GLOBAL CYBER EXPERTISE MAGAZINE - Cybil Portal
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
Volume 9, June 2021 Towards an inclusive
cyberspace
Developing Sierra
GLOBAL
Leone’s National
Cybersecurity
Strategy
CYBER -page 4-
The ASEAN-
EXPERTISE
Singapore
Cybersecurity
Centre of Excellence
MAGAZINE (ASCCE)
-page 20-
EU CyberNet - same
kid, new and larger
block
-page 28-
Gender
Empowerment in
Cyber:
GFCE Women in
Cyber Capacity
Building Network
-page 32-
WHY ARE CYBER PORTALS
IMPORTANT FOR CCB?
-page 16-
3
Volume 9, June 2021 Editorial
Global Cyber Regions Editorial
Expertise Magazine Africa
On behalf of the Editorial Board, I am pleased to welcome you
4 Towards an inclusive cyberspace: to the ninth (9th) edition of the Global Cyber Expertise Magazine!
Developing Sierra Leone’s National This edition is released in conjunction with the virtual GFCE Con-
Cybersecurity Strategy sultation Meeting 2021, an opportunity for the GFCE Community to
gather and share their ideas and input.
8 Building local partnerships helps
young Batswana to be ‘CyberSmart’ The Global Cyber Expertise Magazine is a joint initiative by the
African Union, the European Union, the Organization of American
Americas States and the Global Forum on Cyber Expertise. The Magazine aims
to provide cyber policymakers and stakeholders insight on cyber
12 Cybersecurity and the pandemic: capacity building projects, policies and developments globally.
The Importance of Public-
Private Partnerships in the In this issue, our cover story takes a look at why cyber portals
Aftermath of COVID-19 are important for cyber capacity building, from our Americas sec-
tion. The Americas section also includes an article exploring the
16 Why are Cyber Portals Important for CCB? importance of public-private partnerships in the aftermath of COV-
ID-19. From Africa, we have an article on the development of Sierra
Asia & Pacific Leone’s national cybersecurity strategy, in addition to an article
20 The ASEAN-Singapore Cybersecurity focused on building local partnerships to help young Batswana to be
‘cyber smart’. From Asia and the Pacific, we have an article highlight-
Centre of Excellence (ASCCE)
ing the development and workings of the ASEAN-Singapore Cyber-
24 The CMM in the Pacific security Centre of Excellence (ASCCE), and another article analyzing
the use of the CMM in the Pacific region. From Europe, we have a
Europe follow-up article from one of our previous issues on EU CyberNet. In
addition to the regional section, we have three articles in our global
28 EU CyberNet – same kid, developments section. Firstly, this issue dives into the GFCE Women
new and larger block in Cyber Capacity Building Network to highlight gender empow-
erment in cyber. Next, we have an article rethinking cybersecurity
capacity building based on revelations from the healthcare sector.
Global Developments Last but not least, this issue features an article on the GFCE’s region-
al approach as one of the key GFCE Strategic Building Blocks.
32 Gender Empowerment in
Cyber: GFCE Women in Cyber We thank our guest writers for their valuable contributions to
Capacity Building Network the ninth (9th) edition of the Magazine and we hope you enjoy read-
ing the Global Cyber Expertise Magazine!
36 Rethinking Cybersecurity Capacity
Building: Healthcare shows the way On behalf of the Editorial Board,
40 The GFCE’s Regional Approach David van Duren
Director of the GFCE Secretariat
4 Towards an inclusive cyberspace: Developing Sierra Leone’s National Cybersecurity Towards an inclusive cyberspace: Developing Sierra Leone’s National Cybersecurity 5
Strategy | Africa Strategy | Africa
TOWARDS AN INCLUSIVE An inclusive approach to
cyber policymaking goes hand in
Background and
Sierra Leone’s CMM
strategy development process
in particular. Subsequently, in
CYBERSPACE: DEVELOPING
hand with this by helping to en- March 2020 GPD and the Minis-
sure that views of those that are try convened a multistakeholder
affected are taken into account The process goes back to workshop to increase awareness
SIERRA LEONE’S NATIONAL
and not side-lined by securitized 2016, when Sierra Leone under- among stakeholders on cyber
and threat-driven narratives. In went a cybersecurity capacity policy issues, gather information
fact, experience from countries review (best known as a “CMM”) on the landscape, increase co-
CYBERSECURITY
that have developed their nation- carried out by Oxford’s Global ordination, and provide a space
al cybersecurity strategies in an Cyber Security Capacity Centre for stakeholders to discuss their
inclusive way has shown that this and the International Telecom- priorities and inform the process
STRATEGY
approach not only enables stake- munication Union. The final CMM of NCSS development. Shortly
holder views to be better repre- report highlighted the need for after, the COVID-19 pandemic
sented, but also helps increase Sierra Leone to develop a nation- hit worldwide and as a result,
buy-in from relevant stakeholders al cybersecurity strategy, with in-person meetings had to be put
when it comes to implementing one of the recommendations be- on hold. Despite being unable to
the strategy, thus ensuring a ing for Sierra Leone to “Embark host in-person workshops, MIC
more sustainable, effective and toward developing a National continued working on the strat-
robust response to cyber threats. Cybersecurity Strategy to set out egy and, in February 2021, they
Written by: Daniela Schnidrig, Senior Program Lead, Global Partners Digital One example is Sierra Leone, the objectives, roles and respon- convened a validation work-
who recently adopted a national sibilities necessary for achieving shop with over 80 representa-
Inclusive and human-rights based cyber policymaking is critical to realize the full cybersecurity strategy developed a comprehensive and integrated tives from different stakeholder
in consultation with local and national cybersecurity posture. groups to gather their feedback
potential of cyberspace and ensure that it continues to underpin social and economic
international stakeholders. This strategy should be aligned on the revised drafts of the Na-
prosperity and promote a society for all. Between 2018-2021, the Ministry of Information with national goals and risk prior- tional Cybersecurity Strategy and
and Communications of Sierra Leone developed its national cybersecurity strategy with Between 2018-2021, Glob- ities to be effective and provide Policy and discuss priorities and
support from Global Partners Digital (GPD) and in collaboration with other international al Partners Digital (GPD), with actionable directives.”1 With the roles in the implementation. The
implementers via the GFCE’s Clearing House Function. The development process financial support from the United strategy being a clear priority to Strategy and Policy documents
featured several instances of stakeholder consultation and capacity building to inform the Kingdom Foreign, Common- improve its cyber maturity and were adopted by the Cabinet in
wealth and Development Office resilience, Sierra Leone’s MIC got March 2021.
strategy. This article aims to share the experience and lessons learned from developing
(UK FCDO) and in collaboration to work.
Sierra Leone’s national cybersecurity strategy in an inclusive way, to help inform future with other international imple- It’s important to note that,
policymaking processes and capacity building efforts. menters, supported the process In 2018 Sierra Leone joined in addition to the strategy, Sierra
of developing Sierra Leone’s the GFCE and started liaising Leone had also been working
national cybersecurity strategy. with GPD, a UK based civil so- on other cyber efforts, such as
On the ground, the process was ciety organization whose aim is undergoing a National Cyber Risk
led by the Ministry of Information to support cyber policymaking Assessment (NCRA) supported
“There is an urgent Inclusive and Human The value of this approach and Communications (MIC). This processes to make them more by the UK Home Office, receiving
Rights Based Cyber is clear: an online environment article aims to share the experi- open, inclusive and transparent, pro bono strategy, policy and
need to reinforce Policymaking that enables individuals to exer- ence and lessons learned from and its policy outcomes more technical cybersecurity advice
cise their rights and enjoy their developing Sierra Leone’s nation- rights respecting. With support from Templar Executives, and
the importance of freedoms is a prerequisite for al cybersecurity strategy with from a cybersecurity consultant receiving support from Council
There is an urgent need user trust, which, in turn, is cru- the GFCE and the broader cyber from the region, GPD delivered of Europe’s GLACY+ project on
inclusive and human to reinforce the importance of cial for sustained uptake and use capacity building community several activities in partnership cybercrime. Given the different
rights based cyber cyber policymaking
inclusive and human rights based
in order to
of the Internet. The absence of
such conditions – where, instead,
to inform future cyber capac-
ity building and policymaking
with MIC, aimed at developing
the strategy with local stake-
initiatives going on, the informal
“Friends of Sierra Leone” group
policymaking .” realize the full potential of cyber- users fear their privacy may be efforts.. holders’ input. For example, GPD was created through the GFCE’s
space, ensuring that it continues undermined through lack of data and the Ministry co-convened a Clearing House Function. In this
to underpin social and economic protection or due to pervasive civil society training workshop regard, the GFCE played a crucial
prosperity and promote a society surveillance – has been identified in December 2019 to build the role in providing a platform for
for all. as one of the key obstacles for capacity of civil society groups implementers supporting Sier-
meaningful access and future to enable them to engage in ra Leone to stay informed and
growth of the digital economy. cyber policy discussions, and the coordinated. In addition, different
6 Towards an inclusive cyberspace: Developing Sierra Leone’s National Cybersecurity Towards an inclusive cyberspace: Developing Sierra Leone’s National Cybersecurity 7
Strategy | Africa Strategy | Africa
Lessons learned tion, and actively seek to avoid
duplication. Mechanisms like the
GFCE Clearing House can play a
critical role in facilitating this type
Meaningful stakeholder input can
of coordination.
lead to better informed policy
Cybersecurity affects a It’s a marathon, not a sprint
range of different stakeholders,
many of whom have differing Projects that seek to impact
experience and areas of expertise government policy processes in
on the subject. Much of this is un- a sustainable way should take
likely to exist within government note of the average length of the
alone. Bringing different stake- policy process on the ground, as
holder groups’ rich expertise into well as pandemic related delays.
cyber policymaking processes Short-term interventions are
can help foster a more accurate unlikely to be effective as they
and evidence-based picture of may fail to cover the full length of
the cybersecurity landscape, the the process. This, compounded
possible implications of different by the COVID-19 pandemic and
policies being considered, and restrictions related to curbing its
how best to engage with those spread, has the potential to intro-
other stakeholders during a pol- duce more delays that can affect
Figure 1. Multistakeholder workshop participants, March 2021. Figure 2. From left to right, Permanent Secretary of the Ministry of Information and
icy’s implementation. Sierra Leo- project implementation. There-
Communications of Sierra Leone, Mr. Kenneth Adu-Amanfoh, Hon. Minister of Informa-
ne’s strategy reflects stakehold- fore, flexibility in project timelines
tion and Communications Mohamed Rahman Swaray, and Ag. Director of Communica-
ers’ priorities, and the buy-in built can contribute to project success.
tions Mr. Mohamed Jalloh.
GFCE events presented oppor- through the consultations has the
tunities for the different imple- “Sierra Leone’s potential to make the implemen- Inclusive processes are themselves
menters to meet with each other
strategy reflects tation process smoother. a way to build capacity “Sierra Leone’s REFERENCES1
and with the Sierra Leone Gov- 1. Page 17, Cybersecurity
ernment.
stakeholders’ Ensuring coordination between The value of stakeholder strategy reflects Capacity Review, Republic of
engagement extends beyond Sierra Leone. Global Cyber
As a result of project ef- priorities, and the
the donor and implementer
creating better policy outcomes stakeholders’ Security Capacity Centre, Ox-
communities is essential
forts, the strategy development and ensuring effective implemen-
process featured strong multi- buy-in built through There are often numerous tation– it also acts as a capacity
priorities, and the ford Martin School, University
of Oxford, and International
stakeholder engagement and
contributed to a rights-based the consultations
donors and implementers op-
erating in a given environment
building effort in itself. buy-in built through Telecommunications Union.
https://cybilportal.org/projects/
approach to cyber policymaking
has the potential
with similar activities, and a lack Depending on the exist- the consultations cmm-review-sierra-leone/
in Sierra Leone, as evidenced by of coordination mechanisms and ing interest and capacity of
a commitment to protecting and
to make the measures can, for example, result local stakeholders, additional has the potential
promoting human rights being in multiple events which seek to investment and efforts might be
featured in the strategy.
implementation address similar issues and invite necessary to facilitate meaningful to make the
similar target groups. Insufficient engagement and leverage the
process smoother.” activity coordination can there- knowledge and expertise that implementation
fore contribute to fatigue among stakeholders can bring to the
local actors, risks stretching their process. The above-mentioned
process smoother.”
capacity to engage and remain training workshop hosted in
interested, and threatens local December 2019 illustrates this:
buy-in. Mitigation of this situation the event was a way to increase
relies on deliberate coordination awareness and build the capacity
efforts by both donor and imple- of civil society groups to be able
menter communities to identify to subsequently engage in the
potential overlap, share informa- strategy development process.
8 Building local partnerships helps young Batswana to be ‘CyberSmart’ | Africa Building local partnerships helps young Batswana to be ‘CyberSmart’ | Africa 9
BUILDING LOCAL Many of the messages pertinent
to the lives of young people also
• InFuture Foundation: A
non-governmental organiza-
‘Just as we teach our chil-
dren how to tie their shoes or
PARTNERSHIPS HELPS
apply to those in other age cat- tion (NGO) delivering eB- ride a bike, we must also educate
egories. In devising a campaign otho - a program dedicated them about the risks of the inter-
that would be translatable to to raising cyber awareness net and how to adopt safe online
YOUNG BATSWANA TO
all age groups, it was therefore among young people. practices. The CyberSmart BW
essential that digital content was • Inspired Horizons: A campaign is designed to teach
carefully combined with tradi- non-governmental, non-profit young people about both the
BE ‘CYBERSMART’
tional print and broadcast media, making youth organization risks of the internet, and the pre-
which continues to have broad which focuses on youth de- cautions they can take to protect
national reach. velopment and skills building themselves.’
through innovative education
Working collaboratively and capacity building. The campaign ran along two
• Ministry of Transport and parallel tracks; the first being
with local stakeholders Telecommunications: The a public information campaign
leader of national Cyberse- including TV and radio broad-
Building connected net- curity and Cyber Resilience casts, online forums and a media
works has always been at the programs and initiatives workshop; the second being an
very heart of the work of Cyber- • Botswana Communications interactive digital competition
Written by: Cyber4Dev Communications Team 4Dev. At the core of our work is Regulatory Authority (BO- throughout October 2020.
the endeavor to mentor, support CRA): The telecommunica-
Established in 2018, Cyber4Dev, funded by the European Union, aims to support the and encourage our partner coun- tions sector regulator provid- Working with local influenc-
tries to enhance not just their ing oversight of the growing er Zeus Bantsi and broadcasters
capabilities of nations across the globe to formulate and implement strategies and
technical cyber capacities, but cyber environment in Botswana, a series of public in-
campaigns that increase cyber resilience. To achieve this, our project works collaboratively their ability to engage, encourage formation videos were developed
with partners and stakeholder organizations across nine priority countries as well as our and build the cyber literacy of aimed at increasing awareness
growing network of associate countries in Africa, Asia and the Americas. In response their citizens, enabling them to “Just as we teach of online threats and providing
to an increasing number of socially engineered cyber scams aimed at young people, in maintain strong cyber resilience viewers with the tools to combat
October 2020 the Cyber4Dev worked in conjunction with local partners in the Republic in their everyday lives. our children how them. The videos provided tips
on encryption, creating strong
of Botswana and embarked on a month long Cyber Hygiene campaign ‘CyberSmartBW’
The project has been en-
to tie their shoes passwords, protecting social
with the aim of raising the awareness of the importance of good cyber hygiene. gaged in Botswana since 2018, or ride a bike, we media profiles and securing net-
working alongside the Ministry works.
of Transport and Communica- must also educate
tions, the Botswana Commu- Following tips from the pub-
nications Regulatory Authority them about the risks lic information campaign, young
(BOCRA), as well as local and people were challenged to show-
Over the past decade, The efforts to inform and encourage engineering, scams and black- regional stakeholders in support of the internet and case their own creative flair and
Republic of Botswana has been strong and resilient cyber citizens mail. Cyber hygiene teaching in of Botswana’s efforts to further digital savvy through the creation
on an accelerated drive to join has never been more important. schools is still limited and so far, increase its cyber capacity. how to adopt safe of short two minute videos and
the digital revolution. Adoption the media has not picked up on social media posts aimed at edu-
of digital technologies in vari- the potential dangers of poor Botswana has a number of
online practices.” cating their peers of the dangers
Developing a
ous spheres of society has seen cyber hygiene. niche organizations operating of cyber risks, with prizes for the
internet penetration in the coun- Digital First Cyber within the youth services space. top four entries.
The Campaign
try grow by over 600% between Awareness campaign In the ever evolving digital As a project, we have observed
2010 and 2020 and in an increas- media landscape, where mobile the crucial role that local grass- The competition asked en-
ingly digitized world, the volume devices are quickly becoming the root partners play in designing CyberSmartBW was trants to consider -
of cyber scams and hacks on Like many countries, despite dominant means of accessing and implementing campaigns. launched in September 2020
everyday citizens continues to its growing digital connectivity, information, the need to develop Working alongside our experts by the Deputy Head of the EU Why cyber security is impor-
rise. Botswana is no different in Botswana is still on a journey to innovative and engaging content Nick Small and Sylvia Beamish, Delegation to Botswana, Silvia tant to their lives?
this respect and with a young expand its digital and cybersecu- that can easily be shared online the ‘CyberSmartBW’ campaign Bopp-Hamrouni who remarked;
and growing population, the rity awareness. Young people are is paramount to the success of was implemented in collaboration How can they protect them-
importance of supporting local particularly vulnerable to social public awareness campaigns. with: selves from attacks?
10 Building local partnerships helps young Batswana to be ‘CyberSmart’ | Africa Building local partnerships helps young Batswana to be ‘CyberSmart’ | Africa 11
guided them on how to report
about the threats at hand and
thus enabled them to fully under-
stand the public interest aspect
of cyber security.
“The topic of cyber
security is often one
that is veiled by a
level of complexity
meaning that it is
often overlooked
Figure 1. Cyber Smart BW campaign logo.
by the media.” Figure 2. Ambassador Jan Sadek with Selwana Motsemeng.
Lessons Learned
Legacy and continuing
Why is this important
The result? The competition to build momentum
garnered over 100 long listed for policy makers? • Building partnerships– Rec- • Sharing experiences – At its • A Repeatable Solution –
entries, with young people from Creating campaigns with Creating campaigns with ognizing that developing and very heart, the campaign While the campaign was de-
across Botswana presenting their citizen participation at their core citizen participation at their core maintaining cybersecurity was designed to provide a signed and developed specifi-
view on ways to tackle scammers gives policy makers a rare insight gives policy makers a rare insight and promoting cyber hy- platform for young people cally for Botswana, it can be a
and build resilience. into how cyber awareness, or into how cyber awareness, or giene is a continuous effort, to share their experience template for similar programs
lack thereof, can impact upon the lack thereof, can impact upon the it is vital that a broad range online and to use this to in other environments. The
The Impact lives of the people that policies lives of the people that policies of stakeholders are engaged devise innovative messages approach, tools and content
are designed to serve. Working are designed to serve. Working and contribute– building a regarding the importance of developed, can provide a ba-
collaboratively with local expert collaboratively with local expert network of supportive part- staying safe online. With their sis for jump-starting targeted
By design, the campaign practitioners, who work with practitioners, who work with ners. As highlighted in Bot- unique understanding of how campaigns to promote cyber-
was ambitious in its overall goal young people directly, also allows young people directly, also allows swana’s National Cybersecu- they and their friends use the security and cyber hygiene
to start conversations about on- for practical discourse to take for practical discourse to take rity Strategy, participation of internet each day, which plat- and, importantly, to help
line safety and increase the cyber place in a way that is relevant place in a way that is relevant civil society is key to reaching forms they rely on, and what establish the much-needed
awareness of young people in and meaningful to the target and meaningful to the target out into the community and threats they are exposed cooperation and collabora-
Botswana. As lofty a goal as this audience. audience. promoting the importance of to, campaign participants tion across sectors.
was, judging from the response staying safe online. The cam- brought real-world knowl-
and engagement that the cam- Galvanizing media interest paign focused on this, estab- edge to bear in developing
paign received it was clear that lishing partnerships between promotional messages that
engaging young people in se- The topic of cyber security is the public sector and civil resonated with the target
rious conversations about their often one that is veiled by a level society organizations, and audience.
lives online was invaluable in of complexity meaning that it is importantly, creating a net- NOTES
enabling them to express their often overlooked by the media. work of CSOs that embraced For more information, visit:
understanding of cyber risks, as As part of the national promo- the objectives of promoting www.cyber4dev.eu/botswa-
well as enabling us to gather a tional campaign, we were able cyber hygiene. na-cybersmartbw-campaign/
true insight into their digital lives to engage 35 local journalists at
and the potential risks they are an interactive workshop which
exposed to. helped to demystify cyber scams,
12 Cybersecurity and the pandemic: The Importance of Public-Private Partnerships in the Cybersecurity and the pandemic: The Importance of Public-Private Partnerships in the 13
Aftermath of COVID-19 | Americas Aftermath of COVID-19 | Americas
CYBERSECURITY AND THE factors associated with protect-
ing national security when shar-
“The likelihood of a
PPP succeeding is
• Open Communication: As
both sectors have specific
PANDEMIC: THE IMPORTANCE
ing more classified and sensitive expectations, compromise is
information. At the same time, usually required. Clear and
companies, may be concerned commonly observed honest communication is vital
OF PUBLIC-PRIVATE
with the confidentiality and pro- to establish pragmatic and
tection of their data maintained
to be based on the stimulating common expec-
by the public sector. Nonethe- existence of a robust •
tations.
Reciprocity Approach: The
PARTNERSHIPS IN THE
less, an increasing trend shows
governments and industry alike framework, entailing discouragement of a part-
recognize that mutual informa- nership is commonly driven
defined principles,
AFTERMATH OF COVID-19
tion exchange is within national by hesitation and disinterest
security interest, as threats can from both partners. Culti-
significantly damage both sec- inputs, and expected vating active participation
tors. through resource and knowl-
benefits by both edge sharing should be at the
Coordination is particularly forefront of discussions and
vital when it comes to protecting
the government activities.
Written by: Mariana Jaramillo, Cybersecurity Program Intern, CICTE/OAS critical infrastructure. Globally,
85% of critical infrastructure is
and industry” • Legal Basis: Cybersecurity is
highly interdisciplinary, involv-
The COVID-19 pandemic has accelerated the reliance on digital platforms to perform privately owned. In Latin Amer- ing many entities from both
daily and essential activities, making them increasingly susceptible to cyberthreats.
ica, private investment in critical Recommendations for sectors. Thereby, developing
infrastructure is 56%, where- Partnership Success a legal basis in the form of a
According to the Unisys Security Index, since the beginning of the global pandemic, as 44% is attributed to public national legal act or a memo-
cybercrimes have increased up to 74% in Latin America and the Caribbean (LAC). These investment. Given the propor- randum of understanding can
cyberthreats are increasingly becoming more sophisticated and complex, outpacing both tionately equal investment of Public-private cybersecurity consolidate a coordinated
the governmental and private sector’s ability to respond, but represents an opportunity both sectors, protecting national partnerships must continuously framework.
to handle cybersecurity challenges jointly and face them as a shared responsibility. The assets is an intertwined interest. adapt to effectively respond both • Inclusion of SMEs: Many
Meaningful collaboration in a PPP reactively and proactively with SMEs provide third-party
devastating effects of the pandemic on the region call for the need to reinforce and
is perceived to rely on articulat- the necessary agility to combat services to large and critical
revise cybersecurity Public Private Partnerships (PPP) as an approach to address shared ing mutual benefits and value the dynamic environment of service providers. The in-
threats. propositions within this context. cyber threats. The likelihood of a volvement of SMEs and start-
PPP succeeding is commonly ob- ups in PPPs can increase their
The Road to Recovery nearly 1.6% of the region’s GDP in a highly interdependent cyber- The benefits of PPPs go be- served to be based on the exist- experience, cybersecurity
– PPP in the Cyber and 9.5% of the current cost of security landscape. Particularly, yond information sharing. Part- ence of a robust framework, en- capacity and drive for inno-
cybercrime worldwide. This has cyberthreat intelligence sharing nerships have the potential to re- tailing defined principles, inputs, vation.
Pandemic
undeniably been exacerbated regarding attackers and their spond to cyberthreats, as well as and expected benefits by both • Point of Contact: Common-
due to the pandemic-driven vul- associated methods, enables adopt more proactive approach- the government and industry. ly, multiple public bodies are
Strengthening cybersecuri- nerabilities of the “new normal.” organizations to better prepare es to cybersecurity. PPP is shown involved in PPPs, such as the
ty is a determining factor in the Contrary to the assumption that for and respond to risks. Build- to be optimal for building cyber- The European Union Agen- Ministry of Defense, Ministry
advancement of LAC’s digital underfunding in cybersecurity is ing on the premises of collective security capacity to close the cy for Network and Information of International Affairs and
transformation. The impact of a significant factor for increased response to cybersecurity, infor- gap of notorious cyber breaches Security (ENISA) has identified Ministry of Economy. Ap-
the pandemic on digitalization threats, the primary reason for mation exchange contributes to in the region. An effective PPP the following recommendations pointing a government point
has increased world spending in successful cyberattacks is often trusted and transparent partner- cybersecurity framework can cre- to mitigate any potential collab- of contact that coordinates
the cybersecurity industry, with the sectors’ isolated response to ships. Consequently, information ate an environment that protects oration discrepancies and ensure public entities’ efforts is fun-
a forecast amounting to US$54 constantly evolving cyberthreats. sharing is commonly perceived and nurtures innovation. effective PPP evolvement: damental to ensure coherent
billion by 2021. However, accord- Considering the complexity and as one of the most valuable communication internally and
ing to the OAS-IBD 2016 Cyber- interconnectedness of the cy- commodities in industry-govern- with the private sector.
security Report, the financial berspace, no sector can address ment partnerships, despite being
damage caused by cybercrime in regional cybersecurity alone. a challenging element to achieve.
Latin America and the Caribbe- In the public sector, the hesita-
an represents more than US$90 The benefits of collective ac- tion to exchange information
billion per year, amounting to tion in cybersecurity are evident can mainly be attributed to the
14 Cybersecurity and the pandemic: The Importance of Public-Private Partnerships in the Cybersecurity and the pandemic: The Importance of Public-Private Partnerships in the 15
Aftermath of COVID-19 | Americas Aftermath of COVID-19 | Americas
tion of projects that can develop Cybersecurity Innovation Fund – Project beneficiaries examples
local cybersecurity solutions Country Name of the Project Project Description
in the context of the COVID-19
pandemic. The first edition of the Argentina NGEN Programmable and configurable infrastructure software capable of supporting the
fund demonstrated the region’s management of security incidents in the scope of work of a CSIRT.
talent, as 117 nominated projects
from distinctive sector organiza- Brazil The LGPD Data Hunter Text mining software to identify confidential information stored on organization
tions participated. The proposed devices
projects are segmented in eight
categories related to cybersecu- Chile Programing our Future Basic cybersecurity training targeted for female teenagers.
rity: education and awareness,
critical infrastructure, capacity
development, national agencies Colombia Hackers wanted Initiative to strengthen technical and educational capacities in cybersecurity at EAN
and public policies, cybersecurity University.
innovation for small and medi-
um-sized enterprises (SMEs), Mexico Interactive on Digital Security in Portal that provides recommendations on digital security for educators, children and
Figure 1. Cybersecurity Innovation Fund 2020 banner.. digital crime, incident response Indigenous Language adolescents, and parents of indigenous communities.
mechanisms, and remote work.
Uruguay ModSecIntl Portal that provides recommendations on digital security for educators, children and
A key component of this adolescents, and parents of indigenous communities.
“In 2019, the OAS Cybersecurity PPP is the capacity to enable
the diversification of cyberse- Figure 2. Cybersecurity Innovation Fund, examples of project beneficiaries.
and Cisco created Innovation Councils:
curity solutions through par-
How the public and ticipation from the civil sector,
the Cybersecurity private sectors can which expands their scope with In an increasingly challeng-
enhance alternate the inclusion of distinctive so- ing digital environment, the pro-
Innovation Councils cietal groups. Likewise, more tection of cyberspace requires
cybersecurity solutions
in Latin America, in the region
than half of the winning projects
have a gender and diversity
collaborative action. Considering
the dynamic and borderless na-
a space for multi- approach in their leadership and ture of cybersecurity, public and
expected project impact. The private sector cooperation is vital
stakeholder In 2019, the OAS and Cisco twelve selected projects are led to mitigate risks and strength-
created the Cybersecurity Inno- by organizations based in Ar- en capacities that adequately
collaboration, which vation Councils in Latin America, gentina, Brazil, Chile, Colombia, encounter regional vulnerabilities.
a space for multi-stakeholder Mexico, and Uruguay. In a region The damages inflicted by cyber-
aims to provide collaboration, which aims to severely affected by COVID-19, crime in Latin America and the
provide solutions to the cyberse- this Fund and, most importantly, Caribbean during the COVID-19
solutions to the curity gaps and risks faced in the the cybersecurity projects that pandemic call for the expansion
cybersecurity gaps region. The initiative represents
joint effort between the public
were selected, show that talent
can come from different sources
of amultistakeholder approach to
cybersecurity. Policymakers and
and risks faced and private sectors to democ- and that through collaboration, cooperation can leverage Public
ratize and improve cybersecu- they can be expanded to provide Private Partnerships as an effec-
in the region.” rity capacities in Latin America solutions to diverse cybersecurity tive instrument to reaching com-
through education, dialogue, and challenges. A few of the selected mon agendas. The entrenched
support to civil society stake- projects include: nexus of both sectors lies on a
holders. common goal: raise the level of Figure 3. Cybersecurity Innovation Fund, map of project beneficiaries.
As a continuity of the part- cybersecurity for the security
nership, and with the added and economic prosperity of the
support of the Citi Foundation, region.
the Cybersecurity Innovation
Fund was created. The fund, en-
dowed with US $200,000, seeks
to foster innovation in the execu-
16 Why are Cyber Portals Important for CCB? | Americas Why are Cyber Portals Important for CCB? | Americas 17
WHY ARE ples are UNIDIR’s Cyber Portal,
the GFCE’s Cybil Portal, OAS’s
Observatorio de Ciberseguridad
Level-specific Portals:
These are the portals that focus
on mapping international, re-
Building national
capacities through
Portals
CYBER PORTALS
and, more recently, the Brazilian gional and/or national cyberse-
Cybersecurity Portal (Portal Bra- curity developments. UNIDIR’s
sileiro da Cibersegurança), devel- Cyber Policy Portal, for example, In April 2021, the Igarapé
oped by the Igarapé Institute. provides an extensive map of Institute launched the Brazilian
IMPORTANT
UN Member States’ profiles and Cybersecurity Portal - one of the
“Cyber portals cyber policies. first portals fully dedicated to the
mapping the national environ-
play an important Theme-specific Portals: ment and discussion. The Portal
FOR CCB?
Those that are dedicated to one gathers more than 70 documents
role in assembling, or multiple thematic areas with- and 100 national initiatives from
communicating, and out the demarcation or explicit 10 sectors, seeking to systema-
commitment to one specific level tize and map the national cyber-
facilitating access to of analysis (national/regional/ security governance landscape,
international). This is the case that is, the key institutions,
information about of Diplo Foundation’s Geneva norms, and history of the field in
Written by: Louise Marie Hurel, Digital Security Program Lead, Igarapé Institute Internet Platform Digital Watch Brazil.
cybersecurity.” Observatory that monitors and
Cyber portals play an important role in assembling, communicating, and facilitating provides an overview of issues In so doing, our objective
that range from cybersecurity was (and is) to (i) shed light on
access to information about cybersecurity – helping policymakers, diplomats, civil The rise of Cyber
and human rights to economic the particularities of cyber policy
society organizations, academia, and the private sector in making sense of the growing Portals and infrastructure-related ones. taking place in the national agen-
landscape of initiatives and policies. As different organizations develop international and Another example is the GFCE’s da, (ii) integrate knowledge from
regional portals, the Igarapé Institute has recently launched the Brazilian Cybersecurity Cybil Portal that focuses map- different sectors in developing
Portal to map the country’s national cybersecurity governance landscape. Louise Marie Cyber portals play an impor- ping cyber capacity building ini- their respective policies, and (iii)
shares below some reflections on the importance of Cyber Portals to CCB and the lessons tant role in assembling, commu- tiatives and creating knowledge contribute to raising the baseline
nicating, and facilitating access that can foster better targeted understanding of the current ca-
learned from the process of developing the national portal.
to information about cybersecu- initiatives. pacities and gaps for multistake-
rity. They are both a resource for holder collaboration in national
other sectors looking to under- Repositories: Initiatives that cybersecurity.
stand and navigate some of the are primarily dedicated to the
A complex landscape of cyber norms, in particular, the tions, and spaces in which these latest developments in the field consolidation of a digital archive The Portal is the result of
applicability of international law discussions take place. However, and an important mechanism for cybersecurity or presenta- over two years of data collec-
to cyberspace. Regionally, many amidst a growing patchwork of that can support organizations tion of the result of a mapping tion and a series of interviews,
From the Morris worm to the organizations such as the OAS, initiatives, policymakers, diplo- in planning their own capacity exercise. The National Security consultations and meetings with
Colonial pipeline ransomware at- OSCE and ASEAN have sought mats, civil society organizations, building efforts. Some portals Archives Cyber Vault Library experts from different sectors.
tack, the past 30 years have been to work with member-states on academia, and the private sector focus on a thematic issue-areas provides primary-source mate- More importantly, it is one of the
marked by the increasing notori- the consolidation of cyber–Confi- are faced with the challenge of and others on specific levels of rial that ranges from court case responses to a diagnostic anal-
ety of both the vulnerability and dence Building Measures. Na- keeping up with the growing field analysis (national, regional, or documents, to maps and glos- ysis of the national landscape
interconnectedness of systems, tionally, governments have been and navigating what has become international) or sectors. Rather saries. The OAS Cybersecurity in which we had identified that,
networks and infrastructures. All developing their national cyber- a fragmented landscape of activ- than ideal types, there are some Observatory is another example while all sectors understand the
sectors have not only witnessed security strategies and other ities. basic characteristics that enable of a portal that has sought to importance of building cyber ca-
but also increasingly sought to policies that establish minimum portals to target and actively periodically map cyber capacities pacities and shared responsibility
include cybersecurity as a key standards for cybersecurity In response to this chal- respond to knowledge gaps in and maturity across countries in in doing so, there were some
concern in technical and policy across sectors. lenge, different organizations cybersecurity. A few examples the Americas region. challenges for action, namely:
development. Internationally, have started to develop a range include: (i) a lack of shared vocabulary
discussions at the Open-End- All these developments of repositories and portals to ag- to address cybersecurity threats
ed Working Group and the UN have contributed to what today gregate, organize and make avail- and risks; (ii) existence of varying
Group of Governmental Experts is a rich and complex landscape able information about norms level of cyber maturity across
have revolved around the devel- of policies, standards, actors, and initiatives in a systematic sectors; (iii) lack of normative,
opment and operationalization projects, CCB initiatives, institu- and accessible way. Some exam- strategic, and operational align-
18 Why are Cyber Portals Important for CCB? | Americas Why are Cyber Portals Important for CCB? | Americas 19
“More than a shared
responsibility,
cybersecurity
requires consistent
collective action
– and Portals are
one way of levelling
the playing field of
Figure 2: Cybersecurity Timeline in Brazil // Source
understandings.”
Figure 1. Cybersecurity Innovation Fund 2020 banner..
A complex landscape Finally, our experience in Translating how cybersecu- Last, but certainly not least,
building a national portal and rity is framed within a specific portals can also be an invita-
collaborating with other portal country. Beyond international tion for sectors to contribute to
More than a shared respon- developers has shown that there documents, national data allows collectively building knowledge
sibility, cybersecurity requires are multiple benefits in consol- for different sectors to better on cybersecurity. All sectors
consistent collective action – and idating knowledge that go well understand how cybersecurity have an important role to play
Portals are one way of levelling beyond facilitating access, such is approached in a particular in providing information and
the playing field of understand- as: country and/or region. Some jointly building what is a holistic
ings. By integrating knowledge governments have concentrated account of national capacities,
and working on strengthening Mapping existing poli- the development of a nation- policies, and institutions. NGOs
cyber capacities, they serve as cies and what has already al cybersecurity agenda to the and think tanks can meaningful-
an increasingly relevant tool for been achieved. Especially at ministry of economy, others to ly contribute to the discussion
national and international policy the national level and in devel- the ministry of defense, tracking and development, ensuring that
development. oping countries, it might seem these developments allows for a mapping efforts are reflective of
that cybersecurity is a relatively better positioning of the debate human rights, provide greater
Academia and civil society new subject. What we found is within these national realities. transparency over cybersecu-
Figure 1: Mapping Brazil’s Cybersecurity Governance Ecosystem // Source organizations have an important that this is not always the case rity policy and integrate a hu-
role to play in developing and – Brazil, for example, has only Going beyond the ‘usual man-centric approach to new
implementing CCB initiatives launched its national cyberse- suspects’ or cybersecurity ex- initiatives.
ment; and (iv) different under- protection and others. The Brazil- such as building repositories and curity strategy in 2020, but has perts. Depending on the portal,
standings of specific and shared ian cybersecurity Portal responds facilitating access to knowledge, engaged in the subject since the it can serve as an important hub
risks across sectors – to name a to those challenges by provid- especially at the national level – early 2000’s at least. for both experts working in the
few. ing a repository of legislations, as many of the examples in the field, but also to students, poli-
policies and official documents; sections above show. Many of Identifying gaps in policy cymakers and others that might
Portraying the national an interactive map of key actors these organizations are actively and institutional development. not be acquainted with cyberse-
cybersecurity governance land- (and what they have produced following cybersecurity debates By gathering policy data in a curity.
scape can be a challenging task so far in terms of cybersecurity); in different sectors, continually systematic and methodologically
due to the fast-paced changes a timeline of key developments; work with primary open-source rigorous manner, we were able
in regulation, the shifting and and recommendations for an data, and engage with key ex- to understand some trends in
evolving institutions, and the integrated and multistakeholder perts in the field. policymaking across the years
sometimes-blurry lines between approach to digital security risks. – such as the securitization and
concepts such as cybersecurity, militarization of the cybersecurity
cybercrime, critical infrastructure agenda from 2008-2016 and an
increasing push towards sector
specific regulations and data pro-
tection and security since 2018.20 The ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE) | Asia & Pacific The ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE) | Asia & Pacific 21
THE ASEAN-SINGAPORE discussions, which is a key step
towards achieving security and
resilience in cyberspace.
CYBERSECURITY Singapore believes that
in order to be effective, cyber
CENTRE OF
capacity building should be a
shared responsibility and recip-
rocal endeavor amongst various
stakeholders. Cyber capacity
EXCELLENCE (ASCCE) building programs should also be
sustainable and politically neutral
so as to effectively address the
needs of a diverse set of coun-
tries in the long-term. In addition,
a coordinated capacity building
effort is needed to minimize
Written by: : Ka Man Yip, Head of Capacity Building Programs, Cyber Security Agency Singapore overlaps and ensure resources
are channeled to areas where
Cyber capacity building serves an effective tool, not only to strengthen our collective they are needed most. To this
cybersecurity posture, but also enable countries to contribute meaningfully to international end, taking a regional approach
to capacity building is useful as it
discussions, which is a key step towards achieving security and resilience in cyberspace.
allows for sharing of experienc-
The Association of Southeast Asian Nations (ASEAN), as a region, has recognized the es when dealing with problems
importance of coordinated capacity building at both the policy and technical levels. In the relevant to the region. This also
first ever ASEAN Leaders’ Statement on Cybersecurity Cooperation issued in 2018, under helps to build and strengthen
Singapore’s ASEAN Chairmanship, ASEAN Leaders tasked relevant Ministers to closely the network of officials dealing
consider and recommend feasible options to coordinate regional capacity building. It with cybersecurity issues who
assist one another during times Figure 1. ASCCE office.
is with these guiding principles that Singapore established the ASEAN Cyber Capacity
of need.
Program (ACCP) in 2016, which was subsequently expanded with the establishment of a
full-fledged ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE) in 2019.
What Singapore is
doing and the ASCCE of cyber policy, operational and ticipants for practical hands-on
technical capacities amongst experience.
It is with these guiding prin- senior ASEAN officials.
Importance of Cyber have to progress in tandem and capacity of each State to prepare ciples that Singapore established To date, we have organized
Capacity Building achieve tangible outcomes. We for and respond to cyber threats. the ASEAN Cyber Capacity Pro- The ASCCE has three prin- 18 distinct capacity building pro-
cannot afford to have a break in There is a global consensus on gram (ACCP) in 2016. In response cipal functions. First, it conducts grams on topics ranging from
momentum and need to continue the importance of cyber capac- to the positive feedback from research and provides training cybersecurity strategy, norms,
Cybersecurity is both a with cyber capacity building as it ity building in ensuring a more our partners in the region and on national cybersecurity strate- Confidence Building Measures
transnational and multi-discipli- is an effective tool to forge inter- secure and stable cyberspace as beyond, and with a view of better gy, legislation and cyber norms. (CBMs), international law, to
nary issue which requires interna- national cooperation to ensure an illustrated in the Final Substan- coordinating and delivering our Second, the ASCCE provides CERTs and incident-response
tional partnerships and cross-re- open, secure, stable, accessible, tive Report of the United Nation cyber capacity building pro- Computer Emergency Response related skills. In total, we worked
gional cooperation. The current interoperable, and peaceful ICT Open-Ended Working Group grams, the ACCP was expanded Team (CERT) training, focusing with 7 governmental partners
pandemic has emphasized our environment. on developments in the field of with the establishment of a full- on technical CERT-related skills and more than 22 non-govern-
increasing dependence on the information and telecommuni- fledged ASEAN-Singapore Cy- as well as the exchange of infor- ment partners from the industry
digital domain. This dependence As clichéd as it may sound, cations in the context of interna- bersecurity Centre of Excellence mation and best practices relat- and academia to deliver these
has been accompanied by in- we are only as strong as our tional security. Capacity building (ASCCE) in 2019. The ASCCE ed to cyber threat and attacks. courses to over 700 participants
creased risks and vulnerabilities. weakest link. The international will not only strengthen our col- which was set up with a commit- Lastly, the ASCCE also partners across all 10 ASEAN Member
As the cybersecurity threat land- community’s ability to prevent lective cybersecurity posture, but ment of SGD$30 million (approx. with academia for a Cyber Range States (AMS).
scape continues to evolve rapidly, or mitigate the impact of mali- also enable countries to contrib- USD$22.5 million) continues to to deliver virtual cyber defense
our discussions on this matter cious ICT activity depends on the ute meaningfully to international support a coordinated build-up training and exercises to par-22 The ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE) | Asia & Pacific The ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE) | Asia & Pacific 23
“Regional Challenges to Cyber However, challenges remain. Future of Cyber tions implement such norms. To- “It would also be
Capacity Building There have been increasing calls Capacity Building gether with UNODA, Singapore
organizations for better coordination of in- will work with partners in ASEAN useful for the GFCE
ternational and regional cyber to help developing countries im-
have risen to the The last decade and a half capacity building efforts so as We also need to acknowl- plement these norms under the community to start
has seen a rise in global aware- to ensure that global resources edge that limiting ourselves to United Nations-Singapore Cyber
challenge, and ness on the importance of coor- are maximized and efforts are only identifying capacity building Program (UNSCP) workshops.
considering these
many regions now dinated international cyber ca-
pacity building efforts in building
not duplicated. There have also
been calls for global repositories
needs is insufficient. We will need
to develop metrics to measure Lastly, alongside with the
cyber adjacencies
have dedicated a secure and stable international and portals where information the effectiveness of cyber ca- COVID-19 pandemic and an al- and how it would
and regional cyberspace. Region- on capacity building activities pacity building programs, so that ways changing cyber and digi-
cyber capacity al organizations have risen to the can be made available, so that timely adjustments can be made tal landscape, we have seen an impact the future
challenge, and many regions now the international community can to the content and delivery of acceleration of a growing overlap
building initiatives. have dedicated cyber capaci- identify synergies and build on programs and ensure their value between cyber and cyber adja- trajectory of cyber
ty building initiatives. ASEAN, them to better coordinate our and effectiveness. This will ensure cencies such as data and supply
ASEAN, as a region, as a region, has recognized the global efforts for a more collabo- that the resources committed to chain security and disinformation, capacity building.”
has recognized importance of coordinated ca-
pacity building at both the policy
rative and sustainable approach
to cyber capacity building.
capacity building are prudently
used and maximized.
as well as emerging technology
issues such as AI, Quantum Com-
the importance and technical levels. In the first
ever ASEAN Leaders’ Statement The Cybil Portal established Singapore sees the impor-
puting and Cloud. There is a need
for cyber capacity building to ad-
of coordinated on Cybersecurity Cooperation by the GFCE is a good initiative tance in measurable outcomes of dress these new gaps as we have
issued in 2018, under Singapore’s that has enabled us to tap on the cyber capacity building programs also been receiving feedback and
capacity building at ASEAN Chairmanship, ASEAN rich exchanges of cyber capaci- so as to ensure the effectiveness interests from AMS on capacity
Leaders tasked relevant Ministers ty building initiatives which help of these programs as well as the building around such issues. As
both the policy and to closely consider and recom- foster public-private partnerships effective channeling of resourc- the ASCCE is demand driven, we
mend feasible options to coordi- and optimize resources. Closer to es to address these capacity are looking to delve more into
technical levels.” nate regional capacity building. home, the ASCCE strives to work gaps. In this regard, Singapore is programs which will more tightly
with AMS, ASEAN Dialogue Part- working on a metrics framework link policymakers with the oper-
ners as well as our colleagues at to measure the effectiveness of ational aspects of cybersecurity,
the ASEAN-Japan Cyber Capac- the various initiatives that we are as well as programs on securing
ity Building Centre (AJCCBC) in running under ASCCE. Using the digital technologies and cyber
Bangkok in supporting the call of ASCCE curriculum as a test-bed, adjacencies.
our Ministers and Senior Officials we hope to share with the wider
in raising regional cyber capacity international community on how As we gradually move
through offering complementary they can apply the metrics to toward a post-COVID world,
capacity building programs on their programs as well. it would also be useful for the
cybersecurity policy, operational GFCE community to start con-
and technical topics. Besides the metrics devel- sidering these cyber adjacencies
opment, the ASCCE’s focus for and how it would impact the
the next 2 years also includes our future trajectory of cyber ca-
work with UNODA on the devel- pacity building. Given the GFCE
opment of a Norms Implemen- community’s diversity, perhaps it
tation Checklist. The Checklist is timely now to consider moving
will be a simple guide for a set of discussions beyond the tradition-
actions that developing countries al definition of cybersecurity and
could take to implement the 11 onto the wider digital domain for
voluntary norms of responsible a truly holistic, multi-disciplinary
state behavior in the 2015 UN and multi-stakeholder approach
GGE report. It will also identify to capacity building.
the capacities needed to help na-
Figure 2. ASCCE office.You can also read
