, coming from Africa, for us ‑‑ for the ones who are looking to connect online to be able to have trust in the Internet.  So that when they make that first click, everything is close to perfect.  So one thing when we're looking at the importance of cybersecurity capacity building, we are looking at having trust.  But also in having trust, then there's also having confidence.  Because if we are looking at people using electronic payments, e‑commerce, and they go to use a system, a system has crashed or there's been a report that there's been a hack on a particular bank or something like that, then there's no confidence.  So it is important that this capacity builds for the people who are putting in place these systems from the banks, from the governments, but also from the users.  So there's the issue of trust and confidence.  Yes. 

So from my experience, what we are seeing happening is I know in many countries right now, we are seeing initiatives coming up.  We are seeing governments strengthening the computer teams.  From the country I come from, Uganda, we have the national and (?) And we are seeing lots of improvements in how governments or businesses react to some of these cyber crime incidents.  But going back to the issue of trust and confidence, we are seeing that when things are secure or when people have trust, it will lead to the realization of a better Digital Economy

When we look at big economies, like, say in south Africa, Kenya and Nigeria where (?) We are seeing a lot of rapid economic development ‑‑ economic growth in these countries.  So it is important for us to have security of systems by building resilient technology, infrastructure and also building trust in the systems and, of course, this goes a long way into having users aware about, you know, the different, you know, dangers of, you know, cyber crime, knowing about, you know, cyber risks.  From an enabling environment in terms of (?) To having resilient infrastructure but also the end users need to have that trust and confidence and them to be aware about the different risks. 

>> DOMINIQUE LAZANSKI: Fantastic.  Thank you.  We're going to move to your region, Belisario, if that's okay.  I was wondering if you could comment a little bit about your program and how it works with multistakeholders or different stakeholders and sort of what your approach is to national and regional strategies as well.  Thank you. 

>> BELISARIO CONTRERAS: Thank you.  Yes, I would like to thank you for putting this portion together.  And actually for making sure that ‑‑ well (?) So thank you.  Thank you very much.  I really need to tell you that ‑‑ well, (?) Behind governments, there are human beings.  And we as a people working on these issues, we need to be a little bit humble.  We have been learning through the process.  (?) We have been working on (?) Issues in the region and actually learning from people Africa and Europe and Asia.  It has been a very complicated process.  It has not been very easy.  Over these first years, our work was purely government focused.  Actually, our first work only focused on certs or on a specific training.  But that notion has completely changed.  Now we see, for example, this year four countries adopted strategies through different processes, call it inclusive or stakeholder or participative process, however you want to call it, of other countries.  Sometimes those words are very strong, and I don't want to put them.  But we are always trying to learn from other experiences and share them with our member states.  We recognize that each country and actually each country, each community is totally different.  We need to be very respectful of the social and economic and cultural differences that are in each country.  You cannot compare a country like Mexico with Brazil and Argentina.  (?) Their cultural roots, their language, the economy might be totally different.  Of course, I don't want to (?) With what could be applied to other European or Asian countries.  Of course, there should be always basic principles our organization shares on human rights that includes freedom of speech, privacy, gender inclusion, diversity. 

We are now focusing a lot on development issues, and trying to ask our member states, don't use cybersecurity, information security or however terminology you want to use on the traditional and national security site, but try to focus on the socioeconomic development perspective because that way you actually are going to have a better outreach of all the national actors. 

Again, this is where we're going to continue learning from you, from the private sector, from society, from other regions.  And I think what we are trying to do (?) Is apply what we see that is working in other places.  And I think my time is up. 

>> DOMINIQUE LAZANSKI: Thank you.  Thank you for keeping to time, too.  So we're going to move from two regional perspectives to the private sector.  And I wanted to ask Audrey Plonk to speak a little bit about what the private sector is doing in terms of cybersecurity capacity building, especially with her experiences at Intel. 

>> PANELIST: Thank you, Dominique and good afternoon, everyone.  Just a couple things so I can stick to my time that I wanted to highlight from the private sector perspective with regard to capacity building, you know, you know, we've been having discussions about how to build capacity for a very long time now around the world, and, you know, it's a big challenge for governments and the private sector.  So from a private sector interest perspective, we are developing the products and putting them out in the environment, and we need people on the other side, whether it's in Civil Society or government or other companies to be able to work with us on dealing with issues that affect multiple platforms.  Very little is independent these days.  All of these systems are highly integrated.  The hardware and software is highly integrated.  If you have a problem, it often affects many.

And so we've tried to put time and effort into working with governments to develop programs to train people, to drive cybersecurity into the education systems all the way, you know, down from early education of children all the way up through higher education and advanced degrees and computer science programs to include a strong curriculum in security as a function of the discipline of cyber ‑‑ of the computer science, just generally so that it's not that cybersecurity isn't just considered this other thing, but it's really part of all computing.  And I think we generally ‑‑ we generally believe that. 

But it is an ongoing need, and we recognize that there's more ‑‑ there's always more work to be done here.  And I think, you know, it's a big challenge.  There's a big need in the private sector to have the same capacity.  And so it's a challenge for governments to be able to keep up particularly governments, and I'm sure to some degree to Civil Society to keep up with attracting that cybersecurity talent in the workforce and keeping them, you know, working in these other jobs.  So there's several different countries that have interesting models that I'm sure we'll talk about as we move through.  But I think, you know, I just want to underscore the commitment of the private sector to try to advance these programs, some of which you've heard about and others which you will hear about because, you know, the trust in the infrastructure and in the devices and the digital comments that we live in is sort of the fundamental aspect of succeeding in the market, and so it's a core responsibility that I think many in the private sector feel they have. 

>> DOMINIQUE LAZANSKI: Thank you, Audrey.  I'm going to move next to Sadie Creese who is at the Global Cybersecurity Capacity Centre.  So I'm hoping that you can comment on sort of how you approach the multistakeholder model within your work and also what your engagement is across the world and within the multistakeholder model across the world and taking that where you go.  Thank you. 

>> SADIE CREESE: Thank you.  So in the context of our centre, one of the key aspects of our work is to champion a cybersecurity capacity maturity model, which is designed to enable nations and ultimately regions to assess what their own capacity is.  It has many dimensions in terms of measuring maturity right from start‑up all the way through to strategic, and it's incredibly broad in its coverage.  So it will cover your ability to set policy and strategies, set law and regulation, access the right standards, technologies, education and leadership, and even broader societal cultural aspects. 

And what I should say is that when we designed that, we didn't design that model in isolation in Oxford.  And we recognized that cybersecurity's inherently multistakeholder and disciplinary and it was designed in partnership with stakeholders from all sectors from around the world.  Some of whom are at this table now.  And that's how the model was initially conceived.  And also, recognizing the necessity for multistakeholder in order for it to be successful, when we deploy it in countries, there is a multistakeholder approach.  So if a country is going to assess itself and its own capacity, then what we do is we encourage them to hold focus groups to consult widely, whether that's with Civil Society, with industry, with academia, with experts from government, policy centers, problem owners, they come together.  It's incredibly important for the success of the assessment that you can triangulate those views.  You can take account of different perspectives in terms of what's happening and truly reach a consensus on what the current level of capacity is.  And then the model, of course, enables you to understand what you would need to do to grow your capacity.  So that's one aspect. 

And in terms of how we work with our partners across the world, we see the center as being the champions and the custodians of the knowledge.  But this model has to be deployed in order for us to understand what's right, what needs to evolve and change, and the world is a changing place.  And in order to do that, we work closely with the people that helped design it and more broadly other strategic partners.  So the organization of American states will use this to help countries assess where they sit so that it can guide, amongst other things, their work on cybersecurity strategies building.  We'll work with the World Bank and similar organizations who will assess countries' needs in cybersecurity and the context of their broad ICT engagement.  So this is about setting cybersecurity in the broader context of what nations are trying to do.  And in today's world, we all know if you're launching banks, if you're managing water and hospitals and transport and communications, there's always a cyber element.  And where there's a cyber element, there's likely a cybersecurity requirement. 

And so the model is helping inform needs so that when we can ensure the success of all of these kinds of ICT investments, that they move in tandem with the security needs.  And just to finish up, the centre is in itself an evolving organism not just in terms of partners from across the world but in terms of how we ensure sustainability of this knowledge base.  So we are currently in what we refer to as a transform phase where we're building partnerships in regions with a view to ensuring the sustainability of this kind of thinking.  So it's not just going to be we champion it from Oxford, but we hope to work closely with stakeholders across all the regions to help support regional centers taking this forward, and they would themselves build up these stakeholder networks.  So eventually we have a constellation around the globe moving it forward. 

>> DOMINIQUE LAZANSKI: Terrific.  Thank you very much.  And finally, Carmen Gonsalves from the Netherlands government is going to talk a little bit about why it's important to strengthen the multistakeholder model in this area, probably building on a lot of what you've already heard, and what are some of the lessons you've learned in your center as well.  Thank you. 

>> CARMEN GONSALVES: Thank you very much, Dominique.  Thank you.  A lot of very insightful remarks have already been made.  What I can add to that from the Netherlands is a bit of ‑‑ a short peek into our own history to explain why ‑‑ when we came to realize how important multistakeholderism is to cybersecurity.  Every new policy development of some importance, of course, is often rooted in a landmark event that triggers a reaction.  In our case in the area of cybersecurity, that happened in the year 2011 when the certificate authority Diginote experienced a very serious security breach resulting in the further issuance of certificates affecting not only the Netherlands but other countries, but in the Netherlands, it affected a large part of the private sector and a huge part of the public sector and government. 

And when we tackled this crisis, we very much, as a government, we discovered that working closely together with other stakeholders, with the private sector, academia, the tech community was quintessential to overcoming the challenges.  That helped us to, in our process, to work to the next level of maturity in cybersecurity.  And then in 2015, when we had the opportunity to organize the next conference if the process in the London process, the global conference on cyberspace, we took the opportunity together with the participants in the GCCS to establish an international flexible action‑oriented multistakeholder platform, the global forum on cyber expertise. 

This is a global forum that now, a couple of years after ‑‑ 2 1/2 years after it came into existence already accounts 60 members, states, international organizations, representatives of the private sector working together closely with Civil Society.  This global forum on cyber expertise was meant to enhance these international exchange of best practices and expertise in the area of cybersecurity involving all these important quintessential stakeholders.  Identifying successful policies and multiplying these.  That is the goal and still is the goal. 

GSSE thus taps into all these sources of expertise, research institutions, technical communities and effectively, of course, engaging with individual users as well.  While doing ‑‑ while engaging in these capacity building exercises, we also became even more convinced that capacity building in cybersecurity is not only there for the sake of cybersecurity itself, but it is a precondition for the other big challenge, bridging this Digital Divide that we are still coping with in the world.  Because it is ‑‑ it has already been said by Lillian, among others, that in order to reap the benefits of digitalization, economic growth fueled by the digital competent, et cetera, trust is absolutely fundamental.  And the only way we can ensure that we have ‑‑ we build this trust is by upping cybersecurity and by doing that in a multistakeholder fashion.  

So indeed, that's why we are more and more convinced that we should try to get to work together in a multistakeholder fashion internationally.  We take pride in the fact that the GFCE works together closely with regional organizations like the African union, like the organization of American States and others, and we just hope that this network of interlocking ‑‑ yeah ‑‑ initiatives and capacity building will strengthen itself and together with the next level of maturity.  I think that's it for my initial remarks.  Thank you very much. 

>> DOMINIQUE LAZANSKI: Thank you.  And I know you have to leave a bit early, right?  So if there's anything else ‑‑

>> SADIE CREESE: The only thing I would like to add, we recently were able, in Delhi, during the global conference of cyberspace held there, together with all the members of the GFCE community, to bring our thoughts about what we could do next in the area of global capacity building to the next level.  We identified ‑‑ we together developed a global agenda for capacity ‑‑ for global capacity building and added to that a guide with (?).  The idea is based on that agenda, which has identified five priority themes, cybersecurity policy and strategy, incident management and infrastructure protection, cyber crime, cybersecurity culture and skills, and finally, last but not least, cybersecurity standards that around this agenda based on five pillars, we will try to foster cooperation and coordination worldwide in the years to come.  And we very much thank all our partners who worked with us in drawing up this agenda.  And we're for you going to try to take the work forward as energetic as we can, taking everybody ‑‑ all the ideas of the whole community on board.  So an open, standing invitation to share your ideas with us.  But we definitely will ‑‑ we will present you with new ideas on how to engage further soon.  Thank you. 

>> DOMINIQUE LAZANSKI: Thank you.  So already we can see some very common themes coming through, I would say, trust, education, awareness, and the participation of all stakeholders meeting with different sort of abilities and different experiences as well.  So what I'm going to do now, we're running right on time, is to start the breakout group discussion.  And I'd like to see if we can get one group in this row of desks, one group here, and one group here.  Each group has a set of questions but also can, you know, discuss other things as well.  So there's no specific theme to each group.  And please, everyone on the side, join, I guess, a different group if that works as well.  And then two of us each will join into that group.  So we'll have until about ‑‑ let's see ‑‑ 20 till, quarter till to discuss.  And then basically, I'll ask one of you to report back on your discussions. 

The speakers will, obviously, lead some of the discussions further as well.  Is there anything else that I need to ‑‑ is that ‑‑

>> PARTICIPANT: (?)

>> DOMINIQUE LAZANSKI: Okay, great.  Thank you for asking.  Can we go ahead and do that and try to get into different groups and see how that goes.  Great.  Yeah, so one table, one table and one table.  And there's a lot more people over on this side.  So I'd say kind of huddle around each other.  I've never done this before, so I'm not sure how it's going to work.  You all feel free to join another group. 

(Breakout group discussions)

>> Hello, everybody.  Sorry to interrupt.  Just to let you know that we're going to have to report back soon.  Ready to report back?  Okay. 

>> DOMINIQUE LAZANSKI: All right.  Can everybody sort of pick someone to report back?  Not a speaker necessarily.  And then we can hear ‑‑ we had a really good discussion, but then we can hear from each of you where sort of what your discussion was.  I might start with our group.  Ten minutes more?  Because we're finishing in about 20 minutes.  So 25 minutes.  Did you get through all the questions, or no?  You don't have to.  Oh, I'm so sorry.  Yeah, Audrey, sorry.  All right. 

Okay.  I can use this. 

[ Tapping ]

Has everyone sort of picked out a person or nominated a person to speak?

I think I might start with my group because we already know who's going to speak.  Do you want to go ahead and kind of give a bit of a summary of what we did?  Okay. 

>> PARTICIPANT: So in our group, we went through the questions and kind of found that we were answering most of them at the same time, as we discussed.  And we had a really interesting mix of stakeholders in the group, which was great.  I think the biggest things that we took away from this, though, was that we need a lot more research on the initiatives that are already going on in cybersecurity and what the effect is.  So we need information on, you know, what is this problem?  What will expanded projects actually do?  And how effective have they been?  And that's going to help governments especially figure out what kind of resources they can allot to this work. 

We also discussed the need for a multistakeholder approach.  This is not any one issue or group can fix on its own.  So we feed to work together, Civil Society, government and international actors.  There's also a huge need for information and training.  Every country needs to do this and we need to work together to share best practices and resources so that we can all progress together. 

Let's see.  I think those are our biggest things.  There are programs going on that need to be expanded.  Increase the evidence of how more education can actually reduce cyber harm and how reducing cyber harm actually decreases Digital Divide.  Especially because these things we think of as common sense but aren't measured.  And needs more technical capacity building.  So especially in the United States, there's a big gap between the work that needs to be done and the people with the technical skills to fill that work.  That's what I took from it.  Did I miss anything? 

>> DOMINIQUE LAZANSKI: Thank you.  Okay. 

>> PARTICIPANT: It's going to be very brief.  So lack of cybersecurity capacity building and awareness, it could lead to ‑‑ we have to raise awareness and then also the infrastructure development, it could be hard as well.  And the second one is capacity building challenges, main challenges that we have discussed here is the support from the government on the awareness raising of the cybersecurity capacity building as well as the cooperation between regional and as well as the international community.  So perhaps we discuss following the international cybersecurity standards and then to take a look locally on these issues. 

And the solution is to first we have to assess the maturity of the country, maturity of cybersecurity, maturity of the country, and then also based on that, we have to follow the international standards and norms.  Thank you.  I think that's it.  If I missed anything, then you can feel free to add. 

>> DOMINIQUE LAZANSKI: Okay, thank you.  And the final group, who is reporting back? 

>> PARTICIPANT: Yeah.  So basically, there was a lot of participation.  A real lack of awareness at all levels.  Participants from the Civil Society, actually, there is a lack of coordination.  For example, in a specific country in Africa, a big region of the country shut down the Internet for three months, and there was no response from the national nor international NGO community on that.  Some participation (?) Discuss about Digital Divides and cybersecurity.  Others say that, for example, cybersecurity could be a luxury while access is a challenge.  So that's something that we still need to work out maybe through better security and the access. 

Information about how to be careful or how to raise awareness (?) Cybersecurity.  Sometimes they focus on race, and that sometimes at the same time it's letting the people not actually using the technology.  We pointed out one of the main challenges that the community face are resources, both financial and expertise resources.  There could be many things to be done.  But resources are needed. 

There are, of course, several suggestions.  One of the suggestions was on the (?) We commence understanding.  But at the same time, that a common understanding or the common definition needs to be how flexible.  And we don't feed to impose definitions that (?) Adapting this language to the referring (?).  I don't know if anyone wants to add something else that I'm missing. 

>> DOMINIQUE LAZANSKI: Actually, does anyone have any sort of initial reactions or responses from any of the comments that were made?  There seem to be quite similar and some of the same issues keep coming up all over again.  Anybody have any thoughts?  I'll also open it up to the panelists, if any of you have any additional thoughts. 

>> Yeah, I do.  So one of my initial thoughts ‑‑ and thank you.  It's been a great session ‑‑ is this, that we entered the room today convinced that a multistakeholder was incredibly important to building cybersecurity capacity.  And I think I leave the room with that reinforced.  But very specifically around this issue of the differences across regions and cultures and countries, and I think, you made the point from the panel earlier that there's a necessity to respect those differences, but it's more than that, isn't it?  We will fail if what we do in cybersecurity capacity building is not able to be tailored to the needs because what we keep hearing around the room is that one of the key aspects we lack is awareness and knowledge.  And actually, that's crucial at all levels all the way up through to expertise.  Even amongst the professional community, which standard to use, what's appropriate.  That's different to the kind of awareness that you just want an individual who's got access to a mobile phone to have so that they can stay safe and secure and not let their phone become a platform for attack.  Again, they're the parts of your system.  It seems to me and it's been reinforced for me today the necessity for success will be to develop solutions that are culturally sensitive and therefore we have to not only do that in a multistakeholder way, but we will have to do that in a globally multistakeholder way.  Otherwise we will actually be doomed to failure. 

>> PANELIST: My observation from listening to the stories is that we're dealing with a wide range of issues today in cybersecurity.  And they range from technical capacity to managed networks and managed traffic and mitigate attack and address the need for sort of standard practice and updating and patching systems and keeping them in a good state to these issues of, you know, social media and social norms and transfer of data and information and, you know, further on, the concepts of privacy and protection of data. 

And, you know, to me, I've been in this cybersecurity space for a long time now, and it feels like we've really matured the conversation to recognize the interdependencies between these issues that they're not ‑‑ like you need the technical capacity to do what I was just describing about the network, you know, to drive a better standard and a better process around privacy and data.  And so ‑‑ but it is a huge set of issues, and everybody approaches them somewhat differently, different countries, different organizations.  And so I think this particular dialogue was very useful.  I just wish we had had ‑‑ no, it's not your fault ‑‑ I just wish we had a little bit more time in the groups.  I think it's a good feedback for the organizers that we can put into our report that there was much more willingness to share than we may have expected.  And so I just want to thank my group for that because they were really very open, and we learned a lot, so thank you. 

>> BELISARIO CONTRERAS: Maybe just a comment.  As we continue working on these devices, it's that all the actors, we need to know our respective role.  Civil Society, private sector, community, and the governments, we should understand what's our role.  And sometimes don't pretend or don't try to fulfill the seat of each other.  Because sometimes when you cross the limits or, you know, (?) Functions in the private sector, a function of the government or vice versa, that's where maybe sometimes some issues arise.  So working through this process is very important to understand the role and respect each other.  And I think that would be a very fruitful process in the years to come. 

>> LILLIAN NALWOGA: For me, identifying the different actors, but still goes back to the multistakeholder model of addressing cybersecurity concerns.  What I found interesting is this view that, you know, in the developed countries, things are fine.  And in my group, we had different cases from the UK and the U.S., and we usually look up to these countries and think that things, you know, are fine.  And what was interesting to hear that even if there's a lot that is being done, there's still a lot that can be done.  So for me, it's something that when we look back to the developing countries, and Africa in particular, we have lots of lessons to learn.  And I think someone ‑‑ I don't know if they're still in the room from my group from the U.S.  But as we are trying to ‑‑ as we try to get more people online, I think in Africa, we still have an opportunity to be able to mitigate some of these risks and, you know, create more awareness and waiting for people to connect and then try to address these concerns. 

So in concluding, I would say that cybersecurity is a global concept for everyone.  And, of course, like has already been said, every actor has a different role to play.  But respecting each and every actor's role is key.  But also respecting the different ‑‑ the context in which we are trying to address some of these things is also important.  So putting all this together, I'm sure involves a lot of work.  But where we've reached now, I think we are trying to find a part to addressing this.  It will be interesting to see what 2018 brings in bringing together all of these different aspects of managing cybersecurity. 

>> DOMINIQUE LAZANSKI: Actually, that's a very positive way, I think, to end the panel.  We're a bit early, but I'm sure many of you are quite hungry as well.  To, I really appreciate all of you being here and staying here and trying out our format, which I think you developed.  And it works quite well.  And any feedback from Audrey or anyone else would be great.  Because we were trying to do, you though, a bit more than just the standard talking and questions.  So I think it worked out pretty well.  So I thank all of you for participating.  And also I think our panelists very, very much for being here.  And yeah. 

>> PARTICIPANT: And the moderator. 

>> DOMINIQUE LAZANSKI: Yeah.  I have the easy job.  No, thank you very much.  And please feel free to continue the conversation as well.  Thanks. 

[ Applause ]

(The session ended at 13:05.)