Bpf cyber security contribution for igf 2018 by shreedeep rayamajhi
BPF cyber security IGF 2018
How do you define aculture of cybersecurity?
Cybersecurityculture isthe local valuesandperceptionof differentstakeholdersandhow theybehave
includingthe trendsandpatternof differenttechniquestomitigate the cybersecuritiesissuesand
innovationanddevelopment process of new technologies.
What are typical valuesand norms that are important to you or your constituents?
Most of the time normis aboutpersuasion,andthe persuasivenessof appealstoadoptvariousnorms
dependsonhowtheyare presentedtopotential adopters. We learnfromthe experience andadoptas
withlive eventandexperiences. Normscandevelopinavarietyof ways,particularlythroughhabitand
adaptationprocess.Some normsemerge spontaneouslywithoutanyparticularactor havingany
particularintentandthenbecome entrenchedthroughhabit.Inanygroupthat interactsregularly,
Withinyour fieldofwork, do you see organizations stand up and promote specificcybersecurity
norms? This can be eithernorms at an inter-state level,ornorms that onlyapply within your
community or sector.
Comingfroma leastdevelopedcountry inAsiathe general practice of cybersecurityculture is
compliance the overall conceptisjustlimitedwithinbankingsectorandotherprivate sector
It needsmore maturityandexperience incontextof adaptingthe variousinternationalstandards.
Establishinginternational cybersecuritynormsisanessential stepinprotectingnationalsecurityinthe
CybersecurityNormsare neededtoaddress shortof conflictscenarios.
There has beenalot of issuesraisedasrecentlythere wasaBankingtheftthatcreateda stirin the
bankingsectorof Nepal where there ismore provocative measure are takenbythe central bankto
ensure the propermaintenance of the systemandcybersecuritynorms.
BPF cyber security IGF 2018
Are there examplesofnorms that have workedparticularly well?Do you have case studiesof norms
that you have seenbe effective atimprovingsecurity?
The bestway isthe openandclarityinterms of creatinga multistakeholder environmentof consultation
inadaptingand mitigationprocesswhichhelpstocreate bettersolution.
Do you have examplesofnorms that have failed(theyhave not seenwidespreadadherence),orhave
had adverse effects(livingupto the norm ledto other issues)?
The lowerand developingnations are justworkingtheirway,Ithinkinmostof the countriesthe overall
processof standardizationhasa huge challenge of multistakeholderismwherecybersecurityisone of
the hottesttopicthat comesup.It more like evolvingwhere new standardsandnormsare alsocoming
up whichneedstobe guidedbybettercore values.
What effective methodsdoyou know of implementingcybersecuritynorms?Are there specific
examplesyouhave seen,or have had experience with?
Some normsemerge spontaneouslywithoutanyparticularactor havinganyparticularintentandthen
become entrenchedthroughhabit.Inanygroupthat interactsregularly,normsdevelopsimplythrough
expectationsshapedbyrepeatedbehavior.Muchof the foundational engineeringof the internet
The most effectivemethodof implementingcybersecuritynormswouldbe throughpublicdialogue
processlike national internetgovernance forum andotherpolicydevelopmentprocesswhichprovidesa
betterplatformandsituationof understandingandmitigationof the problemsandchallenges.
Anotherwaycan be understandingthe problemorchallenge of cybersecurityanddoingaproper
researchinopening upthe processfordialogue ina multistakeholderenvironmentforpolicy
developmentprocessandcan create bettersolution.
Duringthe wanna Cry Virusattackedthere were variouscollaborationseenintermsof creatingaproper
cybersecuritynormand mitigatingthe problem.
Withinyour community,do you see a Digital SecurityDivide in which a set of usershave bettercyber
securitythan others?Is this a divide betweenpeople orcountries?Whatis the main driverof the
I thinkthere iscertainlyacontrol overthe technologyandwiththe growthandadvancementdigital
securitydivide iscertainlygrowing.Fromdevelopednationtodevelopingtolowereconomiesthe cyber
threatsare alsoleadingtoa newformof digital divide,betweenthe security‘haves’andthe ‘have nots’.
The discriminationandthe differentiationhascertainlycreatedagap inbetweenthe economieswhere
there istussle of havingthe latestandcontrollingthe network. The whole processof divide startsat
local level where the regulatorwantstocontrol the traffic.AtISPlevel the engineers create theirown
barriersand at regulationlevel the police wantto surveillancethe network.The networkisneverfree
fromassumptionof attack of control whetherit’sthe local or international the risksare the same where
internetfreedomandindividualsecurityisalwaysatrisk. Inlowereconomiesuserswholackthe skills,
knowledge andresources are vulnerable to cybercrime andhackingwhere addressingthisdigital
securitydivide will be critical torealizingthe full potential of the future Internet. The gapmaybe the