Confidence-building measures and capacity-building – Engaging all stakeholders to enhance capacity-building efforts

Event report

Through resolution 73/27, the UN General Assembly established the Open-Ended Working Group (OEWG) on developments in the field of information and telecommunications in the context of international security which – in addition to the intergovernmental nature of its work – also provides the possibility of holding intersessional multistakeholder consultations. The first intersessional consultative meeting took place on 2-4 December 2019 with sessions that included the tech industry, civil society, academia, and member states.

The fifth meeting focused on engaging all stakeholders to enhance capacity building efforts.

The discussants underlined that the duplication of efforts in delivering capacity building must be avoided through donor co-ordination. Duplication can be avoided by having open and inclusive discussions to identify existing initiatives and synergies. Global Partners Digital (GPD) suggested that the OEWG should take stock of existing capacity building efforts to determine issues and topics where further capacity building is needed, consequently identifying possible duplication of efforts. Inspired by the work of the Global Forum on Cyber Expertise (GFCE), the idea of a cyber clearing house was also put forward by Research ICT Africa.

Capacity building should be tailored to local contexts, resources, and other specificities of the recipient. Most importantly, it should be tailored to the needs of the recipient. To this end, robust needs assessments should be carried out in order to determine the gaps and priorities. An important element of raising capacities is building cybersecurity awareness in a locally contextualised manner. ARTICLE 19, GPD, and the Association for Progressive Communications (APC) raised concerns that there is a trend of criminalisation of digital security training and called for it to stop.

A strong call for including all stakeholders in the development and implementation of capacity building initiatives was heard from multiple speakers. The involvement of stakeholders enables local ownership. Multistakeholderism provides an amalgam of input on threat assessments, areas where capacity building is needed, and research and analysis that highlights gaps in the national regulatory framework. Civil society, industry, and academia play a major role in helping to develop and implement national ICT security strategies. They also help translate international level norms to the local context. Multistakeholderism can also help with solving the scarcity of resources: the private sector or the government have the finances, the government could give support and endorsement, and the technical community and academics the skills and expertise. The future OEWG should encourage new models of hybrid engagement involving not only inputs from stakeholders of all sectors, noted Research ICT Africa.

Further, capacity building is needed to support states in implementing the norms outlined in the UN GGE reports. Research ICT Africa suggested the OEWG could provide guidance to accompany the existing UN GGE report in the form of flexible but practical guidelines based on the analysis of lessons learned and good practices shared on how to implement norms and guidelines. Egypt suggested establishing an objective reporting mechanism to measure the implementation of the UN GGE norms, which in turn would identify the gaps where further capacity building efforts are needed.

As the 2015 GGE report noted, the different levels of capacity for ICT security among states can increase vulnerability in an interconnected world. The European Union, Estonia, the Cyber Green Institute, and the Cyber Peace Institute underlined the importance of global resilience, noting that the lack of capacity in one country, affects other countries because of the borderless nature of the Internet. On the other hand, regional capacity building efforts were underlined by many of the speakers, with examples such as the ASEAN-Singapore Cybersecurity Centre of Excellence (ASCCE); the African School of Internet Governance; and, Estonia’s joint effort with Germany, Finland, and Luxembourg to build a European cyber capacity building network, etc.