Learnings from Multistakeholder Collaborations in Cybersecurity Response

21 December 2017 - A Workshop on Other in Geneva, Switzerland

Agenda

Proposer's Name: Mr. Jong Hyuk Ro
Proposer's Organization: Microsoft Korea
Co-Proposer's Name: Dr. Wan S. Yi
Co-Proposer's Organization: Korea Internet & Security Agency
Co-Organizers:
Mr. Jong Hyuk Ro, Private Sector, Microsoft
Dr. Wan S. Yi, Government, Korea Information & Security Agency

Session Format: Panel - 90 Min

Proposer:
Country: South Korea
Stakeholder Group: Private Sector

Co-Proposer:
Country: South Korea
Stakeholder Group: Government

Speaker Profile: Attached

Content of the Session:

Internet Governance issue:
The Internet depends on multi-stakeholder governance involving concerted efforts by governments, businesses, technical communities, and civil society. In the same manner, cybersecurity requires collaboration among the key players in public and private sectors, including national governments, computer incident/emergency response teams (CIRTs/CERTs), and technology companies. Regional and global cooperation among organizations is no longer a matter of choice. In this concerted effort to promote cybersecurity and safety, global technology companies are in a unique position as the maker and the operator of the cyberspace as well as the frontline and the first responders to cyber threats and attacks.

The purpose of this workshop is to share the perspectives and learnings of the cybersecurity experts from government, industry and academia regarding the current state and future prospect of their efforts in addressing cybersecurity in country and internationally as well as promoting global partnership. 

Korea Internet & Security Agency (KISA) is the central player of this workshop. Based on its accumulated knowledge and experience over the years as the national CERT of Korea, KISA has had opportunities to work with national governments in other continents, including those of Oman and Rwanda, contributing to establishing and operating national CERTs. KISA also has maintained good relationships with cybersecurity experts in Chinese government/CERT and academia. KISA and Microsoft have worked closely for more than 15 years, sharing information to support one another in protecting people and organizations in cyber space from threats and attacks.

The workshop will be an opportunity for the audience as well as speakers to develop a comprehensive understanding about (i) the workings of national CERTs; (ii) coordinating collaboration among national and regional CERTs; (iii) collaboration among CERTs and global companies in addressing the challenges to protecting security and privacy in cyberspace; and (iv) building cybersecurity capacity and development talent. This process will be reinforced with audience participation in the form of comments and Q&As.  

The participants are expected to take away the insights shared and lessons learned, which would contribute to addressing their own challenges and, eventually, promoting international cooperation for Internet governance. 

Session format:

The session will take a form of panel in which speakers will share experience and lessons learned in addressing cybersecurity independently and in partnership with key stakeholders including CERTs and businesses, perspectives about the future of cyberspace as well as the partnership among stakeholders.

One-third (1/3) of the time will be allotted to audience and online participants for Q&A. However, the time allocation is only provisional. Moderator will invite and encourage as much participation from the audience as allowable and orchestrate the use of 90 minutes appropriately. 

Speakers:

Government (Moderator): Dr. Wan S. Yi, Korea Internet & Security Agency (Asia; male) 
Government (Speaker): Ms. Jung Hee Kim, Korea Internet & Security Agency (Asia; female)
Government (Speaker): Oman*
Government (Speaker): Mr. Charles Mugisha, IT Operational Division Manager, Rwanda Development Board (Africa; male)
Technical Community (Speaker): Dr. Jianping Wu, Tsinghua University (Asia; male)
Private Sector (Speaker): Ms. Jing De Jong-Chen, Microsoft Corp (North America; female)

* Unfortunately, the representative from Oman would not be joining.

Agenda:
Length of session: 90 minutes

Presentation by panelists (Part I – 35 minutes, 7 minutes per panelist):

Expert from Oman will present on the experience in partnership with KISA on a project to establish Security Operation Center (SOC) including the education/training program offered in Korea

Mr. Charles Mugisha from Rwanda will present on the experience in partnership with KISA on a project to establish Cyber Forensic Center including the education/training program offered in Korea

Ms. Jung Hee Kim from KISA will present on the status and prospect of threat information sharing with other countries, including the training center established in Nicaragua for training officials from Latin American countries and the Cybersecurity Alliance for Mutual Progress (CAMP).

Dr. Jianping Wu from China will present on the structure of cybersecurity human resources development in China. This person may also discuss China’s experience in helping countries build capacity building in general and in cybersecurity as the world’s largest contributor for developing countries.

Ms. Jing De Jong-Chen from Microsoft Corp will present on the experience from working with national governments/CERTs around the world and the desired framework of partnership among key stakeholders.

Direct questions to each panelist (Part II - Total time 30 minutes)

Expert from Oman:

  • What were the key difficulties and benefits from the cooperation project with KISA or other countries to improve information security readiness?
  • What are the key difficulties in cooperating with other counties’ CERTs in responding to incidents? How do you solve them?

Mr. Charles Mugisha:

  • What were the key difficulties and benefits from the cooperation project with KISA or other countries to improve information security readiness?
  • What are the key difficulties in cooperating with other counties’ Certs in responding to incidents? How do you solve them?

Ms. Jung Hee Kim:

  • From the experience in sharing information and training officials from other governments, what do government members really want from the global cybersecurity companies in responding to incidents?
  • How can both the government and private sector work together to maximize the potential benefits?

 Dr. Jianping Wu:

  • Governments of China, Japan, and Korea invite government officials from developing countries and offer cyber security training programs. What are some ways to avoid redundancy and implement effectively? What is your thought about the possibility of jointly developing training programs, exchanging curricula, contents, and trainers?

Ms. Jing De Jong-Chen:

  • Based on your working experience with Korea and other government, how is Microsoft addressing the need to expand cooperation with governments of countries around the world as threats in cyber space may originate from any country, whether developed or developing?
  • In what areas MS is focusing on at the moment to work and support other governments?

Questions from audience and online participants to each panelist (Total time 25 minutes) 

The Moderator will invite the audience to ask questions. He will also select and ask questions on behalf of the online participants. Time allowing, moderator will ask additional questions, based on the preceding discussion.

  

Relevance of the Session:

In an increasingly more connected world on the verge of the digital transformation heralded by the technological advancement in artificial intelligence and cloud computing, cybersecurity has become an integral part of the economic, social, and cultural changes in people’s lives. Protecting security and privacy of users and critical infrastructure goes hand in hand with Internet governance. The Internet will not be sustainable without the sufficient assurance of security.

Tag 1: Cybersecurity
Tag 2: Multistakeholder Cooperation
Tag 3: Digital Geneva Convention

Interventions:
Each speaker’s views/perspectives/expertise are critical to achieving the purpose of this workshop, which is to share with the audience a comprehensive experience of independent and collective effort in addressing the challenges surrounding cybersecurity via presentations and Q&As. Therefore, all speakers will be given equal opportunity to speak.

Diversity:
The organizers of the workshop planned to highlight the global nature of cybersecurity partnership by staging representatives of various stakeholders from different geographies (Asia, Middle East, Africa, and North America). Ethnic diversity and gender diversity has been considered in speaker choices. Efforts will be made to introduce new and/or different perspectives in discussions. 

Onsite Moderator: Dr. Wan S. Yi

Online Moderator: Mr. Jong Hyuk Ro

Rapporteur: Mr. Alex Yudong Yang

Online Participation:
Online Moderator will be designated to guide online participants make comments and raise questions prior to and during the workshop, especially during the Q&A. Moderator will be instructed to communicate frequently with Online Moderator to ensure online participation. 

Discussion facilitation:
Seating: Speakers will be seated at the front of the room and participants will be seated in a class room style. Microphones will be provided to the audience during

...