Cyber Centre emphasises the need for strategic, long-term capacity building during UN Forum

The 10th Internet Governance Forum (IGF) took place last week in João Pessoa, Brazil. This year’s theme focused on empowering sustainable development through the evolution of internet governance, chiefly through fostering cybersecurity and trust on the internet.

Cybersecurity is a global problem and risks can only be addressed through international cooperation and by including all stakeholders. This was the overall consensus at the main session on Enhancing Cybersecurity and Building Digital Trust. The panellists - from governments, international organisations, academia, private sector, the technical community, and civil society - also agreed that capacity building is an indispensable driver. Lara Pace, former Knowledge Manager at the Global Cyber Security Capacity Centre (GCSCC) pointed out the need to develop a common understanding of what cybersecurity capacity building is; “We have to be more strategic overall to be meaningful in the long-term.” The need for international co-operation across sectors, regions and organisational structures was also emphasised by representatives of the GCSCC on the panel of the Global Forum on Cyber Expertise (GFCE).

The centre’s Cybersecurity Capability Maturity Model is a strategic, multistakeholder approach to cybersecurity capacity building. Taylor Roberts, former Oxford Martin Fellow at the centre, presented the methodology behind the model, and the lessons learned from its implementation, during a workshop that the GSCCC co-hosted with the World Bank. Natalija Gelvanovska, of the World Bank, identified the importance of gaining an inclusive and comprehensive understanding of cybersecurity before making investments into ICT. Barbara Marchiori, from the Organization of American States, discussed their experiences of using the model in member states. Ryan Johnson, Cyber Security practitioner and Internet Governance specialist, emphasised the need to consider location specific economic, social and political circumstances - especially from a civil society perspective – so as to be effective and sustainable. The workshop attracted more than 90 participants on location and online, and audience members were particularly interested in countries’ specific challenges and potential approaches for developing cyber capacity.

A Best Practice Forum on Establishing and supporting Computer Security Incident Response Teams (CSIRTs) focused on how to prepare national cyber capacity to respond adequately to cyber incidents. Taylor Roberts provided examples of different models – from flexible small-scale teams to established departments. The Best Practice Forums have evolved as highly appreciated output of the intersessional work of the IGF, providing actionable recommendations for other policy dialogue forums.

The importance of knowledge sharing and transparency was reflected in the emphasis on online mapping initiatives like the centre’s Cybersecurity Capacity Portal during the four-day forum. A workshop on Building Internet Observatories: approaches and challenges brought together representatives of mapping initiatives in different spheres of internet policy development.

Around 2,400 participants from over 116 countries took part in the forum, with thousands more actively participating online.

This opinion piece reflects the views of the author, and does not necessarily reflect the position of the Oxford Martin School or the University of Oxford. Any errors or omissions are those of the author.