IGF 2017 - Day 4 - Room XII - WS15 Learnings from Multistakeholder Collaborations in Cybersecurity Response

 

The following are the outputs of the real-time captioning taken during the Twelfth Annual Meeting of the Internet Governance Forum (IGF) in Geneva, Switzerland, from 17 to 21 December 2017. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid to understanding the proceedings at the event, but should not be treated as an authoritative record. 

***

 

>> WAN YI: Good morning, everyone.  This is Multistakeholder Collaborations in Cybersecurity Response.  There are 70 people that applied to participate in this workshop, but I guess this is the last day and the first session, people are getting lazy or they're queued up at the entrance.  We'll start our workshop.

This workshop will mainly focus on how government, academic society and private sector is working, collaborating, supporting, whatever the keyword is to approve cybersecurity readiness.  I'm Wan Yi.  I have been working in the industry for over 20 years, I have been in to the Korea Air Force military too.  During my service in KISA I was in charge of the critical information infrastructure protection evaluation of IT security products against common criteria and prevention of the security incidences, the monitoring side.

First of all, I would like to thank each one of you here today.  I expected a bigger crowd than this.  This is the last day, first session, so we're going to start the workshop.  Everyone should pitch in for the discussions and questions so that we can learn from your experiences also and also your input could be to improve our next year business projects also.

This workshop is cohosted by Korea Internet & Security Agency and one of our best partners, Microsoft, whose working relationship in cybersecurity area goes back to 1986 when KISA was first established.

Before we start, I would like to inform you, apologize, we have two missing panelists, one was from Oman called in to her office for urgent tasks and we have Charles Mugisha from Rwanda who is not here physically, but he said he was going to participate online, but unfortunately, we have not been able to connect him at the moment.  We're going to try to connect as we go along.

I would like to introduce our participants. 

We have Kim Jung Hee from KISA who will present on the status and prospect of threat information sharing with other countries.  She was head of the cybersecurity team, and is now director of Cybersecurity Intelligence Center.  Please welcome Mr. Kim Jung Hee.

Next, Charles Mugisha from Rwanda.  I will introduce him when he comes online.

 

then we have Dr. Jianping Wu.  Dr. Wu is the Chairman of Computer Science and Dean of the Institute of Network Science and Cybersecurity.  I just learned last night that he's the first one to introduce transition of the IPv6 in China.  Also he was the advisory group leader in incorporating CN CERT.  He was the advisory person there.  Welcome Dr. Wu.

Then we have Jing De Jong‑Chen, the general manager of Global Security Strategy at Microsoft Corporation.  She has 20 years of experiences in technology industry with domain expertise in global cybersecurity policy and strategy.

 

we have Charles Mugisha online.  Good news.  He's participating with us.  He has 11 years of experience in the Rwanda development world.    We have his voice.  We'll work on it so it will be louder later.  You have to use the earphone when he speaks later.

The Internet we use fully today, anywhere, any place at any time, it actually began in 1990s in United States where they wanted to create communications using computers.  Internet is incorporated in every aspect of our lives.  Internet is used to connect globally.  We could use Internet to send text messages and SMSs to the people halfway around the earth.

We have smartphones now, internet‑enabled devices.  When we wake up, we check our messages and the newspapers and then we turn on our music and go to the shower.  This is for everybody, in South Africa, wherever, we're all living in the same lifestyle.  We use smartphones for shopping, for everything.  However, to maintain, to provide   Internet services as joint effort for multistakeholder including public sector, private sector, academia, Civil Societies, furthermore, to provide Internet services securely and safely requires collaboration efforts and that's why we're here today. 

If we look at cyber incidents that we have seen over the time, it is not bound by the national border or division, that's the worldwide common problem to solve.  An attack we experienced in 2009 targeted 36 different legal services, and when we finally traced back to the hacker, we found out it involved more than 60 different servers located in 60 different countries.  It is not just one single effort to mitigate those problems.  It is the global efforts that we have to work on.

In June, 2017, a Korean company was attacked with ransomware.  There were 135 servers and more than 370 web customers were unable to access their Internet and they paid a million to the hacker in Bitcoins to receive the keys, and they received them but they were never able to decrypt all of the data.  Even though paying 1 million in Bitcoin, it didn't help the company.

Last year, 21st, October, there was an attack against the DNS service provider causing Internet services to be unavailable to customers in North America and Europe.  This incident, Internet‑enabled devices such as Internet of Things devices such as camera, Internet camera, TVs, home router, baby monitors, a large number of the devices in the attack were Korean devices.  If you look at it from an information security perspective, it is not just IC sectors we work with, that's the ‑‑ it is the manufacturers that we work with, it is the different conventional IT industry sectors that we have to work with.  So we worked with manufacturers on how to securely develop hardwares and also those who control the devices.  It is not just bound by the softwares of the IT Sectors anymore.

This year in May, we have seen ransomware attacks, and it started in Korea.  It was Friday night, everybody was out of office.  They did not have the computers turned on at that time.  During the weekends we were on the television news and we told them how to protect their computers.  We gave them specific instructions not to connect it to the Internet, disconnect the network cables and disable ports, Internet ports, and then install the patches before using the Internet.  The next morning I was fortunate enough to visit a small‑ medium‑sized company.  When I went there, in that company, in the elevator, there was a big note that says there was an incident. 

The CISO disabled all of the Internet connections of every single PC in the company.  On the task, it had specific instructions how to disable each port and then connect to the Internet disabling the ports and connecting to the Internet and doing the patches.  This is the kind of results we wanted to see working with the small‑ and medium‑sized companies.

Today, the main purpose is how to collaborate public sector, private sector, and small‑ and medium‑sized companies and certain societies.  By doing that, the security readiness of the participants, our partners, and thus be able to reduce attacks coming in from the partners where if there is attack coming from the partners we could at least have the channels to communicate with them, share the informations so that we can prevent the incidence before even happening and minimize the attacks when the attacks occur.

With having said all that, I'm going to run the mic over to Kim.

>> KIM JUNG HEE:  I'm grateful to be here to present the KISA effort in the cybersecurity world related to private sector.  

KISA has realized that the collaboration with the various stakeholder is important for cyber incidents response.  I would like to introduce KISA's experience with them, and I represent the main role of KISA and the collaboration status with the domestic and internationally ‑‑ international stakeholder and the lessons learned and the collaboration.

KISA is a government agency and we support the private sector with 100% and we have a mission to protect Internet user and business who provide online service for profits.  It is regulated.  In particular, three major things can be summarized in relation to our activities:

First, when there are serious cyberattack we work to build out the solution.

Second, security vulnerability, we work with the developer and the Internet service providers.  We encourage them to take action when the service has security vulnerability.

Third, when we receive the incident report from the Internet user, we provide online and offline technical support for them.  Based on these things, we support incident response analysis and sharing of information and prevention activity for the private sector in Korea.  Through this process, the cybersecurity ecosystem was constructed not only in the can and Internet user but also telecommunication companies, cybersecurity related companies and Internet portal, et cetera.

Collaboration example for each stakeholder is as follows:  We are working together with private company to help serve the technical security programs like security vulnerability check and systems for small‑ and medium‑enterprise.  We do joint cyber exercises and comprehensive review with private companies and cyber sharing.

Internet users, we're trying to raise awareness of the cybersecurity.  We call attention to measures for information security and the cybersecurity campaigns that includes the updates, password change and the personal data protection.  When the users’ devices infected with a malicious code, we activate a system if the users agree.  Through this, we can support not just threat but inspection and more.

We provide other security with the companies.  We have a joint response with telco to protect the experience and the malicious sharing to companies to update their engines and encouraging software developer and Internet service provider to fix their security vulnerability and cooperate in building programs for them.

It is important to know to propagate the serious incident mitigation guide.  They're a really important partner in our cybersecurity system.  Through this collaboration process, I think the cyber capacity and experience of KISA as well as the various domestic stakeholders have been improved and expanded.

There are many damages caused by things and at this time collaboration with other copyrights and global cooperation based on trust is very important.  KISA is actively involved in the incident response, incident sharing and capacity building on the basis of collaboration experience.  We share information on cyberattack with others, and we recently collaborated with each other to share ‑‑ as you mentioned the one incident ‑‑ the IoT repair and the supply chain of tech to take necessary measure.  In addition, joint through AP CERT and API education, it is conducted every year, trends, responding capacity with other countries.

We believe that the collaboration and cooperation enhanced ability to response to further cyberattack.  Typically we work with Microsoft through government security program TSP and the security and cybersecurity flow discussion.  We also work with the platforms like Google for responding to personal data protection and the malicious code on the Korean websites.

Through responding incidents among countries, we think it is very important to share and build cyber capacity continuously because circumstances and experience of each country are different.  We establish and operate global cybersecurity center for development to provide capacity training and technological consulting to the developing country.  We also have organized Cybersecurity Alliance for Mutual Progress for the Global Consultation Platform for Sharing Experience and the Information Protection Know‑How and the Cyberincident Information.  Through the collaboration activity, we felt the following: 

First, in order to respond to further cyberattack, collaboration for response and information sharing between the stakeholders is essential.  We have to do our best to build trust in a relationship with stakeholder.  Trust in relationship can make information sharing and collaboration easier.

Second one, the understanding of the various context, it is the key to collaboration because government and regulation and security protection measure and security industry are in the countries.  So sharing these experiences, it is a first step to understand all the context.

That is all.  Thank you very much.

    >> WAN YI:  Thank you.

This is very awkward.  Should we give her a hand?  It is too quiet for me.

Next speaker, Mr. Charles Mugisha.  He's online right now.  He's still online, right?

 Mr. Charles?

>> CHARLES MUGISHA: Hello.

>> WAN YI: Could you speak up a little bit?

>> CHARLES MUGISHA: Can you hear me?

>> WAN YI: We can.

>> CHARLES MUGISHA: (Audio quality too poor to provide transcription)

 

>> WAN YI: Thank you very much, Mr. Charles.

Don't leave yet.  If there are questions regarding Mr. Charles, I'm afraid we may lose him in the process. 

If you have any questions, please ask them now.

No?  No questions?

Mr. Charles, can you hear me?

>> CHARLES MUGISHA: I can hear you.

>> WAN YI: You said last year you had major incidents?  Was there support from international societies in mediating the incidents?

>> CHARLES MUGISHA: (Audio quality too poor to provide transcription)

>> WAN YI: Thank you very much.

Do not leave.  You are stuck with us until 10:30. Next speaker is professor Wu who will introduce human resource developments as Rwanda has stated they're one of the major interests as human resource developments.

>> JIANPING WU: Good morning.

First, the two speakers talk about cybersecurity response.  I would like to share the experience from China is cybersecurity, human resources, development.

Cyberspace is bigger systems and so far you cannot find really clear or unified definition.

Actually encoding so many things, right, but it is basic ‑‑ it is the infrastructure.  Encoding the ‑‑ all of the computing system, cellphone, the computer systems, super computer systems, so many softwares running the system.

Another important point is connect all the systems together to use the Internet.  Together is a very important infrastructure for the cyberspace.  There are so many really good topics so far, Clouding computing, Internet of Things, smart city, big data, AI, so many.  This is general to support all the applications, also running on the infrastructure.  Another part is the allocations, but the use, the general technology, so this is cyberspace.  Cybersecurity, it is all part of the cyberspace.  This is a very important idea.

The reason why people use so many ‑‑ people, the cybersecurity, so many of the security events that happen more and more, so from China, when starting the Internet in 1994, forcing them to go to China, it was an active network for us.  Two years later, commercial network is coming.  This is the networking.  In 1999 we set up the first in China for the academic network.  It was a simple security issue.  2002, the government set up a search, a national search in China.  The senior director is coming together whose responsible for all of the security issues to respond.

From 2008, China, you have the customers reaching number one in to the world.  It is very big and it plays an important role in the Chinese economic development.  We need all of the organizations, all of the stakeholders to participate in the cybersecurity issue.  Actually we also got from the government, they play an important role in this national cybersecurity opportunity.  This is a very important thing in China.  Sometimes it is multistakeholder, they fight together sometimes, and sometimes they cooperate with each other.  Right now so many companies relate to cybersecurity technology surveys and this is a bigger industry right now.

We have some basic experience from the cybersecurity response.  Also for building, that's the talk today.  The basic operating model, it is a shareholder collaboration under the guideline of the government.  There is still many problem.  The problem, it is a basic situation that's a passive response, not very strong, not very positive response.  It is a passive response.  The reason, we have a weak capacity of discovery in ourselves the problems of the cybersecurities.  Why?  Because China is a big country but very weak in technology country in the Internet.  Important things in capacity building, I believe it is very important for us.  Capacity to find problem, this is important, but right now so many security company folks find some bugs, a problem, and they cannot do more.  Why?  Because I just mentioned we're a weak technology people, weak technology country.  We need a very strong human resource, not only to find and solve problems based on concrete Internet computing systems, but also design most current systems.  This is important.  You can take note, the concrete company and organization, they try to find security problem from the architecture.  It is the computer systems and the software systems, hopefully we have more talent to develop a more secure system and this is important to take place.

This plays an important role in capacity building.  I would like to talk about the degree, not just the training.  The training is low level.  So many countries are training people, customers, development, so on.  From the country side I believe we have to have the education part.  I would like to talk about this.  Cybersecurity, in cybersecurity, it is a very old topic in mathematics for the wrong time.

In China, before 2013 cybersecurity is a granulated problem and so far almost 100 universities have undergraduate problem to get a bachelor's degree.  Right now, so many bachelor's degrees get to go to the company, go to the institutions.  From 2014 the government tried to apply and set up the graduate problem for the bachelor degree or PhD degree and they call cybersecurity.  This is a very difficult activity in China particular.  You could make the argument, so if so many people particular come from computer science, you cannot do that.  We take the one, two years to look at the difficulties and 2015, cybersecurity graduate problem for the   master's degree, it was approved.  So far the government has said this is a problem and probably this year we have ‑‑ it was an appointment for this degree, this education problem, but not yet.

This is the structure for the cybersecurity degree problem.  The main content in cyberspace, the fine parts are important.  One part, it is the cybersecurity formulation of coding, not particular in the coding contents, but also encoding ‑‑ encoding the architecture for the cybersecurity, also encouraging other kinds of basic issue, acknowledgment.

The second, it is the applications.

This is the important parts.  They use all of the parts of the cyberspace.

Another three parts is the important parts for security.

One is system security.  They talk about computer system, encoding hardware, software, also the environments of the computer systems.  Secondly, the network security, particularly the Internet security issue, encoding the major telecommunication security under DNS, so many Internet security issues.  A bigger one is application security issue so encoding all the application, it is important to systems and so many kinds of applications.  It is a total structure of the high‑level talent of the integration problem in China.

A few months ago I had a document from the United States government.  They have cybersecurity, and this document related the undergraduate experience program.  Not just for the graduate students, this is a situation, you need to take ‑‑ this is a document by societies and another two organizations.  This is important.  We need to have the collaboration with them.  I believe the capacity building part, the important part is human resource development, particularly as a high‑level talent.

This is my talk.

Thank you.

>> WAN YI: Now we have come to the last presentation from Microsoft.

>> JING DE JONG-CHEN: Thank you.  Good morning.

I agree with the previous speakers about the importance of collaboration between the public and private sector.  On behalf of Microsoft, I would like to share with you some of our programs and concerns as a focus. 

This is my first time at IGF.  I don't know how well you're aware of what Microsoft does in terms of security response, analysis and collaboration.  The main thing here is really the dealing with not only cybersecurity attacks, but really the breakdown in terms of trust and how the public can continue to use is the Internet as a way to communicate, to share personal information while you have so many malwares and attacks happening.  This is really a problem for us.

Also when we have the attacks, even though there is some increasing awareness between countries, sovereignty, developing national focus policies and regulations, but the cyber criminals, they have no problems of launching attacks cross‑borders.

There are two major types of cyberattacks we're dealing with on a daily basis:  One, cybercrime; the other, cyberwarfare.

As you see from statistics, there is more and more nation, state sponsored attacks, and particularly when the civilian infrastructure, hospitals, energy, many things that we depend on for the public services.  So Microsoft has been investing in cybersecurity in early 2000 and I spent the first half of my career in Microsoft focusing on product development and that's part of the early days of Windows, development for Windows '95 and we worked towards a goal of putting computer on every desk in every home and we didn't realize the security, it is actually the bigger problems as we go forward.  In early 2000 we started suffering from this massive amount of virus attack across the globe.  That's when we actually start to respond and take the threats much, much more seriously and we launched internal initiatives.

Our focus since then, how do we focus on developing trust of services and products we're producing and key elements, security, privacy, reliability, business integrity.

Our approach is really an integrated approach, we had the platform, Microsoft is known for not only operating system but a lot of our services, Cloud services and it is a platform for other application or value‑added services to be created upon.  We also look at how do we build security into the platform, and so there is very active investment in the security technology and for example in a windows ‑‑ for the Windows 10 system, you probably don't know there is a very important technology that we use called trusted computing which is hardware‑based security.  There is more than 300 security controls in the enterprise version of Windows 10 which you can set and control as part of the security and controllability. 

We provide free information for every version of Windows we develop and sell.  Since Windows 2000 ‑‑ and I know not many people are actually aware of this ‑‑ but enterprise actually deploys their internal security based on the guidelines and studying the system based on the security criteria.  These are things that are built in the platform.  We also develop intelligence analysis from the customer feedbacks and look at the patterns and work across the ecosystems and we team with up other countries with the tax signatures and we're getting more and more into the behavior analysis of a lot of the cyberattacks.

The last, not least, we work with many governments around the world with the cybersecurity policy.  It is very, very critical for a government to develop a set of security Best Practices, because governments should set example, whereas a role model of how to develop its own security Best Practice before telling the public what to do.  This is another part of the work that we're doing.

In terms of how we integrate the security into our systems, and here are some examples, we look at identity access management.  That's important, critical.  We look at the information protection.  More and more, the data becomes the critical asset in the digital world.  We look at the threats and how do we build the protection, and also how do we enhance the Cloud services, for example, to allow enterprise and also user to see who is accessing your data and how is the data being used so that you can increase the security controls of the organization.  Security management is also very, very critical.  We develop these services that has security dashboards so that you can actually watch all the activities going on.

Here is some focus areas.  Microsoft invests over a billion annually on security‑related work.

We also have about 3500 security professionals that focus on the security in various parts of the company.  Here are some of the centers that I want to call out.  You may have heard and may have seen activities and reports that come out for the Microsoft security response center which is responsible for coordinating the security incidents and release patches in doing the critical security attacks.  We also have centers called the digital ‑‑ this is where we interact with law enforcement to work closely with ‑‑ globally, and also with the CERT organization to look at the routes and look at things, for example, the bottom up kind of things and to help prevent and minimize the damage of the cybercrime using the law.  We also have digital ‑‑ these are some specifics of how we invest in terms of forensic analysis, and we have also over 100 trainings focused on this related work to use ‑‑ to see how the attacks are using the Microsoft names, it looks like it is from Microsoft but it is not, we use the legal means to pursue the attacks to ensure that law enforcement gets this and goes through the prosecution part of this.

We also look at the challenges on building capacity, and it is not apparent to a lot of people but in early days, when we would be in a country like India, others, southeast Asian countries, they do not have the means in the law enforcement economy to look at the digital crimes.  We organize and sponsor, and it is a tradition to train the law enforcement to understand how do you detect, how do you analyze, how do you study this digital crime and all of that.  We have seen the growth and capacity that's been built up in various parts of the world.  This is actually a tradition we're committed to continue.

In recent years, we included the CERTs, they're partners in providing more and more capacity training and capacity building effort.  This is responders, they work closely, also this other companies, larger ‑‑ they're larger, specific security companies looking at the threat patterns and here is a map that if you look at the various attacks and the global distribution of those, when you look at the global cyberattack, you have to look at it from the global space, it is not individual country, it is not ‑‑ where the cyberattack was initiated, where it was initially, there is no border, you could see the whole world in front of your eyes and it is very, very important for the government to keep that in mind when we regulate private sector on a national basis that you may forget that there are times we had to deal with global issues, not just in one country.  It would be very important for countries, nations, governments to work together to come to a common agreement and know that there is a Budapest Convention but not everybody signed up to it.  We are behind this global government mechanism to enable the law enforcement, enable the private sector to act in a more globally fashion to match the attack which is the global based.

The other part of the effort is the critical infrastructure, that infrastructure protection is more and more of a parody for many nations around the world.  It again needs to be based on a globular perspective.  It cannot just regulate on an individual country basis because while you're doing these protections, a lot of the attacks, they may launch from another continent and you don't even know.  Many times, you have seen the attacks and you see the controller is based in Europe and using the machines based in Asia and attacking America, vice versa.  So it is very difficult for the country by itself to determine where the attack is coming from, where it goes.  Once you have a national border in terms of the regulation, the data, the services, the problems, the cyber criminals, they have no problem with any of that.  They launch attack anywhere they want.  What really becomes an issue is that law enforcement has issues to prosecute or investigate any one outside of their jurisdictions.  We see that struggle all the time.  As a global services, technology company, it is our job to make sure that we assist and support effort, but at a national government level that's not something that the private sector can address.

We have proposed a Digital Geneva Convention.  You have heard at the entire IGF, there are many sessions talking about Digital Geneva Convention.  What we're looking at really is the countries, they need to come together to come to this agreement to enable a global approach to counter the attacks.  Also, in terms of the cyberwarfare, a nation in conflict, when you launch attacks to another country's infrastructure, we are against any kind of government actions attacking certain analytic infrastructure.  We need to protect the public.  We cannot tolerate the attacks bringing down the hospital regulations.  This is a real problem.  Our effort, it is to help and support the entire global community to work together to look at the attacks and also looking at some of the attack actors and to look to disrupt the services which was announced on December 19th, what we had done, we had a group that was ‑‑ we worked on how to dismantle some of the accounts and making sure that they can no longer operate the way that they are, at least not for a short period of time.  We expect that these sort of behaviors may continue based on the nation state's political objectives.  The Digital Geneva Convention proposal also includes the establishment of the neutral independent attribution organization that it can focus on these sort of issues.  Again, as a private sector, we work very closely with universities and governments on capacity building and also we're happy to consider how we can help women to be more involved in cybersecurity because very sadly, when you look at the stats, in cybersecurity, there is only 11%, had maybe even less.  This is on the U.S. side.

Women participation in cybersecurity:  You look at this room, you pretty much notice that there is very few women that are even present.  We're looking at working to cosponsor a Women Forum on Cybersecurity in Korea in March of next year in the celebration of women and the focus is to raise their professional profiles and trainings and to make sure that women is available and actively participating in this fight against cybercrime.

Thank you so much.

>> WAN YI: We have heard that the Internet is changing rapidly and it is complicated.  The devices, it is a major player.  A study stated that by year 2020 every one of us will own more than 6 different devices.  I think I'm pretty sure that each one of us in this room has already more than 6 devices.  Think of all of the devices sending out data attack packets to critical infrastructures, there is no way we could defend against such an attack.

Also, it is not just governmental issues, it is the private sectors that plays a very important role.  Looking at devices, the Internet cameras that's installed on Korean streets, they're not Korean made and therefore efforts within Korea is not going to help us, including control systems, scanner systems, if you look at all of the systems in place in the Korean critical infrastructures, they're produced in Europe and other countries.  Therefore, that's the cooperations that plays a key role in securing our infrastructure in the future.

Yesterday, I was reading through the Internet, and I came across a new word, R as a service.  Do you know what R stands for?  Then somewhere as a service, it is not just IS, or others, it is ‑‑ a criminal, attackers, they're sharing the information and tools to attack our infrastructures while information security officers, they tend to keep their information with them themselves so we don't want to share the information.  First of all, it is reputation based and second, we're not able to protect our assets and we're not doing our jobs.  We keep the information to ourselves.  I think it is very critical that we need to share the information with each other and, therefore, work with each other.

We heard a lot of experiences with working with others, and I just wanted to ask each participant ‑‑ before I go on, do we have any questions from the floor?

>> AUDIENCE: Thank you.  So my question is, as we know, you know, Internet, cybersecurity, it is a big challenge in Asia to interests worldwide, especially increasing the number of the Internet users across the world.  I want to know, what is the Korea government's policy and their strategy and what they're doing to create an operation and collaboration with other countries and Civil groups and enterprise sector to take action against the cybersecurity issue and terrorism on the Internet which is creating trouble for the world.

Thank you.

>> WAN YI: We're revising our national strategy.  An issue is that we wanted to include small‑ and medium‑sized companies and individuals that operate businesses.  Another thing, we wanted to work with other participants. 

One of the efforts, the Cybersecurity Alliances for Mutual Progress, there is more than ‑‑ close to 40 different companies and organizations that are participating in that program, and it was created about two years ago.  What we wanted to do is basically share our information with the participants and also you want to run ‑‑ not really sharing program, but I should say training programs to work from, but it is those training programs, they're funded by also ‑‑ cofounded by the World Bank. 

We have these programs, and at the moment we have groups and have elected the chairman of the subgroups and trying to define the requirements, what other participants are, what kind of information they need depending on which sector they belong to.  Once we define those informations, we want to share the right information with the right people.  In the future, we'll include advanced countries, United States, Germany, other advanced companies and we want to include global private companies.

I talked to Microsoft about this before about three years ago, and although global companies, they're willing to participate with us.  Those are the kinds of things we're working on at the moment

>> KIM JUNG HEE:  Additionally, in Asia, the Civil Society collaboration, in Korea we're having the discussion about personal protection use and the use of the identification.  The data, it is really an important asset in the IoT and the big data area.  There are open discussions as Civil Society and government and industrial side for finding the solution to protect.

Thank you very much.

>> WAN YI: We have a question from an Oman participant.

>> AUDIENCE:  This is a question for Microsoft. 

Microsoft issued a patch in February, 2017, however, they did not issue patches for Windows XP and other unsupported systems leaving thousands of users exposed when the attack hit in May.  How does the speaker justify this?

>> JING DE JONG-CHEN: Well, Microsoft is having a challenge facing all technology providers, it is how long do we support aged products.

Windows XP in this case, it is 15 years old.  When you think of the hardware devices, very few people in this room uses 15‑year‑old computing devices.  For some reason, XP stuck around.  That version of operating system, it was not before we could implement complete security.  There is a discussion on how long the operating system should be considered as trusted to run your services.  We understand and provided XP security patches as a model, and when we stopped in 2014 when we announced that it was a forced decision to say, you know, we need to stop continuing the XP support back in 2014 and we do offer paid services.  We have stopped the free service, but we have a paid service. 

Enterprise, they have choices to continue with the security support from the company.  We do realize that there be attack globally and we issued Windows XP patches when that happened.  Again, this is a challenge facing all technology companies when looking into how they can do a better job while you have aged systems in the ecosystem, how do you deal with this.

>> AUDIENCE: Thank you for the presentation.

I would like to ask in presentation, I feel that China emphasized the necessity of capacity building in cybersecurity solution or access development, however, I think that it is the dimension of the government, national securities and I'm curious what kind of work China currently engages in encouraging multistakeholder model in cybersecurity such as Civil Society?

Thank you.

>> WAN YI: How do you cooperate together, I believe it is ‑‑ you can give the answer better.

It is complex, the response.

>> JIANPING WU: I would ask the audience a question about China, in fact, the government for China, they pay much attention to the multistakeholder cooperation in cybersecurity.  China is also ‑‑ there is a lot of work in the multistakeholder, such as information sharing and the ‑‑ the information sharing and the threat intelligence from different ways, such as from Microsoft and many other places, including our own intelligence, threat   intelligence.  We enterprise to different organizations, to the government organizations so the multistakeholder, it is very important to the cybersecurity, not only in the U.S. and in other places, but it is also very important in China.

I believe that this is not only the work of the government, but also the work by the Internet, the Internet company, by the security vendor and other organizations.  It is also very, very important.  What we must know is what agency and cooperation is using cybersecurity of any countries and we must be together, including government, including company and the ISP and many other companies, they could keep the cyberspace security.  That's my answer.

I also ask one question, thank you to the panelist.  Thank you for the presentation.

>> WAN YI: We're running out of time here.  We're a full minute past already.

Thank you very much for the participants, especially the other speakers.

Thank you very much.

Mr. Charles, are you still there?  Thank you very much for your time.  I'll talk to you later.

Thank you.

Thank you very much.