IGF 2022 WS #283 Capacity Building for Safe & Secure Cyberspace: Making It Real

Time
Thursday, 1st December, 2022 (13:45 UTC) - Thursday, 1st December, 2022 (14:45 UTC)
Room
Caucus Room 11

Organizer 1: Kathleen Bei, Global Forum on Cyber Expertise (GFCE)
Organizer 2: Marjo Baayen, Global Forum on Cyber Expertise
Organizer 3: Elliot Mayhew, GFCE
Organizer 4: Kerry-Ann Barrett, Organization of American States

Speaker 1: Sylvia Cadena, Technical Community, Western European and Others Group (WEOG)
Speaker 2: Jaqueline Pateguana, Intergovernmental Organization, African Group
Speaker 3: Kerry-Ann Barrett, Intergovernmental Organization, Latin American and Caribbean Group (GRULAC)
Speaker 4: Kaja Ciglic, Private Sector, Eastern European Group
Speaker 5: Andrea Calderaro, Civil Society, Western European and Others Group (WEOG)

Moderator

Marjo Baayen, Intergovernmental Organization, Intergovernmental Organization

Online Moderator

Kathleen Bei, Civil Society, Asia-Pacific Group

Rapporteur

Elliot Mayhew, Civil Society, Western European and Others Group (WEOG)

Format

Round Table - Circle - 60 Min

Policy Question(s)

What is the role of capacity building in enabling safety, trust, and accountability? How do needs in cybersecurity differ in the world’s regions and how can they be concretely addressed? How can deliberations at the IGF further support capacity building in digital policy issues?

Connection with previous Messages: Several IGF messages under the theme of trust, security and stability will serve as an important starting point for discussion in the session. Namely: - Industry sets of good practices, standards that are globally recognised, norms and principles (such as those under the United Nations’ (UN) Group of Governmental Experts (GGE) and Open-Ended Working Group (OEWG)) that call for states to focus on the security of supply chains and reducing vulnerabilities, and regulatory instruments – like labelling and certification schemes – are also emerging. However, more stakeholders should be aware of best practices and base their work on them. Initiatives and forums, along with standardisation organisations, play an important role in gathering actors together. - The session will aim to further sensitise stakeholders especially from developing countries on the needs to participate in policy processes such as the OEWG. - Neutrality holds significant potential as a force for stability in cyberspace and - in times of lively global discussions - can advance the understanding of key conditions for implementing rules of responsible behaviour. Greater clarity about state views, which have been the traditional focus under the law of neutrality, has the capacity to create safe spaces for non-state actors that assist vulnerable groups. - The question of neutral capacity building, which is essential for building trust of those needed support, will be tackled in the session. - Cybersecurity has become even more important in times of hyper-digitalisation as a result of the COVID-19 pandemic. Cybersecurity measures put in place must be designed to evolve with the rapid digital transformation, including enabling important social services to function online instead of physically. Cross-silo collaboration is essential to strengthen cybersecurity. - Cybersecurity is linked to socioeconomic development. Yet, this connection is not always clear. Connecting cyber and development agenda will be an important focus of the session. Inclusive internet ecosystem and digital cooperation theme and the following IGF2021 message will provide framing for the session: - Inequalities are multi-layered nuanced areas and require dedicated assessments and tailored solutions. Women and girls are especially affected. The inclusion process should be designed and implemented in a multistakeholder manner through capacity development, empowerment and awareness raising and building common understanding across stakeholder groups. - Several aspects so crucial for capacity building are tackled in this message and will serve as guiding principles for the submitted session proposal. The role of stakeholders, efficient and gender-specific considerations to capacity building, as well as tailored solutions will be brought up in the discussion.

SDGs

4. Quality Education
4.4
4.5
4.7
4.b
4.c
5. Gender Equality
5.1
5.5
8. Decent Work and Economic Growth
8.1
8.2
8.3
8.5
8.6
9. Industry, Innovation and Infrastructure
10. Reduced Inequalities
10.2
10.3
9.1
9.4
9.5
16. Peace, Justice and Strong Institutions
16.4
16.6
16.7
17. Partnerships for the Goals
17.2
17.3
17.5
17.6
17.7

Targets: Several SDGs are indirectly connected to the theme of this workshop. As capacity building is a form of education, the most direct relevance is of course to SDG 4 of Quality Education, especially its lifelong learning elements. Of particular relevance are targets 4.4 of equal access of people with different skills to financial success, 4.5 of limiting discrimination in education, 4.7 of education for sustainable development and global citizenship, 4B for scholarships for higher education for developing countries and 4C of increasing the number of qualified teachers. For Goal 5 of Gender Equality, we want to stress targets 5.1 of ending discrimination against women and girls, 5.5 of full participation in leadership and decision making, and 5.8 of empowerment of women through technology. For Goal 8 of economic growth, the following targets are applicable to the session: 8.1 of sustainable economic growth, target 8.2 aimed to diversify, innovate and upgrade for economic productivity, 8.3 to promote policies to support job creation and growing enterprises. Capacity building is also linked to job creation, thus target 8.5, as well as training for young people in target 8.6. Innovation related SDG 9 is relevant for our discussion especially in the context of target 9.1 on resilient infrastructures, very relevant for cyber issues, 9.4 of upgrade of sustainable infrastructures and target 9.5 on enhancing technology research. SDG 10 deals with inequality in and in between countries, which is higly relevant for the development aspects of cybersecurity discussions, in particular in the context of targets 10.2 of equal political and economic inclusion, 10.3 on end of discrimination, 10.8 of special and differential treatment for developing countries, and particularly 10.9 for encouragement of more investement in development assistance, something of very high relevance for the GFCE, the organiser of the workshop. Promoting strong institutions is encouraged in quality capacity building support, thus the relevance of SDG 16, notably targets 16.4 of combatting organised crime, 16.6 of developing transparent institutions, then target 16.7 of responsive, inclusive and representative decision making, crucial importance is of target 16.8 of participation in global governance and 16B of strenghtening national institutions. Finally, SDG 17 of partnership for development, for the submitted session very relevant in its target 17.2 of implementing development assistance commitments, 17.3 of mobilising resources for developing countries, 17.5 of investing in least developed countries and finally 17.6 of knowledge sharing and 17.7 of promoting sustainable technologies to developing countries, 17.8 of strengthening science, technology capacity of developing countries, 17F or respecting national leadership and 17H of developing sustainable partnerships.

Description:

Some of the prerequisites of safe, secure, and accountable internet are responsible users with the right digital skills and informed policymakers with the expertise and foresight to promote capacity building to address and solve present and future cybersecurity challenges. Capacity building is however not an easy task as several factors need to be taken into account to achieve impact. These include, besides others, the need for a tailored approach, accurate matching of support to gaps and needs, and specific considerations to differences in needs of each region. The focus of this workshop will lie on prerequisites for efficient and effective capacity building, including measuring success of capacity building programs or ensuring a strong value proposition during program design phase. By facilitating exchanges on regional nuances, with actors from the individual regions being at the forefront of the discussion, we hope to contribute to regional representatives shaping in which direction future capacity building projects will lead, making sure that future support corresponds to real needs, does not duplicate already implemented projects and is oriented towards impact. This workshop will dive deeper into the specificities of cybersecurity capacity building and nuanced regional considerations, especially of developing countries. It will build on the discussion held at an IGF workshop of 2020 of "Nobody Left Behind – Inter Regional Cyber Capacity Building”, thus providing a continuity of the theme that has been building up at the IGF over past years. Preparations are also closely coordinated with session organisers of a workshop on African needs in cybersecurity capacity building that is being submitted for the African IGF taking place in Malawi. The session will put current challenges of cybersecurity capacity building in the context of several UN frameworks and processes (such as Roadmap for Digital Cooperation and the Global Digital Compact, OEWG and PoA processes, etc.), as well as link to efforts of other actors and stakeholders. We will brainstorm – together with online and onsite session participants - on the aspects of accountability in building a safe internet for the future and how capacity building in the area of cybersecurity can contribute to this goal.

Expected Outcomes

The session is expected to: Further contribute to ensuring that the IGF is the venue of discussions on capacity building in internet governance and related issues. By active involvement of session participants from developing countries – both as speakers as well as active participants – we will collect input and feedback for further work of our respective organisations. Produce session results to feed into the Global Conference on Cyber Capacity Building, organised in May 2023 by the Global Forum on Cyber Expertise (GFCE), the World Bank, the World Economic Forum and the CyberPeace Institute Promote the discussion of capacity-building elements in the context of the Global Digital Compact. Contribute to better coordination among providers of cybersecurity capacity-building initiatives. Connect the capacity building and development communities and illustrate how capacity building could support the achievement of the SDGs.

Hybrid Format: The session is designed with the hybrid format carefully in mind. We will strive that both our online and onsite participants have a meaningful experience from the session. We want to move from remote participation to true hybrid nature. We will concretely achieve this by: - Combining our speakers joining online and onsite - Having an experience chat moderator who will make sure to serve as a bridge between both types of audiences. - Preference for questions and interactions will not be automatically given to those in the room, as has been the practice at many previous IGFs. - We will integrate several interactive elements to provide an engaging session. We plan to use several mentimeter polls and polling options. In this respect, we want to prepare a creative, yet technologically easy session. - We will work with speakers in advance to make sure they are aware they are not coming to give a long lecture, but mainly to engage. - We will closely follow the guidance from the IGF Secretariat and its Working Group on Hybrid meetings on how to plan for a session fitting the format of this year’s IGF.

Online Participation

 

Usage of IGF Official Tool.

 

Key Takeaways (* deadline 2 hours after session)

Even though there are various factors involved in CCB and countries and regions have different needs and issues, stakeholders involved in CCB can explore best practices and solutions implemented in different regional settings, as they will often be transposable and adjustable to different contexts.

Cybersecurity is a shared responsibility between governments and other actors involved in this space, such as the private sector, technical communities and civil society. CCB should thus provide a multi stakeholder response to challenges, for eg through calling on the private sector to provide inputs on trends and threats overview, or empowering civil society to take an active approach in CCB, such as through the potential role of academia in fil

Call to Action (* deadline 2 hours after session)

Stakeholders are encouraged to make use of the GFCE ecosystem and tools, such as the Clearing House, that not only matches needs with resources, but also supports stakeholders through clarifying their needs and developing their CCB roadmap.

Session Report (* deadline 16 December) - click on the ? symbol for instructions

IGF WS #283 “Capacity building for safe & secure cyberspace: making it real” looked at cyber capacity building (CCB) as a priority on the international cooperation agenda. The session discussed regional dynamics and challenges as well as the role  and intersections of different actors in a multistakeholder approach to CCB, particularly in workforce development.

APNIC mentioned that capacity building efforts faced three main challenges in the Asia-Pacific region, exacerbated by the COVID pandemic: the growth in number of users and networks led to additional pressure on existing operators; multilingual diversity challenges were noted in terms of the need for continuous translation of manuals and documents such as updated best practices in different languages (needed for maintaining the level of engagement); the increased reliance on access to internet in terms of livelihood and delivery of government services has also meant that this became a much more critical resource for organisations and businesses in remote areas. A reliable, accessible, affordable stable internet has become essential for securing growth in a stable way.

The OAS (Organisation of American States) – CICTE as focal point for GFCE’s Liaison highlighted their focus on identifying gaps in CCB. The challenges identified in the region were not only related to the gap between decision makers and the technical community but relate also to the disconnect between decision-makers stemming from an age bracket that does not necessarily identify with the information required to make cybersecurity-related decisions, and the cyber domain they are called to rule on. On workforce development, it was noted that there was not sufficient reference to education as regards the digital skills gap. There is an insufficient offering of university courses for reducing the digital skills gap. Further on, on the labour market, recent graduates are faced with obstacles or are unable to get cybersecurity jobs because of their lack of practical experience. Moreover, gender parity in the workforce dropped after the pandemic, which highlights the need for policies geared towards including women in digital and cybersecurity roles. CCB is a strong focus of the GFCE Liaison at OAS – CICTE. Mapping of ongoing projects and efforts is an important step undertaken by the GFCE liaison through analysing information on the Cybil Portal. The mapping so far indicates an increased interest from donors and implementers in the region. The OAS as GFCE hub is an ideal position to seize this as an opportunity through coordinating efforts and developing a regional roadmap for CCB implementation. The potential overlap between projects can thus be deconflicted through steering efforts towards different identified priorities.

The GFCE’s Clearing House process was illustrated through examples from the significant number of requests stemming from the Global South, particularly from African countries. The match-making mechanism goes beyond connecting members and partners who have identified CCB needs with resources within the GFCE community, be it expertise or financial. The process is in many cases a first step in a country’s CCB’s journey. The Clearing House process facilitates the discussions on CCB needs in an expert community, supporting countries in identifying and prioritising their needs, which results in developing national CCB roadmaps for the medium-long term. This exercise is essential to mobilise the resources and expertise available.

Cross-stakeholder engagement in CCB is vital as each stakeholder group is called to represent different viewpoints and play specific roles. From the outset, panellists focused on cybersecurity as a shared responsibility between governments and other actors involved in this space, such as the private sector, technical communities, civil society and academia. CCB should thus provide a multi stakeholder response to challenges, be it through calling on the private sector to provide inputs on trends and threats overview with predictions across a longer timescale, or empowering civil society to take an active approach in CCB, such as through the potential role of academia in filling in identified knowledge gaps. It was proposed that the shared responsibility mantra should in turn impact on the concept of CCB, broadening it beyond the state view and addressing local industries and civil society that need support and could benefit from CCB.

Further on the role of the private sector, it was noted that the industry is not only made up of large companies, it is in fact in majority composed of small companies that operate domestically and implement solutions locally. Even though they will not have the same resources available as a major industry player, they are still an essential partner and potential beneficiary of CCB.

Regarding civil society and academia, it was mentioned that investing in domestic research-based academic programs and engaging with academic communities at national level will provide a better understanding of the national context and can also help countries develop the knowledge required to build their national cyber capacity through a bottom-up approach.

The two stakeholder groups collaborate in meaningful and practical ways, for example through the private sector offering placements, fellowships, and internships, as certification programs often need to provide practical experience. 

It was concluded that a capacity building approach connecting industries and educational institutes ensures that there is no supply-demand mismatch in workforce development. Panellists underlined that workforce development strategies should be comprehensive and connect education, government and private sector. This ensures that the skilling content is industry-aligned, based on a common set of needs. This ensures also that all stakeholders speak the same language, be it when describing university courses offered or when drafting job descriptions. However, it was stressed that these strategies should be country-specific, as the need for cybersecurity personnel varies according to the country’s industrialisation and digitalisation level. So, it is important to promote career paths in a country-specific approach.

As a concrete example of a cross-stakeholder, country-specific approach, Microsoft mentioned the implementation across 23 different countries of cybersecurity skilling campaigns, aiming to bring in traditionally excluded or less represented communities in the cybersecurity workforce, including women. By partnering with local governments, education institutions and local businesses the campaigns aimed to ensure that the programs developed fit the unique needs of their own context.

Panellists reiterated the importance of having a cross-stakeholder approach to cyber capacity building, understood in the regional context and implemented at national level.