Nobody left behind: Interregional cyber capacity building

Event report

In the last few years, a consensus among states has created an explosion of interest in cyber capacity building, focussed on various aims and stakeholders. The pandemic has only underscored the importance of capacity building. The workshop moderated by Ms Kerstin Vignard (United Nations Institute for Disarmament Research, supporting the Chairmen of the Group of Governmental Experts (GGE) on Cyber Security and the Open-Ended Working Group (OEWG)) looked into how we can create concrete actions that can help regions.

Regional specificities

For the Asia-Pacific area, Ms Latha Reddy (Co-Chair, Global Commission on the Stability of Cyberspace) stressed that it is a large region incorporating considerable differences. Advanced countries, such as Singapore, have taken the lead, while introducing the element of reciprocity, since capacity building is not just about one region giving and another one taking: both must contribute to the conversation.

Africa’s approach is not much different, explained Ms Folake Olagunju (Economic Community of West African States (ECOWAS) and Advisory Board Co-Chair of the Global Forum on Cyber Expertise (GFCE)). The African region is still trying to find its way and must borrow considerably from other regions. A few players in West Africa (such as Nigeria, Ghana, and Cote d’Ivoire) are in a position to encourage other ECOWAS member states. Relationships with donors such as the EU are of crucial importance. Close attention is given to the work of the African Union Commission in cyber capacity building. It is vital to ensure that ‘whenever we build, we can sustain the capacity’. When capacity is built, people need to sustain it.

Ms Liga Rozentale (Senior Director of European Cybersecurity Policy, Microsoft), bringing a perspective from Europe, stressed that the region has a slightly different arrangement because of the European legislative framework with many opportunities for governments to take part in capacity building efforts. A slight challenge exists in making the efforts multistakeholder and having the private sector participate, as the multistakeholder approach can sometimes be in competition with government processes. Microsoft is very much interested in cyber capacity building and eager to complement governmental efforts. Rozentale mentioned the new Microsoft project in Africa on implementation of the Paris Call in the region.

Mr Bert Hogeveen (Head of Cyber Capacity Bulding, Australian Strategic Policy Institute (ASPI)) highlighted the importance of looking at gaps and duplications in capacity building and stressed that it is essential to bring in the multistakeholder dimension. Australia is very active in cyber capacity building, particularly in the South Pacific, where it is still vital to focus on connectivity.

Region-to-region sharing

Is sharing between regions beneficial? Is there appetite for more structured conversation on this? Should it be pursued? Why inter-regional? Hogeveen claimed that for Australia, as a cyber capacity development nation, it is difficult and unproductive to provide expertise that would be sustainable in a very different global context. Australian lessons simply might not work elsewhere and this sharing might not be as productive as we think.

Reddy counter-argued that cyber capacity building is essentially a borderless effort, so it makes sense to step up region-to-region sharing. We must co-operate between regions to have a solid system at place. It is a game of catch-up, in which some countries are really advanced, but others are not, so unless we reach out between regions, how can we bridge this? Olagunju also believes there is room for inter-regional co-operation. As well, the role of the United Nations as a global actor is important in capacity development, stressed Vignard.

Strings attached

Not all capacity building is created equal and some providers do not offer a strictly neutral service. As Olagunju stressed, a national buy in for the capacity building recipient country must occur, or else ‘we are wasting our time’. Africa cannot just take any carrot given to them.

Rozentale argued that even looking at UN processes, one approach is clear— to have capacity building connected with respect for international law. And the corporate perspective is not different, she argued; they also would like capacity building to go along the same lines and lead to responsible behaviour.

Building trust in capacity development

According to Olagunju, leadership is essential. It is important to start educating our leaders so that they understand the issues. It would be productive to use regional bodies more because they have the power to get member states on board as a group. It is easier to work in this fashion than to approach states individually. And, face-to-face interactions matter so much in building that trust.

Rozentale argued that in Europe, close government co-operation leads to more trust, but it is something that needs to be constantly readdressed. Problems arise even on the national level of building trust and tech players need to talk more to strategic policy players and vice versa.

In one year, at the next IGF, where are we?

Olagunju hopes that countries in Africa will move into capacity building measures and norms, leading to more responsible behaviour. Hogeveen will be happy if we can talk about a dynamic GFCE Pacific Hub that was recently announced. Reddy will want to see a universally trusted global agency on capacity building and Rozentale hopes to have institutions truly multistakeholder.