The following are the outputs of the captioning taken during an IGF intervention. Although it is largely accurate, in some cases it may be incomplete or inaccurate due to inaudible passages or transcription errors. It is posted as an aid, but should not be treated as an authoritative record.
***
>> LUCA BELLI: Good afternoon to everyone. My name is Luca Belli, at the Center for Technology and Society. I am one of the co‑founders of the DC3, the Dynamic Coalition on Community Connectivity, which is one of the organizers of this event.
We have organized this together with another coalition called Dynamic Coalition on Data‑Driven Health Technologies led by our friend, Amali Mitchell and our panelist Amado Espinosa, who should be online.
If we can have our online speakers on the screen so we can have a nice family picture. They should be Amado Espinosa, Houda Chihi, and Leandro Navarro. If we could have them on the screen, that would be useful. I'm going to quickly present the speakers and then quickly introduce the team of our session so we can start our conversation.
We have here starting from the left Renata Santoya, who is working with the International Affairs Department, the regulators. Welcome, Renata. Then we have Talant Sultanov, who is Policy Advisor for the Global Digital Inclusion Partnership, the institution I have the great pleasure of sitting on the board of. Welcome, Talant Sultanov. He is also a member of the MAG, the Advisory of the IGF. Then we have here Osama Manzar, that doesn't need introduction for those who are in the connectivity field. So he is the Founder and Director of Digital Empowerment Foundation, and he also is a senior fellow (inaudible), leadership program of the U.S. State Department. He is also advisor to (inaudible) funds and many other interesting hats, having connected more than 35 million people in India.
Then we have our online speakers. I hope they are already here with us. I see on top of my head on the screen our friend, Leandro Navarro. It's a great pleasure to have you with us even if only online. He is co‑founder of WEOG. He is one of the most well‑known academics in connectivity networks. He also is a member of the Gifi Net and community networks and has done a lot of very interesting work and started social cultures, the internet task force, global access to internet for all.
Then we have our friends from the data Driven Health Technology Coalition. That will be part of the second segment of our session. We have Amado Espinosa. He has a strong medical, infomatics background, and he founded the institute at the University of Guadalajara in Mexico. Then we have Houda Chihi. I'm not seeing them on the screen, but I hope they will arrive. Houda is from Tunisia Telecom. She's a senior engineer. She is also an expert in interconnectivity, of course, and cybersecurity.
Now that we have introduced all the speakers, let me provide an introduction in regards to the team of today session in two parts, more or less.
The first one we will present some of the findings of this book let that you can find here and also available online on the IGF website. You can freely download all the reports. This year’s report is dedicated to cybersecurity and community networks. Over the past almost ten years, nine years actually, we have been working on a lot of different issues exploring community connectivity. So for those that are new in this field, let me just remind that community networks are community‑driven, bottom‑up crowd source connectivity initiatives that are usually built in remote area, rural area, or peripheral area. So low-income area. As an alternative option to connecting the unconnected or to provide better connectivity to the poorly connected.
They could be developed by local communities, group of individuals that have no technical expertise at all. They could be also driven by local administrations, local entrepreneurs. So it's really ‑‑ the beauty of the community network is that it is an effort driven by the local community for the local community. We have explored over the past years which are how to build community networks, how to regulate them, which funding models are more appropriate for making them sustainable. What is their impact with regard to the promotion of human rights? What is their impact with regard to promotion of digital sovereignty? They are a very good example of community‑driven digital sovereignty meaning the local community's understanding how the technology works, developing it, and regulating self‑regulating it.
Something that we have not analyzed yet until this year are the cybersecurity implications of this. It's a double‑edged sword to some extent. The fact that the infrastructure is created by people that do not necessarily have a strong technological background means that a lot of open-source infrastructure is used. Maybe not a lot of knowledge as regards existing legislation that can impinge upon infrastructure, like technological regulation, but also, we will see data protection regulation that must be complied with and create some cybersecurity issues.
So as the beauty of the community network, the fact that they are community driven, can become a vulnerability. The fact that the infrastructure is built without thinking to bad faith actors that can hack the infrastructure, that can transform the infrastructure into a bot net or an easily targeted distributed service attacks, the fact that even very basic controls of information, security, such as knowing which kind of software you're utilizing, knowing which kind of data you are collecting, having a resiliency plan, having a plan to recovery when you will be attacked because we know very well that pretty much any kind of digital system at some point will be attacked. So if you don't have a recovery plan, a resilient strategy, you are very likely to be highly disappointed.
So these are very similar challenges to what community network face to what also we will see in the second segment, digital data‑driven technology and health ‑‑ (silence).
These are very different types of resources as well. Remember, community networks are community‑driven. They are not necessarily driven by people with a lot of resources and with training on cybersecurity or even with legal training. Some of the points that we raise in the book is that there are almost 160 countries in the world that have data protection laws, and if you don't comply with it, you are ‑‑ you may be not only liable according to civil law, but in some cases even responsible according to criminal law.
When you create a network and you don't consider applicable legislation, basic data information security policies, resilient strategies, plans for recovering case of cybersecurity, mapping the kind of software and data you have at your disposal and under your responsibility, those are all potential systemic vulnerabilities.
Now, after this very long introduction let me give the floor directly to our speakers. We had planned to start with Renata, but as Osama, who is a very busy man has to leave us in 15 minutes to go to another session, I would like to redefine slightly our agenda starting with Osama and then going to Renata, hoping that she agrees with this. Osama, it's a great pleasure having you with us again. The floor is yours.
>> OSAMA MANZAR: Thank you very much. Everybody who knows our work will not expect anything technical that I'm going to talk because I don't know the technology. We work with communities. I want to give you a little heads‑up on this chart. This chart is basically the geo map of all the community networks we have done in the last 15 years. In India there are 280. There are many more, but we have been able to do it, and Luca has been able to look at many of those networks and document it also.
So there are three things that I want to say. The Internet is global, but users are local. Again, the internet is global, but community network are local. Not only local. It's hyperlocal. Not only hyper‑local, but it is used by those who are otherwise unserved by the telecos. Unserved by ‑‑ underserved by any of the normal telecom service providers and, therefore, these are the people who are nontechnical, but still user and the provider of network of such people are somebody who is also having to be appropriated locally so that you can manage network.
I just want to give you a scenario that we go to the village. We find that they're not connected. Then we build capacity. Then we involve them and then build network or Wi‑fi and then towers and then we also, you know, work with them how to take of network.
Now, the cybersecurity is the latest elephant in the room of all those people, right? I'm talking to you everything not from the technology service provider or the server provider, but the people. I'm first‑time introduced to my network. I'm getting a message. I'm sitting on a computer and working, and my service provider is not AT&T or somebody else, but somebody very local. Then I get a message which says, Please click here, and I click that, and I lose money from my bank. Right?
Then another friend of mine, who is actually had no jobs is now working for similar kind of job who is actually making people fool locally and actually doing sign cyber frauds by sending you information and they are getting messages and since you are first‑time user, you are being very naive and very simple that, oh, some messages come, I must act.
>> Just to stress, this is a hypothetical friend. He is not describing an actual friend E friend.
>> OSAMA MANZAR: If you come to the next session, I'm going to describe in detail. I'm saying that cyber‑safety, cybersecurity from the technical perspective but from the user perspective, what is the behavioral change required? What kind of critical digital literacy will be required from the user is the biggest issue of this area. Somehow most of the work that is going on in the cybersecurity, cyber safety is very technical as if we think that only fire wall will solve all the problems or we think that just identification of something or data protection will solve all the problems, but actually it will not because I as a user even without violating I'm getting fleeced. I'm being compromised. I'm being trolled.
My online data is something ‑‑ I'm a member of a matrimonial site. I've given my face and everything, and then it is just taken from there. You are sitting just in the corner of a village, and you have no idea how to deal with this one. When you go to Cyber Crime Office and do the complaint, they say that even we don't know how to trace such people. You know, where are they?
I'm not trying to give any solution, but I want to tell that the cyber safety, cybersecurity, and cyber data protection is not only a subject of top‑down model. It is a subject of bottom‑up social and behavioral norms based cyber capacity building. Somehow that is not taken into consideration in most of the planning.
When we are working in an alternative community network or providing a last mile access, it is very important that we have our own capacity building framework, we have our own content, we have our own local hyper‑local, contextual content to make people know what are the dos and don'ts of being connected to be cyber safe, to be cyber‑preventive rather than curative. You must know what are the things that we need to know.
That is what the experience that we are doing in many of our communities. There are three things that we are doing. Number one, we are trying to see if woman could take the responsibility of the hyper‑local situation so that they do not indulge into unnecessary information flow than what is needed. Education, domestic issues, business, day‑to‑day life, and all that. The second thing what we are doing is that we are creating hyper‑local information trustees, which you can say information trustees are describing them, but we are trying to create a situation that they become local fact checkers. They actually tell what are the dos and don'ts of the people who are coming to the center or the place where they get connected.
The third thing is that we are doing a role play of cyber safety security by doing street plays, by doing local language, oral content so that it can be disseminated with lots of people.
These are the things that I want to share, but basically trying to highlight that the global technology, the global access issues, the problems are always local. When we are talking about cyber capacity we need to have a local solution. Thank you.
>> LUCA BELLI: Thank you very much, Osama, for these very important words. Again, I think that this is a very key message, and it comes in a current way in the cybersecurity discussion about cyber hygiene, capacity building. At scale we have reports by Microsoft saying that more than 90 percent of cyber incidents actually happen because of phishing and for considering what ‑‑ usually it's considered the weak link, which is what stands between the screen and the chair, the human, but actually I think that one can reverse this logic through education and capacity building.
The individual becomes the strong link. When you are the ones understanding and even basic things about cyber hygiene, like do not use one, two, three, four, five, six as a password, which is still the most used password. Again, if you understand this, you really go very much farther than at the very early stage, especially in community network where those who are connected are frequently unconnected. Really it's the first approach with technology we have.
Now, I would like to give the floor to the regulator he. There is a lot of norms in regulation that people need to comply with, and it can also to some extent guide them in the definition of their policy architecture and practices. So, please, Renata, it's a pleasure to have you. The floor is yours.
>> RENATA SANTOYO: Thank you very much. Thank you very much, Luca, and for having us here and inviting us. I'm speaking from the perspective from the telecom regulator. First of all, I would like to do a very brief historic about an update about our history community networks. It was something we started being more involved from 2020 when we had a memorandum of understanding with U.K. and we did work with our partnership with APC. We had very interesting outcomes as policy briefing with the framework from the regulatory status and also a manual with lay people. It was very interesting because we had the opportunity to teach and help communities that don't know anything about connectivities or how to deal with regulators to construct their own community network and how to deal with regulator. That's something very complicated sometimes, which license they need to take, how to use the spectrum to not break any rules. So it was very interesting beginning.
After that we had the opportunity. We had under the presidency of one of our Commissioners, and they did this work for two years. It was very interesting because they had to go to make some regulatory adjustments hearing from network representatives, ministry of communication together and also service providers. It was very interesting to map all the situation and what kind of regulatory measures we need, and it was necessary.
Very recently, like two weeks ago, we had the temporary community. It became permanent community. We have now public consultation. That's also a space to hear from the whole civil society, all the actors in this environment. Considering the results of this community, the intention about this is continuing this important work, improving and solving a lot of remaining difficulties and challenges. I can highlight some examples of the proposals we are doing.
First of all, it's interesting to remind that we have a very asymmetric relationship with this comparing community networks to big providers to small providers because we are not treating them as an equal. So it's a possibility to develop more and more the community networks.
In this public consultation that it's now for 45 days since December 5th. They have the proposal about anticipate some benefits of the new act of authorization of users radio frequencies. Also, evaluate adjustments in the regulation on the Spectral use to address possible between the implications that community networks that we should implement in Brazil and the destination of the frequent band of interest.
About foundings we forward the management board of telecommunications services and universalization fund. It's an old fund that we have, and it's very difficult to use. They had some change in the law, so we are trying to use it more and more each day for useful things like community network.
Also, prioritize the ‑‑ not with fines, but with obligations to do and prioritizing specific actions aiming at the population served by community networks. It was possible that we have a lot of challenges, like often resources is one of them, regulatory barriers to establishment of networks, difficulty in mapping the benefited communities and geographic isolation, and, of course, cybersecurity.
About cybersecurity we have a specific regulation for the whole ecosystem in cybersecurity, and security, of course, is a priority for us, especially for our successful model of community networks.
In August of this year we revealed the cyber regulation, and anything we have in this review, it's about the telecommunication service providers. They need to communicate any accidents, security incidents to the national data protectional authority. This includes community network. That's the way we think we can maintain all the principles and guidelines that apply to all the actors in the ecosystem, large, small providers also community networks. We believe that this way the ecosystem can flourish.
But they're still being treated as an asymmetric approach. Then we can also apply the same rules, of course, because they are, like, for us restricted interest, for example. They have a license that privately service and big providers are collecting interest. They don't have the same obligations, so it's something to help and to foster the development of community networks.
So the principles were maintained, but as well as the asymmetry in processing the regulation of cybersecurity. So we also to materialize this resolution of cybersecurity, we develop a guide, some guidelines that are very interesting of cybersecurity regulation that applies to the telecommunication sector and approved by the cyber resolution emphasizing the adoption of good practice and national and international standards related to cybersecurity.
It's all available on the internet. It promotes the dissemination of a culture of cybersecurity and a safe and sustainable use of telecommunication network and services. This was a work that was developed for our cyber working group, and they prepared also another guide. This one is for basic guide for ‑‑ it's more accessible for lay people. We have also another one that incentivize the security by design and developed the softwares, but in this basic guide, that's the first one I was talking about, you can have instructions like data protection, access, and account control, monitoring your account, data backup, and all this. A lot of different instructions just to help.
Also, in the same way about literacy we have a partnership with OES and Cisco Academy to capacity building and to also help to teach how to be more safe when you are navigating on the connected internet. I think we believe that all these guides and this partnership with acted E academia, with courses, we kind of lead to us the meaningful connectivity and helping us in teaching people how to use internet because that's I think the third pillar. We kind of talk about infrastructure and then security, and now we need an effective way to use community networks and have the best they can give ‑‑ they can give you the best performance. (Silence).
As our friend Osama said, it's not top‑down. We need to do all together just to see what's the real needs we have, and we are also involved in this partnership connect and ITU. We did a pledge about community networks to being followed on WSIS this year. It was very interesting. It is also on internet.
I think for now it's ‑‑
>> LUCA BELLI: Thank you very much, Renata. Very interesting to understand that there are very few regulators in the world that have had this proactive approach to engage with community networks, understand them, reduce also the regulatory barriers and facilitate them because what we have been discussing over the past ten years is that, of course, you could not have the same regulation for enormous tech giant ‑‑ sorry ‑‑ telecom giant, telecom operators, and small ISPs, micro‑ISPs or nonprofit ISPs. It's very important together with a few others that has had the sensitivity.
Now, a very frequent problem in cybersecurity debates is how to identify users, how to make sure that they are not bad faith users or they are the real user that they claim to be. Here I wanted to bring to the floor the work that Leandro and his colleagues have conducted and is also described in this booklet about decentralized digital identity and very viable credentials for members of community networks, which is extremely interesting because it gives us an approach and understanding of how technical solutions, even not particularly expensive technical solutions, can be used to enormously help people engaging with community networks. So please, Leandro, I hope you are still here. Yes, I see you now. Can we unmute Leandro so that he can present? Welcome, Leandro. We can see now your presentation almost. Yes, we see it on full screen. Can you speak?
>> LEANDRO NAVARRO: Yes. Do you hear me?
>> LUCA BELLI: Yes, we can hear you loud and clear.
>> LEANDRO NAVARRO: Wonderful. This is the presentation, but this could be sovereign digital identity and verifiable credentials for digital communities. This is the work of partly funded by our mission, but as you see in the heading, several communities, several organizations that went in. Just to give you a bit of definitions, we are talking about digital identity of ourselves. Ourselves or content or organizations that they want to be identified in the cyber space, let's say, and then there's a concept called decentralized identifiers, which allow you to have different identities, different tags, whatever. Once you have an identity, people, organizations can say something about you. Like, for instance, you as a member of a community, this is your education. You are a vulnerable person and you are from an NGO that knows your situation, something like that. In the end whether it plays, so this is a upstart.
Then I'll give you an example. For instance, this is one of my multiple identities. [email protected]. It's a community approach that we collect second hand devices for community members to be connected because to connect to the internet, you need a device. This is my GPT key ID in case you want to check my name that comes clearly from me or someone else.
The idea is it could not be exactly like that formally, but it may be Leandro at GP user.org. From that you could find out my public key, whatever, and then verify that I sent it to you.
So decentralized ID world, there are methods for key, and here you have your public key embedded in this long name or identifier, but there is also the web method to kind of encode let's say web E website which identifies my personal identity in a given network.
Then you see an ugly kind of structure. That is a structure like you imagine where there's a part that says who is saying what. This is the Gifi Community Network that is saying that we as a subject that I'm this person with this identifier as member of the internet community. Then there is a signature, which allows the third party to verify that whatever is said here, who issues the credential, who is the subject of the credential is valid because there's a signature in it.
This technical description of the data structure, but imagine that we have a batch like this as a community member of internet. You can scan it with the code. This is my email address and public key. Okay?
So what we can do with this? We can talk about the properties, the rights, the different aspects. What we try to do in this case is try to develop open source server that works and that allows community networks and other type of communities provide the services on their own. Then you can see that there are strange concepts like the issuer of an organization that says something about me, for instance. So I have whether they can hold these data structures, these provincials and then different elements. I'm not going to enter into the discussion. If you want to know more, we have our let's say public repository on Github. You can leave us a star if you like it, and also, this is our development repository.
I can tell you a bit more about the pilots, the communities we've been working with. The first ones are three NGOs. The first is the NGO I was a co‑founder.
(Silence).
‑‑ for using the identity, which we provide ourselves. Or there is another NGO, Setem, also in my neighborhood, let's say. They can use these credentials to access other online shops from other NGOs and a federation that ‑‑ a federation of NGOs that provides different credentials for where they go and apply for funding. They can now accredit that they are members, and they can provide these credentials to confirm that this is sure and verifiable.
One thing I think that's an interesting example is this cooperation between Pare Manel. It's an NGO that works in neighborhoods, in vulnerable neighborhoods, and then in all the families they issue credentials for them. They might not even have legal ID at the time, but they can have an accreditation from this NGO showing their level of vulnerability so they can use this credential and go, for instance, to the different community network or to cooperative that provides telecom services and submit that credential, and this third party, the verifier, will be able to see that this is a viable person according to the criteria without revealing details about them and with the signature that allows to see that it's not themselves who claim being vulnerable, but there is a well known NGO that accredits that. The same we do for giving computers, laptops to families, children, that need them, and then we manage these kind of multi‑organization identity systems in the community.
So with this, you can slow that you are a member of a he certain community. You have a credential from someone else and go to third parties and prove that this is true.
This model is based on the European block chain services infrastructure or identity infrastructure that is a bit complex, but you see that they use public registry of actors, and, well, I can have my own credentials issued by imagine like an NGO that has been accredited by the government or whatever. Then you can submit my credential to any organization in, let's say Europe, and be able to prove that this information that I'm submitting is valued and correct.
Even though I have a legal identification myself, so that's a self‑summary part of it. We have seen what's responsible to make it work and is complex, of course. Then, well, I mean, just that many things about the challenges, of course. We are not finished with this. We are just started one year ago. Then, well, it's difficult to move for adoption. It's difficult to manage government issues. Specifically to maintain the software and make it interpretable with the third parties and especially with public (inaudible) participating, and there are things to do in the future and keep working with the communities to understand the needs and to address them and to be able as we solve the problems on your own on using free software that enables people to solve their problems with maintain the means to (inaudible). Not only digitally, but in the community, but providing for our services to them. Any comments or questions are welcome. Thank you.
>> LUCA BELLI: Thank you very much to bring this very interesting initiative in the picture and also highlighted the challenges, right? It's still a work in progress, and one of the challenges also is to make this adopted by the community members and to educate them in order to understand that there is this solution for a problem.
As we were mentioning at the impinge of the session, the education, capacity building, and cyber IDing to some extent. It's good that we have been speaking about the cyber education and cybersecurity and capacity building. Please, the floor is yours.
>> TALANT SULTANOV: It's a pleasure to be here to present to the public. I'm wearing the hat of a global digital participation as a policy advisor, and I'm happy that Luca is a good member, and this organization is presenting women in digital technology implemented by several organizations. Osama is on the advisory board. Two of my bosses are on this panel, so I better give a good presentation.
The GDIP and ‑‑ (inaudible). The five biggest issues were gender gap, and two are related to one is access and affordability, and the second is safety and security. I'm glad that the decision that we are talking about are two issues. In Kyrgyzstan we have launched community networks, and we call Osama the Godfather of Kyrgyzstan's community network. We can say plus two or three in Kyrgyzstan to this map.
Once we are connecting the people to the internet for the first time, they are very trusting of the internet. Necessity believe everything they see. They believe the people who are there. We felt the responsibility that if we are helping people to get online, we should equip them with information and skills on being safe on the internet. That's why we in parallel launched the project called Tech for Society or Technology for Society where we have initiated solo activities. Someone a help desk where citizens and civil society organizations can call and get advice if they are having any issues with cybersecurity, and the logic here was that, for example, private sector can hire cybersecurity experts the civil society organizations and ordinary citizens sometimes are often left vulnerable. With that we should also help protect through the help desk.
Second activity that we are doing is cyber hygiene trainings and training of trainers in local levels so that then they can continue helping the local communities. The way we are delivering this message is oftentimes through traditional storytellers because we are, as Osama mentioned earlier, working with rural communities. For example, the storytellers will explain in very basic terms what cyber hygiene means. One storyteller said when you leaf your house, you lock your door not once, but twice. Your door and the gate. Same with the password. You should have at least two factor authentication and a very strong key. Otherwise, your phone can be broken very quickly.
In addition to these activities we are doing also research. One research we did is on cyber forensics. We wanted to see if government is actually prepared to deal with cyber crimes, and we developed some recommendations for our policymakers and regulators in this area.
Not to take too much time. I just wanted to conclude with several principles that we have been using in our work. One was rural first. So all our work is focused on rural communities. Second is local language first. So there are a lot of materials if you speak, for example, English or Russian is a lingual (inaudible) for us. We've been doing a lot of things in the Kyrgyzstan language, and then we have centered around girls first. In all the activities we've been designing, there should be convenient, safe, and interesting to girls and women in rural communities so that they could be better protected.
With that, I would like to conclude my part and be ready to respond to questions later on.
>> LUCA BELLI: Excellent. As the next segment of the session will be primarily dedicated to data‑driven technology, I think it would be good now to open the floor for comments, reactions, questions from the floor. If you have any, feel free not to be shy and to raise your hands and ask if a microphone can be ‑‑ yes, we have a question here. Three questions. Could we kindly ask to ‑‑ I will give you my mic because ‑‑ can we bring a mic for the ‑‑
>> Thank you for a nice presentation from everyone. I have a question for Renata. I don't know if I'm pronouncing it right. I'm interested to know, look, what kind of cybersecurity model have you implemented? You have experience and you have put the story for your ISPs was nice, but I'm curious more on what kind of models have you implemented in the regulatory processes?
>> RENATA SANTOYO: Thank you. Actually, as a regulator in Brazil we have a working group in cyber because we are not really responsible for cybersecurity, for example. We are more focused on cyber safety.
We have different institutions, and each one of them has different responsibilities. We have the RME with the responsibilities. We have presidency with their responsibilities. Specifically we have focused more on safety.
As I told you before, you have this manual with some guidelines that try to educate. It's focused more on meaningful connectivity as trying to open mind to help to defend yourself when you are using, the basic risks, the base cares you need to have. As a regulator, our responsibility is more focused on this.
>> Are these materials openly accessible to public?
>> RENATA SANTOYO: Yes, it is. I'm not sure if it's on our website. Anatel is the name of the regulator. I'm not sure if it's available in English, but yes, it's all available. I can ‑‑ I don't know if I can share. I can share with you after the session, no problem.
>> Thank you.
>> LUCA BELLI: Can I just make a quick compliment also to mention that besides making sure that equipment that is used in Brazil is the role of Renata. The regulation on cybersecurity in the telecom sector that defines specific obligations, such as having a cybersecurity policy or having audit of your achievements or changing the password. Some of the largest attacks was in Germany. It basically infected one million in one weekend because they had cap default bass word, and this was very easy for attackers to identify employ then to penetrate network.
Having an obligation, regulatory obligation, to change this is a very simple step that makes a huge difference. That is, again, most of the steps that my pleasure increase cybersecurity are not rocket science and having a regulator that prescribes them is an enormous step forward. I see there is another question there, and then this gentleman here.
>> Yes, thank you. I'm a consultant in the Netherlands, but I run one of the dilemma coalitions here on internet standard and safety. I think it's exactly what we're trying to promote what you have been saying.
No matter how good the initiatives we've been hearing are, this one girl and the whole village is still a block net. Yes, we have to train at that level. At the same time they're vulnerable because the service providers do not have a routing security or do not have a DNSX security or don't have whatever. So people can be attacked where they don't have any influence at all. I can't change my network to DNS Security or put in a routing security or whatever.
So I think that that is where other institutions have to become more proactive to not perhaps regulate in a traditional sense with fines or whatever, but in the way to expose weaknesses in networks. I'll make a little promotion here. I've been asked to become the coordinator of the community that's going to be started next year on internet dot NL. It's a tool. Look it up. Internet dot NL and then put in your local bank, for example, and see how secure it is or isn't.
If we bring organizations together, that's going to implement this tool, it's going to expose the weaknesses of your institutions and of your internet service providers, et cetera. That also means that they become accountable because it becomes visible. We have to train people not to be gullible, but on the other hand, we have to make the tech organizations, whether they're small or slow, big or small, more accountable to the tasks that they have and one of them should be protecting us as entities.
So the way you move forward for this initiative, I would suggest that you have these two components in it. You keep training. Tremendously important, but also start exposing. That way you expose. People become accountable. Thank you.
>> LUCA BELLI: These are comments that are actually perfect. If you want to add an additional layer on top of your comments besides training and also making accountable is also in my experience also facilitate to some extent the creation, the integration of this practices, whichever costs. Let's also be honest about it. The reason why most devices or most services may not be cyber secure is because cybersecurity has a cost, and the consumer do not perceive this as a criteria of quality. When they buy something, they want a shiny features. They don't necessarily want the most secure object or service. The more object or service, if it costs more, they will go for the cheaper one.
If you want to apply this logic to community networks, they are usually created with very cheap Wi‑fi achievement, and not necessarily the most secure, right? So something that actually is very interesting in Brazil is that if you have costs for cybersecurity, now in Brazil you can ‑‑ you can declare them in your fiscal declaration as costs that reduce from what you have to pay. That's an enormous. Very few people know it actually in Brazil, but actually if somebody becomes a fiscal advantage, then more people will do it because people ‑‑ I mean, from the individual to the large corporation, the rational is driven by cost. If something is very costly, even if it is the next something, most people will not have the resources to do it.
I think that this is very interesting, this course, also the fact to help facilitating and the result with financial help or tax cuts could be very interesting for a further element. Yes, sir.
>> Thank you for the lecture. I'm from Liberia, West Africa. I work with a regulator in Liberia, the government. So I was kind of thinking with these community networks, how can we learn from the experience, or are you willing to learn ‑‑ I mean, to learn us some of these knowledges that you have given if and when we are asked ‑‑ we ask you, are you willing to help other, like in Africa, or other countries? Thank you.
>> LUCA BELLI: There is a thriving community network ‑‑ a community in South Africa. We can put you in contact with some members of the colleagues that work there. I don't know if Talant because Talant has been focusing, but his work is global. Then maybe if he wants to do a partnership with their Liberian counterpart, we can discuss this, but I am pretty sure Talant could be your man.
>> TALANT SULTANOV: Thank you very much. It's a very good question, and I'm very glad that you asked. The Women in Digital Community Fund where I'm working, the areas in addition to women‑led organizations is policy advocacy for governments in Africa and Asia. We are publishing this document that's collection of case studies from around the world and best practices. We would like to disseminate it more widely. I'll share the link. We would like to collect other practices from around the world to learn from.
Yes, we would like to share the experiences that could be interesting and relevant to you and also learn from you as well. So maybe after the meeting we can exchange contacts.
Also, I wanted to add one interesting fact about the cost that I mentioned. In Kyrgyzstan they decided to block TikTok because it's such a popular application, people still want to access, and they've been downloading VPN to be able to. Of course, they are not downloading for paid quality. They are downloading the free ones that come with all kinds of viruses and junk. They are actually becoming more exposed to dangers than before it was blocked. That was an interesting lesson for us.
>> LUCA BELLI: Thank you for this, Talant. I think ‑‑ I'm mindful of time, and we still have 40 minutes or maybe less. 30 minutes. We have to get into ‑‑ exactly 30 minutes. We have to get into the second segment. Can we have, again, our online speakers on the screen. Can we have our online speakers on the screen? I saw that also Amali, do you want to give some remarks?
>> AMALI DE SILVA‑MITCHELL: I'm with data‑driven health technologies. We're with the IGF as well. We have a team here. We have Dr. Houda Chihi. I think Dr. Amado might not be with us right now.
What we are is we are a group that looks from the patient of really grassroots level, user of the internet services to gain health information. Whether it's getting the information or it's connecting on the telemedicine that we had recently with COVID. It became very important to use the internet connections to get services maybe from a doctor, maybe from the pharmacy and so forth. Now, first, when we see reaching the last mile, it means real areas, but it also means communities, vulnerable communities in urban areas, who can't afford to get the service of an expensive telecom. They often will use a community internet service to get this information or have this access with the doctors and the pharmacy and so forth.
We also have people like the local doctor and the local pharmacy. They may also be using just a community network. Now, we're dealing with health data. It's highly confidential data. We are very concerned of the level of security, and it was wonderful to hear all about the initiatives that all of you spoke about. So that's really something wonderful for us to hear.
That's just who we are and we welcome everyone to join us. We are very much grassroots. Very much the end user supporting health care services.
I'm going to pass this on to Leandro. If you could spend five minutes. I think there were a couple of questions from our own team as well and perhaps online questions. Over to you. Hello, Jorn.
>> JORN ERBGUTH: Basically you said it already. Privacy is a major concern in health. When data is used, it's a concern that we should base this on informed consent and not have it done.
>> LUCA BELLI: Can you allow Jo Joel Gomez to speak, please? There is a speaker online called ‑‑ the name is ‑‑ (inaudible).
>> JORN ERBGUTH: I don't see that speaker currently. Maybe his connection broke down.
>> LUCA BELLI: Do we have another speaker from the coalition on data‑driven health technologies? Do we have another speaker?
>> AMALI DE SILVA‑MITCHELL: Houda can introduce herself.
>> HOUDA CHIHI: Hello. Thank you so much. Hello, everyone. Thank you so much for this great introduction. It's great being participating in such an amazing session. Thank you for joining us. Let me start by sharing my screen.
>> LUCA BELLI: We are seeing the screen, yes. Fantastic.
>> HOUDA CHIHI: That's great. That's great. Okay. So my today's presentation is about cybersecurity, our recommendations. First of all, let me start by presenting the roadmap. I will start by the context. Next, what are really highlighted tech solution for health care. After that I will present what are the different types of cyber attacks in health care sector.
After that I will come up to the importance of cybersecurity in health care, and I will sum up by the different recommendations and best practices for cybersecurity in health care, and I will present importance of integration in health care and by the end I will have different degrees of many I presentation.
In fact, here we speak nowadays of a paradox of digitalization. On one side health care services improvement with the digitalization, but we find also some threats coming up behind these digitalization. Another important thing is we find that there is authorization of health care services due to autonomous application, such as artificial and learning that you will see in further slides. And we speak especially due to COVID‑19 in different kind of cyber crimes, which is E‑health or remote and virtual application of health care.
So another important issue is there is a lack of awareness and lack of cybersecurity through this application in health care sectors, and we find that the majority of health care centers using (inaudible), which is used less to arise of new innovations of cyber attacks. Every day we find new threats, especially in health care sectors because it's the threat ‑‑ the life of patients is very important.
Nowadays we speak about service. It's very interest ‑‑ (inaudible) ‑‑ for health care sector. Another that I don't have enough budget to improve the health care infrastructure. That we highlight in next slide.
Also the tech solution application in health care sector. We speak about our virtual reality, standard reality, or the meta verse application in health care sector. We speak about the block chain application, the artificial intelligence, machine learning, which is based in the data storage of patients in the Cloud. We speak to different of E‑health, which is enabled basically in the application of internet of medical things.
So all of these technologies improve the health care services due to and make the health care services for both the doctors and patients who suffer from disability or people who can move to hospital. In particular the application of internet of medical things enable the remote of medical operation and enables the experience of patients.
On the other side it's very important if we take care of the security threats. That we really highlight in next slide.
Digital ecosystem is very important for both patients and both medical sector, but because it's enabled like a landscape of exchange and opportunity of improving the quality of digital health care services, but to improve the quality of health care services, we need to improve the collaboration between the virtual labs and the IT experts that we help health care start to improve with very low (inaudible). We need to improve the skills of health care staff to understand the importance of the application of digital services in safe way without harming the patient life and without harming the infrastructure and leading to destruction of digital of health care services.
So here the digitalization role here where it's very important in terms of optimization, service quality improvement, and patient security improvement.
Here another important thing we need to highlight is the importance of the adoption and to collaboration with operator or ISPs offering high‑quality of connectivity, such as 5G and beyond, to, for example, that has to improve services if we are in ‑‑ if we speak about health care in meta verse.
Let's speak now about the faced challenges. We speak about the digital divide, especially for hospital or rural areas. They don't have enough connectivity to adopt and to exploit the different digitalization services. We speak about bias and inequality. Here to overcome such kind of problem we have to convince decision makers, regulators, and policymakers to help the rural area hospitals to have enough connectivity and to exploit and the benefit of the digitalization.
Another challenge is nowadays we importance of digitalization. We don't know the different member of connected devices in health care sectors, which is a very critical issue. So under the challenge is related to cybersecurity. We have to teach end users, whether it is patients or whether it is medical sector staff, the importance of exploiting the digital in a safe way, especially when we speak about health care sectors and as cybersecurity is very important. It can help us to create more values rather than be suffering from threats of cyber attacks.
Another important issue is to take care of the trust of other patient if we overcome the problems of security and cyber attacks. We can overcome also the problem of financial problems, especially if we open the door for around somewhere that we think we demand a lot of money if they have access to our data.
So here we have three pillars. We have to teach staff about the importance of cybersecurity. By this we will have enough skills to secure the budget of the health care sectors.
So let's highlight in this slide or in this step the different cyber attacks that are on the hospital or health care sectors, like in centers. They can suffer from it. We speak about distribution, distributed cyber attacks. It's about digital task disruptions. It's different behavior. Health care staff is doing the operation online. Our conversation is with patient, and we have cyber attacks, so we have automatic deception of the operation. Another kind of attacks is ‑‑ another related kind of cyber risk related to access to patient's data. Some kind of cyber crimes is to have access to patient data. They will demand a huge money because they behave different information of the health care sectors. So we speak about here of two kinds of threats. We find about external threats if we speak about data or authorization access to patients' data or attacks related to supply chain.
Another kind of cyber attack is related to health care staff behavior, like phishing emails. They open different kind of URLs without taking ‑‑ without any attention or verification. They use simple and easy passwords that cybercrimes can find a way to open their emails and have all the data for the overall health care organization.
Another important thing is the lack of security of health care Clouds because with digitalization the data of different health care centers will be stored in the Cloud, and if we don't enable or we don't do the health care cybersecurity recommendation that I will share in further slides, we will lost all our data.
Another important risk is the lack of configuration of the different softwares that we exploit in digital health care sectors. So here nowadays with digitalization health care is about data, so we have to know how to secure this data to save on the health care sectors.
So here let's start by understand step‑by‑step what the cybersecurity is about. It's about the confidentiality, availability, and integrity of the information. We take care of the information, and it is about safety of both the hard and soft to enable any resiliency of health care services and to overcome any problem of deception.
It's about a redirection of cyber security for value creation to health care sector. So another important thing that we should understand is the use of telemedicine or E‑health in a responsible way, and it is about the use and creation of any digitalization with a responsibility. We should test any new technology and give a cybersecurity recommendation before deploying and expose it to all other stuff.
We should also upgrade continuously regularly all our software and medical devices to support all advanced security tools because when there are always new features, so we should have strategies that supports these continuous upgrades.
Another important issue to not lose our data and to not open the door for other servers, we should always back up and do the necessary storage strategies in the way that we secure our data and we don't enable others to theft it or to take it and after that exchange with us and demand a huge amount of money to return our ‑‑
>> LUCA BELLI: Sorry, Houda. Can we wrap up?
>> HOUDA CHIHI: Ah, yes. Okay. Okay. I forget about the time. Sorry. Let's move to, okay, to hospital ‑‑ the importance of hospital IT infrastructure security. It's about modernization of the IT medical sector. Another important issue is about network segmentation. It is important to segment network and use virtual private networks and to enable spam filtering.
Another important thing is to do continuous check of any new device. It's about adopting zero trust approach, and we should have visibility of all and pointed connected to internet and use in health care sector, of course. We should have the leadership and achieved to the importance of cybersecurity and to adopt the necessary policies and decision on cybersecurity and strategy implementation in health care sector.
For staff it's important to patient or end user in general is important to adopt the strategy of multi‑factor authentication and regular updates and it's important to adopt accurate configuration of different softwares and fire walls.
Another important thing just to adopt is to ‑‑ another important thing is to benefit of artificial intelligence in health care. It's important to adopt the anti‑virus to integrate artificial intelligence and machine learning because they enable autonomous and advanced monitoring ‑‑
Yes, yes, I have just a few slides. Just to wrap up, I spoke about the importance of artificial intelligence integration in health care. So back in responsible way it's enabled advanced threats or attacks detection and proactive way, but it will be implemented and integrated in a responsible way to overcome any problem of bias, which is based (inaudible).
>> LUCA BELLI: All right. Fantastic. I think that we ‑‑ now it's time to wrap up because we have almost been kicked out of this room. We really have to conclude and also, as I have to go to another ‑‑ five minutes, I will have four minutes.
So thank you very much. I would like really to thank all the participants for their very insightful inputs and for their very good contribution for the session. I also want to remind those who are here with us that you have ‑‑ you can take your complementary copy of this report that I highlighted with Dr. Senka Hadzic and had of the cooperation of the speakers today on security and community network. The copies are here for you. If you want to download them from the website where you can find all the material that could be interesting for you and the Liberian regulator.
Yes, we are fine with the workshop of today. Excellent discussion. Thank you very much to everyone and see you next year. Bye‑bye.