Presentation of the five GFCE Working Groups - Progress Reports by WG Chairs

WG A - Cyber Security Policy and Strategy

Mr. Chris Painter, Chair of Working Group A

The theme Cyber Security Policy and Strategy can be seen as the foundation of the other identified themes in the Delhi Communiqué. A National Cybersecurity Strategy is the first step to tackle other cyber issues. Therefore, the Working Group aims to help countries and other stakeholders improve their policy and strategy making capacity. The ultimate goal of Working Group A on Cyber Security Policy and Strategy is to actively reach out to countries who are missing a NCS and play matchmaker by connecting resources with needs. A great first example of this is the request that was made by Tunisia and how it is being picked up by various stakeholders of the working group.

WG B - Cyber Incident Management and Critical Information Protection

Mr. Abdul-Hakeem Ajijola, Chair of Working Group B

Mr. Maarten van Horenbeeck, Task Force leader of Cyber Incident Management

Mr. Marc Henauer, Task Force leader of Critical Information Protection

This WG has defined four high level goals comprising of 1) Identifying obstacles and carrying out gap analysis, 2) Collecting maturity metrics 3) Developing a repository of Good Practices and 4) Develop recommendations. The two topics have been divided and appointed to two taskforce leaders and each one of them have defined objectives. The Task Force Cyber Incident Management focuses on the Lessons Learned from capacity building projects and will make a CSIRT Maturity Framework globally available, with funding from the Netherlands. The task force CIIP will focus on the fundamentals of CII, stakeholder management in the field of CII and the effect of the supply chain to CII. Both taskforces will incorporate exercises in their objectives. The Working Group has set itself a strong timeline and has an energetic focus.

WG C - Cybercrime

Mr. Zahid Jamil, Chair of Working Group C

The WG agreed to deliver an outcome document by the end of 2018 that is the synthesis of a mapping exercise of the various CCB efforts in the area of Cybercrime and its analysis for identifying best practices (as detailed below). It was agreed that the Secretariat should conduct calls with actors to collect information, in addition to seeking responses to the format developed.

Collate within the outcome document this information and conduct therein: a) a mapping of the various ongoing projects being conducted by the various cybercrime CCB actors surveyed; b) based upon the mapping exercise cross reference ongoing projects in different areas and regions; c) and based upon the mapping exercise analysis that provides (not a framework) but identifies elements of best practice to be listed for guidance;

The Cybercrime Working Group by 2019: a) Awareness raising of internationally recognized best practices on legal frameworks, such as the Budapest Convention. b) Sensitize donors towards quality and not just quantity – a best practice to measure. c) Identify gaps in cybercrime CCB at the global level with the aim of facilitating the filling of these gaps. d) WG should aim for fostering regional cooperation i.e. countries with common aspects and similarities e.g. South – South. e) WG should aim for long-term commitment in its initiatives with the aim of building a good understanding of the different contexts and reflecting that in the group's different functions.

WG D - Cyber Security Culture and Skills

Mr. Vladimir Radunovic, Chair of Working Group D

Working Group D on Cybersecurity Culture and Skills defined the following way forward for both Task Forces: (1) Mapping of existing campaigns and programs, and (2) Overview of the gaps and needs in all countries.

On the topic of Cybersecurity Awareness the way forward is: (1) Mapping of existing awareness campaigns, (2) outreach GFCE community, (3) White paper with criteria for awareness raising campaigns with lessons learnt from other policy areas, such as public health campaigns. Actionable: GFCE Cyber Security Awareness in October.

On the topic of Cybersecurity Education and Training: (1) Mapping of existing education and training programs, (2) Mapping of skills and competences needed, starting from existing corporate templates, (3) Defining needs of beneficiaries, (4) Parameters for mapping: consider scalability of existing training. Actionable: GFCE Academy with aggregate on available courses within the GFCE community.

Important aspects are metrics, sustainability and commitment GFCE community, quick results and cultural context (language).

WG E - Cyber Security Standards

Mr. Andrei Robachevsky, Chair of Working Group E

The role of the Working Group is functioning as a clearing house. Therefore, for instance a repository of various initiatives can help raise awareness, avoid duplication of efforts and enable collaboration.

The focus of the Working Group is on two topics:

1) Internet Of Things (IOT): an emerging and urgent area. The goal is to promote relevant IoT security standards and practices by providing real-life case studies of successful deployments. Make use of what there already is among GFCE members and other relevant organizations. Another point that was brought up was that IoT might be a topic too broad already. One of the ideas was to start with industrial IoT, as a more "organized" area.

2) Open Internet Standards (OIS). This is the foundation of the internet. More focus is needed on deployment. The Working Group is taking the approach of facilitating deployment by displaying successful deployment initiatives (e.g. triple I initiative) and tools (e.g.

A form that could be used for Working Group E is webinars or meetings were relevant parties are brought together. Key elements: e.g. existing frameworks / approaches of countries (including applicable compliance frameworks), lessons learned.