Multi-stakeholder Community Talks on Cyber Diplomacy - Shared screen with speaker view
Who can see your viewing activity?
I so much like that the webinar started with what was positive in 2020! We are often over-focused on threats and challenges that we miss good news. Thanks for this!
INTERPOL this year has shown some ground-breaking results of cooperative model, including the largest phishing network takedown with dozens of countries and private sector partner! Congrats to Director Jones, and kudos to the entire Cyber Directorate team and private sector partners!
To add to the list of good news, Geneva Dialogue (https://genevadialogue.ch) has managed to put together some of the lead global companies - Kaspersky included - to discuss good practices on security of digital products and service. Geneva Dialogue continues in 2021, with focus on developing baseline requirements that could help companies to secure their products, and assistance to companies to more easily participate in international diplomatic discussions.
Wout de Natris
Greetings from The Netherlands. One option to make the Internet more secure and safer is through mass adoption (deployment) of Internet standards, ICT guidelines and best practices. The new IGF Dynamic Coalition on Internet standards strives to formulate policy recommendations leading to deployment. E.g. through government procurement recommendations, education and skills raising and security by design recommendations. You are invited to join this initiative. More information is on the IGF website: https://www.intgovforum.org/multilingual/content/dynamic-coalition-on-internet-standards-security-and-safety-dc-isss
Is the work between GGE and OEWG well coordinated? What works well? Where is there room for improvement to make the work of both groups even more focused?
Greetings from Germany. Good to see global approaches, and totally in Agreement to that, but eg as Long as companies who become victims of Ransomware make payments (and appranteltx
Question: We are increasingly worried about cyber-attacks with global consequences - such as those reported against the Covid vaccine supply chain. This often has some political weight as well, and needs to be dealt with globally. How do the panellists see a response to such - by researchers, diplomats and law enforcement together? Do we need a specific global operational instrument/body for this? (eg Could PoA work on developing something like this?)
Greetings from Germany. Good to see global approaches, and totally in Agreement to that, but eg as Long as companies who become victims of Ransomware make payments (and apparently can deduct this as expense, as recently reported in TV) is this not counterproductive to the efforts?
That is a good question Dr. Getao. Maybe a Code of Conduct might be a start, similiar as this is done to address intransparent Business practices?
Great question on Ransomware payments!
would love to hear Director Jones thoughts on this
A Point here from Mr Delcher, as maybe to many global Standards (Common Criteria, SESIP, Global Plattform, etc etc) make it difficult to achieve security be design?
#Ransomware Stepping into shoes of an attacked company, who can they call in such situation? Realistically, CERTs commonly can't do much once data is locked, police can do even less. There is no systemic solution for such victims. Last option they have is to pay and get the data. They know it is not the best thing to do, but what else can they do (since they haven't done a backup)? Quite an interesting dilemma.
@Eric #securitybydesign Good point, and an open question: to what extent existing international standards are sufficient, adequate and useful (and accessible) for companies to implement security by design? Do we (also) need various incentives and 'know how' transfer to embrace security in design (particularly for start-ups/SMEs, and in developing countries)?
Wout de Natris
@EricBehrendt, in the IGF DC-ISSS harmonisation of standards is one of the goals to work towards. It is a point decidedly made by industry participants. If you have suggestions, please reach out.
TRAINING, TRAINING,TRAINING of the user Level, with practical exercises - making the layer 8 a bit more secure in the sense of Aware, a good deal of the Risk could be addressed.
#ransomware payments That is a good recommendation
#ransomware payment : What do you think about the extraterritorial US laws sanctioning companies paying ransom, is it a good thing for limiting this or it is a real threat for Europe and european companies ? https://home.treasury.gov/system/files/126/ofac_ransomware_advisory_10012020_1.pdf
Question for mr Jones: Do we have useful legal instruments for such global cooperation in practice? Is Budapest convention sufficient, or we need a global convention to bring everyone together?
we need more global cooperation, trust is one of the main factors in this. we are looking to bring LE together in our global cybercrime programme for our 94 member countries
#ransomware payment - as said here before, the payments are made by brokers, who also negotiate on behalf of the victims, and Maybe this should not be conducted
Wout de Natris
Thank you for this insightful session. All the best for the festive season and may we be off to a better start soon.
Thank you very much for such a rich discussion!
One suggestion on behalf of the Geneva Dialogue is to look at the outcome document on security by design: https://genevadialogue.ch/wp-content/uploads/Geneva-Dialogue-Output-document-for-comments-v20201110.pdf
Thank you very much for that important and useful discussion and a lot of ideas