Internet Governance

Workshop 151: Cyber Security R&D: Developing a Vision & Road Map

It was a very bright and early morning, 9:00 a.m. on the first day of the IGF, in the Biblioteca Alexandrina.

Well, maybe not so melodramatic.

Organised by the Centre for Science, Development and Media Studies, (CSDMS) from UP, India, a not-for-profit research institution established in 1997, the workshop brought together bring together Cybersecurity production personnel, Cybersecurity researchers, and scientific application researchers from across the globe.

The Workshop’s purpose was to primarily identify the research needs and opportunities associated with Cybersecurity, focusing especially discussion will focus especially on those needs associated with supercomputing, user facilities, high-speed networks, laboratories, and other open collaborative science stakeholders.

Panelists who led the discussion were:

Tulika Pandey, Additional Director, Ministry of Communications & IT, Department of Information Technology, Government of India

Tracy Hackshaw, Republic of Trinidad & Tobago, Internet Society (ISOC) Ambassador

Sherif El Tokali, Assistant Resident Representative, Poverty Reduction, MDGs & Private Sector Team Leader, UNDP (Egypt)

The Workshop  sought to create a proactive and forward-looking approach to research and development in the Cybersecurity area from a rigorous analytical and technical basis that would stimulate new open science research directions and have a lasting impact on Cybersecurity.

Key Goals:

  • Identify the research needs and opportunities associated with cybersecurity for science
  • Gather future science cybersecurity priorities
  • Develop a list of research and development priorities for Cybersecurity R&D
  • Produce a report describing the results of the discussion, which will provide further impetus to the researchers and the studies in the field.

Tulika Pandey of the Government of India’s Ministry of Communications & IT opened the session by providing the platform for discussion. Ms. Pandey indicated in her presentation that there was an increasingly critical need to develop and new R&D Agenda for Cybesercurity. Why?

  1. Monitoring and control of various core infrastructure like electricity, water supply, and medical services are getting computerised, increasing their dependency on ICT
  2. The emerging information infrastructure differ radically in scale, connectivity and dependencies from traditional structures
  3. Communication systems are interconnected resulting in global interdepencies and vulnerabilities including threats to the national systems
  4. Protective measures require continual technological improvements and new approaches to minimize threats on ICT

Internet Society (ISOC) Ambassador Tracy Hackshaw from Trinidad & Tobago – a Social Psychologist by training – sought to tackle the issue from a non-technical perspective. He also sought to highlight the perhaps unique needs of Small Island Developing States (SIDS) where Cybersecurity issues may have deeper  and somewhat submerged dimensions, therefore requiring a multidisciplinary approach to R&D.

Mr. Hackshaw’s presentation argued, that in order to develop an effective global Cybersecurity R&D Agenda, the unique needs of SIDS needed to be factored in which include, inter alia:

  1. Social & economic dislocation
  2. Cultural Contestations
  3. Subjectivity of security
  4. High technological barriers

By referring to the case of Trinidad & Tobago, he suggested that the major research question for Cybersecurity first recognize that:

Technology WILL advance and along with it, the technological sophistication of Cybersecurity threats – this is certain

With this recognition, we neccessarily have to ask ourselves:

How do we reconcile the fact the human behaviour is inherently unpredictable and irrational, despite the best social & economic theories to predict same?

Mr. Hackshaw’s recommendations therefore were to develop a Research Agenda which engaged BOTH the qualitative and quantitative study of issues surrounding four (4) key dynamics:


Sherif El Tokali of the UNDP Country Office in Egypt presented a detailed examination of the current trends within the Cybersecurity R&D sphere and by linking the Egyptian experience with the wider international sphere also called for a multidimensional approach to counter Cybercrime.

Sherif identified three (3) broad areas of Cybersecurity threats:

  1. Threats to individual users through viruses or identity theft, spam, spyware or pop-ups;
  2. Threats to businesses, governments or other organizations through exploitation of vulnerabilities in their data storage, industrial espionage, system downtime, etc. and;
  3. Threats to critical public infrastructures, including electronic communication networks, financial systems, emergency services, navigation systems, electrical power grids, air traffic control, water control systems etc.


The ensuing discussions took on a interesting slant with the call by Mr. Hackshaw for a more localized approach to Cybersecurity finding support from representatives from countries like Mauritius and Mexico.

Indeed, and to this end, the discussions moved swiftly and fluidly from the theoretical to the practical as participant after participant spoke to the peculiar issues in dealing with Cybercrime and Cybersecurity in their jurisdiction. Some of the core themes included:

1. The need for international capacity building and knowledge sharing in the area of Cybercrime/Cybersecurity policies and legislation – reference was made to the toolkits and model laws produced by the ITU and Commonwealth Secretariat (for example);

2. Knowledge sharing regarding practical solutions employed by the public and private sectors to combat Computer Misuse and Credit Card Fraud for example.

Perhaps the major or central outcome of the Workshop could have identified by the need to examine Cybercrime from a non-traditional viewpoint … is Cybercrime and Cybersecurity therefore uniquely different from traditional crime and will different approaches be required to not only protect, but also to develop proactive strategies to mitigate against the potential risks?

A Cybersecurity R&D Workshop participant poses a question to the Panelists

Comments from the floor during Cybersecurity R&D Workshop, November 15, 2009 at the IGF 2009

The IGF 2009 Cybersecurity R&D panelists consider questions from the audienceComments from the floor during Cybersecurity R&D Workshop, November 15, 2009 at the IGF 2009