Discrimination between nations in cybersecurity capacity building
Cybersecurity capacity building is a complex process that involves many different aspects, including legal frameworks, policies, and skills. It also relies heavily on international cooperation. There are many different components to the cybersecurity community, including police officers combatting cybercrime, private sector developers, and civil society trainers.
The European Union has recently announced its plans to establish a public-private partnership in cybersecurity. The aim of this project is to encourage more industrial cooperation, increase the supply of cybersecurity solutions by EU companies, and facilitate their uptake by businesses, public authorities, and citizens. However, there is some discrimination between nations, including in cybersecurity capacity building.
In order to overcome this discrimination, European governments must focus on ensuring that the European Union has a comprehensive cyber capability. The study’s framework emphasizes the need for CSDP to integrate cyber capabilities into missions. It then compiles a series of policy options, which cover various levels of capability. This set of options is then summarized in a separate options briefing document.
Lessons learned
The community of practice around cybersecurity capacity building is relatively young. It is an emerging sector that is often thought of as a complementary activity to development programs. Currently, some countries have piloted projects that bring together cybersecurity experts and development experts, such as the Netherlands and U.K. But this collaboration is not universal. It is important that these efforts be based on principles, rather than on a set of rigid rules.
Many countries in Africa lack the financial resources and cybersecurity expertise needed to create cybersecurity capacities. Although there are a number of examples of countries in Africa that are attempting to build their cybersecurity capabilities, most of them are still working in isolation and haven’t adopted a regional cybersecurity strategy. In response to this lack of regional cybersecurity planning, the United States has supported eight African countries to develop national cybersecurity strategies. Thirteen countries have also created national computer emergency response teams to address cybersecurity threats.
There are many actors in cybersecurity capacity building, including international, national, and nongovernmental organizations. The authors of the report state that there are three next steps. First, consultations should be held to flesh out the principles with content. Second, feedback from consultations should be consolidated into a set of principles that can be endorsed by global multistakeholders.
Recommendations for strengthening the program
The Open-Ended Working Group on Information and Telecommunications Security and International Security (OEWG) has developed a series of principles for strengthening cybersecurity capacity building. It recommended a process that involves consultation, communication, content generation, and consolidation of knowledge. It further recommended that the OEWG consult the broader community to agree on principles and implementation methods.
Cybersecurity capacity-building needs to be integrated into the ODA budget of member states, which should substantially increase their assistance to countries in need. The need for this kind of assistance is clear: cyber attacks have caused hundreds of millions of dollars in losses in many countries around the world. Member states of the Development Assistance Committee must make it a priority to provide assistance to help these countries fight back.
Cybersecurity capacity building should engage all stakeholders, including non-state actors and civil society. Multistakeholder perspectives ensure shared responsibility and cross-pollination of ideas. It should also take into account human rights as a critical aspect of cyberspace.