Cybersecurity: bringing the puzzle together – WS 05 2015: Difference between revisions

From EuroDIG Wiki
Jump to navigation Jump to search
No edit summary
(18 intermediate revisions by 2 users not shown)
Line 14: Line 14:


== Keywords ==
== Keywords ==
 
Cybersecurity, Security
Cybersecurity
 
Security


== Format ==  
== Format ==  
Line 35: Line 32:


== Further reading ==  
== Further reading ==  
Deadline 30. April 2015
*[http://www.internetsociety.org/collaborativesecurity Collaborative Security: An Approach to tackling Internet security issues]
*[http://www.internetsociety.org/doc/understanding-security-and-resilience-internet Understanding Security and Resilience of the Internet]
*[http://www.internetsociety.org/news/internet-society-approach-cyber-security-policy Internet Society Approach to Cyber Security Policy]
*[http://www.internetsociety.org/doc/infographic-collaboration-secure-and-resilient-internet Infographic: Collaboration for a secure and resilient Internet]
*[http://www.manrs.org Routing Resilience Manifesto]
*Criminal justice access to data in the cloud: challenges. Discussion paper prepared by the T-CY Cloud Evidence Group http://www.coe.int/t/dghl/cooperation/economiccrime/Source/Cybercrime/TCY/2015/T-CY(2015)10_CEG%20challenges%20rep_sum_v8.pdf
 
== People ==  
== People ==  
*'''Focal Point''': Tatiana Tropina and Vladimir Radunovic  
*'''Focal Point''': Tatiana Tropina and Vladimir Radunovic  


*'''Org team''':  
*'''Org team''':  
 
**Tatiana Tropina, Max Planck Institut (Focal point)
Tatiana Tropina, Max Planck Institut (Focal point)
**Vladimir Radunovic, DiploFoundation (Focal point)
 
**Iliana Franklin, Mediaframe Ltd, London  
Vladimir Radunovic, DiploFoundation (Focal point)
**Jeffrey DeMarco, Centre of Abuse and Trauma Studies (CATS), Middlesex University, London
 
**Christine Runegar, ISOC
Iliana Franklin, Mediaframe Ltd, London  
**Oleg Demidov, PIR-center  
 
Jeffrey DeMarco, Centre of Abuse and Trauma Studies (CATS), Middlesex University, London
 
Christine Runegar, ISOC
 
Oleg Demidov, PIR-center  
 
 


*'''Key participants'''|'''Panelists''':  
*'''Key participants'''|'''Panelists''':  
 
**'''Marina Kaljurand''', Undersecretary, Legal Adviser of the MFA and Estonian expert at the UN GGE
 
**'''Alexander Seger''', Council of Europe
- '''Marina Kaljurand''', Undersecretary, Legal Adviser of the MFA and Estonian expert at the UN GGE
**'''Dan York''', Senior Content Strategist, Internet Society
 
**'''Jeffrey DeMarco''', Centre of Abuse and Trauma Studies (CATS), Middlesex University, London
- '''Dan York''', Senior Content Strategist, Internet Society
**'''Michael Yakushev''', ICANN, Vice-President, Stakeholder Engagement, Eastern Europe, Russia And Central Asia
 
- '''Jeffrey DeMarco''', Centre of Abuse and Trauma Studies (CATS), Middlesex University, London
 
- '''tbc''', Council of Europe  
 


*'''Moderator''': Tatiana Tropina and Vladimir Radunovic  
*'''Moderator''': Tatiana Tropina and Vladimir Radunovic  


*'''Reporter''': tbc
*'''Reporter''': Oleg Demidov, PIR-center


*'''Remote moderator''': tbc
*'''Remote moderator''': tbc
Line 88: Line 77:
Contact: ws5@eurodig.org
Contact: ws5@eurodig.org


== Live stream / remote participation ==  
== Video record ==
== Final report ==
[https://youtu.be/xioLM6g737k Video record]
 
== Final report ==
 
- There is still a “cybersecurity divide" in Europe when it comes to capacity of governments, industry and law enforcement agencies to address a complex problem of maintaining an adequate level of cybersecurity.
 
- Cybersecurity is both a concept and a process. It is hard to measure it adequately. There is no magic bullet solution and one-fits-all approach; the processes of addressing new threats, mitigating the risks and collaborating in different areas require on-going efforts from both governments and industry. It is however necessary to bear in mind the unique mandate of some of the stakeholders: for example, governments in law making and law enforcement. There should be clear and transparent frameworks of who decides “what is right and what is wrong” when it comes to the law, regulation and coercion.
 
- Finding the right balance between regulation and voluntary approaches in the complex ecosystem is hard due many cybersecurity domains and thousands of stakeholders involved into the cybersecurity and fast-evolving cyber-threats. States should carefully measure regulatory intervention and coercion in order not to harm innovation and technology development. Cybersecurity requires, on the one hand, strict legal frameworks of criminal law and criminal procedure, safeguards and human rights protection measures and, on the other hand, careful and flexible hands-off approaches and trust building measures.
 
- There is a need for an on-going dialogue between different stakeholders, such as governments, law enforcement agencies, and technical community. There are such fora as ICANN, Council of Europe, RIPE NCC and some others, which are constantly trying to bring law enforcement community, industry and governments together. The situation has been getting better in the last years; however, there is a need for more efforts in this area.
 
- Ultimately, all the participants highlighted the following fundamentals for cybersecurity: education, cooperation, building and restoring trust, protection of fundamental rights, and democratic partnerships.
 
'''Note:''' the session followed the principles of interactivity and audience involvement. It started with the participants from audience expressing their concerns regarding current cybersecurity issues and moderators writing down and clustering keywords from the audience statements into several topics such as international peace and security, cybercrime, critical resources, and protection of youth in a digital age. Both audience and panelists then addressed these statements and discussed the cluster topics together. The session’s follow-up was focused on over-arching theme of who and how should take responsibility for providing cybersecurity. This second session also engaged both audience and panelists into a broader discussion on what should be done – technically, legally, organisationally – to maintain cybersecurity. The follow up, again, allowed every interested participant to express their views and make statements.
 
== Session twitter hashtag ==  
== Session twitter hashtag ==  
Hashtag: #eurodigws5
Hashtag: #eurodigSec


[[Category:Sessions 2015]][[Category:Security]]
[[Category:Sessions]][[Category:Sessions 2015]][[Category:Security]][[Category:Security 2015]]

Revision as of 12:49, 17 December 2015


Please use your own words to describe this session. You may use external references, websites or publications as a source of information or inspiration, if you decide to quote them, please clearly specify the source.


Session teaser

Discussing current and future technical, legal and policy challenges related to cybersecurity

Session description

With the technical, legal, business complexity of the environment, cybersecurity looks like an intricate riddle, which include many pieces - from emerging issues such Internet of Things, crypto-currencies and drones to the ongoing efforts to tackle cybercrime, protect youth in the digital age and maintain international peace and security. International organisations, national governments, academics, civil society, businesses and technical communities are trying to bring the pieces of this puzzle together and figure out who and how and who should regulate and protect the cyberworld. This session was shaped to include all the cybersecurity-related proposals submitted for EuroDIG 2015. The goal of the session is to discuss who and how should address the issue of cybersecurity, how much state intervention is needed, what is the role of the private sector and civil society in this field. The format of the session - discussions with the audience and break-through groups to discuss the "clustered" issues - reflect the complexity of the topic and the need to bring the "pieces" of the puzzle together.

Keywords

Cybersecurity, Security

Format

As a preparatory stage, before the workshop (via twitter) and in the beginning of the workshop the audience and resource people are invited to make statements and raise the questions they consider to be a cybersecurity challenge. The session will begin with the resource people and the participants making short statements on cybersecurity challenges. The topics will be clustered into several main blocks to create groups for further discussions. This will allow to share ideas and suggestions regarding on particular topics. In the follow-up session the all the groups will come back together to discuss their findings under the main overarching theme "who and how should address cybersecurity issue". Here each group can deliver the results of their discussions, make statements and discuss cross-cluster issues. We are also expecting the opinions and questions from audience (including those posted on twitter and given remotely). At the end our goal is to deliver opinions and suggestions on:

- issues that are already discussed at different fora

- issues that are open and not discussed anywhere and even suggestion in which fora those questions are most convenient to be raised

- issues that we need more understanding about, to build capacities further

- main roles and responsibilities of actors

Further reading

People

  • Focal Point: Tatiana Tropina and Vladimir Radunovic
  • Org team:
    • Tatiana Tropina, Max Planck Institut (Focal point)
    • Vladimir Radunovic, DiploFoundation (Focal point)
    • Iliana Franklin, Mediaframe Ltd, London
    • Jeffrey DeMarco, Centre of Abuse and Trauma Studies (CATS), Middlesex University, London
    • Christine Runegar, ISOC
    • Oleg Demidov, PIR-center
  • Key participants|Panelists:
    • Marina Kaljurand, Undersecretary, Legal Adviser of the MFA and Estonian expert at the UN GGE
    • Alexander Seger, Council of Europe
    • Dan York, Senior Content Strategist, Internet Society
    • Jeffrey DeMarco, Centre of Abuse and Trauma Studies (CATS), Middlesex University, London
    • Michael Yakushev, ICANN, Vice-President, Stakeholder Engagement, Eastern Europe, Russia And Central Asia
  • Moderator: Tatiana Tropina and Vladimir Radunovic
  • Reporter: Oleg Demidov, PIR-center
  • Remote moderator: tbc

Conf. call schedule & minutes

Doodle Poll for the second conference call

http://doodle.com/dzk3kdnwyc939hk5

Everyone is welcome to join!

Current discussion

See the discussion tab on the upper left side of this page

Mailing list

Contact: ws5@eurodig.org

Video record

Video record

Final report

- There is still a “cybersecurity divide" in Europe when it comes to capacity of governments, industry and law enforcement agencies to address a complex problem of maintaining an adequate level of cybersecurity.

- Cybersecurity is both a concept and a process. It is hard to measure it adequately. There is no magic bullet solution and one-fits-all approach; the processes of addressing new threats, mitigating the risks and collaborating in different areas require on-going efforts from both governments and industry. It is however necessary to bear in mind the unique mandate of some of the stakeholders: for example, governments in law making and law enforcement. There should be clear and transparent frameworks of who decides “what is right and what is wrong” when it comes to the law, regulation and coercion.

- Finding the right balance between regulation and voluntary approaches in the complex ecosystem is hard due many cybersecurity domains and thousands of stakeholders involved into the cybersecurity and fast-evolving cyber-threats. States should carefully measure regulatory intervention and coercion in order not to harm innovation and technology development. Cybersecurity requires, on the one hand, strict legal frameworks of criminal law and criminal procedure, safeguards and human rights protection measures and, on the other hand, careful and flexible hands-off approaches and trust building measures.

- There is a need for an on-going dialogue between different stakeholders, such as governments, law enforcement agencies, and technical community. There are such fora as ICANN, Council of Europe, RIPE NCC and some others, which are constantly trying to bring law enforcement community, industry and governments together. The situation has been getting better in the last years; however, there is a need for more efforts in this area.

- Ultimately, all the participants highlighted the following fundamentals for cybersecurity: education, cooperation, building and restoring trust, protection of fundamental rights, and democratic partnerships.

Note: the session followed the principles of interactivity and audience involvement. It started with the participants from audience expressing their concerns regarding current cybersecurity issues and moderators writing down and clustering keywords from the audience statements into several topics such as international peace and security, cybercrime, critical resources, and protection of youth in a digital age. Both audience and panelists then addressed these statements and discussed the cluster topics together. The session’s follow-up was focused on over-arching theme of who and how should take responsibility for providing cybersecurity. This second session also engaged both audience and panelists into a broader discussion on what should be done – technically, legally, organisationally – to maintain cybersecurity. The follow up, again, allowed every interested participant to express their views and make statements.

Session twitter hashtag

Hashtag: #eurodigSec