IGF 2023 Town Hall #126 Who will attend to the cybersecurity needs of civil society?

In recent years investigations, in particular those conducted by Citizen Lab from Toronto University and Amnesty International Tech Lab, have revealed that civil society, activists, and journalists are regular targeted for intrusion by a range of actors using advanced cybersecurity tooling such as Pegasus and Predator malware. There is also evidence of a growing influence of Chinese industry in offering surveillance technology in African governments which is a frightening scenario as well. Those examples are only the tip of the iceberg of civil society digital risk. As a whole civil society organizations are increasingly under all types of attacks that can threaten also the availability and integrity of their systems, some for political reasons others as vulnerable targets for conventional cyber-crime. From attacks on their websites, crypto ransomware, theft of their computers or smartphones, non-governmental organizations are under immense threat. Staffed by small teams and often saddled with under-resourced operations most are in no position to repel modest attacks, much less ones using bleeding edge tools and zero day exploits. Moreover they are rarely in a position to respond effectively after incidents occur. Where are the Computer Emergency Response Teams(CERT/CSIRT) dedicated to civil society, activists and journalist? Who will help them when they face an emergency, an incident or suspicion of spying malware? Who can help them prepare their organizations and infrastructure to be more resilient? In the FIRST (Forum of Incident Response and Security Teams, first.org) list, there is only one organization in the world working from and for civil society: Access Now Digital Security
Helpline (recently "officially" recognized as a CERT/CSIRT and represented by one of our speakers). Such a large sector broadly devoted to humanitarian aid deserves better.
There are other entities trying to fill the gaps, from other non-governmental organizations to private sector entities offering free or reduced price services and even independent consultants, but the need is far greater than the collective capacity. Even with the recent arrival of CIVICERT (civicert.org), a network of Computer Emergency Response Teams (CERTs), Rapid Response teams, and independent Internet Content and Service Providers helping civil society respond to incidents, prevent digital security issues and detect surveillance technologies like advanced malware many are left with no recourse when facing a cybersecurity incident arrives. These existing support entities are seeds of a rich ecosystem, but we need a vast field of civil society digital security support mechanisms to bloom if we are to respond efficiently to all the threats civil society is now facing in using the Internet to help those in need and hold accountable those in power. It will take a unique, sector specific approach to meet the landscape in which civil society operates: high stakes information attracting advanced threat actors defended by sparse systems and small teams. What are the steps we can take to make all the actors of civil society truly safer in the digital realm and more confident in doing their work because they know who can help them in case of digital security issue? When will we finally empower civil society in the digital realm? What could be the states of states and public international organizations?
This TownHall aims at exploring the unique needs of civil society in receiving digital security support as well as presenting examples of emerging and existing organizations fully or part-time dedicated to addressing those needs. We will explore together what could be done to strengthen the existing organizations and create the full capacity that is needed in this large sector. We will focus on organizational, trust and financial aspects, and public policy making, informed by the perspectives of front-line practitioners from various stakeholder groups including a CERT, Rapid Response teams,private companies and also persons working in cybersecurity public policy (IGF, OECD). Many of our speakers are dedicated to responding to digital civil society emergencies, incidents and security issues, working for the same purpose, but from diverse type of organizations, perspectives and from multiple continents. We are excited to find the common threads in our experiences to help point the way to a better cybersecurity future for global civil society.

It’s going to be an interactive session participants online will get first call on questions to panelist after interaction. An online moderator will be fully alert to take questions communicating with the on site moderator.
Four of our participants are yet fully confirmed to be present in Kyoto for this IGF.