GCSCC at the Paris Peace Forum

Cybersecurity capacity building: International collaboration to advance online stability

 

Our Director Prof. Sadie Creese joined a panel of global experts at the Paris Peace Forum 2021 to discuss how to leverage international cooperation for cybersecurity capacity building. The panel was co organized by Microsoft and moderated by Kasper Klinger, Vice President of European Government Affairs at Microsoft. The other panelists included Dr. Towela Nyirenda-Jere, principal Program Officer at the Africa Union Development Agency(AUDA-NEPAD), and  Sabine Muller, CEO at DHL Consulting.
 
The Paris Peace Forum is an annual event that brings together global leaders such as head of states, intergovernmental actors, private sector and academia to discuss the most pertinent global issues. While in 2020 the forum focused on building back better from the pandemic, this year’s convening, with the theme ‘minding the gap’ had discussions centred around bridging equality after the pandemic. 
 
The pandemic has made countries and organizations more reliant on the internet and other digital technologies than we have seen before. There is increased digitization of government services, public health and education. The private sector has also leveraged on technologies such as internet banking and mobile money for transactions and created online platforms for service provisions. Consequently, from the consumption side, there has been increased uptake of digital services that help go around the restrictions of movements and physical meetings. For example, conferences have gone online and there is increased adoption of immersive technologies in different sectors. However, increased digitization also follows vulnerabilities. During the pandemic we have seen increased cases of cybersecurity incidences such as ransomware attacks, conference bombings and service downtimes caused by sharp surge of their demand. This affects the ability of countries to recover from the pandemic. 
 
Dr Towela Nyirenda mentioned the importance of cybersecurity capacity in achieving the aspirations of the Africa Free Trade Area(FTA) policy whose implementation began under this year’s Africa Union regime. She expressed that the FTA will rely on people being able to trust services that were previously enjoyed in the physical world and now being moved into the digital space. There is therefore need to ensure safety in transactions and people’s engagements online. AUDA NEPAD is mandated with supporting the AUC in the implementation of priority programs and projects in line with agenda 2063. These programs include cybersecurity capacity, data protection and other initiatives regarding Africa’s digital transformation strategy.

 

Africa's Free Trade Area will rely on people being able to trust services that were previously enjoyed in the physical world and now being moved into the digital space. There is therefore need to ensure safety in transactions and in people’s engagements online.

 

Dr, Towela also talked about AUDA's partnership with the Cybersecurity Capacity Centre for Southern Africa in building Cybersecurity Capacity(C3SA). AUDA is working with C3SA on strengthening the implementation of the Malabo Convention using Cybersecurity assessment. She added that AUDA saw the high value of the Cybersecurity Capacity Maturity Model(CMM) in linking it to the assessments currently being carried out on the Malibu Convention, and that CMM aids in identifying what kinds of interventions are needed for member countries in addressing the specific challenges they are facing.

 

 

 

Professor Sadie Creese talked about the work at the Global Cybersecurity Capacity Centre. In the past number of years, Oxford university with the GCSCC has been highly focused on helping countries around the world to understand what it means to have national cybersecurity capacity. Through the CMM countries have been able to self assess and find out how they are doing in their efforts to develop their cybersecurity maturity and determine what investments they need moving forward.
 
The CMM considers national cybersecurity capacity as a broad concept that includes the ability of a country to set good cybersecurity strategies, understanding what we need to do to be able to involve the society, educating citizens and business leaders to be able to protect themselves and their systems and ensuring access to the right protective technologies and standards. She added that developing national cybersecurity capacity requires the involvement of a wide variety of actors; Businesses, as owners of most of critical infrastructure are in the hands of the private sector, the government, as part of those who are in charge of governing, and the civil society. It is important to bring all these stakeholders to the conversation because they are all part of the solution.
 
The model has been used by more than 85 countries across 5 continents. Its success largely stems from its endorsement and use by different countries and development organizations across the globe. The GCSCC also works with a constellation of regional partners to help embed cybersecurity capacity building into regions. The regional centres not only helps countries carry out CMM assessments, but also generate cybersecurity knowledge that is more specific to the vision and context of their respective regions. As we look into the future, one of the things we are keen on and we are beginning to research deeply how we can help the world plan for future shocks. How we can get better as an international community at not just carrying our immediate operational issues of addressing significant harms but by having to anticipate, by imagination, prepare for and understand what possible future threats might look like.
 
Sadie also talked about how different countries and regions have different priorities, and therefore use the CMM in their own different ways. For this, it is difficult to compare -- using the CMM-- which countries have done well in cybersecurity capacity and which are lagging behind. The CMM was developed for the world in a process involving experts from the international cybersecurity capacity community, across different sectors. The GCSCC is just its custodian who work with the cyber capacity community from all sorts of sectors to evolve it. For that reason, the model has been shared widely and the GCSCC has invested in helping other stakeholders use it in their cybersecurity and development agenda.

 

 At the GCSCC, we have began to research deeply how we can help the world plan for future shocks. How we can get better as an international community at not just carrying our immediate operational issues of addressing significant harms but by having to anticipate, by imagination, prepare for and understand what possible future threats might look like.

 

Sabine Mueller emphasised on the need to put cybersecurity high up in each agenda, and said that the Malabo convention is a step in the right direction. She added that very often African countries are misused as centres of cyber attacks for criminal activities. Cybercrime such as phishing are made to look like they originate from Africa and this damages the countries reputation. The result is that companies and foreign investors refrain from economic cooperation with these countries. She added that cybersecurity begins with the procurement of secure IT infrastructure, and ensuring that people are able to handle them. At the continental level, the GIZ has worked with the African Union Information Society Division to build relevant technical expertise and develop strategies for creating awareness. She also emphasised that cybersecurity starts at home, and therefore crucial to include cybersecurity in the planning and designing stage of projects for the creation of sustainable solutions.

 

Cybercrime such as phishing are made to look like they originate from Africa and this damages the countries reputation. The result is that companies and foreign investors refrain from economic cooperation with these countries.

https://www.youtube.com/embed/jG_vDTcjovE