The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.
***
>> MODERATOR: Just to give you a brief introduction over the 90 minutes we have to look at the collaboration where we are looking at communities between the Venn Intersection of Cyber and National Security. We will see how it's evolved to a national concern for security nation, especially in the global health. Today we will talk about topics about the vulnerabilities by cyber health and welfare. And how legislative frameworks can enhance resilience.
So this workshop is designed to be interactive, as I may wish, and we encourage all participants to share there's questions, whether through the chat for those who are client and the Q&A for those who are here on the inside. So as we focus on the case we have the case of India, the case of Ghana, and the case of Nigeria and others to be discussed today. We analyze the landscape posed by cybercrime and its impact on national stability. Particularly concerning youth and illegal activities.
We will also highlight best practices at security by design principals and open sources
(Audio Difficulties)
The secure and cyber sustainable economy system. So ultimately this is aligning cybersecurity and national security effort to safeguard data, data resources and meet people as final internet users. We looking forward to your active participating in this critical discussion or conversation.
So to welcome the panelists and introduce themselves I would like to start by those onsite. Allow me to give the floor to Hetha and Dr. Manjit.
>> Thank you very much. How many minutes do we have for the introduction?
>> MODERATOR: 30 seconds for the introduction, but we will give you 5 minutes to introduce the panel.
>> Perfect. Thank you so much for joining the session. I am -- coordinator of the India youth IGF. In addition to this I work a lot in the cybersecurity space both as a private sector. But also contribute quite actively to the standardization efforts that happen in the internet of thing and applications from a security standpoint. Thank you.
>> Can you hear me now?
A very good morning to you all. Thank you very much for the invitation to be on this panel and thank you for -- thank you to the audience for joining you my name is Paula (?), and I'm from the African Union and the African Union commission and my role to enhance the cybersecurity for the African Union and the processes.
My experience has been in the private sector and cybersecurity and work on framework works and managing risks and ensuring plans to various regulations. I am also quite active to the cybersecurity community. I am primarily focused on enhancing for young women in cyber community. I'm a mentor at cyber Gill's fellowship which is a programming programme to ensure we have skills in young women. Thank you very much.
>> Hi. First of all, thank you very much for having me. And I would like to mention a few thing that might be relevant to this. I was initially with Academia. But then I moved on to media. And then now I switched on to government.
So I have practically the experience of all stakeholders, and I will be loving to share my understanding at how I used to blame previously other stakeholders and now when you are part of the stakeholder, how the sufferings have been there. Because people only tell you how to fix it. So thank you.
>> MODERATOR: Thank you achieved panelists for your duck. And Hetha you talked about the internet of thing which is quite -- the challenge is that we have had today may be reflected by the purpose to look at these issues. Paula, thank you for supporting youth. I'm very happy to be with a part of the youth supported by GIZ supported in 2022 in Ethiopia. Very good participating we had.
Dr. Manjit, your perspective is very interesting because have you had to experience all of these issues by having Civil Society, Academia and now officially the government which will be very interesting as well. Moving to the online participation, I think we have Samaila who is online. Samaila, if you can introduce yourself, please.
>> SAMAILA ATSEN BAKO: Thank you very much. I hope can you hear me.
>> MODERATOR: We hear you, Samaila.
>> SAMAILA ATSEN BAKO: Awesome. Hi, everyone. Thank for the opportunity to be here. My name Samaila Bako, based in Nigeria. I work with a couple of NGOs, one of them is code for Africa, which is the continental-wide courses on different technology based issues, including cybersecurity and I work there as a security engineer who is responsible for inhouse culture and awareness as well as being a subject matter expert.
I'm also a director at the University of Nigeria and been in that realm for six years now. It's a pleasure to be here, and I look forward to engaging with the audience --
(Audio Difficulties)
On this important topic.
>> MODERATOR: Thank you, Samaila, for your introduction. I keep one key word, cybersecurity. Hopefully you will be sharing very good insights from your country's perspective how to tackle it nationally these issues.
I think we have one more left, panelist. I think we have Lilly. I will show her video. Because she is here based on the geographical difference we have in terms of time. But we have one more left. I think Karsan is online. Are you here?
>> Yes, I'm here.
>> My name is Karsan Gabrielle and thank you very much for the moderation for our audiences here am I work as the coordinator for the African parliamentary network on Internet Governance. And what we do is empower African legislatures in work the masses but oversight for policy and more decision making.
In terms of cybersecurity we have been doing a lot of research to get the nuances and differences between different cybersecurity frameworks but also what it means to our policy makers. And just the context about our session today has been highly inspired by Dr. Herre (?) who has wide experience in national security. So I'm looking forward to all of the comments. Thank you.
>> MODERATOR: Thank you, Karsan, for your introduction. We definitely are eager to have your perspective as policy makers in terms of digital policy and legislation. We have failed of having the importance of having policy makers this year.
And I think this is the right moment to have your insight and draft together resolution or a framework that will enable us to tackle these issues together.
If I'm not wrong I think we have also Ernest? Karsan can you confirm, please?
>> No, Ernest is not available. Please proceed.
>> MODERATOR: Thank you for confirm. Now I will ask you two questions and it's up to you to answer one of them.
So if I might say, how can we better align national security priorities in rapidly evolving cybersecurity threat or what gaps exist between cybersecurity practices and national security agendas. And how can we put them together. An Indian perspective would be very interesting. Thank you.
>> I will be very happy to. So a lot of my talk today will focus on the best practices and maybe a little bit around the developments that have happened in India over the past decade.
So when we talk about cybersecurity, it has direction implications on national security. And there are certain key initiatives and strategies that nations have taken. And my perspective will be purely from an Indian context.
So when he look at the critical infrastructure, spanning health care? Telecom, energy. Even education. So anything interruptions can cause catastrophic effects for nations and there are actors and proxy actors who are continuously seeking ways to destroy these vulnerabilities. And we have many national secrets that are kept online now. It becomes even more critical for us to protect the cyber aspect of it.
This brings us to this critical realization that cybersecurity and national security actually intersect in a Venn diagram that must be sorted out with precision and urgency. So certain key initiatives and strategies that India has taken, I will take you through from the legislative measure and the institution frameworks for that matter.
First we have the Information Technology Act. This particularly has provisions that established critical entity things such as your cert and CSEAN that plays a critical role to cyber incidents to the critical infrastructure. And a defense cyber industry which is a traditional.
And moving for the National Cyber Framework that came out in 2024 to establish a cybersecurity architecture.
Now this from a national perspective we have sector regulations and guidelines. In the banking sector we have the Bank of India, and they have cybersecurity for the senior management and board members of banks.
And then within the telecom sector, right, a lot of devices are getting --- we need to make sure they are sourced from the trusted source. So the government mandates -- there has to be entrusted and security certified products in the network and the guidance are also delivered by the government.
So you mentioned IoT. The IoT the proliferation is increasing. It's tremendous deployment in the country now. So how are we monitoring and making sure we have a complete pick of visible in the landscape of IoT, IoT deployments in the country, and that is where trusted telecom becomes very important, trusted confidence.
But we can't do awareness. That is training itself. And that's happened recently and the national cyber exercise for all critical sectors to be aware of what is happening with respect to cybersecurity and train themselves.
And this I think, these among other inputs, I'm sure Mr.? Will be monitoring a few more. Ensures the cybersecurity index. Earlier India was at the 47th rank but now we are on the 10th rank and being recognized at a tier 1 country. Which I think is an incredible example -- when you have cybersecurity initiatives there is a tremendous change that you can see.
But I also feel like it is not just the government. It is a significant work that the private sector also these do. So just in the last couple of years, we have seen almost 300 plus companies come up in the country looking at cybersecurity solutions and services. And I actually -- I work as a programme manager in a company called Cloudsec that does external intelligence and external thread monitoring.
As for the findings you will be surprised to know -- can you maybe guess what sector is most impacted or which sector has had most amount of cyber attacks? It's the education sector. Not banking. Not health care. So you know that highlights the critical point that we need the visible into the threat landscape. We need visibility into who are the threat actors and what are their motives and what are the strategies that we currently have to ensure that we meet targeted strategies, sector real or from a national perspective. Thank you.
>> MODERATOR: Thank you, Hetha for those wonderful point you have highlighted. I still remember about national cyber framework you just highlighted. And cyber technology. Doctor, how did you deal with the interesting framework.
>> Well, Hetha has highlighted most of the facts. But I would like to give you a perspective that I have managed to acquire through my experience. Initially I was in the private sector working with the (?) company. And then I moved on to Academia and I did my PhD in Internet Governance. And then I moved into personal law, foe us canning on cyber law. And then now I'm part of center for the headquarters with the Minister of Defense. Cybersecurity highlighted our position for 46 to. Because of the significant development we have planned.
Today we have a courtesy that sometimes bring a debate, you know whether the move was good or not, bringing private place to give data at the very cheaper rate. Today we enjoy one of the cheapest issue data. You consider less than $4 a month. Less than $5 a month you get in data which is huge.
So that creates a lot of data. User data. Which can be used for multiple purposes. And today if you can map a user, it will the no be difficult to find out his whereabouts using that.
But my name I would like to discuss here, when we talk about the best practices we need to incorporate that cybersecurity and national security is not just today relying only on critical infrastructure but the other structure, for example the submitting cables. Again it's another format. Like you see the emerging player, like for example Starlink satellites which we are not discussing openly. But that becomes a challenge us to. Because it involves multiple agencies and the bilateral relations.
What I mean in this case, suppose you see the scenario when the light which is a Starlink or any other company, it can impact the space that is there. What are the repercussions in this? Not only will we have a tough time creating it, but at the same time we will have a strained relationship (?) in the physical among the countries.
But you see technology at large we are trying to fix it in the form of a software diplomacy as well. Today the Indian government release marriage number of scholarships in the form of ICC, Indian Counsel for (?) relations, and as a part of soft spot diplomacy. As sign cybersecurity.
And cyber plays a key role in security. We have been giving a high number of scholarships for computing security, I mean seen cybersecurity. And I-tech. Again under the Minister of National Defense Division. We train to ensure the best practices are among us.
At the same time I would like to share the gap in understanding the legislation, the existing legislation, my colleague Hetha pointed out. That I-tech establishments are out there. But they do lack a coordinated approach because the elements of cybersecurity or the acts are legislature -- we need collaboration with all the partner companies because the origin office -- you know it can be established with someone who we don't have an extradition treaty.
So for example even we can trace the location to be somewhere but we don't have an extradition treaty. How do we do that? So we need a very coordinated approach. And again acknowledgement of regional borders or, for example if we take the example of NATO or the International Criminal Court in countries don't recognize it.
If you have a -- you know the list he will be listed or prosecuted but the other countries don't comply to that. So how do you focus on it? So considering all the hinderance we have, I feel that we need to focus on some converging areas which all the countries who don't really agree to this point will agree to extra Dicks or not but can agree to points that include x for example a (?). This field opens convergence to everyone. Everyone will agree.
Others maybe with the national interest will not agree. For example cyber offense to other countries. Because there is no mention of a threshold.
Like if you see today United States you and NATO. They say there is a tag on the critical infrastructure, they would retaliate if full scale. But they don't explain what is the threshold to it.
Like into what sense. So with this I would like to pass on. So the next time you come across I can share a little more. Thank you so much.
>> MODERATOR: Thank you, Dr. Manjit. Plans is sensational really to talk about issues. Before you do I have you floor, Paul larks sponsorship support security mechanisms let me go to the online speakers, Lilly (?)
>> Hello, everyone. My name is Lilly, and I'm excited to be joining you online. Like I mentioned my name is Lilly, I'm originally from Ghana but right now I'm an I.T. in since. For a top, like this one I like to share from a point of interest which is any interest in privacy. Because that is what my dissertation is about.
But I started to start to understand what it is you are talking about. Because usually when we talk about cybersecurity, sometimes it's so far fetched and looks as though it's only something that people in technology care about.
So I want to start with this analogy and move from there. So imagine walking into a very busy market and every shop keeper puts up their store in the portion of the market. At the end of the day that is not just to protect their goods open. It's also to ensure the whole market remains for economies or for business. Think about testimony you look at your space. It's secure. The whole manage is locked up. If it was an open market you put everything away so nobody comes to steal from you, right.
Now think about this cyberspace and these global markets which is our generation, our time. And this revolution where everything is categorized by tools.
In this space will is data, not goods that are treated. The physical goods we have real data that has been sent. Many things are happening. So just like the single store in a market can probably jeopardize the whole market. It looks like what is (?) when it comes to the compromises are. It's the same what that if you don't protect a very small part of what are supposed to take care of, it can lead it a breakdown of the whole.
So for instance somebody gets into a particular spot in the market and can go through and join another or enter another shop. It means that everything has been replicated. So when we talk about the cyberspace, cybersecurity in relation to national security it means -- it calls for this stakeholder angle and usually we say -- it's kind of repetitive. But everything plays a role in the collection is actually very protected.
So now how do we see -- what is it really made with the cybersecurity wall? The question I'm going to be answering now is how do we see this cybersecurity measured national security in a data driven age? It's one of our questions. So in this data driven age, cybersecurity is also a big part of national security. And the reason being that governments now depend on data to protect (?) to conduct diplomacy and manage critical infrastructure this is very true. So they dope come for the (?) but for invisible acts online and support vulnerabilities and networks.
It can come from anywhere. Usual lit misinformation we see on different platforms can lead to people doing thing that can literally jeopardize national security. So from things like ransomware crippling hospitals to disinformation (?) to targeting an election to cybersecurities. All of these have a potential to disable an entire nation. And that's why this conversations important.
So cybersecurity really matters when national data becomes as critical as protecting the physical access. You dope only protect your body. But you think about what is a national defense strategy.
And what your country could put online and offline. Some of these things include being proactive and protecting the online assets have you so can you prevent attacks and anything that can undermine sovereignty and public trust. You want to take proactive steps toward it.
In that sense I want to go to the topic what have intersection is between poll and I security in the cyberspace? So policy and security are two sides of the same coin in the sooner space world, right. And policies establish a framework of behaviour or comparability and risk and allocation.
Security on the other hand enforces that these frames works, true technology -- it enforces the framework in technology and practice. That's what it looks like. And policies guide how we share intelligence and how we doing encryptions and how we develop penalties for cyber crimes. In other words what is a penalty.
And on the other side we need effective collaboration for policy networks to ensure they are both realistic and enforceable. You don't just pick anything. You have people who have expertise to be able to implement them. And when we are talking about a person who deals with how do we improve synergy to enhance cybersecurity education in the global south. I feel like this is a burning topic and something that is really important.
And policy makers have to pretty much redouble their efforts in this area and all of us are playing a role to be able to help this conversation get started.
So in this area, there's improvement synergy in a global south. Which required addressing three key areas. One of the very first ones is capacity building. We have been talking about it a lot. But very much important. We are equipping -- how do we equip policy makers and institutions it technically to craft and inform legislation. They don't know what is happening in the cyber world. Can they bring expertise to the cyber making space.
And another critical area which is a public/private participantship. We have to encourage a collaboration between government, the private sectors and Civil Society to leverage expertise and resources. And another very crucial one is original cooperation. To in that case we will be fostering crossborder alliances to share best practices and respond to threats that do not -- threats that maybe cost national boundaries to pretty much be (?). So all of these would be linked to issue support and funding for these initiatives to ensure that they create foundation for sustainable improvement and cybersecurity legislation.
I think that's another good thing about dealed what is a defining base of shipping inclusive cyber laws and prioritizing security in national security policies. I know there are many times trips spoke about the (?) convention. How country have rectified this importance of cybersecurity, right of but when we are building some of these inclusive cyber laws we must prioritize accessibility, especially in the area of making applicable and understanding to all citizens. And not just only people who have technical aspect, right. You also have to look at equity in the sense we have to do a divide so marginalised groups are not disproportionately impacted by cybersecurity measures.
And then we have to think of resiliency and the ability to bounce back. And a lot of privacy, so you have to make sure there's that balance, which is security and individual rights so we avoid any overreach and bill public trust.
So with all that I've said there is a need to emphasize all of those principals, taking into contribution new ones, what we have is national assets where we have online assets and expertise so people understand that this is something that we are collectively doing and everybody should be a part. So in digital age, security is no longer just about locked doors and guided borders.
It goes way beyond. That it also include was what we do client and includes fostering frameworks to protect individuals and nations.
And one person saying one thing online is not checked and caused chaos. And sometimes you see all of these upheavals coming up without any other indications but it's time for us to rethink it.
But treaties have a secure as an integral part of national security. Especially in countries in Asia and Africa and whatnot. We can create a resilience inclusive policy or policies to safeguard the collective digital future. I hope this gives some light to some discussions you are having and gives -- what we call Venn intersections in national security and cyber secure. Thank you so much. And I do hope have you a good time interacting with the rest of our speakers. Thank you.
>> MODERATOR: Thank you, little Lilly for your presentation. I have to tell you that Lilly is very active youth coordinate to bring youth into the Internet Governance ecosystem.
Before we move to Paula, Karsan if you may prepare yourself to tell us a little bit about how legislation or how -- what role does legislation play between cybersecurity and national security in Tanzania:
Now allow me to give the floor to Paula to tell us a little bit more about how this issue organisation can contribute to support the mechanism towards national assistance for capacity building programme. What it can be. Thank you.
>> Thank you, Dr. Jose. And maybe just to open up my perspectives on the topic. Can you hear me? Just open up my perspectives on the topic. When it comes to cybersecurity, I always try to think what is the end goal?
>> Protecting infrastructure and or protect, the systems or protecting data. But what is the end goal? For me the end goal is trust. Trust in the system, trust the data I'm seeing is correct data. Trust that the data that is available to me has not been tampered with. We put in pleasure measures and controls because we want to be able to trust the is and we want to be able to trust the data we are getting from the systems.
In the context of national security, obviously every country has to define what is critical infrastructure to them. And it's for their culture and best for their needs and really an assessment what have is important to them.
So for the government to be able to trust whatever system those are using, if it's a perspective -- trusting that data and making inform decisions we need to put in place cybersecurity controls and cybersecurity measures. And that's wherefore me I see the link between cybersecurity and national security. Meaning it's one side of the same coin, to say. You can't have one without the other in this kind of data driven age.
But in terms of what international organizations can do to enhance the cybersecurity question, I will refer -- so GIC has a programme called global cybersecurity, a programme. And there's a particular project called Partnership on Strengthening Cybersecurity which is funded by the general forum office. This project is working and collaborating with participates to provide cybersecurity for the globe and specifically for the African continent. There has been a lot of progress. For instance if you look at the Akoas (?) region. It has confidence building measures. And these CBMs really are -- to the context of the region itself.
So the partnership between GIs and between EH (?) are to improve the reduce the rates of cyber describe crime.
One of the things that has been done is so capacitate the policy makers with an understanding of what cybersecurity is. So there's a lot of questions around cyber diplomacy, ensuring that the member states are able to interaction and cooperate with the organisation for security and cooperation in Europe which was one of the first to have the CBMs.
So you see there's a lot offed cooperation that is happening.
And this is why international organisations can come into partner with various member states to be sure that cybersecurity is enhanced.
I think Hetha had mentioned the issue to do with having an understanding of the threat landscape and the data to make informed decisions. I like to think about cybersecurity more from the sign management perspective. Because it's almost impossible to ensure that these it's 100% cybersecurity. So sometimes you have to weigh, okay what are we going to do? This threat is going to happen. What are we going to do? What can you do in the next five years. And you identify what is critical or what is high-risk and you address those issues.
So another form of collaboration that I would say is happening between? In the regions to understand what the assets and vulnerabilities are just try to improve how they make decisions based off of the risk management that will come from a cybersecurity perspective.
>> MODERATOR: Thank you, Paula for sharing wonderful point. And initiative that we wish you can have an opportunity to work in. Karsan can you tell us about cybersecurity and how do with these challenges? We also have our last speaker online. It's Milia, who is speaking about how we can de-- can central solutions enhance national security. If so, how? And then we will open the floor to the audience to last questions. Karsan are you here?
>> Yes, I'm here. Thank you very much. It's quite a pleasure to listen to the ditch nuanceness that have been shared by the previous speakers. When we drove into the question at hand, the critical intersection of cybersecurity and national security in today's data driven wore it's more unanimous a Tanzanian question, I think it's more global just like the internet. Because the digital age has already connected us in a very unimaginable way.
But these connections do come with a lot of vulnerabilities and these vulnerabilities transcend order and institutions and even generations, because we do have almost 6 years with the internet now.
We need to start by acknowledging that the reality and boundaries between cybersecurity and national security.
A single vulnerable like, for example the (?) and a lot of government data and disrupt critical infrastructure but in the end jeopardize citizen's safety.
As they say the weakest link is the user. It's important when we yield our solutions around the person. People. So cybersecurity is not longer just a technical issue. But it is a matter of national resilience.
Consider Tanzania now, we have a very youth driven population and they are vulnerable to fishing and online scams. And many people are being exploited in terms of the financial systems. And the whole almost of understanding and literacy still does not exist.
We see countries like Nigeria and India where there's large scale problems with big attacks on biometric databases which have raised a lot of national secure concerns. And both of these issues are tied to a lot of human and institutional behaviours. So to understand the connections between the human and institutional behaviours we see they align directly to how the user might interact with the risk. It's important when that we bridge the gaps.
In terms of the policy perspectives I think where the sign -- what the cybersecurity initiative needs is in areas of critical infrastructure. Because cybersecurity policy owners now at intersections of very many competing resources. Example, protection of individual rights, like the privacy and freedom of expression issue. It's mostly part of the cybersecurity question. Protecting also the infrastructure like power grids and financial systems and the digital backbone of infrastructure of many nations. And also ensuring nation at sovereignty. Because a lot of national resources are also protected online in these globalized areas of digital threats. So in Tanzania we do have a cybersecurity role that has become operational since 2020, and a lot of people have been pulling door the understanding of what it really means to protect their resources and platforms and their processes. But it has been highly connected to the different regional cyber acts like the? In convention but also the EU act in creating more sustainability and crossborder interpretability of the data. Because to protect one self we need to have a good understanding on how trust is shared cross-border.
And one of the best practices we have been exploring involve the building of cyber resilience. Because to strengthen cybersecurity and national security, we need to prioritize critical strategies such as security by design, decentralization but also education and inclusion. And because policy insistence must be embedded with the security angle from the start, incorporating encryption, but also regular checking and quality assessments on the system but as well as the people's understanding.
Think about it like building a house with fireproof materials instead of throwing the sprinklers when the fire starts. It's good when have you prevention. Because prevention is always better than cure. Decentralized systems are also harder to compromise. For example new technology sectors. Blockchain with good transparent and centralized enhanced security can also be applied.
And applying these principals of decentralization to national infrastructure to mitigate a lot of points of failure to most systems. But in the end literacy programs can help, especially for Africa where the youth prepare for threats and cybersecurity issues that happen. But also turn them into assets of fighting and protecting.
Imagine a programme which can train a lot of African youth to become the call hackers and to see the bigger picture in building stronger systems. I think these practices are not just technical, they are cultural and they require a big shift in how we see security. Because security now in the digital world is a bigger question. It's a equal question and characteristics. Thank you.
>> MODERATOR: Thank you. For sure your points -- I think missed having your picture on the screen, sorry. We wish to know who is -- but such interesting point. So for the next one for sure we wish to have you as a video speaker, please.
Now we will move to Samaila, if you can please tell us about how can centralize the digital exclusions enhance national security. And if so how.
>> SAMAILA ATSEN BAKO: Thank you so much for giving the mic to me at this point. Just before I go into my own comments I would say just because it reminded me of an excellent joke. I think issues around
(Audio Difficulties)
The use of cyber norms or confidence building measures and even understanding the impact of humanity technology is critical in this conversation.
I just want to add when we talk about this top topic cybersecurity and national security. Most of these issues are not only political they are actually technology based. So what that means is that the bulk of the efforts lies in the government. The issue there is what is the priority for the governments? Are they -- you know are they people who are intellectual, young enough to think of the future? So are they more focused on governance? Because that would determine to a large extent where their priorities lie. And if you talk about efforts, an NGO regionally am I think Paula was talking about Echo. Nobody is about to drop in January be right. So what are the confidence measures that have been adopted or used in the last 18 months when there have been. So think if you look at union rope where it's been there for decades and trust and information sharing on the news and thing like that.
The speak for themselves. So I think that's a huge missing peace from the west Africa and African perspective. So I think there's a cap on the private sector or Civil Society or any of us can do.
Now let me go back to my own question. Which again is -- the -- whatever are you building may still be limited by the government or still be (?) by the government. If we talk about solutions you look at how setting governments are more focused on thing like maybe surveillance, for instance or looking for ways to bridge people's privacy as opposed to maybe fund the national programme, cybersecurity awareness. Not only improving the budgets for Academia on a larger scale.
So while nationally the centralized approaches we are doing, and I think it's a bit similar to India from what one of the speak he is mentioned to have a structure to place for emergency response teams in different sectors, from the telecom sectors to the defense structure and the agencies and different governments as well, which helps when have a body called the national cybersecurity information center.
So it gives a bit of structure. And when you are adding regulators, you give them the capacity and bill their skills so they are able to actually give the right directions to the organizations within their realm. And they are able to build a certain level of resilience for the company at the central level.
At the end of the deities always good to have direction. We have seen case where there interest laws but no structure. And for instance who do people report incident to. Or if you notice something wrong in terms of cyber, who needs the response to those issues?
So it's very important that the structure in place makes sense. There's a very important need for a link between Academia Civil Society and end users. A lot of the times these groups of people feel left out. Civil I will because sometimes it seems as if the government itself targets Civil Society and end users. Academia they feel like they don't get funding. Some countries don't have a good RND country -- I keep saying country. I don't want to specify a country. But, yeah.
And in the private sector you often people that government just wants to tax to stress them to levels. So I feel like the direction of the government takes place in -- plays a huge role about the solutions. And like I said for me these issues are usually more political and rely on diplomacy than they are about technology itself.
Ideally if you have leaders who do not understand the criticality and they want to give -- if they don't take cybersecurity seriously then you fin your country with so many kind of issues. I think I will yield the mic at this point so can you move on to the others. Thank you.
>> MODERATOR: Thank you, Samaila, for sharing this very interesting perspective. And now we all know that this discussion is very sensible, and we have so many challenges to address to give a collaboration.
Now I will open the Q&A to have questions from the audience. And hopefully we can engage the panelists to answer the questions. So who might be the first here? Can you just introduce yourself and ask the question, please.
>> I'm (?) from the European law association. And I specialize in international Law. And my is targeted toward India but I would appreciate a global perspective. So the cyber attacks is largely undecided on what critical infrastructure is.
And when you look at regional powers does India view its neighbours? And ever coming to an agreement on what is the ISR in the future? It's a blanket question.
>> MODERATOR: Thank you for your questions. I think I see Dr. Manjit is always ready to answer those kinds of questions or perhaps Hetha you wish to go for it? Thank you.
>> My views will be mine. It's not the standard. The very first line you said is very important. Nothing is -- you know constructive or nothing is fixed. As I mentioned if you can kindly recollect. But if you see even the threshold for a cyber war is not defined. Many countries -- as I mentioned that they have the provision very much clearly that we will retaliate in a full scale if any war is raised on critical infrastructure.
But to what point? Because we have seen the office of the personal management, the OUS -- in the large scale but still it was not. Again, we have an attack that was very largescale, but what exactly would be the highest threshold? And to your context of asking whether there will be trust in cyberspace. You cannot trust anyone with any country, spying on each other. Every eye will be spying on the other eye. Coming to this factor. Particularly if you talk about India.
You will be aware that India is undoubtedly the world's largest democracy at this stage. There may be some questions that sometimes calls it to be one-sided but begin the perspective internet-wise or data-wise you know people are very largely connected to the internet. Have you to agree to this part. Irrespective of the differences and opinions that may be circulated in the good morning messages populated in India.
The good morning culture. But if you see the problem that comes with a democratic country like India is the debate between -- initially during the earlier stages was a defense development when one second used to focus on defense. The other second needs to focus on development. There's a huge gap. And the outcome you see you will experience it too.
But the debate largely lies on privacy versus security. So at one side the government arraignings that if you want a total security then in some cases have you to give the control to us. Like in what happens when you see your building infrastructure, or society at large, you see. We have not built a security outside the premises but inside we also have the I don't know guard. So connecting that with cybersecurity. So in a case when I have my medium scale or large-scale enterprise. If I want myself to be secured from a transnational thread that originates from another country. If I wish any country to safeguard me. How do we give control to third parties or to have a third party or -- you know far one. So we have to give the same liberty for the government. To come inside and to have a control. So they can see.
But at the same time we need the government enterprise, you see. We will have -- that they are going to make the data go against us or not. So that apprehension -- because cyber scepticisms still alloy.
In one of the other panels I was hearing a very senior researchers who still believes that AI is not very much popular. And where AI doesn't have potential. Like I say to disrupt the proceedings. But it is seen. Cyber has the potential.
That's why it happens. So we have to realize that cyber holds potential. There is people who are researchers. You know the very culture of doing a selfie like this and this. People have -- you know managed to draw the fingerprint and they have managed to unlock phones so nothing is impossible. It's possible.
But the same argument I like to put. And since you are focusing more on International Law I would also like to request to let things come from your side as well you know. The challenges that does exist. Suppose, for example the submitting cable breakouts that are happening nowadays.
It forms a very critical layer. But the talks are there. If they are incapability of handing it. The navy forces and it comes to the minister of defense. So the Minister of defense coming and looking (?) where is the Minister of I.T.
Because every country the ministers are different. There is no coordination that talks about the Minister of I.T. will be focusing even though Minister of defense. Then comes the services and there's a different framework all together. So we need to understand.
That's why if you talk about the lower -- it's going to be disruptive for sure.
We need to focus on this international landscape. So I will not take much time. Thank you.
>> MODERATOR: Thank you, doctor. We do face international issues, and it's important to hear from the perspective of African insight and I wish to hear from Karsan. How do you deal with the local cultural issues that address issues of cyber attacks. Karsan are you there?
>> Yes, I am. To be honest we are still at a very entry phase in building critical infrastructure. And this is not just for Africa. It's within the world they are still tied within the paradigms of global north or global south issues but cybersecurity context is always about the person. So if we center it around the person, then we can get the nuances of the cultural element. For example in Tanzania we are still building our infrastructure. Are still shaping how the infrastructure will be enabled, especially being a young country. It means that it's the youth who will be the actual utilizers and they get the context if he are based on principals. But the principals of security and cybersecurity should be same for any human being. You are protecting your resources for the best interest in terms of utility and passing it on in terms of sustainability to the next generation.
So our culture is highly around the issue of people's centeredness. We create, and disseminate based on the interest of the specific person. And we want first our demographic to be literate in terms of using the resources that are available in a place where still there's a big population that still has a bakes of computing or digital literacy in itself, security by design in the competence civil service or policy element that people understand the nuances of the culture that are important. And I think this is for any country or every country. So in Tanzania we are still based on the same element that correctively viewed but also collaboratively enhance the knowledge of the people and understanding the security and confidentiality and integrity and available of all the resources in their best interests. Those are my remarks.
(Audio Difficulties).
>> Hearing a lot about the shared approach to cybersecurity and national security and that intersection. Do you feel like we are adequately sharing globally the indicators of compromise and the threat side? Do you think there's more work that could be done there to make sure we are making it more difficult for our global adversaries who are targeting all of our networks?
>> MODERATOR: Thank you very much four your questions. But we also wish to hear from you as a U.S. perspective and how do you deal with national security?
>> Yes, I think that's answer credible question. Yes. So we would love to hear from you, of course but there is just one thing I wanted to highlight. When you look from a cybersecurity threat or threat intelligence perspective.
All of us tend to focus on indicators of promise, but there's something called indicator of attack, which is more proactive. So when you look at a cyberkill. Cheap, right. Have you, let's say, at the recognizance stage, when you are gauging the entire threat landscape, then ones that have the initial attack.
Once have you some initial entry into the chain or in the ecosystem. And finding the exact initial attack vector, your indicator of attack, it makes a lot of difference. Because a compromise is both. So sharing best practices and ensuring that we have like a repository or data around what are the potential indicators of attack will ensure this is more visible not just from a national perspective, even sectoral for that matter. I would like to hear from you if you want to add something to this. Yes, I think -- so from the FBI's perspective, absolutely I agree with you. Looking at -- and going back. The only challenge I think -- and this is where the public/private partnership becomes so important. Is many times it's really taken a lot of work for us I love that you all use the word trust, because I think this is really what this all comes down to. So building the trust with also our private sector companies that we are here for them to protect them. But that way they feel comfortable sharing when they have actually had attacks and of course that's how we are seeing a lot of this. And then we can go back and -- you know I will use a U.S. term but reverse engineer for go back to look for what were the attack indicators. I think that's right. And that's why I wanted to find out -- I'm not sure we have connected specifically with those of you around the table and online with our African nation partners to make sure we are connected, and we are sharing those best practices and those indicators of attack, and you know the compromise as well. So that we are, again, tighten.
Because I think what we are also finning is there are global advance persistent threat actors and there are global enterprises and they are targeting all of our networks. Because for financial, we all have financial resources we all have defense resources. So I feel like -- I'm not sure we have knitted the cybersecurity community globally. So I wanted to hear from you and your perspectives. Do you feel that way? Can I definitely see some room for growth after hearing your perspectives. And so just want to make sure we doing our part.
>> I just want to add to that, from my experience in the private sector. So I worked in the financial services industry. And I will give an example of what would normally happen. So for instance, this weekend, bank A experiences a cyber incident. Two days later it's going to be bank B experiencing the same type of cyber instance with the same modus operandi. And three days later another bank and so on and so forth. And the biggest thing we didn't have a community of sharing information. And when we would bring this up to the regulator, like the collective issue that was that there was no guiding principal and how we would be able to share this information.
Mostly with the private sector if you share information like that, the worry is that it's going to go out to the public and the public will know have you been hit. And then you will lose your reputation and things like that.
So if we have a guideline of sharing threat Intel, that would still safeguard the company. I think we would see more organizations coming forth and reporting these incidents. I also just wanted to add that there is an organisation called shuttle savour and they work with different governments and countries and certs. So you can plug in with them and to ensure the understanding of the threats coming to you is better enhanced.
(Audio Difficulties).
>> -- your perspective on how we are working with you. But certainly in the issue say we are very active. But let me tell you how we do it domestically and regionally. Because I love you all shared those perspectives. For us what we are really finding is you sort of can't have enough reputation. And for us that's at the national level.
So we are also trying to influence policy and development and make sure that the threat intelligence as well as sort of all of the designs around critical infrastructure, that they are all factored. And I love what one of you mentioned -- I apologize. I don't remember but you said you need to have technical literacy with your policy makers so we are at that strategic level, and internationally, also trying to share it.
That's why I'm here, by the way, is we are getting more active in the standards bodies to try to bring this perspective into it. But separately, we even go out down tour field office level. We have 55 field offices. And we have this group called infraguard. And the whole design behind infraguard was to bring private sectors who were local into the offs and into the fold and be able to share with them what we are learning in the international community and say okay here a how to protect your business.
We do a ton of public service announcements where we are going out. Manitoba of you, I know I was asking this I know you heart about assault typhoon. A recent targeting of our telecommunications industry. We have been going out with messaging over the last week, week and a half to share, again, the threat intelligence side of that.
And then giving guidance on how to protect. So I think that's an area too where we are going out to our international partners to say are you also seeing this type of vector, this type of targeting, this type of present in the networks and what that looked like. And if you are or are not, what were the acts that were taken, and again, how do we make sure that there can be detection. And I think that's a huge part of it.
I don't know if I adequately answered your question. I'm just trying to give you a flavour for how we kind of take it as you all said, from a local to the regional to the national, to the international. And I think that's the most important thing. And I think you have all said it here too. There's a bottom-up approach to cybersecurity. And there's a top-down. And we have to make sure that those are intersecting in the most meaningful ways. And it is difficult. Say it sound so easy to say the problem. But it is very difficult in practice. For all the reasons that you just said. You are right. You know saying that -- you know admitting that have you been attacked means have you admitted to vulnerable in the eyes of the private sector. And possibly the erosion of trust in our citizens and our users. That is not what we want.
But there has to be a ill-will bit of openness to be able to ensure the next victim is not vulnerable. And that there's -- you know we stop the harm. But those are the -- some of the local groupings. And again there are issue forums. I just -- I'm not sure if we have -- I will use the word rootanised. We have made it a part of always practice to just always go back to default to share whom needs to know this? And how quickly can I get it to them.
>> MODERATOR: Thank you so much. I always said openness and international access -- I mean information accessibility is essential. I mean stakeholder to be able to collaborating to tackle these issues. We just heard perspective from the FBI in how these mechanisms work. Samaila can you tell us how -- can you collaborate together to make sure that these challenges can be addressed in a multistakeholder or let's say international corporation?
>> SAMAILA ATSEN BAKO: Thank you for the question. I will say there are quite a number of multistakeholder -- sorry, can I hear an echo. This is kind of distracting but anyways. The number of -- conversation, for instance, some of the -- one of the discussions. The GC3V and some other ones. Personally -- I'm speaking for myself. Personally think --
(Audio Difficulties)
But at the end of the day when it comes to implementation, you know I feel like
(Audio Difficulties)
We ten to rely on government's efforts. It can be a problem. Because for instance when one changes from one government to the other there's issues. We have people who are heading to agency and can retire or take other jobs so sometimes the effort is usually
(Audio Difficulties)
But the department or agency when they leave those efforts tend to either stall or regress. That being said, right, that being said I think there's some problem in the sense we see the effort of the private sector. Even
(Audio Difficulties)
Protection and antifraud efforts. We see a lot of
(Audio Difficulties)
I think Paula mentioned the cyber -- programme. There are so many other NGOs.
(Audio Difficulties)
We love things considering it organisational awareness. Engaging with government with conversations and laws and the end user percent to look at it from the end user. So everyone has a role to play, generally speaking. Audio as the priority or the goal of implementing people and organises what usually takes precedence. If a law is --
(Audio Difficulties)
The privacy Act but they are targeting
(Audio Difficulties)
So it means that at the point of communication, the end goal would be to make sure that that funding does come. Especially how do we guarantee the privacy, even there is a law, a privacy law. That's why it's tied with political and personal interests that drive it forward. But we can't give up as the end users or the private sector or the industry
(Audio Difficulties)
We have to keep sticking and pushing --
(Audio Difficulties)
From a practical perspective the key thing is to fix the educational curriculum. Fix the infrastructure deficit. Within our region there's a lot of -- what we call
(Audio Difficulties)
If people.
Can't come online or they can't afford devices or they don't have access to internet, et cetera, then how do we communicate. Or how do we do --
(Audio Difficulties)
How do we even make them aware
(Audio Difficulties)
Things like that. So we need to start from the basics. We need to get to the infrastructure itself. Where the necessary funding is put toward thing like Academia instead of just a fraction of the project when it comes to those things and we do the RND culture. It's necessary to do research and can come up with having not just relying on what comes from us.
We have open source and leverage, but if we take the
(Audio Difficulties)
Security threat as global south then it helps us to bill capacity as a whole. As auto Rae region and as a country and from there the effort from the economic side of thing. I think those are my ideas on how we can move thing forward and collaborated.
>> MODERATOR: Thank you, Samaila for addressing this important collaboration between the global south and the global north.
Dr.Manjit, if we consider the FBI's rendition to collaborate.
What are the three point we can work on the top of the list?
>> Addition by our steamed -- I like to say you are more part of our speaking panel. You have added a new dimension. So let us be under the reality that the relation between India at large and the U.S., given the circumstances that has happened politically between 1917 and 1999 but when you talk about trust in terms of sign cybersecurity you see big giants like Meta and Google they have an agreement with the U.S. government that bounds them to share the information or at large the data. But where we attempted that same with one of our startups we failed miserably. And that attempt was largely highlighted by the so-called risk to ensure India is trying to bring on surveillance. Because whenever we attempted anything from our side we never got that same support.
Just to ensure the Monday poly or duopoly is never harmed but we don't intend to harm anyone we want the Indianization because we are progressing and we attempt to do it that way.
What I feel with greater collaboration in terms of -- really trustworthy. When I mentioned what trustworthy should be. Not in exchange. We support an eco-change of data but the ideas of localization that can.
Ha. Let the data be within us. If you need you kindly request -- we are always ready. We have several agreements whether you are starting from the agreement of supporting shifts -- we have all sorts of agreements. We can do that. But not to take data from the other way around.
I feel that data corporations and certainly, we have very flexibility initiatives liken suring a digital divide or I like to say -- I'm sorry that we have developed some applications that are, by the Minister of Education that are called -- like that translates, I'm happy to say far better than goo Google to ensure whatever India we speak English in a very -- courtesy of our population. So I feel these types of applications we not only promote 22 languages of inn I can't you about nine and ten overseas languages.
So if this could be important to the collaboration where weeing to can -- you Joe update this to our African bothers and sisters. Because you have the outreach and we have the product and we can certainly do
So this can be one and other cyber secure. As you mentioned the advanced systems -- this is a key area. Because you see our neighborhood is highest. It remains by the so-called north Korean actors who it. It was not managed if you can recall kindly. So the collaboration can certainly help in prevention.
Because today in India, money -- every person in India or every person at large will have PhonePe or Google Pay. So we are largely defendant on mobile pay or QR everywhere. So just ensure safeguards.
So this can be the one and largely through your embassy, the United States what they can do is undertake cybersecurity aware seasons a key part which otherwise does very good work. It's been very active and they are promoting culture through your scholarship and other mentors. But I feel cybersecurity awareness can also be taken as a part and we can do. So thank you.
>> MODERATOR: Thank you, doctor. Going back to the FBI. Cyber issues is quite -- you a E
(Audio Difficulties)
It's internationally our own kind of interesting. We need to collaborate together. As we have been highlighting -- the point that we looked on from the perspective, you do think we should have international cybersecurity from
(Audio Difficulties)
Or a bilateral collaboration will be enough to establish kind of a possible programs and kind of initiatives to the organisation?
>> Thank you, and thanks to my colleague from India. Those were great points. And I will actually take that back. Because our legal attack, i.e., at the embassy could be very helpful. So we can make a connection afterwards if you like.
So answer your question I think we need bilateral cooperation for the areas where we need national security.
Sometimes there are certain thing that are incentive because it's -- you know maybe targeted a very sensitive part of your critical infrastructure and sharing could actually open up digital targeting or visuals to be identified. So I think there are certain times when bilateral club race security is required but more than that, and I think your colleague was getting at this as well.
The financial part of this, are ubiquitous. I love that word, ambiguity, I don't know if it translates to everyone's language but it's everywhere now. It's persistent.
There's ambiguity to certain thing like financial services and the application for communication where there's a great opportunity for international cooperation on really trying to understand and evaluate. And I think one of you mentioned it too, this idea of the intersection between privacy and security.
I think everyone wants to make that about things like -- I will say it from our point of view at the FBI they watch to make it solely about encryption as though that's it. N in reality, sometimes it's security versus security, which is if you want absolute privacy then that means there's sometimes anonymity, right of a person and all of their activities.
I think that's where we are trying to fin a little bit of balance and understanding so we can make sure that users, whatever their level of digital literacy ask companies, whatever their level of productisation, are thoughtful and deliberate about just making those decisions, where an individual going into a global common be it's such a powerful, wonderful thing. And it's huge for economies am I think you mentioned that for economies. It is from any colleague online.
But there is now -- I think I agree with those -- a person who said -- you know security is now the next real challenge. It's out there. It's real and everyone is sort of paying attention now because there's been so much victimization at all levels from individuals to Corp. races and governments. So that's where the communication piece has to play a bigger role.
That's why I use that word, routinise saying, or routine. We have to make it a common fabric where we are consistently making it smaller for our adversary.
There are a lot of ways to do. That but one difficulty we are in information overload from I think individual -- you know there's so much information hitting us every day but also at the government level. And probably -- certainly on the private sector side as they try to understand also the markets. So I do think it's complicated
(Audio Difficulties)
As we possible reply can. And I feel like it's been growing out of control for a while. So thinking we can do to shrink that would be welcome.
>> MODERATOR: Thank you so much for sharing this very important point and for your presentation. Because we have learned more from you and we are eager to continue to learn more and more. I think we only have 3 minutes left. So I will be giving the floored floor to all the speakers for 30 seconds to perhaps ask any questions you think or for closing remarks so let's start with Hetha.
>> I will keep it short. I think I appreciate the point around the synthesize in the attacks office and begin we have so many emerging technologies coming in the and the cybersecurity threats they are posing I think cybersecurity should have started giving it a priority a long time ago. Given now that -- especially with AI and IoTs and also the blockchain based -- you know applications that are coming in we have to be very cautious.
The other thing I want to address with respect to the different photos that are there, two that I engaged with in some capacity is the Global Forum on Cyber expertise we have GFC where a lot of organisation including governments and private sectors come together to discuss best practices.
And you also have photo nuance an issue discussion is the APWG the Anti-Phishing Working Group. And I'm sure there ray lot more if somebody would like to highlight. With this I would like to hand it over to my colleagues to close it.
>> I've really enjoyed the discussion today. And I think I've gotten a little more of an understanding from the different perspectives such as India and the USA.
But in my closing, I just wanted to mention three point which is cooperation, capacity building and implementation. So from the perspective of cooperation I think we can't deny the need for different regions, different partnerships to happen.
For instance from the perspective of GIZ, the partnership for strengthening cybersecurity is a project that is really trying to ensure all of our partners have enhanced cybersecurity postures. I think the gentlemen there had asked a question on International Law in the cyberspace and this year the African Union adapted the common position on application of International Law in cyberspace and one of the thing very been doing to make sure states in Africa build their capacities to hold round table workshops where they can get different perspectives from member states and it's very important.
I was in one of the workshops and a lot of conversation came up but especially around data sovereignty. I see I'm being given time. But essentially, it is important and capacity building. We need to make sure from the technical perspective we have the capacity from the policy makers and the cyber diplomats we have the capacity build and lastly implementation am I think Samaila mentioned we can't deny. We can talking talk, talk. But if we don't implement we aren't going to go anywhere.
>> MODERATOR: Thank you so much, Paula. Karsan please you have ten seconds to tell us two point if possible.
>> Thank you very much. I think for me the most important part should be based on trust. Trust should be a principal that is building upon security, architecture as well on policy. So when we have a trust which supreme entered I think --
(Audio Difficulties)
In cybersecurity. Thank you.
>> MODERATOR: Thank you so much, Karsan. Over to Samaila. Ten second.
>> SAMAILA ATSEN BAKO: Maybe I should just ask a question in my closing remarks. Many times the attackers have graced our governments so what can we do? That's a question for all of us. What can we do to use governments to stop
(Audio Difficulties)
From attacking.
>> MODERATOR: Is the question open to all or perhaps --
>> SAMAILA ATSEN BAKO: Open to everyone.
>> MODERATOR: Thank you so much. They can't really answer the question. So Dr. Manjit, Please closing.
>> A closing remark, but I would like to make it as an opening part for our first possible discussion in support and as highlighted by our participants and guests special invitees over here I consider. I think we can collaborate and at least have the common ground where we can -- we have convergence and start focusing on that. Because the largely cyberspace has become a particular aspect as well. The differences will be there and that will be used for -- you know? Other factor but let us fin a common ground and collaborate. Let's start with today once we are done this session and I feel there is more to it. Thank you.
>> MODERATOR: Thank you so much. As we complete this session on The Venn Intersection of Cyber and National Security. I would like to thank all of you for your active participation.
Today's conversation was growing with cybersecurity and emphasizing the urgent need for a stronger policy and innovation and practices to collaboration to address the challenge Wes face in this digital age. Thank you, participants and thank you for your participation and very interesting discussions. Thank you so much, all. Group photo, please.