Achieving the SDGs through secure digital transformation | IGF 2023 Open Forum #92

Report

The ASEAN region is currently facing disruptions and ransomware issues as it strives to progress in digital development, highlighting the essential need for robust cybersecurity governance. The digital age has brought about unprecedented risks and vulnerabilities, necessitating ASEAN countries to address these growing threats effectively.

Interdisciplinary leadership plays a vital role in achieving a secure digital landscape and digital transformation.

Based on the experiences of ASEAN, it is observed that leaders often lack interdisciplinary knowledge and expertise, which hinders effective digital governance. To govern digital development successfully, leaders should have a comprehensive understanding of all aspects of cybersecurity and its intersection with digital advancements.

Furthermore, the absence of proper cybersecurity governance exposes organizations and governments to significant risks, potentially resulting in catastrophic consequences.

It is essential to establish clear policies, frameworks, and regulations to safeguard against cyber threats and protect sensitive information. Implementing robust cybersecurity governance measures enables organizations and governments to mitigate risks and ensure the security of their digital infrastructure.

In summary, the ASEAN region faces disruptions and ransomware challenges in its pursuit of digital development, highlighting the need for strong cybersecurity governance.

Leadership with interdisciplinary knowledge is crucial for achieving a secure digital landscape and digital transformation. Neglecting cybersecurity governance can expose organizations and governments to severe consequences. Therefore, taking proactive measures to establish comprehensive cybersecurity governance is vital for the safety and stability of digital ecosystems.

Report

The discussion highlighted the importance of budgeting and planning for the development of critical information infrastructure. A civil servant from the Sri Lankan government, involved in the formulation of the Sustainable Development Goals (SDGs), emphasised the significance of this aspect in achieving sustainable development.

Sri Lanka has already taken steps in this direction by adopting a cybersecurity strategy and developing a cybersecurity policy.

The integration of policies and strategies for information infrastructure and cybersecurity into standard organisational structures and periodic development projects was proposed as a key step.

This integration is crucial for the successful implementation of SDG 11 (Sustainable Cities and Communities) and SDG 17 (Partnerships for the Goals). By integrating these priorities into existing structures and projects, a more effective and streamlined approach can be taken to address information infrastructure and cybersecurity challenges.

This will promote the development of sustainable cities and communities and foster partnerships for achieving the SDGs.

The supporting evidence for these proposals includes Sri Lanka’s existing adoption of a cybersecurity strategy and the development of a cybersecurity policy.

These initiatives demonstrate the country’s commitment to addressing the challenges posed by information infrastructure and cybersecurity. Comprehensive policies and strategies help Sri Lanka tackle these issues in a more systematic and holistic manner.

Overall, the discussion took a neutral sentiment, with an emphasis on the practical importance of budgeting and planning.

This suggests a pragmatic approach to addressing information infrastructure and cybersecurity challenges, highlighting the need for careful consideration and foresight in resource allocation and strategic decision-making.

In conclusion, the discussion highlights the crucial role of budgeting and planning in the development of critical information infrastructure.

Sri Lanka’s efforts in adopting a cybersecurity strategy and policy serve as positive examples. To successfully implement the SDGs, it is essential to integrate policies and strategies relating to information infrastructure and cybersecurity into standard organisational structures and periodic development projects.

By doing so, Sri Lanka aims to achieve sustainable cities and communities while fostering partnerships for the SDGs.

Report

There is a significant divide between the development and cybersecurity communities, as the development community tends to perceive cybersecurity as too technical and defensive. However, it is argued that cybersecurity is actually a foundational element of development, with almost every development project having a cybersecurity aspect.

One of the main challenges is the fear of crossing committees in the UN negotiation process.

Countries view cybersecurity capacity building as a military thing, rather than as an area suitable for official development assistance. This perception contributes to the segregation between different communities in development and cybersecurity.

To address this divide, a conference is being held in Ghana.

This conference aims to bring together the development community and the cybersecurity community, and is co-organized by global organizations, including the World Bank, World Economic Forum, and the Cyber Peace Institute. The conference’s objective is to build understanding and champion the integration of cybersecurity in development.

It is argued that there is a need for interaction and communication between the development and cybersecurity communities.

The cybersecurity community also needs to improve its communication with the development community. The division between the two communities is seen as a barrier that hinders effective collaboration and response to cybersecurity threats.

Furthermore, it is highlighted that combining diverse sectors and breaking down barriers is essential to understanding and effectively responding to cybersecurity threats.

Issues in cyberspace require the contribution of different sectors, including security, human rights, and economics, in order to handle them effectively. This approach emphasises the importance of collaboration and integration across various fields.

Notably, there are also instances where organisations and regions misunderstand their roles and responsibilities regarding cybersecurity and digital matters.

For example, an unnamed country did not attend International Telecommunication Union (ITU) meetings because they viewed it as solely related to telecommunications, despite it covering broader areas such as cybersecurity. This misunderstanding underscores the need for clarity and coordination in understanding the scope and responsibilities of different entities in addressing cybersecurity challenges.

In a positive development, some countries have institutionalised the merger of digital and cybersecurity roles.

This practice involves integrating various aspects of the digital realm, with the role of the cyber ambassador aligned with that of the digital ambassador. This integration aims to create a more comprehensive and coordinated approach to dealing with digital and cybersecurity matters.

In summary, there is a clear divide between the development and cybersecurity communities, with the development community perceiving cybersecurity as too technical and defensive.

However, it is argued that cybersecurity is a foundational element of development, and projects in the development field often include a cybersecurity aspect. The conference in Ghana is a significant effort to bring the two communities together and improve understanding and collaboration.

It is crucial for both communities to interact, communicate effectively, and integrate diverse sectors to effectively respond to cybersecurity threats.

Report

The COVID-19 pandemic has highlighted our heavy reliance on digital methods of communication and governance, revealing the critical importance of trust and security in these processes. As our everyday lives become increasingly digitalized, it becomes essential to ensure the integrity and safety of our digital systems.

Global cooperation plays a crucial role in achieving sustainable digital transformation.

Digital issues transcend national borders, making collaborative efforts necessary to address them effectively. Partnerships between governments, the industry, international organizations, and civil society are key to tackling digital challenges.

The growth and development of small and medium enterprises (SMEs) rely on a broad and secure digital system.

Secure digital processes that enable cross-border transactions are crucial for the success of industries. Ensuring the safety of digital transactions fosters the growth and expansion of SMEs.

Finding the right balance between regulation and governance is critical for the growth of the digital economy.

The involvement of organizations like the International Telecommunication Union (ITU) and industry leaders is vital. The ITU monitors digital activities, while the industry provides the necessary technological foundations. A collaborative approach can facilitate digital progress and innovation.

To build trust in digitalization, common rules, effective implementation tools, robust monitoring mechanisms, and resources for remediation are essential.

Clearly defined and universally agreed-upon rules, comprehensive implementation tools, rigorous monitoring processes, and adequate resources can instill confidence in digital systems.

Cybersecurity is an integral part of our digital lives. It is crucial to integrate cybersecurity measures into digital systems to ensure a safe and secure online environment.

Protecting personal data, financial transactions, and sensitive information is of utmost importance.

Improving the link between the defense, economic, and development communities is a challenge that needs to be addressed. Strengthening connections and fostering collaborative efforts between these communities is essential to tackle global issues and achieve sustainable economic growth while reducing inequalities.

A consortium project is currently underway, aiming to provide guidance through consultation.

This project includes a consultation in Singapore and aims to produce relevant guidance by December. The consortium brings together expertise and perspectives to address key digital challenges.

Johan Eckerholt, a participant in the project, acknowledges the value of prior discussions and plans to incorporate the points discussed into future project proceedings.

This demonstrates their openness to feedback and commitment to improving the project based on valuable insights.

In conclusion, the COVID-19 pandemic has underscored the significance of trust and security in digital communication and governance. Sustainable digital transformation requires global cooperation, a secure digital ecosystem for SMEs, a balanced approach to regulation and governance, common rules and tools, integrated cybersecurity measures, improved collaboration between different communities, and consortium-led guidance initiatives.

Through collaborative efforts, we can build a safe, secure, and prosperous digital future.

Report

In order to achieve the Sustainable Development Goals (SDGs), it is necessary to focus on two key areas: secure digital transformation and collaboration among various stakeholders. Secure, trusted, and inclusive digital infrastructure is fundamental for economic and social development. This requires integrating cybersecurity principles into the digital development agenda.

By doing so, societies can be safeguarded and potential risks can be mitigated.

Collaboration among different stakeholders is also important. Active participation from governments, international organisations, industry players, and civil society is crucial for a successful multi-stakeholder approach.

In order to address the complex challenges associated with digital transformation, it is necessary to bring together the expertise and resources of different actors. By working together, synergies can be created and comprehensive solutions can be developed to tackle cybersecurity issues effectively.

Furthermore, there is a need to mainstream cybersecurity into digital development programs and broaden the funding sources for cybersecurity capacity building.

It is imperative to seamlessly integrate cybersecurity considerations into the design and implementation of digital and development initiatives. By prioritising cybersecurity from the outset, potential vulnerabilities can be identified and addressed proactively. Additionally, expanding funding sources for cybersecurity capacity building can ensure that the necessary resources are available to build robust and resilient digital systems.

Another important aspect highlighted is the importance of conducting real assessments of cyber needs, feasibility, and impacts in development projects.

This involves evaluating the cybersecurity requirements and implications of digital initiatives. By conducting thorough assessments, potential risks can be identified, and appropriate measures can be taken to enhance security and mitigate threats. For instance, in the digitisation of court systems, assessments can help identify the cybersecurity measures needed to protect sensitive data and ensure the integrity of the judicial process.

Additionally, it is crucial to view cybersecurity as an investment rather than simply a cost.

Cybersecurity should not be seen as an expense but as a strategic investment that can yield long-term benefits. By investing in robust cybersecurity measures, organisations can protect their data, systems, and users from cyber threats. This investment can lead to increased trust, business resilience, and economic growth in the digital era.

In conclusion, achieving the SDGs requires a focus on both secure digital transformation and collaboration among various stakeholders.

By integrating cybersecurity principles, adopting a multi-stakeholder approach, mainstreaming cybersecurity in development programmes, conducting thorough assessments, and viewing cybersecurity as an investment, societies can build secure, resilient, and inclusive digital ecosystems that foster sustainable development.

Report

The analysis highlights several important points regarding cybersecurity challenges in Africa and the need for greater attention and inclusive approaches. Firstly, while many African countries have digital transformation strategies, cybersecurity is not sufficiently integrated within them. This is a concerning issue as cybersecurity is crucial for protecting digital assets and ensuring the safety and integrity of digital infrastructure.

The responsibility for addressing cybersecurity primarily falls upon ministers in charge of digital transformation and security/defense, with limited involvement from other stakeholders. This raises concerns about a lack of multi-stakeholder participation in cybersecurity discussions and decision-making processes.

In addition, there is a significant lack of efficient cybersecurity strategies in many African countries.

This poses a significant risk as cyber threats continue to evolve and become more sophisticated. Without effective strategies in place, African countries may be vulnerable to cyber attacks that can have detrimental impacts on their economies, infrastructure, and overall stability.

On a positive note, the analysis suggests that African youths have the potential to play a critical role in addressing cybersecurity challenges.

With 35% of Africa’s population being young, there is a sizable pool of talent that can be trained to become cyber guardians. By providing appropriate education and training, young people can contribute to safeguarding digital spaces in Africa and beyond.

Furthermore, the analysis stresses the importance of Africa not merely being a consumer of cybersecurity products but creating its own ecosystem for cybersecurity.

By fostering domestic innovation and collaboration, Africa can establish itself as a hub for cybersecurity solutions, ultimately enhancing its resilience and capabilities in the face of cyber threats.

Moreover, the analysis highlights the insights shared by Moctar Yedali regarding the rapidly changing nature of technology and its implications.

He emphasizes the need for continual capacity building to keep pace with technological advancements. Yedali warns about the potential of an impending digital divide, where consumers may have to choose between different systems or technologies. This could lead to a “cold technical war” among more influential countries, while smaller countries follow without much choice.

In conclusion, the analysis sheds light on the unique cybersecurity challenges faced by Africa and highlights the need for more attention and inclusive measures to address them.

It calls for the inclusion of multi-stakeholders in cybersecurity discussions, the development of efficient cybersecurity strategies, the training of African youths as cyber guardians, and the creation of a robust ecosystem for cybersecurity in Africa. Additionally, it underscores the importance of continual capacity building and technological cooperation to bridge the digital divide and ensure socio-economic progress.

Report

There is a clear confusion on the ground regarding the differences and intersections between the terms ‘digital’ and ‘cyber’. Patryk Pawlak’s experience in European Union (EU) projects revealed this confusion, highlighting the need for clarification on these terms and how they integrate.

Furthermore, Pawlak emphasized the importance of mainstreaming in the context of understanding ‘digital’ and ‘cyber’. Mainstreaming refers to incorporating these concepts into various aspects of project implementation. EU engagements have demonstrated that mainstreaming can be a solution to the challenges faced on the ground in relation to digital and cyber projects.

The enabling environment is often overlooked in cyber capacity building, as stated by Pawlak.

In his work on operational guidance on cyber capacity building for the European Commission, he identified the enabling environment as a key issue. This highlights the need to consider the broader context within which capacity building initiatives take place.

Pawlak’s involvement in the generation of operational guidance and strategic directions for cyber capacity building for the European Commission reflects the importance placed on considering different aspects of cybersecurity in the development of projects.

This highlights the need for comprehensive and strategic approaches to cybersecurity development.

Delegates are faced with a dilemma when it comes to dealing with blockchain and cybersecurity. A colleague in the delegation was tasked with implementing a project on blockchain in the justice system, but also needed to incorporate cybersecurity measures.

This highlights the challenges that arise when these two complex and distinct areas intersect.

It is evident that expertise in both blockchain and cybersecurity is needed to aid delegates in addressing these challenges. The colleagues in the delegation mentioned by Pawlak were not experts in either of these fields.

Therefore, the involvement of experts becomes crucial in order to navigate the complexities and ensure the effective implementation of projects.

In conclusion, the analysis highlights the confusion surrounding the terms ‘digital’ and ‘cyber’, the importance of mainstreaming in project implementation, the often overlooked enabling environment in cyber capacity building, and the need for expertise to address the challenges posed by the intersection of blockchain and cybersecurity.

These insights emphasize the need for clear definitions, comprehensive approaches, and the involvement of knowledgeable experts in the field.

Report

The Global Forum on Cyber Expertise (GFC) has emphasized the importance of incorporating cybersecurity into development initiatives. It has been observed that cybersecurity is often disregarded due to a lack of understanding on how to integrate it into other development interventions.

Recognizing this disconnect, the GFC aims to initiate discussions to mainstream cybersecurity in the development agenda. All partners involved in the forum understand the connection between sustainable digital transformation and cybersecurity, highlighting the need for a comprehensive approach.

To address this, a multi-stakeholder approach is deemed essential in formulating a comprehensive cybersecurity plan.

The Government of Sweden, Ministry of Foreign Affairs, Global Forum on Cyber Expertise (GFC), International Telecommunications Union (ITU), and Microsoft are partnering in this initiative. They plan to bring in various stakeholders to contribute to the discussions. By involving a diverse range of perspectives, expertise, and resources, a more holistic cybersecurity strategy can be developed.

A specific plan has been laid out for a series of workshops that will focus on discussing various aspects of cybersecurity and its role in digital transformation. These discussions aim to explore the importance of digital development for achieving the Sustainable Development Goals (SDGs), learn from past and ongoing cyber capacity projects, implement UN cyber norms, and consider the role of diplomacy.

The intention behind these workshops is to gather insights and formulate suitable cybersecurity strategies that align with the broader development agenda.

The Global Forum on Cyber Expertise operates under the Swedish Government’s initiative and seeks to incorporate the feedback received during these discussions in a multi-stakeholder compendium.

By engaging stakeholders from different sectors and countries, it aims to foster collaboration and ensure that cybersecurity remains an integral part of development efforts.

Moreover, the division and misunderstanding between the development and cybersecurity communities are acknowledged and seen as a challenge.

To address this, the Forum encourages communication and interaction between these two communities. By bringing them together and facilitating a shared understanding, it aims to bridge the gap and move towards common goals. This alignment is considered essential, as both communities have a role to play in achieving sustainable development.

In addition to engaging stakeholders, the Global Forum on Cyber Expertise also emphasizes the need for audience participation and involvement. It appeals to the audience to share their experiences, concerns, and challenges regarding cybersecurity and development. This approach seeks to collect a wide range of perspectives and ensure that the discussions take into account the diverse needs and experiences of different stakeholders.

The Global Conference on Cyber Capacity Building (GC3B) is highlighted as an opportunity to further enrich these conversations, and expectations are set for its outcome to contribute to the overall understanding and progress in bridging the gap between cybersecurity and development.

In conclusion, the Global Forum on Cyber Expertise recognizes the importance of incorporating cybersecurity into development initiatives. It advocates for a multi-stakeholder approach to formulate a comprehensive cybersecurity plan and has outlined a series of workshops to discuss various aspects of cybersecurity in relation to digital transformation and the SDGs.

By improving communication and engaging with stakeholders and the audience, the Forum aims to bridge the divide between the development and cybersecurity communities, fostering collaboration, and achieving better outcomes in sustainable development efforts.

Report

The analysis reveals several key points about cybersecurity. Firstly, there is a pressing need to demystify the field and dispel the misunderstanding that it is solely a technical issue. It is important for actors, including development professionals and policymakers, to understand that cybersecurity is not just a technical problem, but also a consumer and policy issue.

By broadening the perception of cybersecurity, it becomes more accessible and relatable to a wider audience.

The analysis also highlights the need for inclusion and diversity within the field of cybersecurity. Currently, cybersecurity is predominantly English-focused, which excludes other languages and dialects.

To promote inclusivity, it is crucial to reflect and incorporate other languages and both national and local dialects in the field. This ensures that people from diverse backgrounds can fully engage with and contribute to cybersecurity.

Furthermore, the analysis suggests that non-traditional actors, such as political parties and civil society, should be included in shaping cybersecurity policies.

On a national level, there can often be interagency friction between mandates, and involving these non-traditional actors can help to bridge the gap and ensure comprehensive and effective policies. By broadening the participation and perspectives in cybersecurity policy discussions, a more holistic and inclusive approach can be achieved.

The integration of cybersecurity into digital development projects is another crucial aspect.

The approach to digital development and cybersecurity has often been kept separate within organizations, resulting in a siloed approach. By integrating cybersecurity into digital development projects, organizations can ensure that the security of digital systems and infrastructure is prioritised from the outset.

This can be achieved by incorporating cybersecurity as a criterion in audits for development projects.

Donor-funded projects also have a role to play in integrating cybersecurity requirements. By building cybersecurity requirements into their projects, donors can contribute to the overall security and resilience of the projects they fund.

This includes considering cybersecurity as an integral part of the project design and implementation process.

Additionally, the analysis suggests that cybersecurity can benefit from incorporating lessons from other fields, such as climate change. Both fields involve technical complexities that can be intimidating for policymakers and diplomats.

By learning from the approaches and strategies used in climate change negotiations, cybersecurity can adopt a similar mindset of collaboration, knowledge sharing, and multidisciplinary thinking.

In conclusion, the analysis highlights the need to demystify cybersecurity, promote inclusion and diversity, involve non-traditional actors in shaping policies, integrate cybersecurity into digital development projects, and learn from other fields.

These measures will help create a more comprehensive and effective approach to cybersecurity, ensuring safety, progress, and resilience in the digital world.