Building Capacity in Cyber Security

Knowledge Graph of Debate

Session report

Tomoo Yamauchi

The Japanese government has implemented a comprehensive three-year cybersecurity strategy, with the latest one being decided in 2021. This strategy highlights the importance of addressing cyber threats and promoting secure digital practices. It was established around the same time as the digital agency to promote digital transformation (DX) and shortly after the Tokyo Olympics.

Japan is actively engaged in capacity-building initiatives, particularly for ASEAN countries. It promotes cybersecurity initiatives in ASEAN countries such as Indonesia, Brunei, and Thailand. These initiatives aim to enhance the cybersecurity capabilities of these nations. A prime example is the establishment of the ASEAN Japan Cybersecurity Capacity Building Center (AJCCBC) in Bangkok. The AJCCBC provides cybersecurity exercises and games to increase capacities, specifically targeting the younger population. As of August this year, a total of 1,200 individuals have participated in these activities.

Moreover, Japan is collaborating with other countries, including the United States and Australia, to strengthen cybersecurity capacity building. These collaborations involve discussions on expanding the activities of AJCCBC to other ASEAN countries. This partnership highlights Japan’s commitment to fostering international cooperation and partnerships for achieving cybersecurity goals.

Governments worldwide need to determine relevant policies and enact them to improve cybersecurity. Once policies are established, there is a need to fill them with sufficient content and launch initiatives such as the HACCBC, a technical capacity-building initiative. This approach ensures a comprehensive and structured approach to cybersecurity.

In addition to policymaking, it is crucial for policymakers to enrich and enhance their content for better understanding. Ten working groups exist between ASEAN and Japan policymakers, reflecting their commitment to sharing knowledge and expertise for the benefit of all.

To ensure the effectiveness of cybersecurity initiatives, it is essential to expand the target countries and achieve more global coverage. Although ASEAN countries and Japan are currently the focus, some countries are still missing from these efforts. By expanding the target countries, a more comprehensive and inclusive approach can be adopted to address the global cybersecurity landscape.

The sustainability of policies, programs, and activities is necessary for long-term success. This requires engaging the private sector and fostering collaboration. The involvement of the private sector brings additional resources, expertise, and innovation to cybersecurity initiatives. Furthermore, the expansion and advancement of capacity-building activities are needed to meet the growing demands and evolving cyber threats globally.

In conclusion, the Japanese government has taken significant steps in formulating a three-year cybersecurity strategy and actively engaging in capacity-building initiatives. Collaboration with other countries, the establishment of the AJCCBC, and the focus on policymaking and program sustainability are all indicative of Japan’s commitment to strengthening cybersecurity. The expansion of target countries and global coverage, as well as engaging the private sector, are crucial for achieving comprehensive and effective cybersecurity outcomes.

Speaker

Ladies and gentlemen, thank you for attending the Building Capacity in Cyber Security session. The session, moderated by Mr. Peter Stephens from the Organisation for Economic Co-operation and Development (OECD), aims to shed light on the significance of enhancing cybersecurity capabilities.

As technology advances and our world becomes increasingly digitised, the threat of cyber attacks looms large. It is essential, now more than ever, to strengthen our defences against malicious actors seeking to exploit vulnerabilities in cyberspace.

Mr. Stephens, joining us remotely from Paris, brings extensive experience and knowledge in the field of cybersecurity. His presence adds immense value to this session as he will provide valuable insights and perspectives on how countries can effectively build capacity in this critical area.

The main focus of this session is to explore the various strategies and measures countries can undertake to bolster their cybersecurity capabilities. These strategies may include, but are not limited to:

1. Developing robust national cybersecurity policies and frameworks: It is crucial for countries to establish comprehensive policies and frameworks that address cyber threats, promote awareness, and encourage collaboration between the public and private sectors.

2. Investing in advanced technologies and tools: Keeping up with the rapidly evolving cyber landscape requires continuous investment in cutting-edge technologies and tools capable of detecting, mitigating, and preventing cyber attacks.

3. Strengthening institutional capabilities: Building capacity in cybersecurity involves equipping institutions such as law enforcement agencies and regulatory bodies with the necessary resources, expertise, and skill sets to proactively combat cyber threats.

4. Promoting international cooperation: Cyber attacks transcend borders, making international cooperation imperative. Sharing information, best practices, and collaborating on joint initiatives can significantly enhance our collective resilience against cyber threats.

This session will also shed light on emerging trends and challenges in cybersecurity, such as the increasing sophistication of attacks, the rise of state-sponsored cyber activities, and the potential impact of emerging technologies such as artificial intelligence and the Internet of Things.

In conclusion, this Building Capacity in Cyber Security session serves as a platform for engaging with experts and policymakers to share knowledge and best practices in this critical domain. By bolstering our collective cybersecurity capabilities, we can effectively protect our societies, economies, and critical infrastructure from the ever-evolving cyber threats we face today and in the future.

Kana Shinoda

Code Blue is an international cybersecurity conference held annually in Tokyo. This year, the event celebrates its 11th anniversary. The conference serves as a platform that brings together professionals from different fields, such as technical, law and policy, and cybercrime, to discuss and address cybersecurity issues. Notable keynote speakers, including Mikko Hipponen from Finland and Sergei Korsunsky, Ambassador of Ukraine to Japan, contribute to the event’s success and reputation.

Code Blue offers a diverse range of sessions, with a total of 35 sessions and 42 speakers, covering various topics related to cybersecurity. Additionally, the conference hosts three contests, as well as Capture the Flag (CTF) challenges and car-hacking villages, which provide practical experiences and opportunities for learning and skill development. The event also places significant emphasis on youth involvement, offering U25 youth sessions, a scholarship programme, and opportunities for students to work at the event. This commitment to engaging young people reflects the organisers’ dedication to nurturing future cybersecurity professionals and cultivating interest in the field.

Furthermore, the summary highlights the importance of collaborations and international platforms like Code Blue and the Global Cyber Security Camp (GCC) for boosting cybersecurity. GCC is a one-week training camp specifically designed for Asian youth, with participation from countries such as Japan, South Korea, Taiwan, Singapore, Australia, Malaysia, Thailand, and Vietnam. The camp effectively combines academia and industry to equip young individuals with the necessary skills and knowledge in cybersecurity. Moreover, GCC employs a successful model based on a security camp in Japan, which has been in operation for over 13 years.

Notably, the Asian team has demonstrated exceptional success in the International Cybersecurity Challenge (ICC), consistently excelling in the attack and defence category. In previous ICC events, they secured second place overall in Athens, Greece, and third place overall in San Diego, USA. These achievements showcase the talent and prowess of the Asian cybersecurity community and emphasise the importance of continued support and investment in this field.

The summary also highlights the ongoing nature of cybersecurity and the significance of leveraging artificial intelligence (AI) for political purposes and improving basic security measures. Furthermore, it raises the issue of duplication of content across countries in cybersecurity training and suggests the need for a unified platform. This single platform would help avoid unnecessary duplications and make training materials more easily accessible and digestible. The argument advocates for collaboration and highlights the benefits of such a platform in ensuring efficient dissemination and uptake of cybersecurity knowledge.

Overall, the summary provides a comprehensive overview of Code Blue, GCC, and their significance within the cybersecurity landscape. It highlights the value of international platforms, youth involvement, collaboration, and ongoing investment in cybersecurity for a safer digital environment.

Christopher Painter

Cybersecurity capacity building is crucial for addressing international cyber threats and unlocking the benefits of Information and Communications Technology (ICT). It is integral to all types of infrastructure projects and plays a vital role in ensuring a secure and resilient digital economy.

The Global Forum on Cyber Expertise (GFC) is a key player in cybersecurity capacity building. It aims to strengthen capacity building efforts, avoid duplication of work, and improve efficiency. The GFC coordinates cybersecurity capacity building projects and serves as a clearinghouse, connecting countries in need with donors and implementers. With approximately 200 members and partners, including around 60 countries, civil society, and industry, the GFC prioritizes expanding global cooperation, regional coordination, and a demand-driven approach.

The importance of cybersecurity capacity building is gaining recognition in national and international development agendas. Efforts are being made to elevate cybersecurity as a priority through initiatives like the upcoming conference in Ghana. A high-level global cybersecurity capacity building agenda is also being called for to enhance efforts worldwide.

However, challenges exist in effective capacity building. Policy and political buy-in are significant challenges, as support from policymakers and leaders is crucial. Additionally, breaking down silos between different cybersecurity communities, including technical, policy, development, and security communities, remains a persistent obstacle.

Capacity building should not be an afterthought; it is critical for the growth of economies and societies. Emphasizing a multi-stakeholder approach involving governments, civil society, and private industries has proven to be beneficial. Collaboration enables better policy-making and ensures sustainable programs with continued political buy-in.

Efficiency and coordination are essential for effective capacity building. Promoting information sharing platforms and organized working groups, exemplified by the efforts of the Global Conference on Cyber Capacity-Building and the working groups of the GFC, have shown effectiveness.

Addressing the gap between cybersecurity needs, available resources, and effective delivery is crucial. The demand for capacity building is high, but currently, insufficient resources are allocated to meet these needs. Bridging this gap is necessary for successful cybersecurity capacity building efforts.

One concern is the tendency to quickly shift focus to new technological developments like Artificial Intelligence (AI) without adequately addressing existing cybersecurity issues. While AI holds promise, it is important to prioritize resolving existing threats and capacity building efforts before shifting attention.

In conclusion, cybersecurity capacity building is essential for addressing international cyber threats and harnessing the benefits of ICT. Organizations like the GFC play a vital role in strengthening capacity building and promoting global cooperation. However, challenges such as policy and political buy-in, resource allocation, and breaking down community silos persist. A multi-stakeholder approach, sustainability, and effective coordination should be prioritized for successful capacity building programs. Additionally, existing issues should be addressed before diverting focus to new technological developments like AI.

Peter Stephens

The analysis presents several arguments related to cyber security and capacity building. One argument emphasizes the global nature of cyber security, highlighting the need for international cooperation. This argument is backed by the example of the Mirai attack in 2016, which compromised 600,000 devices in Germany, Brazil, Colombia, and Vietnam. The attack serves as evidence that cyber security is a transborder problem requiring collaborative efforts between nations.

Another argument focuses on the importance of capacity building and preparedness for future threats in cyber security. The development of international norms and the implementation of effective policies are highlighted as crucial in addressing market failures and strengthening cyber security. These points underscore the need for continuous improvement and proactive measures to safeguard digital systems and networks.

The analysis also stresses the significance of a diverse workforce in the field of cyber security. It provides an example of the cyber workforce strategy in the United States to support this argument. Having a diverse workforce is seen as important for fostering innovation, creativity, and resilience in tackling cyber threats. This highlights the need for inclusivity in the industry and how diversity can enhance the field.

A key challenge identified in the analysis is the gap between policy makers and cyber security professionals. Bridging this gap is considered essential for effective policy development and implementation. The historical lack of collaboration between these two groups is viewed as a contributing factor to the challenges faced in cyber security.

Additionally, the analysis emphasizes the value of competitions and war games in boosting regional cyber capacity. It highlights a presentation by Mr. Yamauchi, which underscores the importance of such activities in strengthening cyber capacity. This argument highlights the role of experiential learning and practical training in the field of cyber security.

The Global Conference on Cyber Capacity Building and the CIBIL program are highlighted as initiatives that can facilitate resource access and partnerships between policy makers and experts. The conference, scheduled to take place in Ghana in November, is expected to contribute to the sharing of knowledge and best practices in cyber capacity building. The CIBIL program allows policy makers to access pre-existing materials, aiding them in policy development and decision-making processes.

Other noteworthy findings from the analysis include the importance of a demand-based approach in addressing cyber capacity building challenges and breaking down silos between communities. The analysis also emphasizes the need for better amplification and scaling of successful initiatives.

In conclusion, the analysis underscores the interconnected and transborder nature of cyber security, emphasizing the need for international cooperation. It highlights the importance of capacity building, a diverse workforce, bridging the gap between policy makers and professionals, and the role of competitions and war games in building cyber capacity. The Global Conference on Cyber Capacity Building and the CIBIL program are identified as facilitators of resource access and partnerships. The analysis also emphasizes the importance of a demand-based approach, breaking down silos, and amplifying successful initiatives in addressing cyber security challenges. It suggests that efficient use of resources and generating political will are key factors in ensuring a stronger and more secure cyber landscape.

Speakers