Session
Speaker 1: Alaa Abdulaal, Intergovernmental Organization, Global
Speaker 2: Aderonke Sola-Ogunsola, Government, African Group
Speaker 3: Ekaterina Imedadze, Government, Europe/Asia Group
Speaker 4: Pawan Anand, Government, Asia Pacific Group
Genie Gan, Private Sector, Asia-Pacific Group
Sharon AlvaresPrivate Sector, Middle-East Group
Dmitry Fonarev, Private Sector, Eastern European Group
Theater
Duration (minutes): 90
Format description: Given the high profile of our speakers as senior government leaders and technical leads, we expect a large turnout and a theatre setting would accommodate a larger audience. In this setting, each speaker can be given the space and airtime to present their views on digital infrastructure resiliency to a wider audience. As the aim is to shape best practices and common standards in this space internationally, great emphasis will be placed on discussion with participants - onsite and online. In addition, small surveys will be included to further engage participants and obtain feedback on individual questions.
A. What are the prominent legislations for digital infrastructure such as data centers and cloud services being considered worldwide, and what improvements can be made to them? B. What are applicable lessons best practices from the cybersecurity industry that can be juxtaposed in the digital infrastructure space to increase overall cyber resiliency? C. What kind of novel threat scenarios to digital infrastructure should public and private organizations be looking out for, and what are the best ways to guard against them?
What will participants gain from attending this session? Participants will learn about the latest threats of disruption to digital infrastructure, and how different countries are trying to tackle this problem through legislation of new standards and requirements. Perspectives from the workshop’s speakers will introduce best practices from the cybersecurity industry that could become a commonly-accepted standard for operators of such digital infrastructure, and enlighten public and private organizations on a systematic way to overcome these threats. As regulations in this area are just taking shape, participants’ questions and ideas have the potential to shape best practices and common standards internationally.
Description:
Globally, requirements of cybersecurity and resilience of Critical Information Infrastructure (CII) have been well-established. However, there are also foundational digital infrastructure components, such as data centers and cloud services, which would have a systemic impact on a country’s economy and society if disrupted. In a prominent example, a data center outage affecting Citibank and DBS, the biggest bank in Singapore, disrupted 2.5 million payment and ATM transactions. While this had not resulted from a cyberattack, it had nonetheless resulted in widespread disruption of banking services. Governments around the world have started looking at this problem, beyond traditional CII regulations. In the UK, the government launched a public consultation in December 2023 on ways to enhance the security and resilience of UK data infrastructure, addressing resiliency risks including extreme weather and poor information-sharing and cooperation across industry. The Singapore government said it is studying the introduction of a Digital Infrastructure Act (DIA) in March 2024, going beyond cybersecurity to address a broader set of resilience risks ranging from misconfigurations in technical architecture, to physical hazards such as fires, water leaks, and cooling system failures. Conversations in this area are still nascent, and there is a chance for the IGF to shape best practices and common standards. Lessons can be drawn from the cybersecurity industry, where increasing sophistication of threats has shaped modern approaches to achieve cyber resilience. One possibility could be an expanded role for national Security Operations Centres (SOCs) to monitor this aspect. With a workshop comprising regulators and thought leaders from the industry and governments, we hope to brainstorm ideas that will culminate in a white paper that forms the baseline for Digital Public Infrastructure under the UNDP, to serve as reference material for countries which are planning for laws to enhance digital infrastructure resiliency.
As many of the legislation on this topic are still in the draft stage, there is a chance for the IGF to shape the outcome of it positively, bringing in the perspective of the cybersecurity industry and its best practices. Discussions from this workshop will be captured in a white paper to form the baseline for security standards in Digital Public Infrastructure under the UNDP, to serve as reference material for countries which are planning for laws to enhance digital infrastructure resiliency. This will ensure that the influence of the workshop lasts beyond the session, and serves the global public interest.
Hybrid Format: The moderators will actively involve the participants in the discussion, for example through short online surveys at the beginning, after the initial statements and at the end of the session. The survey tool (Kahoot or Menti) can be used both by onsite participants and by online participants. This will generate additional personal involvement and increase interest in the hybrid session. During the "Roundtable" part, active participation is possible for both onsite and online participants, as all participants should actively contribute their ideas. Both onsite and online participants will have the same opportunities to participate. Planned structure of the workshop: • Introduction by the moderator • Survey with 2 questions • Brief impulse statements by all speakers • Survey with 2 questions • Moderated discussion with the attendees onsite and online –Roundtable • Survey with two questions • Wrap-up