GLOBAL CYBER EXPERTISE MAGAZINE - Cybil Portal
←
→
Page content transcription
If your browser does not render page correctly, please read the page content below
The untapped potential
Volume 10, November 2021
of the Americas:
Cybersecurity awareness
and culture
GLOBAL
- page 20 -
What role can European
universities play in cyber
CYBER capacity building?
- page 32 -
EXPERTISE
AU-GFCE Collaboration
Project
- page 36 -
MAGAZINE Introducing the ASEAN-
Japan Cybersecurity
Capacity Building Centre
(AJCCBC)
- page 54 -
TRENDS IN INTERNATIONAL
CYBER CAPACITY BUILDING
-page 8-
Volume 10, November 2021 Editorial
Global Cyber
Global Developments
Expertise Magazine
Second edition of the Guide to Developing
4 a National Cybersecurity Strategy
Trends in International Cyber
8 Capacity Building
12 The GFCE’s Demand-Driven Approach
Regions
Americas
Interview with Michele Markoff, Acting
Coordinator for the United States Office
16 of the Coordinator for Cyber issues
20 The Untapped Potential of the Americas
A Regional View from the Americas
through Cyber Confidence-
24 Building Measures
Europe
28 European Cyber Agora
What Role can European Universities
32 Play in Cyber Capacity Building?
Africa
36 AU-GFCE Collaboration
Africa Cyber Capacity Building
40 Coordination Committee
Network of African Women in
44 Cybersecurity (NAWC)
Asia & Pacific
Building Regional Cyber and Critical
46 Tech Resilience through Cooperation
Cybersecurity in the Pacific: Regional
50 in Nature, Local in Practice
Introducing the ASEAN-
Japan Cybersecurity Capacity
54 Building Centre (AJCCBC)
3
Editorial
On behalf of the Editorial Board, I am pleased to welcome you
to Issue 10 of the Global Cyber Expertise Magazine! We are proud to
present this edition during the GFCE Annual V- Meeting 2021.
The Global Cyber Expertise Magazine is a joint initiative by the
African Union, European Union, Global Forum on Cyber Expertise
and Organization of American States. The Magazine aims to provide
cyber policymakers and stakeholders insight on cyber capacity
building projects, policies and developments globally.
In this edition, our cover story takes a look at trends in
international cyber capacity building as the field continues to
grow rapidly. Also under the global developments section, we
celebrate the launch of the 2nd Edition of the ‘Guide to Developing
a National Cybersecurity Strategy’ and learn about how the GFCE is
strengthening its demand-driven approach.
From Asia and Pacific, we have an article on cybersecurity in
the Pacific and the ASEAN-Japan Cyber Capacity Building Centre
(AJCCBC) based in Bangkok. Also, find out more about how
Australia is delivering cyber resilience and capacity building projects
across Indo-Pacific through cooperation.
From Africa, read about the developments of the AU-GFCE
project, an article on the new Network of African Women in
Cybersecurity highlights the need to bridge the gender gap and
another article introduces the Africa Cyber Capacity Building
Coordination Committee.
From the Americas, learn about how the region is consolidating
their view on cybersecurity through CBMs and why cybersecurity
awareness is so important for the region. Through an interview, the
US explains their CCB priorities and why they are providing support
to the GFCE.
From Europe, Microsoft shares an overview of the European
Cyber Agora as a platform for European multistakeholder
discussions on cybersecurity policy. Additionally, we have an article
on the role of universities in cyber capacity building.
We thank our guest writers for their valuable contributions to
the eighth edition of the Magazine and we hope you enjoy reading
the Global Cyber Expertise Magazine!
On behalf of the Editorial Board,
David van Duren
Director of the GFCE Secretariat
4 Consortium of global expert organizations launches the second edition of the Guide to
Developing a National Cybersecurity Strategy | Global Developments
CONSORTIUM OF GLOBAL
EXPERT ORGANIZATIONS
LAUNCHES THE SECOND
EDITION OF THE GUIDE TO
DEVELOPING A NATIONAL
CYBERSECURITY STRATEGY
Written by: Giacomo Assenza, Cybersecurity Research Officer, International Telecommunication
Union (ITU), Francesca Spidalieri, Cybersecurity Consultant, Hathaway Global Strategies and
Carolin Weisser Harris, Lead International Operations,
Global Cyber Security Capacity Centre (GCSCC)
As of 2021, more than 127 countries have adopted a National Cybersecurity Strategy
(NCS) - an increase of 40% in the last three years.1 However, challenges remain in the
adoption and implementation, as well as the adaptation of NCS documents to the ever-
changing cyber threat landscape. To help governments in this endeavor, a consortium
of leading organizations from the cyber capacity building community jointly published
a second edition of the Guide to Developing a National Cybersecurity Strategy. The new
edition of this good practice guidance reflects the evolving cybersecurity landscape,
emerging security trends and threats, and the growing need for strategic thinking in
the development and implementation of the NCS.
National cybersecurity and political opportunities. proliferation of ICT-enabled
strategies - a global Digital transformation can be infrastructures and services
a powerful enabler of inclusive within a comprehensive national
achievement
and sustainable development, cybersecurity strategy. As
but only if the underlying a result of this heightened
Over the last two infrastructure and services that awareness, in 2021, more than 127
decades, people worldwide depend on it are safe, secure, countries have adopted an NCS,
have benefitted from the and resilient. To reap the benefits almost 40% more than three
growth and adoption of and manage the challenges of years ago.
information and communication digitalization, it has become
technologies (ICTs) and common understanding that
associated socioeconomic countries need to frame the
Consortium of global expert organizations launches the second edition of the Guide to 5
Developing a National Cybersecurity Strategy | Global Developments
NCS in their ever- Good practice to “Cybersecurity is
changing context prepare an NCS for new
risks and challenges
essential to ensure
In the last decade, most effective and
countries have both accelerated The new edition of the
their digital transformation and Guide reflects the complex and
inclusive digital
become increasingly concerned
about the immediate and
evolving nature of cyberspace,
the requirements for increased
transformation.
future threats to their critical cybersecurity preparedness that That is why
services, infrastructures, sectors, arise from a growing number
institutions, and businesses, as of digital risks, as well as other comprehensive
well as to international peace and key trends that can impact
security that could result from the cybersecurity posture of a National
the misuse of digital technologies country and should, therefore, be
and inadequate resilience. included into national strategic Cybersecurity
This fast-changing nature of planning. Focus was also given
cyberspace, the increased to how to develop, acquire, and
Strategies are
dependency on ICTs, and the
proliferation of digital risks call
prioritize financial and human
resources. As in the first version,
so important, to
for continuous improvements to the objective of the Guide is to reap the benefits
national cybersecurity strategies instigate strategic thinking and
and policies. support national leaders and and manage the
policy-makers in the ongoing
To help governments development, establishment, and challenges of
improve their existing or future implementation of their national
NCS, a consortium of nineteen cybersecurity strategies and digitalization,
expert organizations (figure 1) policies.
working in the field of national
countries need
cybersecurity strategies and
policies came together to
to frame the
contribute their experience, proliferation
knowledge, and expertise
to update the original Guide of ICT-enabled
to Developing a National
Cybersecurity Strategy (NCS), infrastructure within
v.1. Over the last three years,
the first edition of Guide has a comprehensive
served governments as an
important resource in their NCS
National
journey and it is our hope that
the second edition will serve
Cybersecurity
an even growing number of Strategy.”
governments and international
stakeholders. As in the previous - Ms Doreen Bogdan-
edition, the 2021 edition of the Martin, Director of the
Guide is the result of a unique, Telecommunication Development
collaborative, and equitable Bureau (BDT) of the International
multi-stakeholder cooperation Telecommunication Union (ITU).
effort among partners from the
public and private sectors, as well
as academia and civil society.
6 Consortium of global expert organizations launches the second edition of the Guide to
Developing a National Cybersecurity Strategy | Global Developments
“A Strategy is not
only a document
[…] it is how a
government is
going to play its
fundamental role
in orchestrating
the protection of
its national interest
in cyberspace.” Figure 1. NCS Lifecycle.
- Andrea Rigoni, Global
Government and Public Services
Cyber Leader, Deloitte.
Figure 2. Overarching principles.
The Guide remains To complement the Guide, a
structured in three core areas: website was launched to further
1. NCS Lifecycle (figure 1), disseminate these good practices
2. Overarching Principles (figure included and provide a space
2), and 3. Focus Areas that for sharing information and
should be included in a NCS experience, provide updates, and
(figure 3). A reference list of contribute to knowledge sharing
complementary publications and among governments, as well as
other publicly available resources implementers and funders of
to support governments on their cybersecurity capacity building
NCS journey is also provided. activities.
Visit: WWW.NCS.GUIDE
Consortium of global expert organizations launches the second edition of the Guide to 7
Developing a National Cybersecurity Strategy | Global Developments
Figure 3. Focus areas of NCS good practice.
List of Partners
Council of Europe (CoE) International Telecommunication Union (ITU)
Commonwealth Secretariat (ComSec) Microsoft
Commonwealth Telecommunications Organisation NATO Cooperative Cyber Defence Centre of Excellence
(CTO) (CCDCOE)
Deloitte Potomac Institute for Policy Studies (PIPS)
Forum of Incident Response Teams (FIRST) RAND Europe
Geneva Centre for Security Sector Governance (DCAF) The World Bank
Global Cyber Security Capacity Centre (GCSCC) United Nations Institute for Disarmament Research (UNIDIR)
Geneva Centre for Security Policy (GCSP) United Nations Counter-Terrorism Office (UNOCT)
Global Partners Digital (GPD) United Nations University (UNU)
International Criminal Police Organization (Interpol)
Observers: Axon Partners Group (Axon), Cyber Readiness Institute (CRI), Global Forum on Cyber Expertise (GFCE),
Organization of American States (OAS), World Economic Forum (WEF)
Figure 4. List of Partners.
NOTES
1) ITU Global Cybersecurity
Index 2018 and 2020 https://
www.itu.int/en/ITU-D/
Cybersecurity/Pages/global-
cybersecurity-index.aspx
8 Trends in international cyber capacity building | Global Developments
TRENDS IN
INTERNATIONAL
CYBER CAPACITY
BUILDING
Written by: Robert Collett, Researcher and Project Consultant
on international Cybersecurity Capacity Building
Over two decades, the field of cybersecurity capacity building (CCB) has grown from
the first few projects to a busy network of international collaboration with more than
250 projects active each year. The Global Forum on Cyber Expertise (GFCE) community
is interested in where this collaboration will go next. To help answer that question, and
to inform their own programs, the European Union commissioned a report on global
trends and future scenarios in international cyber capacity building. I was pleased
to work with my co-author Nayia Barmpaliou and the European Union Institute for
Security Studies (EUISS) to publish this report in September. Here I’ll share a few of our
findings and recommendations.
The first thing to note is many outside the cybersecurity “The field of
that the field of international capacity building community.
cyber capacity building has been Nor has there been an attempt international cyber
growing steadily over the past
decade. This growth might seem
before to estimate the path of
its growth. With the help of the
capacity building
obvious to readers of the Global information on the Cybil Portal has been growing
Cyber Expertise Magazine, but it we were able to do just that.
is worth considering that news steadily over the
of this new form of international
cooperation has not reached past decade.”
Trends in international cyber capacity building | Global Developments 9
Figure 1. Number of active cyber capacity building projects, based on Data from the Cybil Knowledge Portal.
Source: Report on International Cyber Capacity Building: Global Trends and Scenarios.
The growth of cyber coordination, projects will: “The field is an
capacity building leads us to our overload partner government
second observation: the field is bandwidth; cut across each increasingly
an increasingly complex network other; duplicate activity;
of organizations and coordination and leave gaps that a better complex network of
among them will be ever more coordinated approach could
important. These organizations fill. We found good examples of
organizations and
might be governments, their
agencies, companies, universities,
coordination occurring in cyber
capacity building, but most
coordination among
international bodies, civil society practitioners we interviewed them will be ever
organizations or regional felt the field’s rising aspirations
groupings. They and their for good coordination were not more important.”
projects now connect almost being matched by the necessary
every country with international action.
cyber capacity building. Without
10 Trends in international cyber capacity building | Global Developments
Figure 2. Number of projects by beneficiary country, based on data from the Cybil Knowledge Portal.
Source: Report on International Cyber Capacity Building: Global Trends and Scenarios.
When we trace the field’s Each parent community and is still very active. Whereas
growth to its roots, we see that has its own culture, aims and the development and defense
the international cyber capacity path into the field of CCB. communities are less in such
building is being formed by the There is also a wide difference forums and processes. Better
coming together of different in the degree to which each connecting cyber capacity
parent communities. The is integrated into a core cyber building with the development
communities we describe in the capacity building community and community is something the
report are not an exhaustive participate in the forums such GFCE hopes to address with
or definitive list, but include as the GFCE. For example, the its 2022 annual meeting. This
criminal justice, technical incident foreign policy community was will need to be one of several
response, foreign policy, defense, heavily involved in establishing such initiatives to break down
development cooperation, civil the GFCE out of the Global the siloes between different
society and the private sector. Conferences on Cyberspace communities working in CCB.Trends in international cyber capacity building | Global Developments 11
“Better connecting Aiming for better coordination In the report, we provide
is one of the ways in which the actionable recommendations
cyber capacity field of CCB is professionalizing. based on each trend. We
The report considers several also consider potential future
building with the other signs of professionalization. scenarios that explore how the
The average project is tackling path of cyber capacity building
development more issues. Program teams are could might based on the level
community is expanding and bringing in new
staff who specialize in aspects of
of future investment and the
quality of coordination. Critically,
something the GFCE project management or technical both high investment and good
issues such as cybersecurity or coordination will be needed
hopes to address economics. There is renewed to achieve the sort of global
interest in strengthening cybersecurity and cybercrime
with its 2022 Annual evidence-based decision making capacity improvements that the
in CCB, including through a field is aiming for. We can each
Meeting. This will GFCE Research Agenda. There help to encourage investment by
is growing awareness of human building the evidence base and
need to be one rights risks, although program case studies that demonstrate
of several such managers worry about whether
they have the information and
the impact of our work. We all
have a role to play in improving
initiatives to break tools to mitigate them. Finally, coordination and knowledge
the approach to delivering sharing in our day to day work
down the siloes projects is shifting from and project design.
flying international advisors
between different in and out of a country for The release of the Global Trends
short visits to other methods, and Scenarios report is a prompt
communities such as: hiring local staff; to step back and celebrate
embedding international staff the creation of a new field of
working in CCB.” for longer periods; and remote international cooperation, but
delivery. The trend towards also a challenge to all of us to
the professionalization of CCB contribute to the steps that
programming has produced a lot will be needed to ensure the
of good practice examples, but field continues to grow, and has
it is not yet universal across the impact, in the future.
field.12 The GFCE’s Demand-Driven Approach | Global Developments
THE GFCE’S
DEMAND-DRIVEN
APPROACH
Written by: Anna Noij, Advisor, GFCE Secretariat
To fulfill its mission, the GFCE is continuously developing its unique ecosystem, geared
towards facilitating the needs of the diverse multi-stakeholder GFCE community
and supporting international cooperation on cyber capacity building. As the GFCE
continues to grow, it is important that it expands its coordination efforts in line with the
need for a demand-driven approach. The GFCE has gained a strong foundation on the
supply side of capacity building through the accumulation of best practices, expertise
and resources over the years. The challenge today is to tailor expertise and knowledge
towards local needs.
The GFCE over Through for example mapping GFCE Working Groups
the years the community’s expertise and Since 2018, the GFCE
encouraging collaboration on Working Groups have been
GFCE knowledge products in the engine driving the work of
During its formative the Working Groups, the GFCE the GFCE; it is within these 5
years, the ecosystem of the was able to achieve this solid thematic Working Groups that
GFCE evolved in response foundation on the supply-side of GFCE Members and Partners
to what individual Members cyber capacity building. convene to discuss their cyber
and Partners had to offer, in capacity building efforts with
addition to considerations of “The GFCE needed the aim to coordinate and
how the GFCE could provide collaborate. The invaluable
a platform to facilitate these to build a solid expertise of Members and
efforts and multiply them on Partners are leveraged for the
a global level. Throughout
foundation of whole community through
this period, the GFCE needed knowledge and showcases and meetings,
to build a solid foundation enabling the dissemination of
of knowledge and resources. resources.” knowledge and best practices.The GFCE’s Demand-Driven Approach | Global Developments 13
Figure 1. The GFCE’s evolving priorities. In 2022, the GFCE will focus on a demand-driven approach, developing upon our
past efforts on awareness-raising and implementation on the supply-side.
Moreover, the addition of key themes. Thus, in 2018, Incident Response Team) and
Partners to the GFCE ecosystem the idea for a Knowledge their national CIIP framework,
has amplified the community’s Portal was presented to the and The Gambia with Cybercrime
expertise on implementation, GFCE community, aimed at Legislation.
seeing as most GFCE Partners making available expertise
are implementers of cyber and knowledge to strengthen In discussing the challenges
capacity building initiatives. This cyber capacity building efforts. faced by the GFCE community,
highlights that the growth of the Recognizing this need, and it became increasingly clear
GFCE Working Groups over the garnering support from the that knowledge gaps existed
years has established a strong GFCE Knowledge Partners, the and the GFCE could potentially
stockpile of resources that the Cybil Knowledge Portal was address these gaps. To help the
community can use in addressing launched in 2019. capacity building community
their cyber capacity needs. design and run effective projects,
Moreover, in the formative a new research mechanism
GFCE Tools years of the GFCE’s evolution, was introduced in 2020. The
The growth of the GFCE the community had already GFCE has been collecting and
Working Groups has also recognized that cyber capacity prioritizing these research needs
initiated the development of building is not a one-size-fits- into a Global Cyber Capacity
other branches of the GFCE all model. With this in mind, Building Research Agenda, with
ecosystem. Between 2019 and the GFCE Clearing House was the first iteration published in
2020, the GFCE launched three established in 2019, formalizing 2021. This also responds to the
tools to facilitate knowledge- a process in which the GFCE call of the GFCE community for
sharing, cooperation and can play a ‘match-making’ role a flexible mechanism that would
coordination on cyber capacity through the Working Groups. The help them identify common
building. Together, these form the Clearing House enables the GFCE research requirements and
GFCE Toolbox. to effectively match country, generate targeted research
private sector and civil society relevant to ongoing GFCE work
As the GFCE community donors and implementers that and Member’s activities.
exchanged information and can provide key capacity building
best practices on the five Delhi services to countries that request Looking back at the
Communique themes, it became assistance. Through this process, evolution of the GFCE Toolbox
clear that a global instrument the GFCE has for example and the GFCE Working Groups,
to bring together knowledge assisted Sierra Leone with it is clear that the cornerstone
and expertise through a central their National Cyber Security of the GFCE has always been
resource was needed – a one- Strategy, Senegal with setting the needs of the community. At
stop-shop for cyber capacity up a CSIRT (Computer Security the same time, as these were
building reflecting these five the GFCE’s formative years, the14 The GFCE’s Demand-Driven Approach | Global Developments
focus was on understanding This is mainly taking place the project will utilize and build
what exists, how to avoid through the GFCE’s regional on existing cyber structures,
duplication and fostering the coordination efforts. The plans, expertise and capacities
sharing of expertise and best regional coordination meetings within the AU and within the
practices on the supply-side. The throughout 2021 aimed to gain multi-stakeholder international
accumulation over the years of a better understanding of the GFCE Community, to avoid the
a strong supply-side foundation regional needs. Also the use duplication of efforts. This will
has enabled the GFCE to now of the clearing house in these support the strengthening of
expand coordination efforts regions can help to identify local cyber resilience within African
while articulating the need for needs. As of 2021 , the GFCE countries and their collaboration
a more attuned demand-driven has officially established on-the- with the members and partners
approach moving forward. ground presence in the Pacific, of the GFCE community.
Africa, Europe, Asia, and the
“The accumulation Americas; with all continents Another key project is the
represented by the GFCE GFCE presence in the Pacific,
over the years of community. In particular, our following the GFCE’s first Pacific
demand-driven approach and Regional Meeting in February
a strong supply- regional focus led the initiation 2020 in Melbourne, in which it
side foundation has of new collaborative projects in was identified that coordination
the Pacific and Africa, ensuring and knowledge sharing was
enabled the GFCE that the GFCE supports local needed among Pacific Island
capacity by connecting to countries, regional donors
to now expand the local contexts and needs. and project implementers. To
After identifying the capacity facilitate coordination in the
coordination efforts building demands and needs, region, the GFCE’s first Pacific
through conducting mapping regional liaison was appointed.
while articulating and scoping exercises, the GFCE In order to accurately and
plays a coordination role in locally define the Pacific’s
the need for a more bringing them to the community cyber capacity building needs,
attuned demand- to address, respond and provide a comprehensive scoping
support. assessment was completed
driven approach by June 2021. Interviews and
An example of regional consultations with the local
moving forward.” efforts paving the way for a community revealed the need
demand-driven approach is the to amplify local initiatives across
Refining the AU-GFCE Collaboration Project the region, to ensure that donors
running from 2020-2022. The and implementers understand
GFCE’s Demand- GFCE, in partnership with the the local context and existing
Driven Approach African Union (AU) and with community leaders in the field.
support from the Bill & Melinda These results highlight the
Gates Foundation, aims to importance of having projects to
In 2022, the aim is to develop cyber capacity building be demand and locally driven.
strengthening the GFCE’s Knowledge Modules that will
demand-driven approach by enable all African countries to
focusing on accurately defining better understand their cyber
needs, stocktaking of the existing capacities and identify and “Results highlight
supply that the GFCE community address their national cyber
has to offer, and addressing gaps capacity needs. After these
the importance of
to the GFCE community. needs are identified locally, the having projects to
existing resources offered by the
GFCE will be analyzed for any be demand and
relevant material to help to fill
these capacity gaps. Importantly, locally driven.”The GFCE’s Demand-Driven Approach | Global Developments 15
Refining the
GFCE’s Demand-
Driven Approach
As the GFCE moves forward
with a focus on facilitating the
community along a demand-
driven approach, certain tools
and resources of the GFCE
ecosystem will become more
central.
Regional projects are
projected to become more
prominent as they enable
scoping and implementation to
Figure 2. Participants at the GFCE Southeast Asia Regional Meeting 2021.
be completed on a local level.
The AU-GFCE Collaboration
Project can act as an indicator
for the success of the GFCE’s
regional approach more broadly
– this means that the project’s Moreover, the GFCE Clearing receive the necessary support
success will inform a number of House, being the GFCE’s match- from various stakeholders. In the
future regional projects. By mid- making function, is expected to process, the GFCE will focus on
2022, Knowledge Modules on key grow in use in the near future. its mandate to make resources
cyber capacity building topics A Clearing House Coordinator available, foster cooperation and
will be developed for the region, will be appointed to support provide support in preventing the
based on the Project’s identified the community with refining duplication of efforts.
needs in Africa. Building upon the Clearing House mechanism
this, by the end of 2022 the to articulate a demand-driven
GFCE aims to develop ‘on the approach. The AU-GFCE
shelf’ Knowledge modules on key Collaboration Project has already
cyber capacity building topics led to more Clearing House
that can be tweaked to address requests as African countries
local contexts and needs. are better understanding their
capacity gaps and are in need
of being matched to donors and
“Regional projects implementers that can assist
them in strengthening their
are projected to cyber capacity. Looking ahead,
the Clearing House mechanism
become more is envisioned to be widely
prominent as they recognized by beneficiaries,
donors and implementers. As the
enable scoping and number of clearing house cases
is expected to grow, it would
implementation make sense to package them as
projects and programs which can
to be completed
on a local level.”16 Interview with Michele Markoff, Acting Coordinator for the Office of the Coordinator
for Cyber Issues | Americas
Interview
MICHELE MARKOFF,
ACTING COORDINATOR
FOR THE UNITED
STATES OFFICE OF
THE COORDINATOR
FOR CYBER ISSUES
In October 2021, the GFCE Foundation and the U.S. Department of State
announced a new partnership, leveraging U.S. funding to increase international
and regional coordination on cyber capacity building (CCB) projects that
aim to mobilize additional resources and expertise to build global cyber
capacities. The partnership has three focus areas: (1) collaboration and
coordination within and across GFCE regional projects; (2) development and
dissemination of CCB best practices, tools and information that streamline
partner nation requests for assistance and influence donor investments; and
(3) increased public awareness and political support for CCB projects.
We took time to ask the U.S. Department of State’s Acting Coordinator for
Cyber Issues, Michele Markoff, about U.S. support for CCB, the GFCE as a
global forum for CCB coordination, and predictions for the future.
Q: Why is CCB a priority of the U.S. International Strategy
for the United States? for Cyberspace in 2011 and
subsequent U.S. strategies, we have
pursued our vision of an open,
A: We have seen over the years interoperable, secure and reliable
that CCB has many positive impacts internet and a stable cyberspace
including connecting individuals, so citizens can benefit from
increasing access to information, technology, while simultaneously
spurring innovation, and driving protecting them from the
economic growth. Since the launch vulnerabilities. By ‘open,’ we meanInterview with Michele Markoff, Acting Coordinator for the Office of the Coordinator 17
for Cyber Issues | Americas
an internet that is accessible for all;
‘interoperable’ describes a system of
technology that is interlinked and can
work together as there are no walls
barricading the flow of information that
makes the internet what it is; ‘secure’
necessitates that security measures are
in place to protect against malicious
activities, and ‘reliable’ implies that
users can count on and trust the
internet and the interconnected digital
technologies that make up cyberspace.
CCB is foundational to achieving and
upholding our vision of the internet
and cyberspace.
“CCB is foundational
to achieving and
upholding our vision
of the internet and Figure 1. Michele Markoff, Acting Coordinator for
cyberspace.” the Office of the Coordinator for Cyber Issues.
Q: How have U.S. funding/
investments for CCB “We expect the positive
changed over the last trend of increasing
few years? Any expected
U.S. funding for CCB
trends or forecast for
the next few years? to continue. We also
expect to continue
A: It is hard to estimate exactly to see increased
how much is being spent due to
varying definitions of CCB, but there coordination among
is a general positive trend upwards
over the last few years. At the same the U.S. departments
time, it is difficult to forecast long-term
predictions of U.S. funding for CCB; the and agencies
appropriation by Congress for foreign
assistance budgets, including those
that implement
for CCB, occurs annually, however, we
expect the positive trend of increasing
CCB projects.”
U.S. funding for CCB to continue.
We also expect to continue to see
increased coordination among the
U.S. departments and agencies that
implement CCB projects.18 Interview with Michele Markoff, Acting Coordinator for the Office of the Coordinator
for Cyber Issues | Americas
Q: Why is the U.S. providing “The GFCE is doing
the GFCE with core funding
for the benefit of the
great work by
entire GFCE community? creating common
understandings
A: As a founding member, we are
supportive of the GFCE’s mission and
within the CCB
its growth as a forum of stakeholders community through
seeking to uphold the same vision of
cyberspace. An important facet for the aggregation and
strengthening global CCB is the ability
to coordinate efforts, which includes dissemination of
facilitating dialogue and cooperation.
The GFCE is doing great work by information, which
creating common understandings
within the CCB community through
in turn enables
the aggregation and dissemination
of information, which in turn enables
better coordination
better coordination and cooperation. and cooperation.”
Acknowledging the time and effort
involved, the United States wants to
ensure that the GFCE can continue
facilitating this coordination role. Q: What is the strategic
Specifically, the GFCE has value of the GFCE in the
demonstrated its global leadership in field of international CCB?
three key areas, earning the support
of the United States. Firstly, the GFCE
has honed its regional approach A: The GFCE’s strategic value
since 2021, officially establishing is inherent in its multistakeholder
on-the-ground presence in the community which enables cross-
Pacific, Africa, Europe, Asia, and cutting coordination as opposed to
the Americas, in which the GFCE siloed discussions. As a global and
leverages essential cross-regional neutral platform, the GFCE is well-
information sharing to facilitate CCB positioned to collate the invaluable
at a regional level. Secondly, GFCE voices of the multistakeholder
has raised the profile of CCB at the community working on CCB to
highest political levels, increasing achieve our collective vision of
public awareness and benefiting the an open, interoperable, secure
work of the entire community. Thirdly, and reliable internet and a stable
the GFCE community shares a wealth cyberspace. All 193 UN member
of knowledge on best practices and states have affirmed that capacity
expertise and we want to ensure that building is essential for international
these are developed and disseminated cyber stability so that all states
to the whole CCB community. which want to act responsibly in
cyberspace have the ability to do so.
We also recognize that supporting
the GFCE’s efforts to strengthen
international CCB has a ripple effect
on any nation’s foreign policy in
today’s world.Interview with Michele Markoff, Acting Coordinator for the Office of the Coordinator 19
for Cyber Issues | Americas
Q: Looking towards
the future, what role
do you envision for
the GFCE regarding
regional coordination
for CCB? And what is
needed to achieve this?
A: Our experience over the past
decade has shown that a regional
approach to building cyber capacity
has numerous benefits. We believe
that the global community benefits if
the GFCE can tap into those existing
networks and relationships; it can
only work if the right structures and
people are in place to support it. For
example, we believe the establishment
of the OAS as the GFCE Hub for the
Latin America & Caribbean Region
provides a unique opportunity to
combine the OAS’s local knowledge
and relationships with the global
resources and wider expertise of
GFCE. That is why we are bringing
the two together through both our
funding of the Hub and of a new
post within the GFCE Secretariat
to support all of the regional Hubs.
That’s also why we decided to support
a new Pacific Hub to combine local
knowledge and access to the GFCE’s
global community of experts and
donors.20 The untapped potential of the Americas: Cybersecurity awareness
and culture | Americas
THE UNTAPPED POTENTIAL
OF THE AMERICAS:
CYBERSECURITY
AWARENESS AND CULTURE
Written by: Gabriela Montes de Oca, Cybersecurity Program Officer,
Inter-American Committee against Terrorism (OAS)
The digital revolution and dependence on the use of the internet has accelerated
considerably since the beginning of the COVID-19 pandemic. The pandemic has accelerated
the reliance on digital avenues to perform daily and essential activities, making society
increasingly susceptible to cyberthreats. Latin America and the Caribbean (LAC) is no
exception as, according to the Unisys Security Index, since the beginning of the global
pandemic, cybercrime has increased by up to 74% in the region. At the same time, the need
to create more initiatives around digital literacy and awareness will be exacerbated as
more users interact online, evidenced by the high user growth rates across the continent.
According to research published by the Economic Commission of Latin America and the
Caribbean (ECLAC), in 2019, 66.7% of the region’s inhabitants were connected to the
Internet. These data points demonstrate that, although digitalization is not reaching all
of the LAC region’s population equally, cybersecurity threats are rising and awareness
should become a priority for governments in the region, as reliance and dependency
on them will only continue to increase and the need to protect cyberspace is vital to
our prosperity and security, as malicious cyberactivity threatens the functioning of our
societies.
National cybersecurity and the Caribbean that have understand cyber threats has
strategies: A first step developed a NCS, a number positive results for cybersecurity
that has grown considerably overall.
towards cybersecurity
since 2013. As described by
awareness Sadie Creese, Director of the Although these strategies
Cybersecurity Capacity Centre provide a wide framework and
of the University of Oxford, recognize cybersecurity as a
Within the context of countries with improvements national priority, it is worth noting
supportive action towards in the content or development that some countries in the region
the creation of cybersecurity processes of their NCS have have particularly recognized
awareness and culture-building made significant progress in the importance of building a
initiatives, a key strategic tool other areas of cybersecurity digital culture and developing
is the national cybersecurity capacity, which signifies that communication campaigns
strategy (NCS). Currently, there creating awareness at all levels around their specific objectives
are 17 countries in Latin America of government on the need to and priorities.The untapped potential of the Americas: Cybersecurity awareness 21
and culture | Americas
Figure 1: Graphic produced for cybersecurity awareness month that outlines the number of countries in the region with a NCS.
Since 2004, the around specific issues affecting Colombia
Cybersecurity Program of the a country and can help spread The first objective of
Inter-American Committee the message to each of these Colombia’s 2020 National
against Terrorism (CICTE) of sectors’ stakeholders. Cybersecurity Strategy is to
the Organization of American “Strengthen the trust and
States (OAS) has worked in 2. In some cases, awareness- digital security of individuals
assisting member states in the raising activities and initiatives and the Nation, through
development of these policies. are included in the finalized anticipation and prevention, of
From this experience, two strategy. As such, countries the risks identified in cyberspace,
examples can be highlighted recognize the importance of generating a cybersecurity
regarding the importance of creating a cybersecurity culture culture”. An action line within
creating a cybersecurity culture: that encompasses diverse this objective also corresponds
members of the society and to the deployment of a massive
1. During the policy outline their responsibilities in prevention campaign in the
creation process, stakeholder safeguarding online security that digital ecosystem, raising
consultations take place in which transcends to non-virtual life. awareness of the forms of crime
members of the government, used in the digital environment
civil society, private sector, and by cybercriminals, to prevent
non-governmental organizations Case Studies people from falling victim to
are invited to intervene closely The following countries these crimes.
and bring their inputs for recognize and/or mention
consideration. This elevates cybersecurity awareness
cybersecurity as a shared initiatives as a key pillar of their
responsibility, creates awareness national cybersecurity strategy.22 The untapped potential of the Americas: Cybersecurity awareness
and culture | Americas
Jamaica Since 2017, the Cybersecurity diverse online and in-person
This strategy contains a Program of the OAS has events with a strong focus
framework divided into 4 pillars supported “Cybersecurity on bringing together diverse
- the fourth corresponding to Awareness Month”, created by stakeholders every October.
education and awareness. The the United States’ Cybersecurity
awareness strategy “seeks to and Infrastructure Security In addition to Chile, multiple
develop targeted campaigns Agency (CISA). This awareness Mexican government entities
to facilitate each stakeholder campaign takes place annually have organized “National
group’s understanding the during the month of October. The Cybersecurity Week” every
potential threats and risks they objective is to raise awareness October since 2014. This week
would likely face.” The strategy for cybersecurity issues, as well aims to raise awareness about
seeks to build awareness as build and provide resources to the importance of using new
regarding cyber security the public to inform citizens and information technologies
and develop a culture of increase their media and digital responsibly, through the
cybersecurity. literacy. Within this campaign, dissemination of preventive
the OAS has organized diverse content about cybersecurity
Paraguay regional activities such as risks, to reduce the number of
Paraguay’s national conferences, webinars, and most incidences caused by digital
cybersecurity strategy mentions recently, due to the COVID-19 illicit behaviors and promote
awareness through the inclusion pandemic, the creation of social the reporting of cybercrime.
of the following objectives: media content to accelerate the Although federal government
• Promote initiatives and dissemination of information entities have organized this
develop projects to around topics such as blockchain initiative in the past, in 2019 the
improve the knowledge technology, online gender Mexican Senate declared the first
of IT in the education violence and social media safety. week of October as the “National
community. Cybersecurity Week” to “raise
• Advise and participate The OAS’ work in the region awareness among citizens about
in the formulation has also sparked local initiatives the risks of using cyberspace
of national policies in the region to commemorate and the culture of prevention
related to the use cybersecurity during October. in the face of the advancement
of technologies in For example, in 2018 the Chilean and scope of information and
education. senate convened with academia communication technologies
• Promote initiatives and representatives, members of (ICT), and to provide greater
develop projects to the armed forces, regional protection and security to users
improve the knowledge and local representatives, and of the cybernetic devices.”
of IT in the education cybersecurity entities during the During the discussions, senators
community. first “Cybersecurity international recognized the importance
seminar”. The objective of this of awareness initiatives on a
National awareness event was “to promote the country’s broader cybersecurity
knowledge and practices of resilience, as well as the impact
campaigns and cybersecurity, a discipline that that these proposals have had
initiatives: one seeks to improve the standards in other countries that have
step further of technology and information adopted them.
security, as well as the need to
legislate to protect ourselves Apart from these
In addition to the value as a society from cybercrime”. collaborative efforts during
added to cybersecurity Additionally, the organization October, OAS member
awareness efforts through a NCS of this event coincided with states have also developed
as national policy frameworks, the proclamation of Law 21,113 specific, innovative campaigns
initiatives have also aimed to of Chile, which declares that around topics of their citizens
raise awareness around different October is the “National Month and governments’ interest
cybersecurity issues in Latin of Cybersecurity.” Since this first through alliances with other
America and the Caribbean. conference, Chile has organized organizations.The untapped potential of the Americas: Cybersecurity awareness 23
and culture | Americas
Looking ahead: a
shared purpose
of cybersecurity
awareness
Although progress has
been made, areas of opportunity
remain especially as a larger
number of citizens of the LAC
region have Internet access
through different devices and
subsequently rely on digital
solutions to conduct their daily
lives. The examples shown above
Figure 2: Graphic content produced by the CSIRT Americas network for the 2021 demonstrate the wide interest of
Cybersecurity Awareness Month joint campaign. the region in providing solutions
and educational materials on
the current threats affecting
For instance, STOP.THINK. with the simultaneous support our cybersecurity landscape,
CONNECT is a global online and visibility of Argentina, Chile, as well as the key role that
safety awareness campaign Colombia, Costa Rica, Dominican awareness can play in elevating
aimed at providing the public Republic, Ecuador, Jamaica, cybersecurity as a national
and digital citizens with Panama, Paraguay, and United priority.
specific tools to stay safer States.
and more secure online. It was As countries advance
created in 2010 by the STOP. digitally, awareness initiatives
THINK.CONNECT Messaging “Although each through national cybersecurity
Convention in partnership with strategy policies and other
the U.S. government. Since its country has a awareness efforts are strategic
launch, other countries in LAC steps towards cybersecurity
such as Argentina, Colombia
unique challenge resilience and maturity.
and Panama, have adopted to advance its Diversity and multiculturalism
the campaign, adapting its are factors that have always
messaging to their specific cybersecurity characterized our region.
contexts. These characteristics mirror
culture, the the variety of cybersecurity
Additionally, the maturity levels in the region
development of Get Safe Online’s region shares the in the case-by-case country.
Caribbean-based campaigns, Although each country has a
for instance, tackle topics such commonality of the unique challenge to advance its
as remittances, online children cybersecurity culture, the region
safety and online scams through
need to increase shares the commonality of the
social media safety, which are cybersecurity need to increase cybersecurity
particular to the Caribbean. Most to optimize the benefits of the
recently, the CSIRTAmericas to optimize the Internet usage.
network of the OAS released
a joint awareness campaign benefits of the
with digital security topics for
diverse publics and counted Internet usage.”24 A Regional View from the Americas through Cyber Confidence-Building Measures
Americas |
A REGIONAL VIEW FROM
THE AMERICAS THROUGH
CYBER CONFIDENCE-
BUILDING MEASURES
Written by: G. Isaac Morales Tenorio, Coordinator for Multidimensional Security,
Ministry of Foreign Affairs of Mexico
This article presents how recent UN processes have recognized and encouraged the role of
regional organizations and forums to contribute to advancing responsible state behavior
in cyberspace. By highlighting the creation and work of the OAS Working Group on CBMs,
this article aims to present the performance of a regional view on cybersecurity from the
Americas. With the identification of three relevant elements for the way forward, the
text analyzes how the efforts to implement the CBMs and other commitments regionally
will open windows of opportunity to enhance capacity-building programs and improve
engagement in multi-stakeholder platforms such as the GFCE.
In the last months, despite These processes decided to jointly advance on
the challenges posed globally consolidated a common ground the implementation of the non-
by the COVID-19 pandemic, to better address malicious, binding norms for responsible
very positive cyber news came hostile and unlawful uses state behavior, developed a
from the United Nations with of cyberspace and digital robust vision on the relevance of
the adoption by consensus technologies. They have set the the confidence building measures,
of the final reports of the tone for international cooperation and adopted comprehensive
Open-Ended Working Group and reaffirm multilateralism as an commitments to encourage
(OEWG) on developments effective platform to put cyber- more cooperation and capacity-
in the field of information diplomacy into practice. building programs.
and telecommunications in
the context of international Through these reports, the One significant element not
security as well as the Group of international community has sufficiently touched upon yet is
Governmental Experts (GGE) reaffirmed the applicability of UN recognition of the important
on advancing responsible state international law in cyberspace, role that regional organizations
behavior in cyberspace. identified threats and challenges, and forums have played and willA Regional View from the Americas through Cyber Confidence-Building Measures 25
|Americas
continue to play in implementing
commitments reached by
multilateral fora and facilitating
cyber cooperation, confidence
and capacity-building initiatives.
Step by step, in the
Americas, a more formal
and continuous dialogue
on cyberspace has been
consolidated. Particularly due to
the work of the Organization of
American States (OAS), we have
seen an increasing relevance
of discussions related to
cybersecurity, the applicability of
international law and cyberspace
governance. These discussions Figure 1. Mexico was elected as Chair of the Working Group.
are aimed at implementing
international commitments in
addition to identifying common
understandings and concerns 2017 to create a Working Group During the first meeting
to facilitate a regional approach. on Cooperation and Confidence- of the Working Group held
It should be pointed out that Building Measures in Cyberspace from February 28 to March 1,
the relevance of such a regional within the framework of the Inter- 2018, two initial CBMs were
approach is referenced in American Committee against adopted. These two initial CBMs
Chapter Eight of the UN Charter. Terrorism (CICTE). led the region to have a more
formal and structural discussion
From its 2010 report, the “Member States of on cybersecurity issues by
UN GGE recommended further sharing information on national
steps for the development of the OAS decided policies, strategies and general
confidence-building and other frameworks on cybersecurity, as
measures to reduce the risk
in 2017 to create well as designating national focal
of misperception resulting a Working Group points.
from ICT disruptions. Cyber
Confidence-Building Measures on Cooperation The UN and OAS have
(CBMs), defined so far by developed many crucial
the GGE reports, could be and Confidence- experiences with CBMs and
considered precursors of political international security issues
will and commitment to the Building Measures in which have seen both successes
collective endorsement and and failures. Moving forward,
implementation of the voluntary Cyberspace within it has been instrumental to
norms of responsible state bring these experiences to the
behavior in cyberspace.
the framework of realm of CBMs in cyberspace
the Inter-American as they perhaps can effectively
Taking into account the contribute to ensure CBMs are
recommendations of the Committee against used peacefully and to prevent
GGE and addressing the conflict.
need to increase cooperation, Terrorism (CICTE).”
transparency, predictability and
stability among States and their
activities in cyberspace, Member
States of the OAS decided in26 A Regional View from the Americas through Cyber Confidence-Building Measures
Americas |
Figure 2. Second meeting of the Working Group on Cooperation and Confidence-Building Measures in Cyberspace, in 2019.
Confidence-building is a In the second meeting of Learning from our
gradual process and even though the Working Group held in April experience in the Americas, it
the developments in cyberspace 2019, more participants from is important to maintain a more
are fast-paced, it has been other international organizations, comprehensive reading of the
shown that significant progress academia and civil society were whole picture, where CBMs in
needs to be achieved on a step- involved. As a result of the cyberspace are linked to the
by-step basis to identify, with meeting, four more CBMs were norms of responsible state
the greatest possible degree of adopted leading to the addition behavior, international law, and
clarity, all those factors which of a list of “non-traditional” capacity-building. With this view,
could adversely affect mutual measures to the OAS general list the third and last meeting of the
trust in a given situation. of CBMs. Working Group, held virtually in
July 2021, allowed OAS Member
States to reaffirm their common
interest in advancing regional
dialogues, sharing experiences
and implementing regional
commitments by engaging with
more international discussions.A Regional View from the Americas through Cyber Confidence-Building Measures 27
|Americas
“It is important to 2) The Working Group on
CBMs gives Member States the
maintain a more chance to enhance efforts to
implementing the UN framework
comprehensive and recommendations of the
GGE and the OEWG. But also,
reading of the whole as a two-way avenue, it allows
picture, where CBMs Member States to individually
put on the table concerns and
in cyberspace are challenges as well as concrete
experiences which, once
linked to the norms considered of regional interest,
could be elevated to the current
of responsible and future UN processes as
regional inputs. By doing so, we
state behavior, will be able to generate greater
awareness and understanding
international law, of the evolving cybersecurity
and capacity- concerns of all States, and
continue to implement
building.” appropriate action, as well as
identify new measures of deeper
cooperation aimed at addressing
In this last meeting, Mexico these and any new concerns.
was elected as Chair of the
Working Group. Together, with 3) Further advancing
the United States as Vice-Chair collaboration with other relevant
and the CICTE’s Secretariat stakeholders and increasing inter-
clearly committed to supports regional and inter-organizational
the efforts carried by the dialogue will be also a way
Working Group, we will have the forward for the Working Group.
opportunity to further advance a Considering these issues from
regional approach on these core the scope of international
issues along at least three lines: security, keeping in mind the
promotion and protection of
1) CBMs are clear fundamental human rights, the
expressions of international possibilities given by cyberspace
cooperation and so by identifying for sustainable development,
national good practices, and the fulfillment of those
challenges or gaps when trying principles of sovereignty, non-
to implement them, we will intervention, equality, peaceful
have the opportunity to support settlement of disputes and
action-oriented capacity-building international cooperation,
and technical assistance projects the OAS Working Group will
within the OAS Cybersecurity benefit from promoting the
program and far beyond, taking sharing of experiences with
advantage of the engagement to other regions and organizations,
multi-stakeholder platforms such as well as considering the
as the GFCE. advancements and contributions
of the multi-stakeholder
community, particularly on the
implementation of Confidence
Building Measures.You can also read
