One for all, all for one: the role of cooperation in enhancing cyber resilience in Europe – TOPIC 01 Sub 02 2024: Difference between revisions

From EuroDIG Wiki
Jump to navigation Jump to search
 
(22 intermediate revisions by 2 users not shown)
Line 1: Line 1:
18 June 2024 | 11:30 - 12:15 EEST | Auditorium <br />
18 June 2024 | 11:30 - 12:15 EEST | Auditorium | [[image:Icons_live_20px.png | Video recording | link=https://youtu.be/1J0fkuQZFcg]] | [[image:Icon_transcript_20px.png | Transcript | link=One for all, all for one: the role of cooperation in enhancing cyber resilience in Europe – TOPIC 01 Sub 02 2024#Transcript]] <br />
[[Consolidated_programme_2024#topic1_sub2_24|'''Consolidated programme 2024 overview''']]<br /><br />
[[Consolidated_programme_2024#topic1_sub2_24|'''Consolidated programme 2024 overview''']]<br /><br />
{{Sessionadvice-MT-2024}}
<big>'''Main Topic 1: European policies and strategies'''</big><br />
Working title: <big>'''Subtopic 2: Cyber resilience'''</big><br />
Proposals: (#11) (#22) #52 #55 (#60) #63 #68 #69 (see [https://www.eurodig.org/wp-content/uploads/2024/01/EuroDIG-2024_List-of-proposals-20240116_for_wiki.xlsx list of proposals])<br /><br />
Proposals: (#11) (#22) #52 #55 (#60) #63 #68 #69 (see [https://www.eurodig.org/wp-content/uploads/2024/01/EuroDIG-2024_List-of-proposals-20240116_for_wiki.xlsx list of proposals])<br /><br />
== <span class="dateline">Get involved!</span> ==  
== <span class="dateline">Get involved!</span> ==  
Line 13: Line 10:


== Session teaser ==
== Session teaser ==
The European Union is working to fortify its digital infrastructure against escalating cyber threats by implementing robust legislation such as the European Cyber Resilience Act and the Product Liability Directive. These acts mark a significant milestone as they hold software makers accountable by imposing legal liabilities and security mandates. This session will discuss the need for heightened cybersecurity demands, the impact of European regulation, and the importance of safeguarding interconnected systems, email security, and the broader digital domain. Cybersecurity is an essential feature of the European Union's strategy to address the multifaceted repercussions of digitalization and the pressing need for cyber resilience in this era of rapid technological transformation.  Is this approach working and what more can, and should be done to support Europe’s cyber resilience?
Europe is working to fortify its digital infrastructure against escalating cyber threats. Malicious acts know no national borders and are rarely limited to a single target. For this reason, while building one's own defence capabilities remains essential, it is even more crucial to work together towards the goal of establishing collective resilience across the continent. Cooperation is challenging; it may necessitate seeking compromises or even sacrificing part of one's own interests or assets to assist partners. At the same time, however, it paves the way for building collective strength and defence, far more robust than what a single actor could provide for themselves.


== Session description ==  
== Session description ==  
Always use your own words to describe the session. If you decide to quote the words of an external source, give them the due respect and acknowledgement by specifying the source.
The goal of this session is to explore various aspects of cooperation for cyber resilience building in Europe. Such partnerships can take different forms, bringing both a wide range of opportunities, as well as challenges. Some of them are already highly mature and can serve as best practices examples, while for others there is still a room for progress.
 
The diverse backgrounds of key participants of the session will bring a wide spectrum of perspectives on the cooperation for cyber resilience. The audience will have the opportunity to learn about, among others, operational, legal and administrative nuances of the topic. They can also share their own observations, experiences and examples. As the final result of the session, we hope to gather a range of inputs on chances and risks connected with cooperation in the area of cybersecurity and the list of existing best practices.
 
The session will open with the kenoyte by Jacek Oko, the President of the Office of Electronic Communications in Poland, who will give introductory remarks. Then, in a round of short statements, all invited key participants will share their perspectives on the topic of the cooperation for building cyber resilience in Europe. After this part, the floor will be opened for the audience to ask questions or express their views and comments. The session will be concluded with a short closing statement by each of the key participants.


== Format ==  
== Format ==  
Please try out new interactive formats. EuroDIG is about dialogue not about statements, presentations and speeches. Workshops should not be organised as a small plenary.
The session will include inputs from key participants, followed by an open floor. All participants are also invited to contribute to the shared interactive board, which will be available before, during and after the session to continue the discussion. The link to the board will be posted here shortly.


== Further reading ==  
== Further reading ==  
Links to relevant websites, declarations, books, documents. Please note we cannot offer web space, so only links to external resources are possible. Example for an external link: [http://www.eurodig.org/ Main page of EuroDIG]
 
* https://www.centerforcybersecuritypolicy.org/insights-and-research/cybersecurity-coalition-releases-eu-policy-roadmap-2024-2029
* https://www.coe.int/en/web/cybercrime/the-budapest-convention
* https://www.coe.int/en/web/cybercrime/second-additional-protocol


== People ==  
== People ==  
Line 47: Line 51:
*Natálie Terčová
*Natálie Terčová
*Inga Rimkevičienė
*Inga Rimkevičienė
*Marko Paloski
*Alexandra Slave
*Lucien Castex
The Org Team is a group of people shaping the session. Org Teams are open and every interested individual can become a member by subscribing to the mailing list.
The Org Team is a group of people shaping the session. Org Teams are open and every interested individual can become a member by subscribing to the mailing list.


'''Key Participants'''
'''Key Participants'''


Key Participants are experts willing to provide their knowledge during a session – not necessarily on stage. Key Participants should contribute to the session planning process and keep statements short and punchy during the session. They will be selected and assigned by the Org Team, ensuring a stakeholder balanced dialogue also considering gender and geographical balance.  
* '''Jacek Oko''' - President of the Office of the Electronic Communication of Poland - [https://uke.gov.pl/en/about-us/management/jacek-oko,1.html BIO]
Please provide short CV’s of the Key Participants involved in your session at the Wiki or link to another source.
Jacek Oko is a scientist and a manager with many years of experience. He is associated with the Wroclaw University of Science and Technology and the Wroclaw Centre for Networking and Supercomputing. Mr. Oko is an author of many scientific publications.
 
His professional interests focus on technical, economic and legal aspects of telecommunications services and data communication networks, as well as on the development of the Internet, the convergence of telecommunications, information technology and media, and the problems of the information society.
 
* '''Nataliya Tkachuk''' - Head of Cyber and Information Security Directorate, National Security and Defence Council of Ukraine
Nataliya Tkachuk is the Head of the Information and Cyber Security Directorate at the Office of the National Security and Defense Council of Ukraine. She also holds the position of the Secretary of Ukraine's National Coordination Center for Cyber Security. Ms. Tkachuk has 20 years of practical experience in the sector of national security and defense of Ukraine. She is responsible for providing coordination and control over activities of main state actors on information and cyber security. Ms. Tkachuk has PhD in law in the field of national security.
 
* '''Matthias Hudobnik''' - ICANN, Security and Stability Advisory Committee (SSAC) Member & At-Large Advisory Committee Liaison to the SSAC - [https://www.hudobnik.at/ BIO]
Matthias M. Hudobnik is a Legal Engineer at Europol's Data Protection Function, combining his roles as a lawyer and an engineer. He focuses on AI and cyber security in operations, as well as research and innovation projects. Matthias works closely with Europol's Innovation Lab to foster innovation in law enforcement.
 
Matthias serves as a member of ICANN’s Security and Stability Advisory Committee (SSAC) and as the At-Large Advisory Committee (ALAC) Liaison to the SSAC. Previously, he was a member of the ALAC for four years and is an alumnus of ICANN’s Fellowship Program, RIPE’s Fellowship Program, and the NextGen@ICANN Program.
 
* '''Dina Lurje''' - General Counsel, Nord Security
Dina Lurje currently serves as the General Counsel at Nord Security, a global leader in cybersecurity solutions for consumers and businesses, overseeing legal strategies and ensuring compliance in a rapidly evolving tech regulatory landscape. Prior to this, Dina served as Deputy Chair at the Lithuanian National Competition Authority and worked at the EU Commission's DG Competition and the US Federal Trade Commission, where she supervised mergers and worked on policy initiatives. Dina has first-hand experience chairing legislative negotiations at the EU Council and has extensive experience navigating regulatory compliance issues in tech markets. She is also a frequent speaker and lecturer on topics of competition and tech regulation and an expert in international capacity-building projects with the World Bank, USAID, EuropeAid, and Taiex.


'''Moderator'''
'''Moderator'''


The moderator is the facilitator of the session at the event. Moderators are responsible for including the audience and encouraging a lively interaction among all session attendants. Please make sure the moderator takes a neutral role and can balance between all speakers. Please provide short CV of the moderator of your session at the Wiki or link to another source.
*Emilia Zalewska-Czajczyńska, NASK PIB - [https://www.linkedin.com/in/emilia-hanna-zalewska/ LinkedIn]


'''Remote Moderator'''
'''Remote Moderator'''
Line 77: Line 97:


== Messages ==   
== Messages ==   
A short summary of the session will be provided by the Reporter.
Concerted and coordinated efforts must be built on trust, cross-sectoral collaboration and international cooperation because they are vital to address cybersecurity challenges.These should include mechanisms for cyber cooperation in critical situations such as wartime. This requires training and education, as well as inclusive cybersecurity measures that cater to all segments of society.


== Video record ==
== Video record ==
Will be provided here after the event.
https://youtu.be/1J0fkuQZFcg


== Transcript ==
== Transcript ==
Will be provided here after the event.
'''''Disclaimer:''' This is not an official record of the session. The DiploAI system automatically generates these resources from the audiovisual recording. Resources are presented in their original format, as provided by the AI (e.g. including any spelling mistakes). The accuracy of these resources cannot be guaranteed.''
 
[https://dig.watch/event/eurodig-2024/main-topic-1-one-for-all-all-for-one-the-role-of-cooperation-in-enhancing-cyber-resilience-in-europe '''Transcripts and more session details were provided by the Geneva Internet Platform''']
 
 
Moderator:
to your seats, because we are starting already. And our second subtopic is one for all, all for one, don’t be afraid, I won’t start reading a book, you know, but I like the quote. But now we’ll talk about the role of cooperation in enhancing cyber resilience in Europe, as I already mentioned here that in Lithuania as well we are doing some efforts to fight my organization, Communication Regulator Authority of Lithuania, introduced a few tools to telco representatives, how we can do this, but it’s obvious that when you play or work at the local level, it’s impossible, you need to go further. And for this session, our keynote speaker is Jacek Oko, my honor, Jacek, from Poland, our neighbors, and he’s the president of the Office of Electronic Communications. So Jacek, the floor is yours.
 
Jacek Oko:
At the beginning, hello, everybody, it’s an honor for me, especially in this city, because I’m from Wroclaw, it’s a city in Poland where live people from Lithuania, from Ukraine, from kind of part of Poland. After the Second World War, we were, and our ancestors were moved to Wroclaw to create a new city. And the Vilnius and Tel Aviv and Ternopil, they are for us, they are very, very important meaning as a city and our history, because 300 years with Lithuania, we are together. Maybe next year, hundreds, why not? The theme of today’s session is a quote from Alexander Dimas, one for all, all for one, as a basis for discussing the role of cooperation in strengthening cyber resilience in Europe. Our understanding of cyber-resilience is constantly changing as technology advances. In the broadest sense, cyber-resilience can be understood as the ability of an entity to continue to deliver intended outcomes despite cyber-attacks. Cyber-resilience is essential for information systems, critical infrastructure, business processes, organizations, but also for societies and national states. A key component of this system is a resilient network, a telecommunications and computing infrastructure that firstly provides continuous business operations. It means it is highly resilient to disruptions and capable of emergency operations in the event of damage. Secondly, it provides rapid recovery in the event of failure. And thirdly, it has the ability to scale to meet rapid or unpredictable demands. How clear and simple this definition is when confronted with the realities of everyday life. Given the full range of operations of complex telecommunications networks and the times we live in, we cannot afford to experiment on a living organism such as a network serving commercial customers. We cannot only develop procedures only when a critical event occurs. We need to be prepared for as many cases as possible, practice as many options as possible. This is why it is so important to share experiences. It is essential to work together in a spirit of mutual trust. It is critical to share information about threats quickly and with comprehensiveness, especially as telecommunications networks no longer recognize borders. This approach can also be seen in the activities of the European Commission, the European Parliament or bodies such as ENISA, BEREC and ITU. The kind of collaboration where key partners trust each other is something we have no industry standards for. You want to be able to work out in panel discussion, even with the distinguished experts with whom I have the pleasure to sit here today. Nor will we work out at the high level of CEOs, ministers of NRA heads. We can and should do it at the lowest level. Not between the PR people or lawyers or the decision makers. Really, we are talking about the experts who are directly involved in the day-to-day maintenance of the networks. For example, the staff of NRA security departments or ministries. They are the ones who, with the exception of senior managers, need to develop a forum in which knowledge and the information can be shared. With the feeling that the information will leak out of all in the wrong hands. Especially for message for Polish people, for Lithuanian, or people which we know that our east border is still the war. In Poland, we have achieved this. In November 2020, as a president of the Office of Electronic Communication, I signed an agreement with the CEOs of the four mobile operators, MNOs, on the basis of which the Information Sharing and Analysis Center, acronym ISAC, was established. The high-level agreement was important so that all lower-level managers know that this forum was vital for the operation of each company. It is very important to make the first step on the high level, but the real work is operated by engineers. Since that, we have had hundreds of meetings where we have shared knowledge, descriptions of problems, and so on. We had our test in February 2022. During Russia’s armed attack on Ukraine, in a very short time, Polish mobile networks had to cope with several million refugees. They coped very well and ISAAC was a key forum for coordinating efforts. We prepared two million new SIM cards and we served the service for about a million people based on roaming. It means during two weeks, three million new users with our mobile network, without the problem for the network. It means resilient network. A key participant in such bodies is the NRA. NRA is specific, which provides a neutral flag for the whole project. I think the key form is the information, the ISAAC, as a platform to discussion. Of course, legal, like CIRT, like Cyber Act, are important, but cooperation is most important. Because the key to next door is for the participant, it is very important to invite group companies for our other countries. Because let me remind you, three of four Polish mobile networks are owned by transnational operators. We should start discuss over the border. Ladies and gentlemen, let’s, like said Mr. Reagan, tear down these walls. The walls between the downstream employees of the various entities which work in the cyber security sector. Let’s tear down the silos for common good. Thank you.
 
Moderator:
Thank you, D. Jacek, and now it’s time for our panel session and discussion. Let me introduce you, Emilia Zalewska-Czajczyńska, the representative of the National Research Institute, and just I’m reminding you that we are waiting for questions, I’m not inviting you to play a basketball match, but you know how it works, yeah? So, please. Listen and participate and we’ll share this thing.
 
Emilia Zalewska-Czajczyńska:
Thank you very much. Thank you so much for coming here. Thank you, our host, for introducing me. I would have the pleasure to host, to be a moderator of today’s discussion. First of all, thank you very much to Mr. Jacek Oko for his remarks and for highlighting the role of sharing experiences. I especially would like to thank you for mentioning the role of ISACs. I think there is still a lot of attention put to those initiatives, even though they could be extremely important in building the cyber resilience because of the experts, as you mentioned, they involve. So today in this session, we would like to invite you to the discussion on different dimensions of cooperation. Building partnerships is crucial nowadays. Cyber threats, no-no borders, and Europe has to fortify against the escalation of such threats. Partnerships are not always steady. Sometimes it is necessary to seek compromises. Sometimes you have to do something for your partner that you don’t necessarily like. So here in this session, we would like to have more focus on these issues. How we can build successful partnerships and are there any existing best practices? Some of them were already mentioned by our keynote speaker. And today in this session, there are esteemed panelists with me, Mr. Jacek Oko, who has been already introduced as president of the Office of the Electronic Communication of Poland. And with us, there is also Nataliya Tkachuk , head of Cyber and Information Security Directorate, National Security and Defense Council of Ukraine. Another online speaker is Matthias Hudobnik from ICANN Security and Stability Advisory Committee, a member and Adler Advisory Committee liaison to this Stability Advisory Committee, and Dina Lurje here with us on site, General Counsel at North Security. Thank you very much for being here today with us. And I would like firstly to ask you the initial question, or maybe two questions to be honest. So, what are the opportunities that arise from cooperation in building cyber resilience in Europe? Are current technical and legal requirements and standards adequate to support enhancing such cooperation? And firstly, I would like to direct this question to Mr. Oko.
 
Jacek Oko:
That’s a very interesting question, but still really open. I said small words about the idea of the ISAC. It is a very good idea, and from my point of view, it should be the first step to organize this kind of organization. By the way, we used to prepare the documents prepared by NASC. It is very important that the cooperation between the regulatory, private companies, MNOs, public sector, and academia or research institutes is very important. The sample that is possible to solve the problem is a situation in Poland, which we solved by dismissing and spoofing. We discussed, using this ISAC as a platform, we find the technical and legal requirements. solution. We find the way. Next, we prepare with people from the NASK and especially with the government of the NASK. We discuss with our ministry, we discuss with MNOs, we discuss with police and our services, special services, and we prepare a new law and we implemented this law and today I think we solved the problem, of course, as the first solution because day by day we can find some problems and we have to modernize this document. Really, the answer for this question is to cooperate, to flow the information between organizations without the situation that I couldn’t trust my partner, because if we discussed, we have to prepare the safe solution. The safe solution should be based on the trust. Without the trust it’s only flow of information. Maybe good, maybe not, I don’t know. At the end of this answer, I should stress that without the work, the engineers, the specialists on the low level, inspired by high level, we couldn’t organize this good law. That’s good, we are using this good, we stopped some services, all situation, we have the full success for one year. I think it’s good, good solution. Thank you.
 
Emilia Zalewska-Czajczyńska:
Thank you very much for sharing these insights and also for highlighting the… meaning of trust and how much it is important. And then I would like to pass the floor to Miss Natalia Tkachuk.
 
Nataliya Tkachuk :
Hello everyone. First of all, I should say that to me it’s a great pleasure and honor to participate in today’s event. Of course, I wish I could join you personally, but I’m sure that next year, after our victory, this will be possible. And on behalf of Ukrainian governmental authorities, I would like to thank all of you, our partners, for your support, because this support is tremendously important for Ukraine in this war. Today is the 846th day of this cruel, unprovoked war that the Russian Federation started against Ukraine. And we are fighting really hard. And cyber aggression became an instrument of the Russian Federation against our country. This aggression started not now, not two years ago, I should say 10 years ago, in 2014. And 10 years ago, we were not ready to counter Russian cyber threats. But we understood that we had no time to waste, and we started building our national cyber resilience, our national cyber capacities. And the international cooperation, the cooperation with private sector, became a key issue, which helped us to build, to enhance our cyber capacities. And today, Ukraine proved that we built cyber security, and today it’s our obligation to share our knowledge. of this cyber war with you, with our partners, with our friends, because Russian aggression will not stop only against Ukraine. Now Russia is starting cyber war against European countries, against EU countries, and without collective efforts, without cooperation between states, and international organizations, private sector, academia, we simply will not be able to protect the safeness of the internet and our democratic values also in cyberspace. Thank you.
 
Emilia Zalewska-Czajczyńska:
Thank you very much Nataliya for bringing this international perspective. I think it is really crucial to bear this in mind, that especially in the European region, we are all in this position of being threatened by the war that is going not only physically in your country, but also in the cybersphere, and all the countries, especially the closest neighbors, like Poland, Lithuania, can feel it also as well. So with that, I would like then to invite Matthias to take the floor.
 
Matthias Hudobnik:
Hello everybody, can you hear me? Yes, we can hear you. Perfect. Yeah, my name is Matthias Robnik and I’m excited to speak about the critical topic of cyber resilience in Europe. I’m speaking in my personal capacity, just that you know, not necessarily reflecting the opinions or advices of ICANN Security and Stability Advisory Committee, even though I’m a member of it. So my short intervention will focus on the European perspective and due to the short time I will directly jump into the topic and try to set the scene a bit. So firstly I would like to address the cooperation aspect in cyber resilience through enhanced threat intelligence sharing within the EU. Most of you may be aware there is a strong cooperation among European nations facilitating enhanced threat intelligence sharing, also significantly supported by the Computer Emergency Response Team for the EU institution bodies and agencies. So it’s called CERT-EU and EuroBall’s European Cybercrime Center. The CERT-EU serves the EU institutions, bodies and agencies providing a range of cybersecurity services and the European Cybercrime Center is part of EuroBall which is the European Union Agency for Law Enforcement Cooperation and focuses on combating cybercrime. The second thing I would like to point out is the importance of standardization and best practices within the EU. So here I would like to start with the European Union Agency for Cybersecurity which is called ENISA. It’s the EU’s primary agency for cybersecurity and it also supports member states, EU institutions and businesses in improving their cybersecurity capabilities. Then we have the Cybersecurity Competence Center which is tasked pooling cybersecurity expertise across the EU to bolster research, development and deployment of cybersecurity technologies. And then we have also the European Defense Agency which supports the development of cyber defense capabilities among the EU member states. And then we have the Network and Information System, NIS, cooperation group which is established under the NIS directive and this group aims to facilitate strategic cooperation and also exchange of information among EU member states. And last but not least there’s also the EU Cybersecurity Strategy which aims to ensure a global and open Internet with strong safeguards. and to try to mitigate the risk to security and keep the fundamental rights of people in Europe safe. And thirdly, this leads me to an important resource optimisation within the EU, namely that through this standardisation and initiatives resources can be optimised and also shared effectively, and this will also help smaller nations or organisations benefit from the expertise and support of more advanced entities, also strengthening the cyber security posture across the continent. And then finally, main European legal frameworks are also in place to strengthen cyber security and also foster harmonisation. We have the General Data Protection Regulation, we have the NIS Directive and the NIS2 Directive, we have the EU Cyber Security Act, we have the Digital Operational Resilience Act, we have the EU Cyber Resilience Act. I will stop here to stick to my three minutes and I’m looking forward to the discussion. Thank you.
 
Emilia Zalewska-Czajczyńska:
Thank you very much, Matthias, for explaining the role of the European institutions and also bringing to the discussion different regulatory acts that are quite crucial for the discussion also about the cooperation in the field of cyber security. And now I would like to give the floor to Ms. Dina Lurje for her input.
 
Dina Lurje:
Thank you very much and it’s a pleasure being here. I am representing a consumer-focused cyber security company. So what we do is we deal with people protecting their personal cyber security and that of their families on a daily basis. And therefore I think I will add a slightly different angle to the same discussion and I’m glad the framework has been set in this way. I think when we think of cyber resilience cooperation, I think the message is that cyber security, as weird as that sounds, is much more about the people than it is about the technology first. And therefore, for cyber resilience cooperation to work, I think there should be at least three elements to that. And one of them is actual clarity of what is it that we’re trying to achieve. If we look at the names of the conferences on this topic within the last year or more, then the word that you use mostly is mapping. So mapping regulatory frameworks, mapping regulatory instruments, mapping regulatory standards. What that means is that we spend more time mapping than we actually do complying with it. And therefore, we’ve already had this discussion here today and thank you, Matias, for flagging all the huge lists that took all the three minutes of our time. But I think the quicker we move to clarity of what we’re trying to achieve, the easier the cooperation could be. The second thing, apart from the clarity, is obviously that of trust, and building trust is exactly what you’ve said. And I completely agree with you that there is obviously trust on a high level, but it’s very important to actually build trust at what you call the low level, or the people that actually deal with the systems and deal with the people. And I think we’ve had a number of great examples even here in Lithuania. One was the Locked Shield Initiative, where the other was the more local amber mist. The idea there is that you have people on the ground, public and private, and academia, working on gladly simulations that bring lessons, but what most importantly, it brings trust, so that when, or if, the actual cyber attack happens. There are people that you can sit in the room with and you know how to work. And you know whether someone is the one who reacts slower or the one who reacts, who is better at something else. And I think we’ve managed to build quite a strong community of cyber security people here in Lithuania that we can be very proud of. And obviously the last bit is that of going really back to the human is that of education. And I think that is the least controversial and the most efficient way of cooperating among governments, academia, and private partnerships. The idea being if we invest in standardized cyber security training, training material, training standards, that’s when we really can get the benefit. I know my six-year-old had a training on cyber security in his kindergarten and he now knows on. There is this weird thing that most probably is this animal that is gonna jump out of my phone. So I shouldn’t press something that looks like a weird animal. That’s basic cyber security. But I was proud that that’s what we had here actually.
 
Emilia Zalewska-Czajczyńska:
Thank you very much, Dina, for all these important points. I must say I am a bit surprised that six-year-old already have a cyber security training. I think this is not very usual. And also thank you very much for being a perfect final speaker in the round because you addressed the points from different speakers. So it makes my work as a moderator easier. So thank you for that. So as you can see, we have a very diverse background and perspectives represented. So I would like now you, the audience, to invite you to take the chance and to ask your questions to our speakers. Thank you. Where do we have a question?
 
Audience:
Thank you everyone. I hope you can hear me. My name is Christian Bartolin. I’m a head of the digital development unit at the Council of Europe. And I would like to just not so much ask a question. I would like to first of all thank the panelists for very interesting and very thorough description of the issues we have been discussing here or to discuss today. But I would also like to draw the attention to the fact that you know we have the cybercrime convention, the Budapest Convention, which is not just a Council of Europe instrument, but it’s actually one of our largest international treaties. And that also of course includes the second additional protocol that was recently agreed and hopefully soon will enter into force, which will enable enhanced cooperation among the parties to the cybercrime convention, the Budapest Convention, on the issues of how to handle cyber crime in particular, but also through that the more the broader topic of cyber security and cyber resilience. So I just wanted to point out that there are such instruments existing already and you of course, most of you are familiar with them, but it was just not just to say that these also exist. Not a question, but just a remark. Thank you.
 
Emilia Zalewska-Czajczyńska:
Thank you very much. Would any of our speakers would like to react? Simple reaction are the best ones. Okay, we have a question online. Yes, please.
 
Nataliya Tkachuk :
Yeah, I just would like to react to the comments of the previous speaker, if I may. You know, the funny thing that I’ve just thought about is that actually, yes, there are many legal norms at the international level, and of course the Budapest Convention on Cybercrime is the most important for international cooperation in cyber. But when the war in Ukraine started, we understood there were not any such legal mechanisms to provide for such mechanisms in terms of war. And we are grateful for our partners who actually changed all their bureaucratic procedures, which were very thorough, and they gave us all the help quickly, avoiding all these legal things. The same thing is about cyber volunteers. We didn’t have, and I don’t think that many states have a legal and organizational basis for involving common people in case of cyber war. But we managed to do this, and we did it very quickly and effectively. So I would like to draw your attention that, yes, there are norms, there are organizational mechanisms of international cooperation in general, and we are talking about sharing our experience, expertise, common research, sharing information, but if we are talking about such international cooperation at wartime in cyber, still we have a lot to think about. Thank you.
 
Emilia Zalewska-Czajczyńska:
Thank you very much, Natalia. Would anyone would like to react to that, both speakers or audience, or are there any other questions? Okay, yeah
 
Audience:
Managed to do that. Thank you so much. Stani Kvalantina representing the ITU and the subject of standard ice training was quite close to our heart and I was glad to hear that intervention being made on the subject and You’re probably aware that we have programs Focused on the institutional human capacity building in a field of cyber security. So from this perspective we do We run the regional and global cyber drills in which we are very happy to see government Cooperate, interact, share knowledge, share experiences. So I would like to actually ask your feedback and your I don’t know impressions or like recommendations that you feel that might result from From your experiences of such kind of trainings and mechanisms and maybe you you have already some kind of experiences with us that were useful That you would like to share your feedback on. Thank you
 
Dina Lurje:
I Think I think that’s the one that I will take I’m afraid I will not be the right person to say the exact experience with ITU whether we had them or not What I have seen from from my colleagues and and from the audiences that we have been and my my colleagues as well have been conducting the training to is that When the question arises as to who else got this training and again, it’s it’s a basic statement, but when people know it’s a standardized training that is being conducted across the board. And that is, you know, the standard or the basic or whatever level, the standardized knowledge that is expected of you as a citizen at whichever level you are, that gives it more credibility. And that’s why we think standardized training gives added value as opposed to, again, trying to, you know, as I said, to map the available training options out there, which already, you know, which is also a way to destabilize in, you know, and spend time mapping instead of training. So I think that the standardized nature of it is beneficial.
 
Matthias Hudobnik:
Okay. Can I say something or?
 
Emilia Zalewska-Czajczyńska:
Okay. So maybe firstly, yeah. So, okay. So firstly, Matthias and then Mr. Oko.
 
Matthias Hudobnik:
Okay. Thanks a lot. I just wanted to refer again to the intervention was about the Budapest Convention. Thanks for mentioning it. It’s very important, really, to also combat cybercrime by setting common standards for legal framework across different countries. And it’s also very, let’s say, a very important instrument for international cooperation in investigations and prosecutions of cybercrime. And another important point is also that it provides a framework, let’s say, for also mutual legal assistance between countries, including extradition, joint investigations, and also information sharing. So that’s very important. Thank you for referring to that. Thanks.
 
Jacek Oko:
Thank you. And then I agree because it’s really the same what I want to say, but the more So, I think that we should prepare standards, of course, in minimum two levels. Resilient network, telecommunication network is the base. But the most important are the standards for the critical situation, not only for the war, the flood, the fire. We still have to prepare new, good and adopted to environment and to the industrial situation standards. Not exactly the same for all countries, because we are on the different level. Should be prepared, the standard dedicated to maybe some group of countries, but prepare as a global for all, not the same. It’s very difficult how to organize this kind of standard, the role of the ITU and United Nations. But in Europe, of course, European Parliament and European Commission, but in the country most important is to be inclusive, not exclusive. We should include all group of people, like you said, the child. We made some experiment in Poland. We discussed or we tried to train young people between six, eight years old with different spectrum of autism. It’s absolutely different group, but still important for society, especially when we have still day by day not so good number of the citizens, the problem of old societies. The second group elder, that the standards should be prepared like an accessibility act. We discussed what it means cyber security. The user should be ready to read this information, have the time, have the possibility to understand what danger is in this information maybe. We are really at the beginning and the cooperation, the flow of the information and I think the financial support from private companies, the activities from private companies, public companies, public area, together, that’s I think only one main message.
 
Emilia Zalewska-Czajczyńska:
Thank you very much for bringing this point. I think it’s actually very important because accessibility is not something that is discussed often in the context of cyber security and it is though crucial because if people can’t use some features, they don’t understand how they can be protected, how can they do that? If it is not designed to their needs, to their level of understanding.
 
Jacek Oko:
Yeah, but the act is not only about the UX, where they use the information, the user. We discussed about core software, we discussed about operational systems. It’s very important to prepare not only accessibility but the safe infrastructure, infrastructure software means solution for the people, for all people, young, old, with special needs or not, for all.
 
Emilia Zalewska-Czajczyńska:
Thank you very much for this comment. I saw we had another question. Yeah, please go ahead.
 
Audience:
Thank you. I’m from Taiwan. I have just one simple question. As we know, there are some simple reality fact, kind of a white elephant in the room. First, almost every private sector, private company or enterprise has their information system online. And the second is that the most online service provided is controlled by the so-called big tech. So my question is that, if company of EU have some cybersecurity issue, and it definitely that they are subject to the enforcement role of EU. My question is that, will EU consider put some onus to complete to better the system on the so-called big tech? As we know that the so-called big tech is outside EU. Thank you.
 
Emilia Zalewska-Czajczyńska:
Okay, I see that Natalia has her hand up. Please, Natalia, go ahead.
 
Nataliya Tkachuk :
Yeah, I just wanted to comment the previous question of the representative of ITU. I would like to stress the important role of ITU in cybersecurity as this organization is one of the key platforms for international cooperation is in this sphere. And I’d like to say that four countries, four European countries already sent a complaint to ITU for cyber aggression of Russian Federation. Because it’s hampering the broadcasting, satellite communications, GPS, signal navigation at 9th of May. Russian hackers intruded into a Latvian internet provider and made the population watching their military parade on the Red Square. And we are awaiting the decision of ITU whether we could really imply existent mechanisms of international cooperation to somehow to influence these malicious actions of aggressor.
 
Emilia Zalewska-Czajczyńska:
Thank you very much Natalia. I’m seeing your hand Matias. I will firstly check if any of our on-site speakers would like to react. Okay, so please go ahead Matias.
 
Matthias Hudobnik:
Thank you. I just wanted to quickly react on a question related to the extraterritorial scope of various European legislative framework. So I mean it’s a matter of fact that of course like with most of the regulations are focusing on the European market or even abroad but there are also regulations which have extra territorial scope like for example the GDPR. So even if a company processes data of a EU citizen and they need to stick to the rules or for example also the IACT when the output of the data of the I system affects EU citizens or is processed in Europe then the IACT is applicable. So there’s definitely let’s say some intention to also regulate extraterritorial even though of course it’s hard and it’s not always easy to let’s say apply in practical terms. But thank you for the question.
 
Emilia Zalewska-Czajczyńska:
Thank you very much Matias. I would like to quickly check if any of our speakers on-site or online have… So, I think that’s all I have to say. Thank you. Any quick remarks or reactions?
 
Dina Lurje:
I think I’ll just follow up on the same question and also elaborate on what Matias has mentioned. Indeed, a lot of the EU regulations have extraterritorial reach. So, it’s a bit of a paradox. I think there are a lot of exceptions. I think the digital markets act being one of them. But the same goes the other way. There are laws that apply in other countries to companies established in the EU that provide services elsewhere. So, I think the more we go forward, it seems that the regulation really is on where is it that you provide services, and it’s a bit of a maze. And a difficult regulatory maze to navigate.
 
Emilia Zalewska-Czajczyńska:
Thank you very much, Dina. And as the time is almost running up, I would like now to ask all our speakers, starting from Mr. Jacek, to just give one, two sentences of your final words for this session. Of course, not the final words. But if you would like to share something.
 
Jacek Oko:
The trust is the main word. But trust with brain. Not trust without reflection. And really, we like this question about the DSA, DMA, GEA, the acts, many acts we can dedicate. The tax, how we get out of the situation. The action with reflection, cooperation from around the generation. Thank you very much. and flow information, native information, not filtered. Thank you.
 
Emilia Zalewska-Czajczyńska:
Thank you. And Natalia, what is your message for the end?
 
Nataliya Tkachuk :
Yes, I would like to emphasize that, in my opinion, cyber security is a collective game. And the basis for it should be clear rules, inspiration and trust between all the players as we are playing in the same team. Thank you.
 
Emilia Zalewska-Czajczyńska:
Thank you. And Matias?
 
Matthias Hudobnik:
Thanks for giving me the floor. So for me, just two sentences, I would say gaps and recommendations related to the European perspective. I would say, despite significant progress, gaps remain in or gaps still remain in harmonizing laws and regulations across all European member states. And the second sentence is that a dynamic and also flexible approach is required to quickly adapt the legal structures to new threats and technologies to ensuring, let’s say, comprehensive cyber resilience and also data protection. Thank you.
 
Emilia Zalewska-Czajczyńska:
Thank you a lot. And Dina?
 
Dina Lurje:
And I think I’ll go back to my main point is that cyber resilience is more about people than it is about technology. And also, it requires being able to be agile. And therefore, we should maybe stop mapping and actually start cooperating.
 
Emilia Zalewska-Czajczyńska:
Thank you very much. Thank you for being amazing panelists. It was a pleasure.
 
Moderator:
Thank you all. Now we are having a 15-minute break, and let’s come back exactly after 15 minutes, okay? Because we are very on time. No, maybe not.  


[[Category:2024]][[Category:Sessions 2024]][[Category:Sessions]][[Category:Main Topic 1: European policies and strategies 2024]]
[[Category:2024]][[Category:Sessions 2024]][[Category:Sessions]][[Category:Main Topic 1: European policies and strategies 2024]]

Latest revision as of 10:33, 22 July 2024

18 June 2024 | 11:30 - 12:15 EEST | Auditorium | Video recording | Transcript
Consolidated programme 2024 overview

Proposals: (#11) (#22) #52 #55 (#60) #63 #68 #69 (see list of proposals)

You are invited to become a member of the Session Org Team by simply subscribing to the mailing list. By doing so, you agree that your name and affiliation will be published at the relevant session wiki page. Please reply to the email send to you to confirm your subscription.

Kindly note that it may take a while until the Org Team is formed and starts working.

To follow the current discussion on this topic, see the discussion tab on the upper left side of this page.

Session teaser

Europe is working to fortify its digital infrastructure against escalating cyber threats. Malicious acts know no national borders and are rarely limited to a single target. For this reason, while building one's own defence capabilities remains essential, it is even more crucial to work together towards the goal of establishing collective resilience across the continent. Cooperation is challenging; it may necessitate seeking compromises or even sacrificing part of one's own interests or assets to assist partners. At the same time, however, it paves the way for building collective strength and defence, far more robust than what a single actor could provide for themselves.

Session description

The goal of this session is to explore various aspects of cooperation for cyber resilience building in Europe. Such partnerships can take different forms, bringing both a wide range of opportunities, as well as challenges. Some of them are already highly mature and can serve as best practices examples, while for others there is still a room for progress.

The diverse backgrounds of key participants of the session will bring a wide spectrum of perspectives on the cooperation for cyber resilience. The audience will have the opportunity to learn about, among others, operational, legal and administrative nuances of the topic. They can also share their own observations, experiences and examples. As the final result of the session, we hope to gather a range of inputs on chances and risks connected with cooperation in the area of cybersecurity and the list of existing best practices.

The session will open with the kenoyte by Jacek Oko, the President of the Office of Electronic Communications in Poland, who will give introductory remarks. Then, in a round of short statements, all invited key participants will share their perspectives on the topic of the cooperation for building cyber resilience in Europe. After this part, the floor will be opened for the audience to ask questions or express their views and comments. The session will be concluded with a short closing statement by each of the key participants.

Format

The session will include inputs from key participants, followed by an open floor. All participants are also invited to contribute to the shared interactive board, which will be available before, during and after the session to continue the discussion. The link to the board will be posted here shortly.

Further reading

People

Please provide name and institution for all people you list here.

Programme Committee member(s)

  • Karen Mulberry, IEEE

The Programme Committee supports the programme planning process throughout the year and works closely with the Secretariat. Members of the committee give advice on the topics, cluster the proposals and assist session organisers in their work. They also ensure that session principles are followed and monitor the complete programme to avoid repetition.

Focal Point

  • Emilia Zalewska-Czajczyńska, NASK PIB

Focal Points take over the responsibility and lead of the session organisation. They work in close cooperation with the respective Programme Committee member(s) and the EuroDIG Secretariat and are kindly requested to follow EuroDIG’s session principles

Organising Team (Org Team) List Org Team members here as they sign up.

  • Gianluca Diana
  • Vittorio Bertola
  • Peter Koch, denic
  • Mark Carvell
  • Liljana Pecova Ilieska
  • Aleksandra Peczsz-Okońska
  • Rita Spínola
  • Piotr Slowinski
  • Klaudia Gebala
  • Natálie Terčová
  • Inga Rimkevičienė
  • Marko Paloski
  • Alexandra Slave
  • Lucien Castex

The Org Team is a group of people shaping the session. Org Teams are open and every interested individual can become a member by subscribing to the mailing list.

Key Participants

  • Jacek Oko - President of the Office of the Electronic Communication of Poland - BIO

Jacek Oko is a scientist and a manager with many years of experience. He is associated with the Wroclaw University of Science and Technology and the Wroclaw Centre for Networking and Supercomputing. Mr. Oko is an author of many scientific publications.

His professional interests focus on technical, economic and legal aspects of telecommunications services and data communication networks, as well as on the development of the Internet, the convergence of telecommunications, information technology and media, and the problems of the information society.

  • Nataliya Tkachuk - Head of Cyber and Information Security Directorate, National Security and Defence Council of Ukraine

Nataliya Tkachuk is the Head of the Information and Cyber Security Directorate at the Office of the National Security and Defense Council of Ukraine. She also holds the position of the Secretary of Ukraine's National Coordination Center for Cyber Security. Ms. Tkachuk has 20 years of practical experience in the sector of national security and defense of Ukraine. She is responsible for providing coordination and control over activities of main state actors on information and cyber security. Ms. Tkachuk has PhD in law in the field of national security.

  • Matthias Hudobnik - ICANN, Security and Stability Advisory Committee (SSAC) Member & At-Large Advisory Committee Liaison to the SSAC - BIO

Matthias M. Hudobnik is a Legal Engineer at Europol's Data Protection Function, combining his roles as a lawyer and an engineer. He focuses on AI and cyber security in operations, as well as research and innovation projects. Matthias works closely with Europol's Innovation Lab to foster innovation in law enforcement.

Matthias serves as a member of ICANN’s Security and Stability Advisory Committee (SSAC) and as the At-Large Advisory Committee (ALAC) Liaison to the SSAC. Previously, he was a member of the ALAC for four years and is an alumnus of ICANN’s Fellowship Program, RIPE’s Fellowship Program, and the NextGen@ICANN Program.

  • Dina Lurje - General Counsel, Nord Security

Dina Lurje currently serves as the General Counsel at Nord Security, a global leader in cybersecurity solutions for consumers and businesses, overseeing legal strategies and ensuring compliance in a rapidly evolving tech regulatory landscape. Prior to this, Dina served as Deputy Chair at the Lithuanian National Competition Authority and worked at the EU Commission's DG Competition and the US Federal Trade Commission, where she supervised mergers and worked on policy initiatives. Dina has first-hand experience chairing legislative negotiations at the EU Council and has extensive experience navigating regulatory compliance issues in tech markets. She is also a frequent speaker and lecturer on topics of competition and tech regulation and an expert in international capacity-building projects with the World Bank, USAID, EuropeAid, and Taiex.

Moderator

  • Emilia Zalewska-Czajczyńska, NASK PIB - LinkedIn

Remote Moderator

Trained remote moderators will be assigned on the spot by the EuroDIG secretariat to each session.

Reporter

Reporters will be assigned by the EuroDIG secretariat in cooperation with the Geneva Internet Platform. The Reporter takes notes during the session and formulates 3 (max. 5) bullet points at the end of each session that:

  • are summarised on a slide and presented to the audience at the end of each session
  • relate to the particular session and to European Internet governance policy
  • are forward looking and propose goals and activities that can be initiated after EuroDIG (recommendations)
  • are in (rough) consensus with the audience

Current discussion, conference calls, schedules and minutes

See the discussion tab on the upper left side of this page. Please use this page to publish:

  • dates for virtual meetings or coordination calls
  • short summary of calls or email exchange

Please be as open and transparent as possible in order to allow others to get involved and contact you. Use the wiki not only as the place to publish results but also to summarize the discussion process.

Messages

Concerted and coordinated efforts must be built on trust, cross-sectoral collaboration and international cooperation because they are vital to address cybersecurity challenges.These should include mechanisms for cyber cooperation in critical situations such as wartime. This requires training and education, as well as inclusive cybersecurity measures that cater to all segments of society.

Video record

https://youtu.be/1J0fkuQZFcg

Transcript

Disclaimer: This is not an official record of the session. The DiploAI system automatically generates these resources from the audiovisual recording. Resources are presented in their original format, as provided by the AI (e.g. including any spelling mistakes). The accuracy of these resources cannot be guaranteed.

Transcripts and more session details were provided by the Geneva Internet Platform


Moderator: to your seats, because we are starting already. And our second subtopic is one for all, all for one, don’t be afraid, I won’t start reading a book, you know, but I like the quote. But now we’ll talk about the role of cooperation in enhancing cyber resilience in Europe, as I already mentioned here that in Lithuania as well we are doing some efforts to fight my organization, Communication Regulator Authority of Lithuania, introduced a few tools to telco representatives, how we can do this, but it’s obvious that when you play or work at the local level, it’s impossible, you need to go further. And for this session, our keynote speaker is Jacek Oko, my honor, Jacek, from Poland, our neighbors, and he’s the president of the Office of Electronic Communications. So Jacek, the floor is yours.

Jacek Oko: At the beginning, hello, everybody, it’s an honor for me, especially in this city, because I’m from Wroclaw, it’s a city in Poland where live people from Lithuania, from Ukraine, from kind of part of Poland. After the Second World War, we were, and our ancestors were moved to Wroclaw to create a new city. And the Vilnius and Tel Aviv and Ternopil, they are for us, they are very, very important meaning as a city and our history, because 300 years with Lithuania, we are together. Maybe next year, hundreds, why not? The theme of today’s session is a quote from Alexander Dimas, one for all, all for one, as a basis for discussing the role of cooperation in strengthening cyber resilience in Europe. Our understanding of cyber-resilience is constantly changing as technology advances. In the broadest sense, cyber-resilience can be understood as the ability of an entity to continue to deliver intended outcomes despite cyber-attacks. Cyber-resilience is essential for information systems, critical infrastructure, business processes, organizations, but also for societies and national states. A key component of this system is a resilient network, a telecommunications and computing infrastructure that firstly provides continuous business operations. It means it is highly resilient to disruptions and capable of emergency operations in the event of damage. Secondly, it provides rapid recovery in the event of failure. And thirdly, it has the ability to scale to meet rapid or unpredictable demands. How clear and simple this definition is when confronted with the realities of everyday life. Given the full range of operations of complex telecommunications networks and the times we live in, we cannot afford to experiment on a living organism such as a network serving commercial customers. We cannot only develop procedures only when a critical event occurs. We need to be prepared for as many cases as possible, practice as many options as possible. This is why it is so important to share experiences. It is essential to work together in a spirit of mutual trust. It is critical to share information about threats quickly and with comprehensiveness, especially as telecommunications networks no longer recognize borders. This approach can also be seen in the activities of the European Commission, the European Parliament or bodies such as ENISA, BEREC and ITU. The kind of collaboration where key partners trust each other is something we have no industry standards for. You want to be able to work out in panel discussion, even with the distinguished experts with whom I have the pleasure to sit here today. Nor will we work out at the high level of CEOs, ministers of NRA heads. We can and should do it at the lowest level. Not between the PR people or lawyers or the decision makers. Really, we are talking about the experts who are directly involved in the day-to-day maintenance of the networks. For example, the staff of NRA security departments or ministries. They are the ones who, with the exception of senior managers, need to develop a forum in which knowledge and the information can be shared. With the feeling that the information will leak out of all in the wrong hands. Especially for message for Polish people, for Lithuanian, or people which we know that our east border is still the war. In Poland, we have achieved this. In November 2020, as a president of the Office of Electronic Communication, I signed an agreement with the CEOs of the four mobile operators, MNOs, on the basis of which the Information Sharing and Analysis Center, acronym ISAC, was established. The high-level agreement was important so that all lower-level managers know that this forum was vital for the operation of each company. It is very important to make the first step on the high level, but the real work is operated by engineers. Since that, we have had hundreds of meetings where we have shared knowledge, descriptions of problems, and so on. We had our test in February 2022. During Russia’s armed attack on Ukraine, in a very short time, Polish mobile networks had to cope with several million refugees. They coped very well and ISAAC was a key forum for coordinating efforts. We prepared two million new SIM cards and we served the service for about a million people based on roaming. It means during two weeks, three million new users with our mobile network, without the problem for the network. It means resilient network. A key participant in such bodies is the NRA. NRA is specific, which provides a neutral flag for the whole project. I think the key form is the information, the ISAAC, as a platform to discussion. Of course, legal, like CIRT, like Cyber Act, are important, but cooperation is most important. Because the key to next door is for the participant, it is very important to invite group companies for our other countries. Because let me remind you, three of four Polish mobile networks are owned by transnational operators. We should start discuss over the border. Ladies and gentlemen, let’s, like said Mr. Reagan, tear down these walls. The walls between the downstream employees of the various entities which work in the cyber security sector. Let’s tear down the silos for common good. Thank you.

Moderator: Thank you, D. Jacek, and now it’s time for our panel session and discussion. Let me introduce you, Emilia Zalewska-Czajczyńska, the representative of the National Research Institute, and just I’m reminding you that we are waiting for questions, I’m not inviting you to play a basketball match, but you know how it works, yeah? So, please. Listen and participate and we’ll share this thing.

Emilia Zalewska-Czajczyńska: Thank you very much. Thank you so much for coming here. Thank you, our host, for introducing me. I would have the pleasure to host, to be a moderator of today’s discussion. First of all, thank you very much to Mr. Jacek Oko for his remarks and for highlighting the role of sharing experiences. I especially would like to thank you for mentioning the role of ISACs. I think there is still a lot of attention put to those initiatives, even though they could be extremely important in building the cyber resilience because of the experts, as you mentioned, they involve. So today in this session, we would like to invite you to the discussion on different dimensions of cooperation. Building partnerships is crucial nowadays. Cyber threats, no-no borders, and Europe has to fortify against the escalation of such threats. Partnerships are not always steady. Sometimes it is necessary to seek compromises. Sometimes you have to do something for your partner that you don’t necessarily like. So here in this session, we would like to have more focus on these issues. How we can build successful partnerships and are there any existing best practices? Some of them were already mentioned by our keynote speaker. And today in this session, there are esteemed panelists with me, Mr. Jacek Oko, who has been already introduced as president of the Office of the Electronic Communication of Poland. And with us, there is also Nataliya Tkachuk , head of Cyber and Information Security Directorate, National Security and Defense Council of Ukraine. Another online speaker is Matthias Hudobnik from ICANN Security and Stability Advisory Committee, a member and Adler Advisory Committee liaison to this Stability Advisory Committee, and Dina Lurje here with us on site, General Counsel at North Security. Thank you very much for being here today with us. And I would like firstly to ask you the initial question, or maybe two questions to be honest. So, what are the opportunities that arise from cooperation in building cyber resilience in Europe? Are current technical and legal requirements and standards adequate to support enhancing such cooperation? And firstly, I would like to direct this question to Mr. Oko.

Jacek Oko: That’s a very interesting question, but still really open. I said small words about the idea of the ISAC. It is a very good idea, and from my point of view, it should be the first step to organize this kind of organization. By the way, we used to prepare the documents prepared by NASC. It is very important that the cooperation between the regulatory, private companies, MNOs, public sector, and academia or research institutes is very important. The sample that is possible to solve the problem is a situation in Poland, which we solved by dismissing and spoofing. We discussed, using this ISAC as a platform, we find the technical and legal requirements. solution. We find the way. Next, we prepare with people from the NASK and especially with the government of the NASK. We discuss with our ministry, we discuss with MNOs, we discuss with police and our services, special services, and we prepare a new law and we implemented this law and today I think we solved the problem, of course, as the first solution because day by day we can find some problems and we have to modernize this document. Really, the answer for this question is to cooperate, to flow the information between organizations without the situation that I couldn’t trust my partner, because if we discussed, we have to prepare the safe solution. The safe solution should be based on the trust. Without the trust it’s only flow of information. Maybe good, maybe not, I don’t know. At the end of this answer, I should stress that without the work, the engineers, the specialists on the low level, inspired by high level, we couldn’t organize this good law. That’s good, we are using this good, we stopped some services, all situation, we have the full success for one year. I think it’s good, good solution. Thank you.

Emilia Zalewska-Czajczyńska: Thank you very much for sharing these insights and also for highlighting the… meaning of trust and how much it is important. And then I would like to pass the floor to Miss Natalia Tkachuk.

Nataliya Tkachuk : Hello everyone. First of all, I should say that to me it’s a great pleasure and honor to participate in today’s event. Of course, I wish I could join you personally, but I’m sure that next year, after our victory, this will be possible. And on behalf of Ukrainian governmental authorities, I would like to thank all of you, our partners, for your support, because this support is tremendously important for Ukraine in this war. Today is the 846th day of this cruel, unprovoked war that the Russian Federation started against Ukraine. And we are fighting really hard. And cyber aggression became an instrument of the Russian Federation against our country. This aggression started not now, not two years ago, I should say 10 years ago, in 2014. And 10 years ago, we were not ready to counter Russian cyber threats. But we understood that we had no time to waste, and we started building our national cyber resilience, our national cyber capacities. And the international cooperation, the cooperation with private sector, became a key issue, which helped us to build, to enhance our cyber capacities. And today, Ukraine proved that we built cyber security, and today it’s our obligation to share our knowledge. of this cyber war with you, with our partners, with our friends, because Russian aggression will not stop only against Ukraine. Now Russia is starting cyber war against European countries, against EU countries, and without collective efforts, without cooperation between states, and international organizations, private sector, academia, we simply will not be able to protect the safeness of the internet and our democratic values also in cyberspace. Thank you.

Emilia Zalewska-Czajczyńska: Thank you very much Nataliya for bringing this international perspective. I think it is really crucial to bear this in mind, that especially in the European region, we are all in this position of being threatened by the war that is going not only physically in your country, but also in the cybersphere, and all the countries, especially the closest neighbors, like Poland, Lithuania, can feel it also as well. So with that, I would like then to invite Matthias to take the floor.

Matthias Hudobnik: Hello everybody, can you hear me? Yes, we can hear you. Perfect. Yeah, my name is Matthias Robnik and I’m excited to speak about the critical topic of cyber resilience in Europe. I’m speaking in my personal capacity, just that you know, not necessarily reflecting the opinions or advices of ICANN Security and Stability Advisory Committee, even though I’m a member of it. So my short intervention will focus on the European perspective and due to the short time I will directly jump into the topic and try to set the scene a bit. So firstly I would like to address the cooperation aspect in cyber resilience through enhanced threat intelligence sharing within the EU. Most of you may be aware there is a strong cooperation among European nations facilitating enhanced threat intelligence sharing, also significantly supported by the Computer Emergency Response Team for the EU institution bodies and agencies. So it’s called CERT-EU and EuroBall’s European Cybercrime Center. The CERT-EU serves the EU institutions, bodies and agencies providing a range of cybersecurity services and the European Cybercrime Center is part of EuroBall which is the European Union Agency for Law Enforcement Cooperation and focuses on combating cybercrime. The second thing I would like to point out is the importance of standardization and best practices within the EU. So here I would like to start with the European Union Agency for Cybersecurity which is called ENISA. It’s the EU’s primary agency for cybersecurity and it also supports member states, EU institutions and businesses in improving their cybersecurity capabilities. Then we have the Cybersecurity Competence Center which is tasked pooling cybersecurity expertise across the EU to bolster research, development and deployment of cybersecurity technologies. And then we have also the European Defense Agency which supports the development of cyber defense capabilities among the EU member states. And then we have the Network and Information System, NIS, cooperation group which is established under the NIS directive and this group aims to facilitate strategic cooperation and also exchange of information among EU member states. And last but not least there’s also the EU Cybersecurity Strategy which aims to ensure a global and open Internet with strong safeguards. and to try to mitigate the risk to security and keep the fundamental rights of people in Europe safe. And thirdly, this leads me to an important resource optimisation within the EU, namely that through this standardisation and initiatives resources can be optimised and also shared effectively, and this will also help smaller nations or organisations benefit from the expertise and support of more advanced entities, also strengthening the cyber security posture across the continent. And then finally, main European legal frameworks are also in place to strengthen cyber security and also foster harmonisation. We have the General Data Protection Regulation, we have the NIS Directive and the NIS2 Directive, we have the EU Cyber Security Act, we have the Digital Operational Resilience Act, we have the EU Cyber Resilience Act. I will stop here to stick to my three minutes and I’m looking forward to the discussion. Thank you.

Emilia Zalewska-Czajczyńska: Thank you very much, Matthias, for explaining the role of the European institutions and also bringing to the discussion different regulatory acts that are quite crucial for the discussion also about the cooperation in the field of cyber security. And now I would like to give the floor to Ms. Dina Lurje for her input.

Dina Lurje: Thank you very much and it’s a pleasure being here. I am representing a consumer-focused cyber security company. So what we do is we deal with people protecting their personal cyber security and that of their families on a daily basis. And therefore I think I will add a slightly different angle to the same discussion and I’m glad the framework has been set in this way. I think when we think of cyber resilience cooperation, I think the message is that cyber security, as weird as that sounds, is much more about the people than it is about the technology first. And therefore, for cyber resilience cooperation to work, I think there should be at least three elements to that. And one of them is actual clarity of what is it that we’re trying to achieve. If we look at the names of the conferences on this topic within the last year or more, then the word that you use mostly is mapping. So mapping regulatory frameworks, mapping regulatory instruments, mapping regulatory standards. What that means is that we spend more time mapping than we actually do complying with it. And therefore, we’ve already had this discussion here today and thank you, Matias, for flagging all the huge lists that took all the three minutes of our time. But I think the quicker we move to clarity of what we’re trying to achieve, the easier the cooperation could be. The second thing, apart from the clarity, is obviously that of trust, and building trust is exactly what you’ve said. And I completely agree with you that there is obviously trust on a high level, but it’s very important to actually build trust at what you call the low level, or the people that actually deal with the systems and deal with the people. And I think we’ve had a number of great examples even here in Lithuania. One was the Locked Shield Initiative, where the other was the more local amber mist. The idea there is that you have people on the ground, public and private, and academia, working on gladly simulations that bring lessons, but what most importantly, it brings trust, so that when, or if, the actual cyber attack happens. There are people that you can sit in the room with and you know how to work. And you know whether someone is the one who reacts slower or the one who reacts, who is better at something else. And I think we’ve managed to build quite a strong community of cyber security people here in Lithuania that we can be very proud of. And obviously the last bit is that of going really back to the human is that of education. And I think that is the least controversial and the most efficient way of cooperating among governments, academia, and private partnerships. The idea being if we invest in standardized cyber security training, training material, training standards, that’s when we really can get the benefit. I know my six-year-old had a training on cyber security in his kindergarten and he now knows on. There is this weird thing that most probably is this animal that is gonna jump out of my phone. So I shouldn’t press something that looks like a weird animal. That’s basic cyber security. But I was proud that that’s what we had here actually.

Emilia Zalewska-Czajczyńska: Thank you very much, Dina, for all these important points. I must say I am a bit surprised that six-year-old already have a cyber security training. I think this is not very usual. And also thank you very much for being a perfect final speaker in the round because you addressed the points from different speakers. So it makes my work as a moderator easier. So thank you for that. So as you can see, we have a very diverse background and perspectives represented. So I would like now you, the audience, to invite you to take the chance and to ask your questions to our speakers. Thank you. Where do we have a question?

Audience: Thank you everyone. I hope you can hear me. My name is Christian Bartolin. I’m a head of the digital development unit at the Council of Europe. And I would like to just not so much ask a question. I would like to first of all thank the panelists for very interesting and very thorough description of the issues we have been discussing here or to discuss today. But I would also like to draw the attention to the fact that you know we have the cybercrime convention, the Budapest Convention, which is not just a Council of Europe instrument, but it’s actually one of our largest international treaties. And that also of course includes the second additional protocol that was recently agreed and hopefully soon will enter into force, which will enable enhanced cooperation among the parties to the cybercrime convention, the Budapest Convention, on the issues of how to handle cyber crime in particular, but also through that the more the broader topic of cyber security and cyber resilience. So I just wanted to point out that there are such instruments existing already and you of course, most of you are familiar with them, but it was just not just to say that these also exist. Not a question, but just a remark. Thank you.

Emilia Zalewska-Czajczyńska: Thank you very much. Would any of our speakers would like to react? Simple reaction are the best ones. Okay, we have a question online. Yes, please.

Nataliya Tkachuk : Yeah, I just would like to react to the comments of the previous speaker, if I may. You know, the funny thing that I’ve just thought about is that actually, yes, there are many legal norms at the international level, and of course the Budapest Convention on Cybercrime is the most important for international cooperation in cyber. But when the war in Ukraine started, we understood there were not any such legal mechanisms to provide for such mechanisms in terms of war. And we are grateful for our partners who actually changed all their bureaucratic procedures, which were very thorough, and they gave us all the help quickly, avoiding all these legal things. The same thing is about cyber volunteers. We didn’t have, and I don’t think that many states have a legal and organizational basis for involving common people in case of cyber war. But we managed to do this, and we did it very quickly and effectively. So I would like to draw your attention that, yes, there are norms, there are organizational mechanisms of international cooperation in general, and we are talking about sharing our experience, expertise, common research, sharing information, but if we are talking about such international cooperation at wartime in cyber, still we have a lot to think about. Thank you.

Emilia Zalewska-Czajczyńska: Thank you very much, Natalia. Would anyone would like to react to that, both speakers or audience, or are there any other questions? Okay, yeah

Audience: Managed to do that. Thank you so much. Stani Kvalantina representing the ITU and the subject of standard ice training was quite close to our heart and I was glad to hear that intervention being made on the subject and You’re probably aware that we have programs Focused on the institutional human capacity building in a field of cyber security. So from this perspective we do We run the regional and global cyber drills in which we are very happy to see government Cooperate, interact, share knowledge, share experiences. So I would like to actually ask your feedback and your I don’t know impressions or like recommendations that you feel that might result from From your experiences of such kind of trainings and mechanisms and maybe you you have already some kind of experiences with us that were useful That you would like to share your feedback on. Thank you

Dina Lurje: I Think I think that’s the one that I will take I’m afraid I will not be the right person to say the exact experience with ITU whether we had them or not What I have seen from from my colleagues and and from the audiences that we have been and my my colleagues as well have been conducting the training to is that When the question arises as to who else got this training and again, it’s it’s a basic statement, but when people know it’s a standardized training that is being conducted across the board. And that is, you know, the standard or the basic or whatever level, the standardized knowledge that is expected of you as a citizen at whichever level you are, that gives it more credibility. And that’s why we think standardized training gives added value as opposed to, again, trying to, you know, as I said, to map the available training options out there, which already, you know, which is also a way to destabilize in, you know, and spend time mapping instead of training. So I think that the standardized nature of it is beneficial.

Matthias Hudobnik: Okay. Can I say something or?

Emilia Zalewska-Czajczyńska: Okay. So maybe firstly, yeah. So, okay. So firstly, Matthias and then Mr. Oko.

Matthias Hudobnik: Okay. Thanks a lot. I just wanted to refer again to the intervention was about the Budapest Convention. Thanks for mentioning it. It’s very important, really, to also combat cybercrime by setting common standards for legal framework across different countries. And it’s also very, let’s say, a very important instrument for international cooperation in investigations and prosecutions of cybercrime. And another important point is also that it provides a framework, let’s say, for also mutual legal assistance between countries, including extradition, joint investigations, and also information sharing. So that’s very important. Thank you for referring to that. Thanks.

Jacek Oko: Thank you. And then I agree because it’s really the same what I want to say, but the more So, I think that we should prepare standards, of course, in minimum two levels. Resilient network, telecommunication network is the base. But the most important are the standards for the critical situation, not only for the war, the flood, the fire. We still have to prepare new, good and adopted to environment and to the industrial situation standards. Not exactly the same for all countries, because we are on the different level. Should be prepared, the standard dedicated to maybe some group of countries, but prepare as a global for all, not the same. It’s very difficult how to organize this kind of standard, the role of the ITU and United Nations. But in Europe, of course, European Parliament and European Commission, but in the country most important is to be inclusive, not exclusive. We should include all group of people, like you said, the child. We made some experiment in Poland. We discussed or we tried to train young people between six, eight years old with different spectrum of autism. It’s absolutely different group, but still important for society, especially when we have still day by day not so good number of the citizens, the problem of old societies. The second group elder, that the standards should be prepared like an accessibility act. We discussed what it means cyber security. The user should be ready to read this information, have the time, have the possibility to understand what danger is in this information maybe. We are really at the beginning and the cooperation, the flow of the information and I think the financial support from private companies, the activities from private companies, public companies, public area, together, that’s I think only one main message.

Emilia Zalewska-Czajczyńska: Thank you very much for bringing this point. I think it’s actually very important because accessibility is not something that is discussed often in the context of cyber security and it is though crucial because if people can’t use some features, they don’t understand how they can be protected, how can they do that? If it is not designed to their needs, to their level of understanding.

Jacek Oko: Yeah, but the act is not only about the UX, where they use the information, the user. We discussed about core software, we discussed about operational systems. It’s very important to prepare not only accessibility but the safe infrastructure, infrastructure software means solution for the people, for all people, young, old, with special needs or not, for all.

Emilia Zalewska-Czajczyńska: Thank you very much for this comment. I saw we had another question. Yeah, please go ahead.

Audience: Thank you. I’m from Taiwan. I have just one simple question. As we know, there are some simple reality fact, kind of a white elephant in the room. First, almost every private sector, private company or enterprise has their information system online. And the second is that the most online service provided is controlled by the so-called big tech. So my question is that, if company of EU have some cybersecurity issue, and it definitely that they are subject to the enforcement role of EU. My question is that, will EU consider put some onus to complete to better the system on the so-called big tech? As we know that the so-called big tech is outside EU. Thank you.

Emilia Zalewska-Czajczyńska: Okay, I see that Natalia has her hand up. Please, Natalia, go ahead.

Nataliya Tkachuk : Yeah, I just wanted to comment the previous question of the representative of ITU. I would like to stress the important role of ITU in cybersecurity as this organization is one of the key platforms for international cooperation is in this sphere. And I’d like to say that four countries, four European countries already sent a complaint to ITU for cyber aggression of Russian Federation. Because it’s hampering the broadcasting, satellite communications, GPS, signal navigation at 9th of May. Russian hackers intruded into a Latvian internet provider and made the population watching their military parade on the Red Square. And we are awaiting the decision of ITU whether we could really imply existent mechanisms of international cooperation to somehow to influence these malicious actions of aggressor.

Emilia Zalewska-Czajczyńska: Thank you very much Natalia. I’m seeing your hand Matias. I will firstly check if any of our on-site speakers would like to react. Okay, so please go ahead Matias.

Matthias Hudobnik: Thank you. I just wanted to quickly react on a question related to the extraterritorial scope of various European legislative framework. So I mean it’s a matter of fact that of course like with most of the regulations are focusing on the European market or even abroad but there are also regulations which have extra territorial scope like for example the GDPR. So even if a company processes data of a EU citizen and they need to stick to the rules or for example also the IACT when the output of the data of the I system affects EU citizens or is processed in Europe then the IACT is applicable. So there’s definitely let’s say some intention to also regulate extraterritorial even though of course it’s hard and it’s not always easy to let’s say apply in practical terms. But thank you for the question.

Emilia Zalewska-Czajczyńska: Thank you very much Matias. I would like to quickly check if any of our speakers on-site or online have… So, I think that’s all I have to say. Thank you. Any quick remarks or reactions?

Dina Lurje: I think I’ll just follow up on the same question and also elaborate on what Matias has mentioned. Indeed, a lot of the EU regulations have extraterritorial reach. So, it’s a bit of a paradox. I think there are a lot of exceptions. I think the digital markets act being one of them. But the same goes the other way. There are laws that apply in other countries to companies established in the EU that provide services elsewhere. So, I think the more we go forward, it seems that the regulation really is on where is it that you provide services, and it’s a bit of a maze. And a difficult regulatory maze to navigate.

Emilia Zalewska-Czajczyńska: Thank you very much, Dina. And as the time is almost running up, I would like now to ask all our speakers, starting from Mr. Jacek, to just give one, two sentences of your final words for this session. Of course, not the final words. But if you would like to share something.

Jacek Oko: The trust is the main word. But trust with brain. Not trust without reflection. And really, we like this question about the DSA, DMA, GEA, the acts, many acts we can dedicate. The tax, how we get out of the situation. The action with reflection, cooperation from around the generation. Thank you very much. and flow information, native information, not filtered. Thank you.

Emilia Zalewska-Czajczyńska: Thank you. And Natalia, what is your message for the end?

Nataliya Tkachuk : Yes, I would like to emphasize that, in my opinion, cyber security is a collective game. And the basis for it should be clear rules, inspiration and trust between all the players as we are playing in the same team. Thank you.

Emilia Zalewska-Czajczyńska: Thank you. And Matias?

Matthias Hudobnik: Thanks for giving me the floor. So for me, just two sentences, I would say gaps and recommendations related to the European perspective. I would say, despite significant progress, gaps remain in or gaps still remain in harmonizing laws and regulations across all European member states. And the second sentence is that a dynamic and also flexible approach is required to quickly adapt the legal structures to new threats and technologies to ensuring, let’s say, comprehensive cyber resilience and also data protection. Thank you.

Emilia Zalewska-Czajczyńska: Thank you a lot. And Dina?

Dina Lurje: And I think I’ll go back to my main point is that cyber resilience is more about people than it is about technology. And also, it requires being able to be agile. And therefore, we should maybe stop mapping and actually start cooperating.

Emilia Zalewska-Czajczyńska: Thank you very much. Thank you for being amazing panelists. It was a pleasure.

Moderator: Thank you all. Now we are having a 15-minute break, and let’s come back exactly after 15 minutes, okay? Because we are very on time. No, maybe not.