IGF 2020 – Day 10 – High-Level Leaders Track: Security

The following are the outputs of the real-time captioning taken during the virtual Fifteenth Annual Meeting of the Internet Governance Forum (IGF), from 2 to 17 November 2020. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 

***

 

 

   >> JOVAN KURBALIJA:  Thank you.  I really enjoyed enormously this some sort of time machine with our panelists today with the Eugene and Christopher and other colleagues, and what we started is with some sort of message that in order to see forward, we have also to reflect on history and the past, especially this interplay between technology and security.

And my name is Jovan and I'm the Head of Geneva Internet Platform and Director of DIPLO Foundation and used to be co‑director of High‑Level panel on digital cooperation and it's my honor to be here with you today to introduce our panelists through the time zones and through the way of what they're seeing now.

I am connecting from the quite ghostly building of the UN here in Geneva, and it's empty, not only because of pandemic but it is almost 7:30.

We have two of our colleagues in daytime zones.  We have Izumi, UN Under Secretary General of Affairs connecting from New York, and we have Christopher Painter President of Global Forum on Cyber Expertise connecting from Washington DC, one of the first cyber diplomats from U.S. administration.

Then we have two panelists who are making real efforts to join us in this night zones.  First Eugene Kaspersky but I'm sure there is no need to introduce Eugene because you see Kaspersky and very well versed into the history of computer science, and that should probably be some topic for some good broadcast or even a book, Eugene.

Further, today is our dear colleague Latha Redd co‑chair of the global commission of stability on Cyberspace, another experienced cyber diplomat and Latha thank you for joining us and its midnight there and it's really appreciated.

Let me come back to the middle zone of Eurafrica to introduce the other panelists.  Today, we have John Denton joining from Paris and John is Secretary General of International Chamber of Commerce and we have Enrico co‑Director of C3 in Africa and Chair of GFC Research Committee.

That's more or less geography of today's session, and I would like to thank Chengtai, the organizer of today's session, to introduce some sort of time fairness.  Usually our colleagues in Americas have to wake up early in the morning or stay late in the evening and that is some sort of rebalance in that respect.

Now, today's major topic for our discussion is a question of cybersecurity, and I will just try in a few minutes to paint the canvas or backdrop of our discussion today before I pass the floor for our eminent speakers in our excellent panel.

While we're all familiar with what is going on around us and how the digital technology helps humanity to have some sort of societal business continuity over the last seven or eight months, and thanks to the robust digital infrastructure, students continue to studying online, and they're provided with even a rather simple facilities, but important in the times of lockdown of ordering food or working online.

And sometimes it is a given of how the technical infrastructure, how the digital infrastructure really sustained in this difficult time, and I think we should be proud, especially those of you who are involved in ensuring that the digital technology, it is major achievement.

In this process of changes of what has happened, digital companies, tech companies became more important, more relevant, and more dependent on the digital technology creating new vulnerabilities, and we will address them in a few minutes.

Now, this is the general backdrop.  Now, more specifically, cybersecurity issues and digital policy issues are raising relevance in forums and international meetings worldwide.  Now, we are finishing the first week of Internet Governance Forum and the cybersecurity has not been picking up so much, probably there was a need to have this important discussion and then to have more discussion on cybersecurity next week.

Now, before I pass the floor to our panelists, I would like to ask Luis to pose the ‑‑ to put the survey to see what is the atmosphere in the room when it comes to cybersecurity and vulnerabilities.  I hope technology will serve us, and if not, we'll move directly into discussion.  Luis?

Okay.  Well the question is as you can see, is the current turbulent times, for many the Internet is essential to work, relax, and stay in touch with family and friends.  How secure do you feel online, regardless of whether you use the Internet for professional, family, or leisure.  How you are feeling about the Internet, particularly secure, secure, not particularly secure, unsecure, or very unsecure?  Let me see what will be the answer from our colleagues in the room and then on YouTube and I guess there are more of them on YouTube that can participate in the survey.

Okay.  We'll get getting the news soon, and in the meantime, we'll be seeing from Luis, what is the result.  Okay.

Well, we feel quite secure, but not particularly secure, and unsure, and very unsecure.  It's a typical distribution when you ask this type of questions, but the answer is somewhere in the middle and we will see if the reality is also distributed in the same way.  This is the general back backdrop and the first intervention is from Under Secretary General, Izumi.  What do you see as threat of international security posed by COVID‑19?  What are the main priorities or main concerns at the place where you are?  You are in the middle of the negotiation of different policy processes on cybersecurity, sometimes complex as we know there are two parallel processes.  So, what do you see as the threats for international ICT security?  Over to you.

   >> IZUMI NAKAMITSU:  Okay.  Thank you.  Thank you very much, Jovan.  Fascinating members on the panel, and I would really like to congratulate you for putting it together.  And I like the way you started, actually, and I mean, you know, the Internet or the digital technologies have definitely provided enormous opportunities but I would like to add to that just to complement, that it is going to transform our lives, every aspect of our life, work, daily life, staying in touch, et cetera.

What we are now experiencing is a transformative change that are happening around the world, and that, of course, has an impact on where I am actually sitting, and I am responsible for international security issues at the United Nations.

Of course, the downside of this positive, you know, generally positive ICT technologies during the crisis is, of course, you know this change has also been accompanied by enormous spike in cyber incidents, and you know the ITU, the International Telecommunications Union has estimated that the Internet usage has increased during the pandemic by something like 30%, but in terms of cyberattacks or cyber incidents, the increase was actually almost 300%, so you know you can see the enormous impact on the downside as well, even though there are a lot of positive and transformative and positive benefits that these technologies are bringing to us.

Of course, our deep concern is mounting malware campaigns against critical infrastructures and especially during the COVID crisis, hospitals, medical research facilities, and other institutions over the past several months, and that includes the World Health Organization, for example.

I'm told that WHO has reported experiencing more than five times the number of cyberattacks than in the same period last year, and so these incidents are obviously con pounding people's already wide sense of insecurity around their health, livelihood, and future, and of course the ordinary people are experiencing, you know, these rapid increases of phishing incidents, malware, emails, et cetera.

And, of course, what we're wondering is whether this would also have a deep impact on more hard‑core international peace and security issues, of the kinds of cyberattacks that we are seeing, we are witnessing, is of course stopped short of traditional use of force‑type of situations.  It's not a kinetic scene, but it is increasingly posing very difficult questions as to what it is that we are actually looking at in terms of a very serious cyber‑incident that could potentially happen impacting on critical infrastructures that are deeply connected or related to stability and security of our general environment.  So for this reason, the Secretary General has indeed drawn attention to cyberattacks during the COVID‑19 pandemic and he has been repeatedly calling on the international community to do more to prevent and also end cyberattacks on critical civilian infrastructure including health care facilities, and I will stop here for now, and then looking forward to, you know, more in‑depth discussions in terms of what we need to do to make sure that first and foremost, prevent and also ending cyberattacks.

   >> JOVAN KURBALIJA:  Thank you, Under Secretary.  Thank you, Izumi, for great description of the landscape and shocking numbers for discrepancy of using the Internet of 30% and 300% in the cyberattacks numbers are useful to give us some sort of bearing of the overall situation, and definitely will be coming back to the quite a few points that you raised in the introductory statement on the actions from the UN Secretary General and the actions and activities of your office, which are very, very important for the global cybersecurity.

There was one interesting comment coming from the Amid, and he commented on my sort of map of the time zone, and he introduced the first interesting point that cybersecurity threats are as they were as time zones and that's is just one challenging point for our discussion, do we discuss the same similar or diverse type of cyber challenges?

Now, there is no need to introduce Eugene.  He introduced himself greatly about this survey of history of a computer, and it triggered a fascinating discussion in the chat, which mentions of Fortran, Cobol, and other tools.  And I can see that the age distribution of the current panel is more to do with us who used to start using computers in 80s and 90s, but we would like to hear also from the younger generation about their concerns.

Eugene, you have been, your company has been providing really deep detailed summary of cyberattacks, and the painting of the current landscape and you have this excellent useful tool that we use, for example, for our courses when we teach cybersecurity on what is the current threat situation.  Could you in your first intervention, help in the painting of this overall current cybersecurity situation based on the both data and your general insights, and then maybe hint to some actions that you have been suggesting or taking, and then we will be developing them throughout the discussion.  Over to you.

   >> EUGENE KASPERSKY:  Yeah.  Thank you.  Well, actually, the situation during the COVID time in Cyberspace is well more dangerous, of course, obviously more dangerous than before, and actually the two factors which activate the cybercrime, the first factor is that many people they stay at home so they spend more time on the Internet so they ‑‑ they have ‑‑ they can easily crack the more victims than before.

The second factor is that many enterprises, well most of our companies, they sent employees home, but they're not able to guarantee the same level of security ass with in their corporate parameter, so the people are left at home with some basic security but they can access enterprise network, and so the criminals they use this to hack.  They hack the home commuters for access enterprise networks.  That's why we also see the increase of number of hacker attacks, the activities of cyber criminals, and actually we have quite a detailed data even for countries because we have our customers based in many countries around the world, so we see a sense of statistics of the criminal activities, so if you want to see more details, just visit our website securelist.com and there is a statistic page so you can see this data there.

And speaking about the code, I would say it's 25 to 25 increase of numbers of new malicious applications, and so before COVID, we were collecting about 350,000 new malicious applications, new malicious files a day, and so every day about 350,000 new malicious files which we never saw before.  Right now, we collect more than 400,000 malicious files a day, and it means that the global cybercrime is getting more active, and actually I don't know how many people are in this business, 10,000, 100,000, well the numbers are huge, the number of the attacks in different ‑‑ in the different tools developed by the bad guys.

So, the global cybercrime is most ‑‑ but in most cases technically it's not really a problem to protect people, to protect computer smart phones, devices from this kind of attacks because most of them are junior, so they're not too much complicated, and so technically speaking, it's not a problem to release the antidote for this kind of computer malware or cyber malware and the rising problem is that many of these junior cyber criminals, they getting more smart and they're getting more experienced, and they are joining professional hacker team, or they lead and create their new highly professional cyber gangs, and at the moment we're monitoring about 200 professional cyber gangs which develop quite sophisticated cyberattacks.

And then they're able to hack even very well protected organizations like banks, governments, and so actually this is the problem to protect the system from their targeted attacks, highly complicated, sophisticated, and unfortunately, in some cases, very successful kind of their malicious tools.

And at the same time, speaking about the physical systems, the infrastructure, the critical infrastructure, well we have more and more reports that the criminal gangs, this he access ‑‑ well they try to ‑‑ well it's not targeted attacks, but they try to touch infrastructure, they touch the systems that are connected to the Internet, and we don't have too many reports of the targeted attacks on the systems, and it seems that they just see that they're not just individuals, they're not just the computer networks or office networks connected to the Internet.  They see the complex structure.  In most cases they don't know what to do with that, but I'm afraid in the future they're criminals and they will easily recognize the power of attacks on the physical infrastructure, and I'm afraid that we are live willing in times when the criminals, they're turning to scatter systems from attacks on individuals, attacks on office networks, enterprise office networks, turning to their physical systems and well they're already in the Internet of Things.  They were botnets, infecting the security cameras, video cameras, and actually that was one of the most successful cyberattacks, global attacks, and leading for years.  And so I'm afraid that the next is massive attacks on the infrastructure and physical infrastructure.  Not like now, so they're just very, very few cases, actually, targeted cases, but I'm afraid in the future the position will be changed.

And, unfortunately, this evolution of cybercrime is really activated by COVID times because there are so many victims online, criminals they're humans as well, so they stay at home as other people do, so they have more time to improve the technologies, to improve the activity, and so actually I'm afraid that the situation of cybercrime is getting from bad to worse, so that's why the importance of cybersecurity and active measures about criminals is getting more and more important.

Thank you, Eugene.  I hope that we have the vaccine for the ‑‑ for this type of virus that is coming into our computers, but this is the question that we may reflect later on.  You introduced quite a few important elements, including this increasing vulnerability in the dynamics between home and the office, which is completely a new element, and also an element of professional versus newcomers into the cybercrime field, and this is the profession in itself, which has its own logic and dynamics, and subculture like all criminal organizations, and therefore we may later on reflect on it a bit more.

We are in the similar time zone, and moving a bit east toward Latha, and Latha we're now getting these threads into our tap industry of today's session with bringing links from the UN and Eugene from the trenches of cybersecurity where he's protecting many computers worldwide, and we would like to hear from you on your experiences as a cyber dip low mat and also person involved in geopolitics and we're collecting now individual business level to the global level.  Over to you, Latha.

   >> LATHA REDDY:  Thank you so much.  Thank you, Jovan, and given my background as cyber diplomat as you describe me, for me the key problem or challenge is now the difficulties in advancing dialogues on preventing cyberattacks, even in a critical area like the health sector.  Because you know if we can't agree on a norm to say that attacks of the health sector are unacceptable during a global pandemic, then really the purpose of international cooperation is not being served very well.

In the present tense geopolitical climate, and the tense relationships between major powers, it's very hard to focus on really vital international cooperation in policy issues, but cyber has never been more important, and dialogue on cybersecurity has also never been more important than it is today.

If we were to look at inter‑governmental tensions today, we could see in the context of what I would like to call possibly a tech war, can you see five fronts emerging and you can see the question of resources, you can see the question of network infrastructures, you can see the question of operating systems, you can see platforms, and you can see content in data.

This, I would say almost at the moment a cold war like situation prevailing between major power, but fortunately due to globalization, we do not have an iron curtain between the opponents.  The curtain we have today is flexible, porous, and not opaque.  Perhaps we can call it the Bambuco, to quote, I like this term.

And in other words, we can find a way to cooperate, provided everybody agrees that this is a global challenge, and agrees that in pandemic times, certain things must be out of bounds for cyberattacks.  How can countries cope?

We should continue our dialogues on Internet cooperation or interim the governance on international cooperation, and possibly on safeguarding the health sector through a universally agreed norm, and we should simultaneous build bubbles of strategic trust with partners, and I'll come back to the bubbles of trust later in my intervention, but I hope this sets in context of diplomacy, international cooperation, and norm building.  Thank you.

   >> JOVAN KURBALIJA:  We have a cold war in the making, but there is no iron curtain yet.  Diplomacy facilitates dialogue, but not as effective yet as it should be, so focus on the norms in the most critical sectors like health sector and develop more cooperation.  Great inputs in making all of this cybersecurity canvas vivid and relevant.

Now, from the UN Business Sector we have geopolitical input from Latha and then now to international secretary of chamber of commercial place where I guess many questions and some complaints around cybersecurity are coming from Chamber of Commerce Worldwide and also small and medium enterprises, so John, what would be your input on this question and what are the major cybersecurity challenges that we are facing in COVID‑19 crisis, especially from the business perspective?  Over to you.

   >> JOHN DENTON:  Thanks.  It's great to be on the panel and great to be back at the IGF.  I'm sorry we're not there in person, but this is the way it works.  Maybe I can put it a little bit differently.  I actually see a paradox, but let's be very clear so the International Chamber of Commerce we're the international voice of 46 million businesses now and we know that COVID‑19 is having real and dramatic impacts of what we call the real economy, and the real economy is actually the way in which SMEs, micro‑SMEs impact what is conducted and they've been subject to supply shortage and demand shortages and collapse of supply chains and seeing the economic impact beating them up even before the health problems got to them, and so it's actually been a really troubling time. 

One way that we've been working with this is we've actually run a campaign, and part of that has actually been to work on the digitalization of SMEs and micro‑SMEs because I think as you all understand, I think as Eugene said and others said as well, in this time of COVID, what we've seen in social distancing is the need to go online, so we've been enabling that.  9 paradox, of course is we're enabling that at exactly the same time as we're seeing the new feature, which is these kind of dark, menacing players, and these kind of robbers or the black heart as I think Eugene almost described them as playing in the space as well, so we've actually been encouraging mass uptick of digitization to SMEs and micro‑SMEs, and at the same time, this is a dramatic increase in malware, phishing on all the SMEs and micro‑SMEs and one of the challenges is they don't always operate as independent entities always and are actually integral parts of the supply chain.  So, what's actually happening is the weakest link, arguably in the supply chain, is being attacked. 

So what we're actually seeing is an increased vulnerability of the real economy to attacks through cybersecurity in the heart of COVID‑19 in the response, and yet the only way we can effectively respond economically is a way to suck up that risk, and then what we have to do is actually find tools, find approaches that can manage that, and I was very much taken by Ambassador Reddy that what we actually need to grapple with this is not just more training and more concern, but we actually need really effective interplay between government, the private sector, Civil Society, to actually develop a framework but also a culture which actually puts cyber risk as a classic risk that needs to be managed. 

We can't irradicate cyber risk and I think Eugene could show us why we can't but we can treat dealing with it as a process we need to manage and what we do need in order to enable that to happen is a lot more cooperation.  We still see too few countries actually take up some of the most important elements in terms of computer emergency response task forces, et cetera, and we do need a recognition that this is a global problem, so frankly wealthier countries, wealthier company, need to be helping, investing, and supporting the development of the tools to enable the SMEs and micro‑SMEs to no longer be weakest links but actually to actually enable themselves to build resilience so they can participate in the real economy effectively and save lives and livelihoods and manage a process which can actually limit the impact of cyber risk, that's what we see and that's what we think needs to happen because frankly as I said, this paradox continues and we've just launched a major campaign to digitize the further 5 million SMEs and micro‑SMEs so they can go forward and actually operate in the 21 Century, but particularly be part of the economic recovery.

   >> JOVAN KURBALIJA:  John, a fascinating scenario of the modern economy.  Thank you for that.  And you triggered one thought or one question for our audience and for our panelists that we may come to later on, whom we call when we have a problem, we as SME or we as citizen, or we as a country.  Is it a company help desk, or help desk with government or international help desk?  For us here in the panel, in the session, I'm sure that we're aware of CIRTs and other bodies, but for a young person just starting startup company or citizen, that may be a challenge, and for this just one question that we may try to reflect on very simple question, bringing geopolitical issues to reality of the people worldwide.

Wow, that was great session.  Thank you.  Thank you.  So easy to moderate it with such great inputs.  Now, we move to Chris.  Chris is in DC and there is no need to introduce Chris Painter now in his current role as President of Global Forum Cyber Expertise, and Chris, I know you can reflect on so many issues, but what do you pick up from the threads developing so far and develop them further?  Over to you.

   >> CHRISTOPHER PAINTER:  Well, it was great hearing the other panelists and I sort of feel like a lot of things have been said and there is this old saying of everything has been said but I haven't said it yet, so I'll try to avoid that and actually talk about some new things.

I mean, obviously, I think the pandemic is just highlighted what we're already seeing.  We're seeing great threats to Cyberspace, to both on an individual level, on a Nation State level, transnational criminal groups and others involved in this, and that's just accelerated with COVID because it highlighted our vulnerabilities and dependencies on these systems.

And that's hardly a surprise.  It's unfortunately that every time we had a major like disaster of any kind, there are always this group of criminals who try to attack that and take advantage of it, so it's hardly surprising, and it's unfortunate though.

So, what does that highlight for me?  Well a couple of things.  One, we're seeing these kinds of threats and I'm still worried about new threats.  One of them, you know, my friend the former President of Estonia, Thomas, always talks about a threat and worry about the integrity of information, and I worry about denial of service attacks, I worry about theft, I worry more if someone breaks into a hospital and changes my blood type so the next time I get a transfusion I die and financial markets can't settle.  We haven't seen that much yet, but I think that could be the wave of the future and we have to worry about that.

What it says to me is two things.  One, there is a little bit of silver lining here, to the extent there is any silver lining to COVID and this is really not much of one, but it has shown to countries around the world, both developing countries and developed countries, that this is an area of real priority and that we're so dependent on the systems and cybersecurity can't be treated as a boutique throw‑off issue, but as core issue for all of us a core political issue, a core issue that is a national security issue, an economic prosperity issue, a human rights issue, and also, ultimately, a foreign policy issue.

And in terms of diplomacy, back when my office was created back in 2011, we were the first ones in the world at that time dedicated to these issues, and there are about 40 and growing around the world and that's important because it's being treated not just as a technical issue, and the technical aspects are clearly important, but as policy issue, and just like you don't need to be a nuclear engineer to understand the aspects of nuclear policy, you don't need to be a coder to understand the national security, economic, and human rights implications of cybersecurity and how we do that.

So that's one thing that I think is really important, and it leads and gives us an opportunity to mainstream this issue like we haven't done before and we need to do that.

The second thing I would say is it highlights for me the necessity, and this shouldn't be surprising coming from my perspective as now the President of the Global Forum on Cyber Expertise Foundation and the necessity for capacity building around the world and capacity building in many different ways.  The capacity building to help countries both developing countries and developed country, and again there are lots of developing countries who do an not have expertise, resources, structures in place, national strategy, and we have to work with those, and that's something that my organization, the multistakeholder organization which includes like 60 countries, over 60 countries, Civil Society, the private sector, academia, has been really focused on trying to coordinate some of that capacity building.

But also, the kind of policy capacity building, that's around like how do you engage this approximate these diplomatic debates happening in the UN, that people have talked about, and so I think we need to be able to do more on that level, too.

So, it gives us an opportunity to do that but we need to treat capacity building and cyber as not an odd duck, but really as a core part, a foundational part for our future prosperity and foundational part of the UN's Development Goals as well.

The last thing I wanted to touch on was, just talking about the role of the diplomacy, and I do think diplomacy and negotiations are happening now are critically important.  I think the norms that were agreed to in 2015 are critically important, we need to continue to get those implemented around the world and understood around the world, the confidence‑building measures, spreading through regional and other organizations is critically important, how international law applies is important to all of our safety and security and stability going forward but we also have to make sure there is accountability for transgressors and I don't mean escalate but accountable so we hold account those who break the rules, these understandings, but we need to think about how to do that as a world community.

And, again, think that goes hand and glove with developing the rules of the road and how do you make sure there is accountability for those.  Lastly, I just say that that again all folds into this idea of capacity building, which is the discussions in New York, almost everyone mentioned this, and that was pre‑COVID.  And now I hear it even more post‑COVID where we're doing everything virtually, and that's a good thing.  You know, there is a saying never let a good crisis go to waste, and I don't want to be quite like that, but we need to make sure not to lose the opportunity and we don't forget how important this is and when we see attacks on hospitals and others that we actually have a way to elevate the issue to Prime Ministers, presidents, CEOs of companies outside of the cyber club that we're all in.

   >> JOVAN KURBALIJA:  Thank you, Chris.  I think we're doing very well on your plea to build a communication between different policy communities.  We haven't been using jargon, and we did a bit in the pre‑session with the history, but it was tolerated, but throughout the session, we stayed very careful away from the technological or diplomatic or policy jargon, and it is great and I think we should continue in the same way.

Chris, there is one potential controversial topic for discussion, while I completely agree with your view that policy, leaders, diplomats should be aware of the political aspects of technology, we have to see whether the potentials of security by design and how far they can go with security by design.  I know that Eugene has been thinking a lot and working on that and we'll hear later on in the second iteration about this interplay between security by design technical solution versus the diplomatic, political solution.

Once more, thank you, Chris.  Now, in this interplay, we move to technology again.  And, Enrico, joining us from Cape Town.  Enrico, what is your take on this discussion between policy, diplomacy, geostrategy, technology, economy.

   >> ENRICO CALANDRO:  Thank you.  Thank you very much, Jovan for having me at the High‑Level Panel, and I think it's interesting because actually there are so many participants online that would say that late time in our time zone and also towards east meaning that probably people feel safer online than offline, or maybe that's unfortunately the result of these restrictions, resulting from COVID‑19.

But the perspective I would like to provide, I am a social scientist by profession, and so I've tried to describe how new forms of cyber mediated and processes can become a threat to human security, and so I'm going to talk about people.  With a focus also on developing countries because that's the focus of my activities and research.

So COVID‑19 has shown to all of us that good quality, affordable, and ubiquitous access to the Internet is not a luxury, and but it's a critical lifeline and in developing countries, actually, access to the Internet is still a luxury for the majority of people.  So, any barriers that actually stop us from using the Internet in a safe and secure way threaten to strip us of these lifelines.

In developing countries, cyber threats and risks are an extension of the persistent and increasing digital inequalities that have grown together with digitalization.  The current state of cybersecurity vulnerabilities, illustrates a considerable security gap beyond the digital divide gap, which is exacerbating existing patterns of inequality for individuals, for countries, and for regions.

Now, if we take a human‑centric perspective to cybersecurity, I think that four main threats have become particularly problematic from a policy perspective because policy and political responses have not been able, actually, to tackle these problems, and that there is some barrier also of addressing from a cybersecurity point of view, that normally, you know, address these issues of technical nature and ITE and computer network securities.

And here I'm referring to the so‑called infodemic and COVID‑related cybercrime and online violence and risk of increased state surveillance.

So, these four phenomena have either emerged from the pandemic or have been exacerbated with the pandemic, or have compromised the response of the different countries to COVID‑19.  So from the point of view of Internet diffusion in the African Continent which is probably as we know characterized by novel and first‑time users using the Internet through the mobile phone, and primarily on social media, and I think it becomes clear that the population is highly vulnerable to infodemic and the main danger of that is that it speeds up the epidemic process by influencing and fragments responses to fight against the virus and pandemic.

And then partially related to the infodemic and I think certainly growing from it is the phenomenon of COVID‑19 related cybercrime, and actually we talked a little bit about that, because infodemic can also be a vector of large‑scale cyberattacks and that's what we've seen as well, and so cyber criminals spread messages to plant malware, Phishing or ask for Bitcoin and but campaign of this information can actually facilitate cyberattacks also based on the exploitation of other human vulnerabilities such as fears, anxieties, and they can also have racist and xenophobic behavior.

Another pandemic that I think is exacerbated by the COVID‑19 pandemic and increased Internet use is the pandemic of online violence, and especially against women and girls and also against people experiencing multiple forms of discrimination and vulnerability and intersection between gender, age, education, and other special demographics, and so it becomes more pervasive with some developing countries, but the reality is problem is getting worse and not improving.

The last threat is related to an increasing number of these tracing and contract‑tracing technologies to identify and support quarantine.  Tracking and tracking‑technologies are important to find the pandemic as we know, but surveillance needs to be done in compliance with data protection regulation and due respect for privacy and confidentiality.

But it might be ineffective in countries with low levels of smart phone diffusion, because people you can't ‑‑ you can't seem to collect data, and it can also place citizens at risk of privacy violation in jurisdictions with poor data protection frameworks or in countries that have had difficulties in enforcing these frameworks with ‑‑ with legislation where it is actually present.  Thank you.

   >> JOVAN KURBALIJA:  Thank you.  Thank you, Enrico, for enriching what Chris started with the human rights societal legal and other aspects of cybersecurity discussion, which cannot be discussed in isolation and bringing infodemics and all of this concept.  Our apology for some problems with unmuting and muting, but this is going to be definitely the keyword of 2020, can you hear me, or unmute yourself, or mute, and therefore I think it's now fixed.

We have all these threads from the first iteration of the introductory statements, and we are receiving quite a few interesting questions, and I will just read the questions and comments before I invite you to comment on those few issues that emerged in the first part of the session.

Mike, great regards to Mike.  He says two questions and three words.  We don't see the questions, but three words are encryption, digital, and ID.  Maybe some of you can comment on this cybersecurity Trinity.

Amid, there are two camps; one, countries want to regulate cyber conflicts and some want to prevent cyber conflict, and recognizing the Cyberspace as a fifth domain of war warfare other than civilian in only peaceful environment we have to which camp?  That's an interesting question especially for those of you interested involved in geopolitics.

And Jacque, great regards to him, driving from COVID discussion, should citizens including corporate citizens patronized sanctioned or enforced to protect from cyber dangers or prohibited as restriction of personal freedom, freedom of doing business.  Wow, we won't have a boring discussion, I can see, and I invite our attendees, including one of the fathers of the Internet, Vint Cerf, best regards to Vint, to bring their comments and the questions.

Now, we are going to the second iteration based on these questions and at least from the initial discussion, and we'll ask Under Secretary, Izumi, what is achieved under the auspices of the UN?  Izumi, you heard many inputs on the current situation and concern and threats and risk.  What is happening at the UN and what can we expect from the UN in this context of answering some of these concerns?  Over to you.

   >> IZUMI NAKAMITSU:  Okay.  Thank you.  I feel that, you know, the panelists, definitely all the panelists and vast majority of all the people in the audience are all fully aware of what is achieved at the United Nations and what is going on currently in the UN.  I mean, but just to recap very, very quickly, of course the UN has been tackling this issue for many years now.  There are six iterations of what we call the Groups of Governmental Experts that, you know, they have been studying and analyzing and denigrating on key issues, and then this GGE has indeed managed to agree in the past, for example, that international law, in particular, the UN Charter applies to the use of ICTs, you know, so this links up with wonderful questions that you read out and it's an interesting question that I would like to perhaps comment on that a little bit later.

And, also, the group has recommended very practical confidence‑building and capacity‑building measures, and I completely agree with Chris Painter on the importance of capacity building and I think this is something that we still need to really develop and this is a critical component of the work ahead.

In particular 2015, GGE, were also able to recommend 11 voluntary norm‑binding, norms of responsible state behavior in the use of ICTs, and these norms cover key issues including cooperation between states in the use of ICTs, the respect toward human rights in the digital sphere, someone mentioned that also, and the protection of infrastructure, critical infrastructure from cyberattacks, and some of these norms, of course, are technical and operational in nature, but also deal with responsible reporting of ICT vulnerabilities as well as preventing proliferation of malicious tools and techniques and so they are, you know, a good practices that are recommended under these norms on the part of the private sector industry people.

Now, in 2018 as you all know already, I'm sure, a new GGE has been established under the UN and they are in the middle of their work.  You know, they're discussing, especially the strengthening of the norms but also confidence building and capacity building issues.  And, of course, there is a new process, a new platform that was established at the UN, which is inclusive.  It's called Open‑Ended Working Group and they're also the first group of Open‑Ended Working Group is still in the process of denigrating and bringing to conclusion next year, but also very recently just a couple of days ago, the first committee of the General Assembly also decided to create another Open‑Ended Working Group for the duration of five years, and so it's very much still a work in progress, but there are some good, solid foundations that we have, you know, that we have been able to agree on.  And the key in my view, is to make sure that these norms so far agreed to will be fully implemented, and I think one thing is to have a good normative framework but another thing, which is critical, is to making sure that this is implemented, and of course going forward, in order for us to be able to prevent major cyberattacks and cyber incidents, I think we need to have confidence‑building measures and capacity building, and this perhaps we will be able to discuss in the next, you know, what lies ahead in terms of a key challenges.

One thing that I would ask is that we are really increasingly aware and actually have acted upon already once in the context of the Open‑Ended Working Group that this has to be taken in the multistakeholder discussions.  This is not really just, you know, government and cyber diplomats coming and discusses, but we need to have a really meaningful engagement of industry people, researchers, and technical people, Civil Society included.  We are still exploring what more we can do in this regard, and I will be very keen to listen to potentially some creative suggestions on, you know, how the UN can indeed improve on multistakeholderness, if you will, of those conversations.  As you know, it's not ‑‑ it has not been so far a strength of the United Nations, necessarily, but we are acutely aware of that and going forward, we need to make sure we have meaningful input and participation from various stakeholders who can actually make huge contributions in this.

   >> JOVAN KURBALIJA:  Thank you, Izumi, and thank you for your efforts to bridge all of these processes that your office has been trying to find connecting points on capacity building, sharing information, and it's fascinating to bridge what is political reality and to do maximum out of it for the cybersecurity.

There was one question maybe that could be answered later on by you or someone else.  Well, I would say by most of the participants, which from a a Diplomat here in Geneva, which forum would be most important to make real global progress on addressing cyber threats, which features should it include, and which should it avoid?  That's an interesting question for the complete panel and I would like to invite others to think about it.

Now we move to Eugene, so you said that initially this very interesting discussion, and there are many threads that you can pick from this discussion and comment, but personally I would like to hear your view of interplay between policy and technology and security by design that at one point, and maybe one point I know you're very keen on capacity development and you have ‑‑ you're Kaspersky Academy, and what would be three points in the curriculum for diplomats and leaders in the world that you would like to teach them during one of the courses.

   >> EUGENE KASPERSKY:  Yeah.  Thank you for the question.  And actually, I have some ideas on how to answer some questions which you already mentioned.  But in many cases, there is no simple answer of yes or no.  In many cases there is something in between, so yes and yes, and speaking about the importance of preparation against cybercrime, how to fight, how to address the cyber threats issues, I think three things have to be done, technologists, education, and law enforcement you including the international cooperation.

And so actually, well I can speak about all these three vectors of fighting the cyber threats, and in the Cyberspace, and well speaking about the technologies, I believe ‑‑ so we'll know how to protect their computer systems and smart phones, and actually we can guarantee pretty high, technologies can guarantee very, very high level of protection, but if we turn to industrial systems, Internet of Things, and if we keep in mind that there are more and more and more such devices around us, gadgets, everything, actually it's not possible to develop security, cybersecurity for each copy machine, vacuum cleaner, security camera, et cetera, et cetera, et cetera.

So, actually my idea, the major idea is that we need to develop the systems which are secure by design, and I call it cyber immunity, so actually we have this ‑‑ we have its platform, and this is an operating system which is very compact, it's not multifunctional, it's not like Microsoft Windows or Linux, no.  It's simply not possible to build security through secure immune systems based on these systems, and so it's completely different and good enough for Internet of Things, and actually what we do, we designed the architecture of the systems in such a way that it's simply not possible to hack it, but at the same time the systems are quite flexible, you can update, you can install applications, and so actually it works, and we have the first ‑‑ the Internet of Things, the first cyber gadgets, sometimes they are quite unique and developed on top of this immunity agency system and for example I just have it on my table, and this is the industrial gateway which can connect the industrial system into the Internet in a secure way, so it's a gateway which is made on this immune operating system.  And we have some other stuff, but I'm not going to make the advertisement on this technologies and the products, but actually technically speaking, in for Internet of Things and for industrial systems, for infrastructures, especially critical infrastructure, we can reach such a level of security that a successful attack will cost more than possible damage, and so the bad guys, the attackers, must invest more than possible damage of the victim, and so I think this level of security, immunity, and so for the bad guys there is no reason to hack the system.

And so technically speaking, it is possible to develop such a technology in which you can guarantee that you in things of infrastructure and protection‑wise are unhackable.

So it's a first, it's about the technologies, and speak being international cooperation, it's the first time I said about that it's a must to have international cooperation, and that was early 2000 and somewhere at the same time there was a Budapest convention on the cybercrime that was introduced, and maybe I was the first to say Internet Interpol to investigate and to find the bad guys in the Cyberspace, and so we need to have some kind of the international cyber forces to account for these guys.

Unfortunately, what's going on there, the world is getting unfortunately more fragmented and geopolitical situation is very far from perfect, and I'm afraid that the cooperation between different countries from different parts of the geopolitical landscape, some cases are getting worse.  I'm not politician, I'm not President of the world to fix it, so I just do my best to advise others that we need to change that.  We are all living in the cyber age in a Cyberspace, so to keep this place safe and secure, at least to move into the direction of a safe Internet or the safe Cyberspace, we need to get cooperate and forget about geopoliticals, the rest of the geopolitical stuff, in a Cyberspace, the nations must cooperate to ‑‑ because once again, we're living in the same Cyberspace and we're facing very same cyber threats, and actually they are cyber systems that get more important and critical infrastructure depends on cyber more and more, and it's vulnerable and, actually the way the world is being developed, it's ‑‑ it's danger.  So, we need ‑‑ we need to fix it, we need to create the new ways or new ideas to build more trust in Cyberspace and have to make nations to work together against the cyber threats.

   >> JOVAN KURBALIJA:  Thank you.  Thank you, Eugene.  Great dictionary today, cyber immunity, Internet Interpol which is a bit, as you said historical need for digital or for cooperation across the board.  And in the closing, in the next iteration, you may give us also the answer to the question of what could be curriculum for diplomats and politicians on cybersecurity, three major points.

Now we move to India to Latha, and now Latha you increased the interesting concept of trust bubble and you may reflect briefly on that or any question that has been emerging on let's say geopolitical aspect on question of two camps, and mentioning how there are two camps and how they contribute to the cybersecurity.  Just pick one of these questions and reflect on it, but tell us more about the trust bubble.  This is an interesting concept.

   >> LATHA REDDY:  You know, the question of the trust bubble, Jovan, was you know to build lasting partnerships and deal effectively with cybersecurity issues, we need strategic partnerships.  That's what I call a trust bubble, or in fact we would call it technical bubbles of trust.  What should each country expect from such a partner in a tech bubble?  Firstly, you'll have to have political and strategic convergence.

Secondly, you would have to have trusted each other's legal and jurisprudence systems, and thirdly, you would have to have a broad‑based economic partnership across technology, trade, services, defense, and other key areas.

And lastly, is there broad trust between the peoples of each country, and so I think that that is absolutely necessary if we are to move forward with this idea of technology bubbles of trust or, in fact, for strategic partnerships between countries.

I think that, you know, the ‑‑ there are concerns today about the technology of trade, for instance, or trade technology.  As we saw in 5G, when vendors are o no longer judged only on price and effectiveness but also on location and geopolitical tensions, there are concerns about the country of origin and the prevailing legal systems in that country, and of course the relationships with that country.  Therefore, it's no longer run purely on commercial considerations, and certainly it will present a lot of difficulties for sellers and buyers, and I think that this is where the bubbles of trust will play an even greater role, and I'm sorry, Jovan, I forgot the second question you asked me.  Was there anything else you wanted me to comment on?

   >> JOVAN KURBALIJA:  There was one question which was asked what should be the fora?  Do we need to create one forum to discuss cybersecurity mutually, or where should that coordination happen on the global level, a policy or geopolitical question, I think that was one of the comments in chat?

   >> LATHA REDDY:  Well, I certainly think that we do need to coordinate our efforts in so many different fora.  You know, there is a huge multiplicity of effort, and we are having dialogues in so many different fora, whether it's the Paris Peace Forum, the IGF, our own global commissions which I've worked own and any number of think tanks and et cetera.  So in one sense it would be good to have a body come together where all of these efforts could be coordinated and classified together, but I think it will be very difficult because at the moment there is not much appetite to create another international mechanism, and certain countries would certainly be opposed to creating a global internationally recognized body to deal with these cyber issues.

   >> JOVAN KURBALIJA:  Thank you, Latha.  That was one of the questions of the High‑Level Panel that was probably one of the underlying and most challenging questions, whom to call to address your digital issues, not only cybersecurity, but in general digital issues.  Which is a big challenge in small countries, where big countries have many forums, but we may get to that point through in the next with John.  John, who can businesses call to address their digital issues and all of these concerns?  Or you can pick on any other points from our discussion.

   >> JOHN DENTON:  Well, straight up, I think if anyone said there is one person to call, I think there would be grossly misleading, so I think that's the first point to make.

I might just open this intervention by saying this time 12 months ago I was actually at the IGF and I launched one of the famous ICC Campaigns to make technology work for all, and I did that because we recognize, I think as we all do, the digital divide.  But the point I want to focus on today is there is also a capability divide by we actually need to think about in terms of digital capacity divide as well, and I think that's been touched on a bit by Eugene and also by Latha so far.

Where I'm getting to here is that what we see too often now is the absence of an effective regulatory framework, both at a policy level and legal level to actually encompass and enable the kind of things we want to see on cyber, and that's something that we see as an element which is missing, not everywhere, but in many, many economies, and in many respects even in some surprising economies.

The private sector can do so much, but in the end to create these frameworks, these policy frameworks which are capable of being implemented by regulation and by law, we actually need governments to step up, and we still see too many governments without that capacity.

And so the private sector simply cannot do the heavy lifting at all on its own, but the point I make there is even in developed countries and partly picks up the comment that Izumi made earlier on, if you want to develop good policy or even policy from developed countries, you can't do it in isolation.  This policy always has a strong business voice in it and Civil Society and in particular when it comes to issues like digital, and the reason for that is that ultimately we have to implement it, so if you don't involve the end users or the key stakeholders in the development of policy, then you're always end up with difficulties, and that's just in developed country, but in developing countries we also need, and I shouldn't say this is only reserved for developing countries because there are a number of developed countries without I think the requisite framework in place, and we need to work together, and they need to being a knowledge that if we need to call anyone, it's got to be someone who is actually able to encapsulate Civil Society, the private sector, and government and put the citizen at the center in order to achieve this, so in a way it's almost the holy Trinity that we actually need to have in place to deliver on this outcome, and so one of the questions or one of the observations made in the chat was that in order to help SMEs and micro‑SMEs to combat cyber, we should look to the wonderful tools from the cyber readiness institute, and please be assured that we're doing so, please be assured that that is something that we see as critical, and you know please be assured that the ICC, we have five years ago we actually preempted this debate by the standards that we created in the guidance we gave out, and that still rings true, and I was just looking at some of the points we made in our guidance five years ago and it actually still, envision the company should adopt, holistic approach, looking at effective risk mitigation, and preparation to breaches, and all the elements we talked about there in a more detailed paper are all still relevant, so I hope that's useful to you, but it's actually ensuring that there is this stakeholder engagement in the formation of policy and regulations and law, but actually governments ultimately need to act but we need to help them act as best as possible with all of those inputs.  Thank you.

   >> JOVAN KURBALIJA:  Thank you, John, for bringing more precision to multistakeholder approach.  Sometimes we stay on the general notion, but you zoomed in in both reasons and practicalities of how multistakeholder approach can function, and I think this is under researched and underdiscussed issue, because if you want multistakeholder approach to flourish, we need to really zoom in and develop a procedure and approach much better.

We will be moving now to Chris, but Chris you can think on the few questions that remain unanswered and there was a question on two comments and a comment from Wolfgang very interesting as always, and UNGG and open‑ended working group are important but probably some progress can be made in next few years, optimistic view, so let's hear if the panelists share the optimism from Wolfgang, but we should also discuss the progress in the laws and autonomous system group and the region from Libya caucus are testbed how AI and Internet based devices can be integrated in military operation and there has to be ‑‑ there has to be discussed also mutually stakeholder environment.  As always, can challenging thoughts from Wolfgang, so Chris a lot on your plate, geopolitics, so go ahead.

   >> CHRISTOPHER PAINTER:  I love Wolfgang, but all of these issues are increasingly multistakeholder and increasingly interrelate as well.  I want to pick up on one thing that was just said by John and that is that it is important to have multistakeholders and different stakeholders as we develop policy and this is one of the things that the global Forum on cyber expertise tries to do when we talk to countries, for instance, about having national strategies which is often the document that shows it's a priority for that country and it's the organizing document for that country and that they should create that strategy by talking to a number of stakeholders and not just government stakeholders, but industry, academia, Civil Society, that's the best practice and we try to showcase that.

I'd say a couple of other things too.  I don't agree, using a term I used before, that we need one ring to rule them all.  We need one giant institution that's going to take up all of these issues.  Frankly, it would collapse under its own weight and it would be too complex, too hard to actually have an effective function.  And I think what we need to do is to make the existing dialogues that we have, including in the UN, more effective, rather than trying to create a new one.  You know, I similarly think that, you know, one of the questions was about do we need a new binding cybercrime tree or cybersecurity treaty, and I have the same feeling about that.  We are still in the early throws of this issue and we need to focus on things like what are the expectations, what are the rules of the road, what are the norms and getting countries to follow those.  We could think about something down the line, but a treaty doesn't solve our issues in this space either.  People violate, and countries violate existing treaties, and so that doesn't make ‑‑ you know, you autonomous have a treaty and everything goes away, but we need to think about the rules of road and get consensus around that and go get those implemented.  I think that's critically important.

And you know I guess the other ‑‑ the other two issues, one was on cyber and you mentioned someone, the idea about a course for cyber diplomats that is critically important, we did that internally in the state department, trained officers from all over the world, brought them back to DC, had Vint talk to them and people talking about geopolitical issues, so they were involved in that, Estonia is good on that and training diplomats on cyber and they've had several organizations.  Your organization has been working on that, other organizations have been working on that and this is an important issue to get those people involved.

The final question I'll take a swing at is the one of, you know, there are two camps managing conflict and preventing conflict, I don't think that's really true.  I think those things merge, right.  If we think that cyber tools are not going to be used for offensive operations, that may be a fanciful way to think of the world, but that's not going to happen, right.  So, there is no way that's going to happen.  So how do we just like we do in other areas, control this and make sure conflict doesn't occur.  So, part of controlling conflict, having rules of the road, international law and norms is to prevent conflict and we should be working toward that so I don't see those as opposite things and I see those as merging together, so I tried to hit a lot of definitions in that short blurb, but thanks for that.

   >> JOVAN KURBALIJA:  Thank you, Chris, and please help me not to become with the IGF Secretariat because of time management, but it is such a unique opportunity to have such good speakers and inspiring speakers and very good questions from then there is a question on the funding and skeptical view about the need for the any sort of centralization in that respect, and it has been elephant in the room, if I say, small and big elephant to use the metaphor, do we need central space and then there was a question, an interesting question from Mark from UK leading digital diplomats and recently retired, should IGF + establish a dedicated observatory for cybersecurity that provides technical advice, education, capacity building, resource, and this is an interesting issue and probably building inputs from GFCE and other existing initiative and great work of Singapore by the way in field of cybersecurity and training, and therefore that's one of the concrete questions and suggestions, and discussion really moving fast in the chat and we have 10 minutes now.

So, I will just give a chance to Enrico, and Enrico, so many questions from this discussion, so help me to stay within the next 10 minutes limits of this session with your comment.  Pick on any of the leads in the discussion and comment, please go ahead.

   >> ENRICO CALANDRO:  Yeah.  Thanks, Jovan, I will try to be very brief and I would like then to maybe expand a little bit on this idea of the cyber observatory at the UN, and so as a researcher, I truly believe that, you know, the domain of the Cyberspace and cannot be isolated by unique national and regional contexts.  That somehow can create a distinct set of challenges and it's through research that you can identify then the different maybe priorities and mechanisms for learning cybersecurity within national jurisdiction, and so also to fight against cybercrimes is a complex task that requires multilateral and multistakeholder dialogues, and it's really important to understand, I think through research, the cyber threat landscape and so that the response is really a design in an evidence‑based and informed way.

And I think it's also important then that, you know, once you're able to collect this evidence and identify uninformed response, some policies somehow have to be human‑centric, and so you know we do want to build more resilience, but the first step is really then to empower the Internet users as a number of speakers have said as well.  And resilience can be seen as a function of capacity, and so Internet resilience, I think it's a function of cyber capacity.  As we've seen, you know, during the COVID‑19 outbreak and I mean during the history of the Internet, the Internet infrastructure actually is a resilient network, you know, and as we keep working and under pressure and also under several attacks, still here up and running, and it works every time better and better and faster.  But for what actually we do need to build is the human resilience because it's actually the human security that is at risk.

And, you know, there is a problem of people's vulnerability, and I don't know for difference in developing countries, the landscape there is that the technology is updated, it's not scrutinized, and there are very low security standards and devices in practice in software, and there are really no measures to mitigate it.  So considering then the people can be the first line of defense against threat, is the most important vulnerable, you know, that we should try to protected and educate, and so cybersecurity policy, I think it should really aim at providing safe and security access and use of the Internet by building these human resilience and protecting, of course, the human rights online.

Just one final comment on these entity, you know, that should somehow I think create trust in Cyberspace, and I think that, you know, in the current landscape of tension, the UN from my perspective is recognized by a number of countries and especially developing countries as this kind of center of gravity, and I'm quoting here Dr. Mashabani from South Africa, developing countries feel they can really sit at the table of the UN and I believe at that level it's important to have global consensus on Cyberspace, but what needs to change from my perspective is the traditionally multilateral mechanism should then encourage a wider participation, both from developing countries that, you know, they're not always capacitated to meaningfully participate in this kind of debates, and of course to have also broader dialogue with a number of actors including Civil Society organizations, technical community, and others, so that all together we really can define these principles, norms, and rules for a safe and secure Cyberspace that at the end is truly inclusive and secure.

   >> JOVAN KURBALIJA:  Thank you.  Enrico, thank you for this.  You have support from Chrystiane on human‑center cybersecurity, and you mentioned human secure in your first intervention which is somehow forgotten in the international par lance but it's extremely interesting concept and I know it is supported a lot by Switzerland also because of the humanitarian aspect.

Now, Enrico, we will start with you, by asking you to make voluntary commitment, and be very careful because the Secretariat is taking good evidence of whatever we promise, and hopefully next time IGF will be so we have to deliver on that.  30 seconds for your voluntary commitment until the next IGF.

   >> ENRICO CALANDRO:  So, my voluntary commitment is to keep growing these needs of data, of evidence, and all information for development of evidence‑based cyber policy‑making, and so I'm committing myself to work more towards that.

   >> JOVAN KURBALIJA:  Okay.  Chengtai, I'm sure you took this note.  Thank you for that.  Chris, what is your voluntary commitment.

   >> CHRISTOPHER PAINTER:  I'm going to commit on myself and organization to increase regional focus in Africa and make our efforts more efficient and effective and overall, really raise the awareness and level political level of cyber and cyber capacity building.  We hope to hold a conference, but it's still in the planning but I can't announce it now but I can announce what I just announced and we'll do all we can do to that.

   >> JOVAN KURBALIJA:  Thanks.  John, over to you.

   >> JOHN DENTON:  Thanks so much.  We commit to work with members and partners to ensure that access to Internet and digital technology works on free layers of the digital ecosystem, infrastructure, applications, and skills, to work with policymakers to improve their understanding of how ICTs actually work in practice, to co‑create incentives for investment and innovation to develop and rollout and maintain tools and solutions to secure meaningful access for underserved communities and vulnerable groups, and co‑design frameworks that enable connectivity based on light‑touch ICT policy and regulations, encouraging competition and enabling the entry of new players into the ICT ecosystem and mobilize our amazing network of 45‑million companies, 12,000 chambers of commerce to get all of this done.

   >> JOVAN KURBALIJA:  Thank you, John.  We will follow line by line next year when we meet at the IGF.  Latha?  What is commitment from your side, in addition to write a good blog post about trust bubble, it requires Latha.  This is commitment of time I'm imposing.  Please go ahead, I'm joking.

   >> LATHA REDDY:  As a cyber peace warrior, as I like to call myself, my commitment is to continue my work on increasing international cooperation, more democratic Internet governance frameworks, and on formulating cyber norms.  We need to coordinate and consolidate our national, regional, unilateral and global efforts to achieve this goal of keeping Cyberspace as safe and stable as we can.  That's my commitment.

   >> JOVAN KURBALIJA:  Thank you, Latha.  Eugene, what can you promise until the next IGF for our community?

   >> EUGENE KASPERSKY:  Cybersecurity trainings for UN cyber diplomats.

   >> JOVAN KURBALIJA:  Oh, great.

   >> EUGENE KASPERSKY:  And just to answer, actually, I think we'll do it in very funny way.  Actually, we have different trainings of cybersecurity, and one of them is like it's a table game, it's like a monopoly game where there is enterprise which is under cyberattack and you are like CEO of the company of this enterprise and you have budget, options, and you have time.  And you must survive.

   >> JOVAN KURBALIJA:  Wow!

   >> EUGENE KASPERSKY:  We can provide this kind of training for UN cyber diplomats and it's really, really funny game.  Thank you.

   >> JOVAN KURBALIJA:  That's great to learn with a bit of fun by playing games.  And I'm sure that I will follow up directly on this voluntary commitment because it's so, so interesting.  Thank you.  Izumi, we're concluding voluntary commitment list from you.  What can we expect from your side, please?

   >> IZUMI NAKAMITSU:  Thank you.  Before that, Eugene, definitely also I would like to follow up on your offer as well.

So, from our perspectives, obviously in line with the Secretary General's agenda and also to the agenda, I will continue to the best of my ability my efforts to promote a global culture of cybersecurity, and that we do by continuing and further increasing our engagements with Member States to help foster a culture of accountability, which is another keyword, and also adherence and implementation of the norms that we talked about, rules and principles on responsible behavior in the use of ICTs.

Also, I commit to further increase our engagement with other stakeholders, including businesses, industries, Civil Society, and tech people in general, and I would like to actually add a second bit of my commitment.  It didn't come up today but I would like to make a commitment to promoting the full and equal and meaningful participation of women in all decision‑making processes related to this extremely important issue of cybersecurity.  We already do have a shortage of, you know, cybersecurity capacity, and in particular female capacities and we need to do all sorts of different kinds of efforts to bring up new capacities and also making sure that women are involved in decision‑making processes as well.

Thank you.  Thank you, Izumi for great news, and thank you to all of our panelists to helping me to remain in good standing of the IGF Secretariat because we're finishing on time, and thank you for a great attendance. 

I think the questions were excellent.  I tried to answer a few questions, and I ignored one question by one because he works for my organization, although it was a great question, but he can tolerate me ignoring his question.  It was really great discussion, and we should discuss serious issues also with some fun, and Eugene a commitment to learn on cybersecurity via a game is great, and I would like on this note to thank you for organizing it, thank the special thanks to the IGF Secretariat and UNDESA and all the people that put a lot of efforts behind this session.  And hopefully see you in person next year for a discussion on commitment and for having some fun.  For time being, I will have to ‑‑ I have to share with you virtually this drink, but next year we may develop whatever, beer‑to‑beer network and discuss serious issues in relaxing setting, which is in traditional diplomacy also a way to make breakthroughs.  Have a nice day, evening, late night for Latha, it's almost 1:30, and keep on.  Bye‑bye.