Professional Documents
Culture Documents
En Global Cyber Expertise Magazine Issue 9 1
En Global Cyber Expertise Magazine Issue 9 1
cyberspace
Developing Sierra
GLOBAL
Leone’s National
Cybersecurity
Strategy
CYBER -page 4-
The ASEAN-
EXPERTISE
Singapore
Cybersecurity
Centre of Excellence
MAGAZINE (ASCCE)
-page 20-
EU CyberNet - same
kid, new and larger
block
-page 28-
Gender
Empowerment in
Cyber:
GFCE Women in
Cyber Capacity
Building Network
-page 32-
CYBERSPACE: DEVELOPING
hand with this by helping to en- March 2020 GPD and the Minis-
sure that views of those that are try convened a multistakeholder
affected are taken into account The process goes back to workshop to increase awareness
CYBERSECURITY
that have developed their nation- carried out by Oxford’s Global ordination, and provide a space
al cybersecurity strategies in an Cyber Security Capacity Centre for stakeholders to discuss their
inclusive way has shown that this and the International Telecom- priorities and inform the process
STRATEGY
approach not only enables stake- munication Union. The final CMM of NCSS development. Shortly
holder views to be better repre- report highlighted the need for after, the COVID-19 pandemic
sented, but also helps increase Sierra Leone to develop a nation- hit worldwide and as a result,
buy-in from relevant stakeholders al cybersecurity strategy, with in-person meetings had to be put
when it comes to implementing one of the recommendations be- on hold. Despite being unable to
the strategy, thus ensuring a ing for Sierra Leone to “Embark host in-person workshops, MIC
more sustainable, effective and toward developing a National continued working on the strat-
robust response to cyber threats. Cybersecurity Strategy to set out egy and, in February 2021, they
Written by: Daniela Schnidrig, Senior Program Lead, Global Partners Digital One example is Sierra Leone, the objectives, roles and respon- convened a validation work-
who recently adopted a national sibilities necessary for achieving shop with over 80 representa-
Inclusive and human-rights based cyber policymaking is critical to realize the full cybersecurity strategy developed a comprehensive and integrated tives from different stakeholder
in consultation with local and national cybersecurity posture. groups to gather their feedback
potential of cyberspace and ensure that it continues to underpin social and economic
international stakeholders. This strategy should be aligned on the revised drafts of the Na-
prosperity and promote a society for all. Between 2018-2021, the Ministry of Information with national goals and risk prior- tional Cybersecurity Strategy and
and Communications of Sierra Leone developed its national cybersecurity strategy with Between 2018-2021, Glob- ities to be effective and provide Policy and discuss priorities and
support from Global Partners Digital (GPD) and in collaboration with other international al Partners Digital (GPD), with actionable directives.”1 With the roles in the implementation. The
implementers via the GFCE’s Clearing House Function. The development process financial support from the United strategy being a clear priority to Strategy and Policy documents
featured several instances of stakeholder consultation and capacity building to inform the Kingdom Foreign, Common- improve its cyber maturity and were adopted by the Cabinet in
wealth and Development Office resilience, Sierra Leone’s MIC got March 2021.
strategy. This article aims to share the experience and lessons learned from developing
(UK FCDO) and in collaboration to work.
Sierra Leone’s national cybersecurity strategy in an inclusive way, to help inform future with other international imple- It’s important to note that,
policymaking processes and capacity building efforts. menters, supported the process In 2018 Sierra Leone joined in addition to the strategy, Sierra
of developing Sierra Leone’s the GFCE and started liaising Leone had also been working
national cybersecurity strategy. with GPD, a UK based civil so- on other cyber efforts, such as
On the ground, the process was ciety organization whose aim is undergoing a National Cyber Risk
led by the Ministry of Information to support cyber policymaking Assessment (NCRA) supported
“There is an urgent Inclusive and Human The value of this approach and Communications (MIC). This processes to make them more by the UK Home Office, receiving
Rights Based Cyber is clear: an online environment article aims to share the experi- open, inclusive and transparent, pro bono strategy, policy and
need to reinforce Policymaking that enables individuals to exer- ence and lessons learned from and its policy outcomes more technical cybersecurity advice
cise their rights and enjoy their developing Sierra Leone’s nation- rights respecting. With support from Templar Executives, and
the importance of freedoms is a prerequisite for al cybersecurity strategy with from a cybersecurity consultant receiving support from Council
There is an urgent need user trust, which, in turn, is cru- the GFCE and the broader cyber from the region, GPD delivered of Europe’s GLACY+ project on
inclusive and human to reinforce the importance of cial for sustained uptake and use capacity building community several activities in partnership cybercrime. Given the different
rights based cyber cyber policymaking
inclusive and human rights based
in order to
of the Internet. The absence of
such conditions – where, instead,
to inform future cyber capac-
ity building and policymaking
with MIC, aimed at developing
the strategy with local stake-
initiatives going on, the informal
“Friends of Sierra Leone” group
policymaking .” realize the full potential of cyber- users fear their privacy may be efforts.. holders’ input. For example, GPD was created through the GFCE’s
space, ensuring that it continues undermined through lack of data and the Ministry co-convened a Clearing House Function. In this
to underpin social and economic protection or due to pervasive civil society training workshop regard, the GFCE played a crucial
prosperity and promote a society surveillance – has been identified in December 2019 to build the role in providing a platform for
for all. as one of the key obstacles for capacity of civil society groups implementers supporting Sier-
meaningful access and future to enable them to engage in ra Leone to stay informed and
growth of the digital economy. cyber policy discussions, and the coordinated. In addition, different
6 Towards an inclusive cyberspace: Developing Sierra Leone’s National Cybersecurity Towards an inclusive cyberspace: Developing Sierra Leone’s National Cybersecurity 7
Strategy | Africa Strategy | Africa
PARTNERSHIPS HELPS
apply to those in other age cat- tion (NGO) delivering eB- ride a bike, we must also educate
egories. In devising a campaign otho - a program dedicated them about the risks of the inter-
that would be translatable to to raising cyber awareness net and how to adopt safe online
YOUNG BATSWANA TO
all age groups, it was therefore among young people. practices. The CyberSmart BW
essential that digital content was • Inspired Horizons: A campaign is designed to teach
carefully combined with tradi- non-governmental, non-profit young people about both the
BE ‘CYBERSMART’
tional print and broadcast media, making youth organization risks of the internet, and the pre-
which continues to have broad which focuses on youth de- cautions they can take to protect
national reach. velopment and skills building themselves.’
through innovative education
Working collaboratively and capacity building. The campaign ran along two
• Ministry of Transport and parallel tracks; the first being
with local stakeholders Telecommunications: The a public information campaign
leader of national Cyberse- including TV and radio broad-
Building connected net- curity and Cyber Resilience casts, online forums and a media
works has always been at the programs and initiatives workshop; the second being an
very heart of the work of Cyber- • Botswana Communications interactive digital competition
Written by: Cyber4Dev Communications Team 4Dev. At the core of our work is Regulatory Authority (BO- throughout October 2020.
the endeavor to mentor, support CRA): The telecommunica-
Established in 2018, Cyber4Dev, funded by the European Union, aims to support the and encourage our partner coun- tions sector regulator provid- Working with local influenc-
tries to enhance not just their ing oversight of the growing er Zeus Bantsi and broadcasters
capabilities of nations across the globe to formulate and implement strategies and
technical cyber capacities, but cyber environment in Botswana, a series of public in-
campaigns that increase cyber resilience. To achieve this, our project works collaboratively their ability to engage, encourage formation videos were developed
with partners and stakeholder organizations across nine priority countries as well as our and build the cyber literacy of aimed at increasing awareness
growing network of associate countries in Africa, Asia and the Americas. In response their citizens, enabling them to “Just as we teach of online threats and providing
to an increasing number of socially engineered cyber scams aimed at young people, in maintain strong cyber resilience viewers with the tools to combat
October 2020 the Cyber4Dev worked in conjunction with local partners in the Republic in their everyday lives. our children how them. The videos provided tips
on encryption, creating strong
of Botswana and embarked on a month long Cyber Hygiene campaign ‘CyberSmartBW’
The project has been en-
to tie their shoes passwords, protecting social
with the aim of raising the awareness of the importance of good cyber hygiene. gaged in Botswana since 2018, or ride a bike, we media profiles and securing net-
working alongside the Ministry works.
of Transport and Communica- must also educate
tions, the Botswana Commu- Following tips from the pub-
nications Regulatory Authority them about the risks lic information campaign, young
(BOCRA), as well as local and people were challenged to show-
Over the past decade, The efforts to inform and encourage engineering, scams and black- regional stakeholders in support of the internet and case their own creative flair and
Republic of Botswana has been strong and resilient cyber citizens mail. Cyber hygiene teaching in of Botswana’s efforts to further digital savvy through the creation
on an accelerated drive to join has never been more important. schools is still limited and so far, increase its cyber capacity. how to adopt safe of short two minute videos and
the digital revolution. Adoption the media has not picked up on social media posts aimed at edu-
of digital technologies in vari- the potential dangers of poor Botswana has a number of
online practices.” cating their peers of the dangers
Developing a
ous spheres of society has seen cyber hygiene. niche organizations operating of cyber risks, with prizes for the
internet penetration in the coun- Digital First Cyber within the youth services space. top four entries.
The Campaign
try grow by over 600% between Awareness campaign In the ever evolving digital As a project, we have observed
2010 and 2020 and in an increas- media landscape, where mobile the crucial role that local grass- The competition asked en-
ingly digitized world, the volume devices are quickly becoming the root partners play in designing CyberSmartBW was trants to consider -
of cyber scams and hacks on Like many countries, despite dominant means of accessing and implementing campaigns. launched in September 2020
everyday citizens continues to its growing digital connectivity, information, the need to develop Working alongside our experts by the Deputy Head of the EU Why cyber security is impor-
rise. Botswana is no different in Botswana is still on a journey to innovative and engaging content Nick Small and Sylvia Beamish, Delegation to Botswana, Silvia tant to their lives?
this respect and with a young expand its digital and cybersecu- that can easily be shared online the ‘CyberSmartBW’ campaign Bopp-Hamrouni who remarked;
and growing population, the rity awareness. Young people are is paramount to the success of was implemented in collaboration How can they protect them-
importance of supporting local particularly vulnerable to social public awareness campaigns. with: selves from attacks?
10 Building local partnerships helps young Batswana to be ‘CyberSmart’ | Africa Building local partnerships helps young Batswana to be ‘CyberSmart’ | Africa 11
Lessons Learned
Legacy and continuing
Why is this important
The result? The competition to build momentum
garnered over 100 long listed for policy makers? • Building partnerships– Rec- • Sharing experiences – At its • A Repeatable Solution –
entries, with young people from Creating campaigns with Creating campaigns with ognizing that developing and very heart, the campaign While the campaign was de-
across Botswana presenting their citizen participation at their core citizen participation at their core maintaining cybersecurity was designed to provide a signed and developed specifi-
view on ways to tackle scammers gives policy makers a rare insight gives policy makers a rare insight and promoting cyber hy- platform for young people cally for Botswana, it can be a
and build resilience. into how cyber awareness, or into how cyber awareness, or giene is a continuous effort, to share their experience template for similar programs
lack thereof, can impact upon the lack thereof, can impact upon the it is vital that a broad range online and to use this to in other environments. The
The Impact lives of the people that policies lives of the people that policies of stakeholders are engaged devise innovative messages approach, tools and content
are designed to serve. Working are designed to serve. Working and contribute– building a regarding the importance of developed, can provide a ba-
collaboratively with local expert collaboratively with local expert network of supportive part- staying safe online. With their sis for jump-starting targeted
By design, the campaign practitioners, who work with practitioners, who work with ners. As highlighted in Bot- unique understanding of how campaigns to promote cyber-
was ambitious in its overall goal young people directly, also allows young people directly, also allows swana’s National Cybersecu- they and their friends use the security and cyber hygiene
to start conversations about on- for practical discourse to take for practical discourse to take rity Strategy, participation of internet each day, which plat- and, importantly, to help
line safety and increase the cyber place in a way that is relevant place in a way that is relevant civil society is key to reaching forms they rely on, and what establish the much-needed
awareness of young people in and meaningful to the target and meaningful to the target out into the community and threats they are exposed cooperation and collabora-
Botswana. As lofty a goal as this audience. audience. promoting the importance of to, campaign participants tion across sectors.
was, judging from the response staying safe online. The cam- brought real-world knowl-
and engagement that the cam- Galvanizing media interest paign focused on this, estab- edge to bear in developing
paign received it was clear that lishing partnerships between promotional messages that
engaging young people in se- The topic of cyber security is the public sector and civil resonated with the target
rious conversations about their often one that is veiled by a level society organizations, and audience.
lives online was invaluable in of complexity meaning that it is importantly, creating a net- NOTES
enabling them to express their often overlooked by the media. work of CSOs that embraced For more information, visit:
understanding of cyber risks, as As part of the national promo- the objectives of promoting www.cyber4dev.eu/botswa-
well as enabling us to gather a tional campaign, we were able cyber hygiene. na-cybersmartbw-campaign/
true insight into their digital lives to engage 35 local journalists at
and the potential risks they are an interactive workshop which
exposed to. helped to demystify cyber scams,
12 Cybersecurity and the pandemic: The Importance of Public-Private Partnerships in the Cybersecurity and the pandemic: The Importance of Public-Private Partnerships in the 13
Aftermath of COVID-19 | Americas Aftermath of COVID-19 | Americas
OF PUBLIC-PRIVATE
with the confidentiality and pro- to establish pragmatic and
tection of their data maintained
to be based on the stimulating common expec-
by the public sector. Nonethe- existence of a robust •
tations.
Reciprocity Approach: The
PARTNERSHIPS IN THE
less, an increasing trend shows
governments and industry alike framework, entailing discouragement of a part-
recognize that mutual informa- nership is commonly driven
defined principles,
AFTERMATH OF COVID-19
tion exchange is within national by hesitation and disinterest
security interest, as threats can from both partners. Culti-
significantly damage both sec- inputs, and expected vating active participation
tors. through resource and knowl-
benefits by both edge sharing should be at the
Coordination is particularly forefront of discussions and
vital when it comes to protecting
the government activities.
Written by: Mariana Jaramillo, Cybersecurity Program Intern, CICTE/OAS critical infrastructure. Globally,
85% of critical infrastructure is
and industry” • Legal Basis: Cybersecurity is
highly interdisciplinary, involv-
The COVID-19 pandemic has accelerated the reliance on digital platforms to perform privately owned. In Latin Amer- ing many entities from both
daily and essential activities, making them increasingly susceptible to cyberthreats.
ica, private investment in critical Recommendations for sectors. Thereby, developing
infrastructure is 56%, where- Partnership Success a legal basis in the form of a
According to the Unisys Security Index, since the beginning of the global pandemic, as 44% is attributed to public national legal act or a memo-
cybercrimes have increased up to 74% in Latin America and the Caribbean (LAC). These investment. Given the propor- randum of understanding can
cyberthreats are increasingly becoming more sophisticated and complex, outpacing both tionately equal investment of Public-private cybersecurity consolidate a coordinated
the governmental and private sector’s ability to respond, but represents an opportunity both sectors, protecting national partnerships must continuously framework.
to handle cybersecurity challenges jointly and face them as a shared responsibility. The assets is an intertwined interest. adapt to effectively respond both • Inclusion of SMEs: Many
Meaningful collaboration in a PPP reactively and proactively with SMEs provide third-party
devastating effects of the pandemic on the region call for the need to reinforce and
is perceived to rely on articulat- the necessary agility to combat services to large and critical
revise cybersecurity Public Private Partnerships (PPP) as an approach to address shared ing mutual benefits and value the dynamic environment of service providers. The in-
threats. propositions within this context. cyber threats. The likelihood of a volvement of SMEs and start-
PPP succeeding is commonly ob- ups in PPPs can increase their
The Road to Recovery nearly 1.6% of the region’s GDP in a highly interdependent cyber- The benefits of PPPs go be- served to be based on the exist- experience, cybersecurity
– PPP in the Cyber and 9.5% of the current cost of security landscape. Particularly, yond information sharing. Part- ence of a robust framework, en- capacity and drive for inno-
cybercrime worldwide. This has cyberthreat intelligence sharing nerships have the potential to re- tailing defined principles, inputs, vation.
Pandemic
undeniably been exacerbated regarding attackers and their spond to cyberthreats, as well as and expected benefits by both • Point of Contact: Common-
due to the pandemic-driven vul- associated methods, enables adopt more proactive approach- the government and industry. ly, multiple public bodies are
Strengthening cybersecuri- nerabilities of the “new normal.” organizations to better prepare es to cybersecurity. PPP is shown involved in PPPs, such as the
ty is a determining factor in the Contrary to the assumption that for and respond to risks. Build- to be optimal for building cyber- The European Union Agen- Ministry of Defense, Ministry
advancement of LAC’s digital underfunding in cybersecurity is ing on the premises of collective security capacity to close the cy for Network and Information of International Affairs and
transformation. The impact of a significant factor for increased response to cybersecurity, infor- gap of notorious cyber breaches Security (ENISA) has identified Ministry of Economy. Ap-
the pandemic on digitalization threats, the primary reason for mation exchange contributes to in the region. An effective PPP the following recommendations pointing a government point
has increased world spending in successful cyberattacks is often trusted and transparent partner- cybersecurity framework can cre- to mitigate any potential collab- of contact that coordinates
the cybersecurity industry, with the sectors’ isolated response to ships. Consequently, information ate an environment that protects oration discrepancies and ensure public entities’ efforts is fun-
a forecast amounting to US$54 constantly evolving cyberthreats. sharing is commonly perceived and nurtures innovation. effective PPP evolvement: damental to ensure coherent
billion by 2021. However, accord- Considering the complexity and as one of the most valuable communication internally and
ing to the OAS-IBD 2016 Cyber- interconnectedness of the cy- commodities in industry-govern- with the private sector.
security Report, the financial berspace, no sector can address ment partnerships, despite being
damage caused by cybercrime in regional cybersecurity alone. a challenging element to achieve.
Latin America and the Caribbe- In the public sector, the hesita-
an represents more than US$90 The benefits of collective ac- tion to exchange information
billion per year, amounting to tion in cybersecurity are evident can mainly be attributed to the
14 Cybersecurity and the pandemic: The Importance of Public-Private Partnerships in the Cybersecurity and the pandemic: The Importance of Public-Private Partnerships in the 15
Aftermath of COVID-19 | Americas Aftermath of COVID-19 | Americas
tion of projects that can develop Cybersecurity Innovation Fund – Project beneficiaries examples
local cybersecurity solutions Country Name of the Project Project Description
in the context of the COVID-19
pandemic. The first edition of the Argentina NGEN Programmable and configurable infrastructure software capable of supporting the
fund demonstrated the region’s management of security incidents in the scope of work of a CSIRT.
talent, as 117 nominated projects
from distinctive sector organiza- Brazil The LGPD Data Hunter Text mining software to identify confidential information stored on organization
tions participated. The proposed devices
projects are segmented in eight
categories related to cybersecu- Chile Programing our Future Basic cybersecurity training targeted for female teenagers.
rity: education and awareness,
critical infrastructure, capacity
development, national agencies Colombia Hackers wanted Initiative to strengthen technical and educational capacities in cybersecurity at EAN
and public policies, cybersecurity University.
innovation for small and medi-
um-sized enterprises (SMEs), Mexico Interactive on Digital Security in Portal that provides recommendations on digital security for educators, children and
Figure 1. Cybersecurity Innovation Fund 2020 banner.. digital crime, incident response Indigenous Language adolescents, and parents of indigenous communities.
mechanisms, and remote work.
Uruguay ModSecIntl Portal that provides recommendations on digital security for educators, children and
A key component of this adolescents, and parents of indigenous communities.
“In 2019, the OAS Cybersecurity PPP is the capacity to enable
the diversification of cyberse- Figure 2. Cybersecurity Innovation Fund, examples of project beneficiaries.
and Cisco created Innovation Councils:
curity solutions through par-
How the public and ticipation from the civil sector,
the Cybersecurity private sectors can which expands their scope with In an increasingly challeng-
enhance alternate the inclusion of distinctive so- ing digital environment, the pro-
Innovation Councils cietal groups. Likewise, more tection of cyberspace requires
cybersecurity solutions
in Latin America, in the region
than half of the winning projects
have a gender and diversity
collaborative action. Considering
the dynamic and borderless na-
a space for multi- approach in their leadership and ture of cybersecurity, public and
expected project impact. The private sector cooperation is vital
stakeholder In 2019, the OAS and Cisco twelve selected projects are led to mitigate risks and strength-
created the Cybersecurity Inno- by organizations based in Ar- en capacities that adequately
collaboration, which vation Councils in Latin America, gentina, Brazil, Chile, Colombia, encounter regional vulnerabilities.
a space for multi-stakeholder Mexico, and Uruguay. In a region The damages inflicted by cyber-
aims to provide collaboration, which aims to severely affected by COVID-19, crime in Latin America and the
provide solutions to the cyberse- this Fund and, most importantly, Caribbean during the COVID-19
solutions to the curity gaps and risks faced in the the cybersecurity projects that pandemic call for the expansion
cybersecurity gaps region. The initiative represents
joint effort between the public
were selected, show that talent
can come from different sources
of amultistakeholder approach to
cybersecurity. Policymakers and
and risks faced and private sectors to democ- and that through collaboration, cooperation can leverage Public
ratize and improve cybersecu- they can be expanded to provide Private Partnerships as an effec-
in the region.” rity capacities in Latin America solutions to diverse cybersecurity tive instrument to reaching com-
through education, dialogue, and challenges. A few of the selected mon agendas. The entrenched
support to civil society stake- projects include: nexus of both sectors lies on a
holders. common goal: raise the level of Figure 3. Cybersecurity Innovation Fund, map of project beneficiaries.
As a continuity of the part- cybersecurity for the security
nership, and with the added and economic prosperity of the
support of the Citi Foundation, region.
the Cybersecurity Innovation
Fund was created. The fund, en-
dowed with US $200,000, seeks
to foster innovation in the execu-
16 Why are Cyber Portals Important for CCB? | Americas Why are Cyber Portals Important for CCB? | Americas 17
CYBER PORTALS
and, more recently, the Brazilian gional and/or national cyberse-
Cybersecurity Portal (Portal Bra- curity developments. UNIDIR’s
sileiro da Cibersegurança), devel- Cyber Policy Portal, for example, In April 2021, the Igarapé
oped by the Igarapé Institute. provides an extensive map of Institute launched the Brazilian
IMPORTANT
UN Member States’ profiles and Cybersecurity Portal - one of the
“Cyber portals cyber policies. first portals fully dedicated to the
mapping the national environ-
play an important Theme-specific Portals: ment and discussion. The Portal
FOR CCB?
Those that are dedicated to one gathers more than 70 documents
role in assembling, or multiple thematic areas with- and 100 national initiatives from
communicating, and out the demarcation or explicit 10 sectors, seeking to systema-
commitment to one specific level tize and map the national cyber-
facilitating access to of analysis (national/regional/ security governance landscape,
international). This is the case that is, the key institutions,
information about of Diplo Foundation’s Geneva norms, and history of the field in
Written by: Louise Marie Hurel, Digital Security Program Lead, Igarapé Institute Internet Platform Digital Watch Brazil.
cybersecurity.” Observatory that monitors and
Cyber portals play an important role in assembling, communicating, and facilitating provides an overview of issues In so doing, our objective
that range from cybersecurity was (and is) to (i) shed light on
access to information about cybersecurity – helping policymakers, diplomats, civil The rise of Cyber
and human rights to economic the particularities of cyber policy
society organizations, academia, and the private sector in making sense of the growing Portals and infrastructure-related ones. taking place in the national agen-
landscape of initiatives and policies. As different organizations develop international and Another example is the GFCE’s da, (ii) integrate knowledge from
regional portals, the Igarapé Institute has recently launched the Brazilian Cybersecurity Cybil Portal that focuses map- different sectors in developing
Portal to map the country’s national cybersecurity governance landscape. Louise Marie Cyber portals play an impor- ping cyber capacity building ini- their respective policies, and (iii)
shares below some reflections on the importance of Cyber Portals to CCB and the lessons tant role in assembling, commu- tiatives and creating knowledge contribute to raising the baseline
nicating, and facilitating access that can foster better targeted understanding of the current ca-
learned from the process of developing the national portal.
to information about cybersecu- initiatives. pacities and gaps for multistake-
rity. They are both a resource for holder collaboration in national
other sectors looking to under- Repositories: Initiatives that cybersecurity.
stand and navigate some of the are primarily dedicated to the
A complex landscape of cyber norms, in particular, the tions, and spaces in which these latest developments in the field consolidation of a digital archive The Portal is the result of
applicability of international law discussions take place. However, and an important mechanism for cybersecurity or presenta- over two years of data collec-
to cyberspace. Regionally, many amidst a growing patchwork of that can support organizations tion of the result of a mapping tion and a series of interviews,
From the Morris worm to the organizations such as the OAS, initiatives, policymakers, diplo- in planning their own capacity exercise. The National Security consultations and meetings with
Colonial pipeline ransomware at- OSCE and ASEAN have sought mats, civil society organizations, building efforts. Some portals Archives Cyber Vault Library experts from different sectors.
tack, the past 30 years have been to work with member-states on academia, and the private sector focus on a thematic issue-areas provides primary-source mate- More importantly, it is one of the
marked by the increasing notori- the consolidation of cyber–Confi- are faced with the challenge of and others on specific levels of rial that ranges from court case responses to a diagnostic anal-
ety of both the vulnerability and dence Building Measures. Na- keeping up with the growing field analysis (national, regional, or documents, to maps and glos- ysis of the national landscape
interconnectedness of systems, tionally, governments have been and navigating what has become international) or sectors. Rather saries. The OAS Cybersecurity in which we had identified that,
networks and infrastructures. All developing their national cyber- a fragmented landscape of activ- than ideal types, there are some Observatory is another example while all sectors understand the
sectors have not only witnessed security strategies and other ities. basic characteristics that enable of a portal that has sought to importance of building cyber ca-
but also increasingly sought to policies that establish minimum portals to target and actively periodically map cyber capacities pacities and shared responsibility
include cybersecurity as a key standards for cybersecurity In response to this chal- respond to knowledge gaps in and maturity across countries in in doing so, there were some
concern in technical and policy across sectors. lenge, different organizations cybersecurity. A few examples the Americas region. challenges for action, namely:
development. Internationally, have started to develop a range include: (i) a lack of shared vocabulary
discussions at the Open-End- All these developments of repositories and portals to ag- to address cybersecurity threats
ed Working Group and the UN have contributed to what today gregate, organize and make avail- and risks; (ii) existence of varying
Group of Governmental Experts is a rich and complex landscape able information about norms level of cyber maturity across
have revolved around the devel- of policies, standards, actors, and initiatives in a systematic sectors; (iii) lack of normative,
opment and operationalization projects, CCB initiatives, institu- and accessible way. Some exam- strategic, and operational align-
18 Why are Cyber Portals Important for CCB? | Americas Why are Cyber Portals Important for CCB? | Americas 19
CENTRE OF
capacity building should be a
shared responsibility and recip-
rocal endeavor amongst various
stakeholders. Cyber capacity
“Regional Challenges to Cyber However, challenges remain. Future of Cyber tions implement such norms. To- “It would also be
Capacity Building There have been increasing calls Capacity Building gether with UNODA, Singapore
organizations for better coordination of in- will work with partners in ASEAN useful for the GFCE
ternational and regional cyber to help developing countries im-
have risen to the The last decade and a half capacity building efforts so as We also need to acknowl- plement these norms under the community to start
has seen a rise in global aware- to ensure that global resources edge that limiting ourselves to United Nations-Singapore Cyber
challenge, and ness on the importance of coor- are maximized and efforts are only identifying capacity building Program (UNSCP) workshops.
considering these
many regions now dinated international cyber ca-
pacity building efforts in building
not duplicated. There have also
been calls for global repositories
needs is insufficient. We will need
to develop metrics to measure Lastly, alongside with the
cyber adjacencies
have dedicated a secure and stable international and portals where information the effectiveness of cyber ca- COVID-19 pandemic and an al- and how it would
and regional cyberspace. Region- on capacity building activities pacity building programs, so that ways changing cyber and digi-
cyber capacity al organizations have risen to the can be made available, so that timely adjustments can be made tal landscape, we have seen an impact the future
challenge, and many regions now the international community can to the content and delivery of acceleration of a growing overlap
building initiatives. have dedicated cyber capaci- identify synergies and build on programs and ensure their value between cyber and cyber adja- trajectory of cyber
ty building initiatives. ASEAN, them to better coordinate our and effectiveness. This will ensure cencies such as data and supply
ASEAN, as a region, as a region, has recognized the global efforts for a more collabo- that the resources committed to chain security and disinformation, capacity building.”
has recognized importance of coordinated ca-
pacity building at both the policy
rative and sustainable approach
to cyber capacity building.
capacity building are prudently
used and maximized.
as well as emerging technology
issues such as AI, Quantum Com-
the importance and technical levels. In the first
ever ASEAN Leaders’ Statement The Cybil Portal established Singapore sees the impor-
puting and Cloud. There is a need
for cyber capacity building to ad-
of coordinated on Cybersecurity Cooperation by the GFCE is a good initiative tance in measurable outcomes of dress these new gaps as we have
issued in 2018, under Singapore’s that has enabled us to tap on the cyber capacity building programs also been receiving feedback and
capacity building at ASEAN Chairmanship, ASEAN rich exchanges of cyber capaci- so as to ensure the effectiveness interests from AMS on capacity
Leaders tasked relevant Ministers ty building initiatives which help of these programs as well as the building around such issues. As
both the policy and to closely consider and recom- foster public-private partnerships effective channeling of resourc- the ASCCE is demand driven, we
mend feasible options to coordi- and optimize resources. Closer to es to address these capacity are looking to delve more into
technical levels.” nate regional capacity building. home, the ASCCE strives to work gaps. In this regard, Singapore is programs which will more tightly
with AMS, ASEAN Dialogue Part- working on a metrics framework link policymakers with the oper-
ners as well as our colleagues at to measure the effectiveness of ational aspects of cybersecurity,
the ASEAN-Japan Cyber Capac- the various initiatives that we are as well as programs on securing
ity Building Centre (AJCCBC) in running under ASCCE. Using the digital technologies and cyber
Bangkok in supporting the call of ASCCE curriculum as a test-bed, adjacencies.
our Ministers and Senior Officials we hope to share with the wider
in raising regional cyber capacity international community on how As we gradually move
through offering complementary they can apply the metrics to toward a post-COVID world,
capacity building programs on their programs as well. it would also be useful for the
cybersecurity policy, operational GFCE community to start con-
and technical topics. Besides the metrics devel- sidering these cyber adjacencies
opment, the ASCCE’s focus for and how it would impact the
the next 2 years also includes our future trajectory of cyber ca-
work with UNODA on the devel- pacity building. Given the GFCE
opment of a Norms Implemen- community’s diversity, perhaps it
tation Checklist. The Checklist is timely now to consider moving
will be a simple guide for a set of discussions beyond the tradition-
actions that developing countries al definition of cybersecurity and
could take to implement the 11 onto the wider digital domain for
voluntary norms of responsible a truly holistic, multi-disciplinary
state behavior in the 2015 UN and multi-stakeholder approach
GGE report. It will also identify to capacity building.
the capacities needed to help na-
THE CMM IN
THE PACIFIC
Written by: Dr. James Boorman, Head of Research and Capacity Building, OCSC
The Melbourne conference with the Pacific family seems like a distant memory. The Figure 1. The CMM review in the Federated States of Micronesia was part of an APT Expert Mission and in coordina-
COVID-19 pandemic will have long-lasting impacts. No community has escaped tion with World Bank for the Digital FSM Workshop.
untouched. In the Pacific family, the islands who have been fortunate enough to have Building digital
no cases are still impacted. The world has changed and our daily routine with it. resilience for the Where to start?
Building digital resilience for the new ‘normal’ is a global priority that requires a multi- new ‘normal’
dimensional approach, looking beyond IT. The CMM review process is a useful step on
The Cybersecurity Capac-
the digital resilience journey, helping partner nations to understand where they stand
ity Maturity Model for Nations
now and the next steps to take. The OCSC continues to work with the Pacific family, The world has changed and toward digital technology; build- (CMM) was developed by the
our partners and the GFCE community to coordinate online CMM reviews. We look our daily routine with it, mak- ing awareness; enabling access Global Cyber Security Capacity
forward to being part of capacity building projects that meet partner nation’s identified ing us even more reliant on the to education and professional Centre (GCSCC) at the University
priorities, are tailored to the local context, and deliver sustainable capacity with impact. digital environment at a pace training; regulation and legisla- of Oxford. The CMM considers
that no one was prepared for. For tion; and practices and technical cybersecurity to comprise of
many, recovery from the impacts controls to prepare for, detect, five dimensions, which together
of COVID-19 will be more about respond, and recover from inci- constitute the breadth of national
rapidly adapting to this new way dents. capacity that a country requires
of life rather than returning to to deliver effective cybersecurity.
Melbourne a ence and GFCE regional meeting demic, initiating social distanc- how things were before. Digital The five dimensions cover: cy-
distant memory in Melbourne? The Melbourne ing and the closing of borders. transformation is here to stay “For many, recovery bersecurity policy and strategy;
meeting with the Pacific family The COVID-19 pandemic is an and along with it the demand for encouraging responsible cyber-
seems like a distant memory. ongoing disaster, with immense equitable access to digital tech- from the impacts security culture within society;
Melbourne, May 2021. Aus- and long-lasting impacts across nology within a safer and more building cybersecurity knowl-
tralia, the ‘lucky country’ - a public health (physical and psy- secure environment which pro-
of COVID-19 will edge and capabilities; creating
COVID-19
saying that rings true more than chological), communities and the tects human rights, information, be more about effective legal and regulatory
ever today. Another day working regional and global economies. and national infrastructure. frameworks; and controlling risks
from home and chatting with our In February 2020 we could No community has escaped un- rapidly adapting through standards and technol-
Pacific friends and colleagues move freely, chat during coffee touched. In the Pacific family, the Building digital resilience re- ogies.
over coffee, instant messaging, breaks or over lunch and dinner, islands who have been fortunate quires a view beyond IT. It neces- to this new way
and webcam with an island back- and bid our friends farewell at enough to have no cases are sitates comprehensive planning, The CMM review process is a
drop that reminds us all of differ- the end of the conference before still impacted by the necessary robust and extensive infrastruc- of life rather than useful step on the digital resil-
ent times. Was it really February they flew home. In March 2020 pause in international travel and ture, and sufficient resources to ience journey, helping partner na-
2020 when we all last met at the the World Health Organization the knock-on delays for imported develop and implement national returning to how tions to understand where they
OCSC hosted Global Cyberse- declared COVID-19 as a pan- goods and supplies. strategy and policy that consid- stand now and the next steps to
curity Capacity Building Confer- ers: the local culture; attitudes
things were before.” take regarding the development
26 The CMM in the Pacific | Asia & Pacific The CMM in the Pacifi | Asia & Pacific 27
C. Marshall European Center for “Collecting data The CMM review process Where to next?
Security Studies, Daniel K. Inouye relies on extensive desk research,
Asia-Pacific Center for Security across the different analysis of unpublished docu-
Studies, UNDP, and the GFCE. ments provided by participants The next Pacific CMM review
dimensions of the and discussions in-country with is planned with our friends in the
The last face-to-face CMM decision makers and technical Cook Islands. The OCSC team
review in the Pacific was con-
CMM from multiple leads across 10 or more sessions continues to work with the Pa-
ducted in January 2020 in col-
laboration with APT as part of an
sources enables to gain insights from the private
sector, public sector, and civil so-
cific family, our partners and the
GFCE community to coordinate
Expert Mission at the invitation the research team ciety. Collecting data across the future reviews, joint missions,
of the Department of Transpor- different dimensions of the CMM and capacity building. We look
tation, Communications, and to build up a rich from multiple sources enables forward to being part of projects
Infrastructure (TC&I), National the research team to build up a that meet partner nation’s identi-
Government of the Federat- picture of the local rich picture of the local strengths, fied priorities, are tailored to the
ed States of Micronesia (FSM). priorities, challenges, and oppor- local context, and deliver sustain-
Through coordination with TC&I strengths, priorities, tunities toward contextualized able capacity with impact.
and the World Bank, stakeholders recommendations for next steps.
from all four states of FSM were
challenges, and The team often find that the act The team await the opportu-
LARGER BLOCK the Caribbean are ties evolve, so should legislation, demic as an opportunity to revise
policies and initiatives. and redefine what cybersecuri-
important partners ty means. EU CyberNet and its
The levels of cyber resilience growing network of experts can
for the EU.” and the general awareness in Lat- therefore become a practical tool
in America about cyber threats for the various EU projects that
Why Latin America differ from country to country. are already active in the region.
Few have established rules for
and the Caribbean? the cyber defense of critical in-
Written by: Siim Alatalu, Director, EU CyberNet frastructure or an effective part-
nership between the state and
In the context of cyber the private sector. Cyber exercis-
EU CyberNet, the EU’s external cyber capacity building network introduced in GCEM security, the countries in Latin
issue 6, has recently been granted an extended mandate with new tasks. With the America and the Caribbean are
CynAct platform now online and regular events taking place for the cyber security important partners for the EU
experts enlisted in the network, the project is to launch a new competence center for due to their ambition to digitalize
their societies and achieve better
the Latin American and Caribbean region as well as to reach out to the EU Delegations
preparedness to counter cyber
worldwide. Siim Alatalu, Director of EU CyberNet, explains why this would be a good incidents, as well as the existence
time to get involved. of shared values between the
two regions in general. However,
as was highlighted in the 7th is-
sue of the Global Cyber Expertise
Magazine, there are also several
areas where EU-funded cyber
capacity building initiatives could
be of particular value.
A year in the ‘American the world. No doubt, it was a real ondly, the European Commission
mountains’ rollercoaster, or as we call it in proposed to extend the project Cyber attacks on critical
Estonian – ‘American mountains’; by two years and added tasks infrastructure continue to in-
as in order to stick to the work that were to take EU CyberNet’s crease in frequency and venture
It has been about a year plans, creative thinking became activities to a new level. The new into new areas. Just to high-
since the Global Cyber Expertise useful. However, by December tasks are to train the entire net- light the most recent cases, the
Magazine’s issue 6 in spring 2020 2020, we had two more surprises work of EU Delegations in cyber Colonial Pipeline attack in the
featured an article introducing waiting. security capacity building and to United States or ransomware
EU CyberNet as the ‘new kid provide lead support in estab- attacks such as the one against
on the cyber capacity building Having led the project for a lishing a regional cybersecurity the health sector in Ireland inter
block’. Little did any of us reading little over a year, we received two competence center in the Domin- alia indicate the need for the
it know of what was to follow? major decisions from the Europe- ican Republic that would cover inclusion of such threats in na-
Needless to say, the pandem- an Commission. First, EU Cyber- the entire Latin America and the tion-wide risk management . In
ic changed a lot on the global Net was included in the new EU Caribbean region. addition, a regional approach is
cyber capacity building scene, Cybersecurity Strategy whereby essential. Not only would it mean
posing new challenges for both the EU is to leverage EU Cyber- developing regional capabilities,
the various projects as well as the Net’s expertise in implementing but also building uponthe rou- Figure 1. Collage of the various backstage scenes of our 1-week online EU Cyber Eco-
increased teleworking bringing the cyber capacity building relat- tine of collaboration and sharing system course in May.
cybersecurity to limelight around ed parts of the strategy. Sec-
30 EU CyberNet – same kid, new and larger block | Europe EU CyberNet – same kid, new and larger block | Europe 31
GENDER
EMPOWERMENT IN
CYBER: GFCE WOMEN
IN CYBER CAPACITY
BUILDING NETWORK
Figure 1: Colleagues from the WiCCB Network during the GFCE Annual V-Meeting 2020.
Written by: Giouli Lykoura, Advisor, GFCE Secretariat
With women representing less than one-quarter of the global cybersecurity workforce, a With more than 100+ fe- “Female Bringing the
male professionals in the GFCE Network together
growing need has become increasingly visible in recent years: networks among women
community from different cyber professionals
in the field. We needed toaddress existing global and regional challenges, promote backgrounds, the Women in
the participation of more women in STEM and cybersecurity professions and secure a Cyber Capacity Building Network need to be able to Over the past year, the
diversified cyber workforce. To address these needs within the GFCE Community, the plays a positive role, helping GFCE organized virtual meetings
Women in Cyber Capacity Building (WiCCB) Network was launched in 2019 during the women feel included and sup-
connect with others to bring the WiCCB Network
GFCE Annual Meeting in Addis Ababa by Ms. Carmen Gonsalves, GFCE Co-Chair and ported, addressing challenges,
identifying key success factors,
globally, share Capacity
together; the ‘Women in Cyber
Building’ online meet-
Head of International Cyber Policy at the Ministry of Foreign Affairs of the Netherlands.
and increasing their involvement experiences and ing in May 2020 was dedicated
in cyber capacity building. To to celebrating women globally
support the network’s mission, challenges, promote by sharing achievements, experi-
the GFCE aims to enhance the ences and discussing the added
following: best practices and value of the network. A second
session followed for ‘Empowering
1. Cooperation and knowl- create awareness.” the GFCE WiCCB’ (read report:
edge sharing among women page 6) during the GFCE Annual
involved in cyber capacity V-Meeting 2020 which focused
Added value of the encourage and support wom- during the GFCE Annual Meeting building; on identifying opportunities for
WiCCB Network en’s participation in the field of in Addis Ababa: to facilitate and 2. Identification of women’s collaboration within the network.
cybersecurity. In pursuit of these coordinate a strong, inclusive and cyber capacity needs on a In March 2021, a first regional
objectives, female professionals growing network of female pro- regional level; session on “Breaking the region-
Today, despite the growing need to be able to connect with fessionals in cybersecurity and 3. Growth of a trusted commu- al barriers to empower women
demand for cybersecurity pro- others globally, share experienc- cyber capacity building who can nity of cyber experts building in cyber capacity building” took
fessionals, women are under- es and challenges, promote best learn from each other and raise a diversified workforce; place, as part of the GFCE-OAS
represented in the global cyber practices and create awareness . awareness on capacity building Meeting for the Americas, with
workforce and still face a variety It was for this reason that issues, encouraging the inclusion female representatives from
of challenges that prevent their the GFCE Women in Cyber Ca- and empowerment of women in the LAC region discussing the
inclusion and advancement in the pacity Building (WiCCB) Network the field. main challenges women face
field. To tackle these challeng- was launched in 2019, by Ms. Car- in cybersecurity. In addition to
es, there is a need to promote, men Gonsalves GFCE Co-Chair,
34 Gender Empowerment in Cyber: GFCE Women in Cyber Capacity Building Network | Gender Empowerment in Cyber: GFCE Women in Cyber Capacity Building Network | 35
Global Developments Global Developments
CYBERSECURITY
the pandemic, the same period and given rise to a daunting con-
also witnessed the emergence of cybersecurity unless vergence of cyberattacks against
assistance efforts in the form of hospitals, research laboratories,
innovative coalitions. Individuals
all communities can non-governmental organizations
HEALTHCARE
defending the health sector,
bringing assistance to victims of programs.” Research on the economic
extortion, protecting elections, impact of cyberattacks against
and denouncing violations of our Case Study: Healthcare healthcare abounds, but little to
THE GFCE’S
only better understand and meet Collaboration with GFCE Regional
the regional needs and demands, Regional Organizations Meetings and
but also to support the GFCE
Engagements
Community with bringing their
REGIONAL
expertise and know-how to the As capacity building requires
region. By increasing regional trust between implementers and The GFCE also plans to hold
focus, the GFCE is also able to the beneficiary community, to more regional meetings in 2021,
more accurately identify needs, ensure sustainable and long-term to bring together relevant stake-
APPROACH
discover best practices, and am- impact, the GFCE is connecting holders (donors, implementers
plify regional efforts to the global and collaborating with region- and beneficiaries) of the region
level; which is in line with its ef- al organizations to support its to discuss, learn and find solu-
forts to maintain a demand-driv- regional efforts. By doing so, the tions to capacity building chal-
en approach to capacity building. GFCE taps into platforms that lenges. Through these regional
have built long-lasting, trusting meetings, the GFCE can fortify
relationships with their respec- its coordination role, and more
tive member States, and that can effectively match needs with
Written by: Kathleen Bei, Advisor, GFCE Secretariat “As capacity help the GFCE tailor its approach offers for support. These regional
in the respective regions. Many meetings also increase the re-
building requires regional organizations also al- gional visibility and awareness of
Over the last two years, the need for a regional approach in the GFCE has
become undeniable. By increasing regional focus, the GFCE is able to more accurately
trust between ready have a clear overview of the GFCE and its work on cyber
regional perspectives and ca- capacity building, and can lead
identify needs, discover best practices, and amplify regional efforts to the global implementers and pacity needs and can therefore to increased knowledge transfer
level; which is in line with its efforts to maintain a demand-driven approach to work with the GFCE to trans- to the region. Besides discussing
capacity building. As of 2021, the GFCE has officially established on-the-ground
the beneficiary late them into specific activities capacity building needs, it is also
to support capacity building. important to gather stakeholders
presence in the Pacific, Africa, Europe, Asia, and the Americas; with all continents community, to In turn, the GFCE is a valuable to share regional good practices
represented by the GFCE Community. partner for regional organizations and initiatives to promote greater
ensure sustainable as it provides access to a global knowledge-sharing. The entire
multistakeholder implementing second day of the GFCE Consul-
“A regional approach and long-term network and a platform to share tation Meeting 2021 is dedicat-
GFCE’s Regional Focus is favorable because A demand-driven impact, the GFCE good practices and lessons learnt
across regions. Furthermore,
ed to regional meetings to give
participants a better understand-
countries within approach is connecting the GFCE aims to support exist- ing of the GFCE’s as well as its
ing regional organizations and Member and Partner’s efforts on
As of 2021, the GFCE has
a region tend to and collaborating structures in their cyber capacity a regional level. Read more about
officially established on-the- Over the last two years, the building efforts to avoid duplica- the GFCE’s planned and ongoing
ground presence in the Pacific, share similarities in need for a regional approach with regional tion. efforts in the different regions:.
Africa, Europe, Asia, and the in the GFCE has become un-
Americas; with all continents priorities and are deniable. A regional approach organizations
represented by the GFCE Com- is favorable because countries
munity. The GFCE’s ongoing seen to be able to within a region tend to share to support its
efforts to bolster its regional similarities in priorities and are
reach a common seen to be able to reach a com- regional efforts.”
focus is outlined in the Strategic
Building Blocks document that mon understanding, agreement
was presented during the GFCE understanding, or way forward more easily than
Annual V-Meeting last year. Some
key milestones towards 2022 that
agreement or way in other multilateral fora . Fur-
thermore, a regional approach
are linked to these efforts include forward more can be instrumental in improving
connecting and cooperating with regional collaboration and knowl-
regional organizations, organiz- easily than in other edge sharing amongst stake-
ing regional coordination meet- holders in the region. In placing a
ings and increasing awareness of multilateral fora.” greater emphasis on the regional
the GFCE. approach, the GFCE aims to not
42 The GFCE’s Regional Approach | Global Developments The GFCE’s Regional Approach | Global Developments 43
Guest Editors:
Daniela Schnidrig
Cyber4Dev Communications Team
Mariana Jaramillo
Louise Marie Hurel
Ka Man Yip
James Boorman
Siim Alatalu
Giouli Lykoura
Stéphane Duguin
Chief editors:
Publishers
Disclaimer
AU • EU • GFCE • OAS
contact@thegfce.org