Capacity-building

Event report

As outlined by the chair, capacity-building appears to be a possible area of fast progress in the OEWG work. Many countries reiterated the basic principles of capacity-building, agreed upon by the previous OEWG and outlined in par. 56 of its 2021 report. In addition, Singapore and Thailand stressed the demand-driven approach, focused rather on outcomes than on outputs. Brazil and Czech Republic reminded that capacity-building is a two-way street. Switzerland underlined that capacity-building should be considered a holistic effort. Iran suggested that non-discriminatory access to ICT security-related science, technology, and products and services should be included as principal. China connected to this by calling for the basic internet resources to be distributed fairly, while ensuring that relevant international internet governance processes are inclusive and on equal footing.

A number of states emphasised the importance of a multistakeholder approach and public-private partnerships to capacity-building – notably Australia, Chile, India, Indonesia, Korea, Switzerland, Thailand. Russia called for establishing an exchange of best practices and experience in building public-private partnerships in the area of using ICT at the national level, and argued that it is important to develop mutually acceptable ways of providing assistance and cooperation between states and private entities – at the request of each recipient state, and taking into account the state’s specific needs and characteristics.

Experiences

Number of states shared examples of capacity-building efforts on national and regional levels. For instance, the Dominican Republic worked with Germany, Estonia, and Luxembourg to utilise the EU’s CyberNet project knowledge and establish a cyber training centre for public and private sector and law enforcement authorities for Latin America and the Caribbean. The Philippines partnered with Australia and Israel on particular national activities, and participated in regional training with support of Japan. Korea and the Netherlands organised a webinar for exchange of national views among 14 Asian countries. 

Japan will conduct activities in the Indo-Pacific region, involving industry, governments, and academia. The Lao PDR benefited from the national and regional training and workshops organised by ICT for Peace, an NGO. Thailand recognised Japan’s support in building a regional centre in Bangkok to strengthen regional capacity-building. Singapore has been conducting programs throughout ASEAN, and partnered with the industry, academic institutions, and the Global Forum on Cyber Expertise (GFCE). The Indian CERT has undertaken joint training and workshops to train government officials. Greece, hosting the EU’s Network Information Security Agency (ENISA), announced support programmes for the Western Balkans, and offered further assistance to various regions. The International Security in Cyberspace Fellowship by Canada was praised by several participants, as being instrumental in bringing more women on board, the very OEWG meeting included.

Challenges

Several countries warned about certain challenges which impact capacity-building. Cuba underlined that it is vital for states to refrain from adopting any unilateral, coercive measure which restricts universal access. Syria also warned that unilateral coercive sanctions are impeding capacity-building in developing countries. Iran followed in the same vein, outlining the restrictive measures against other states as the problem, including unilateral digital sanctions that have been intensifying against some countries.

Priorities

Responding to the agenda question related to priorities of the capacity-building, the European Union, together with Republic of North Macedonia, Montenegro, Albania, Bosnia and Herzegovina, Ukraine, Republic of Moldova, and Georgia, stressed that capacity-building is fundamental for implementing the framework of responsible behaviour, through developing and implementing national strategies, establishing CERTs, setting up crisis management structures, and enhancing capacities to tackle cybercrime. Indonesia emphasised capacity-building as important for implementation of the international law and voluntary cyber norms, but also reminded of the need for ensuring physical infrastructure of ICT. India outlined the necessary focus on crisis management, while Brazil and Czech Republic added the resilience of critical infrastructure. The UK saw the development of national strategies as an urgent step which would allow international cooperation, underlined the importance of the models that assess cybersecurity status in countries and help them understand their needs, such as their Cybersecurity Capacity Maturity Model for Nations (CMM). Columbia invited for actions which close the digital divide, focus on training of trainers, and involve more women in the process. Iran suggested that non-discriminatory access to ICT security-related science, technology, and products and services should be prioritised for early action by the OEWG.

Proposals

Majority of countries that took the floor also brought forward certain concrete proposals. The Philippines suggested the OEWG to assign facilitators for consultations with members for sharing best practices for each priority area, which would then, periodically, report the outcome of such informal consultations to the chair. South Africa called for the OEWG to discuss appropriate institutional arrangement and special programmes for capacity-building. Russia invited to continue negotiating universal principles for providing capacity-building assistance, and discussing optimal ways to create a targeted program or fund for capacity-building, which could involve other stakeholders. Malaysia suggested that the OEWG should map out and develop a baseline or a framework for capacity-building. 

The Lao PDR called the states and international organisations to continue assisting the developing countries. Cuba also invited the developed countries and international entities to provide assistance and financial resources to countries that request support. Syria invited for a proposal for UN Global programs and principles to promote capacities in ICT. Czech Republic invited for dedicated OEWG thematic sessions in the following years as an opportunity to exchange best practices. It also invited the OEWG to recommend mainstreaming of cybersecurity into the UN digital development agenda across the UN system, to tap into development funds and ensure safe digital transformation. Israel also connected security with the economic development and digital divide, inviting donations and assistance for countries through development mechanisms, the World Bank being an example.

Chile called for developing strategies and capacity, building plans, which could be sustainable over time with clear, realistically coordinated, measurable objectives. India called for the OEWG work to comprise of practical cooperation initiatives and regular activities between member states, and suggested: training of cybersecurity professionals through short and long term courses through collaboration with reputable international institutions, the establishment of centres of excellence in different countries, and setting up infrastructure for testing of the ICT products and systems in order for a comprehensive understanding of the security challenge to be developed.

Indonesia called for a drawing of a framework for assessing the impact of capacity-building, and the OEWG to play a role in creating an inventory of lessons learned related to the execution of capacity-building. Similarly, Singapore suggested a framework for assessment of needs that guide capacity-building, and establishment of the metrics and measures for success. Several states, including the UK and France, underlined the relevance of the self-evaluation Survey of National Implementation, proposed by Mexico and Australia in the previous OEWG, for mapping capacity-building needs and progress. 

Singapore also called for the establishment of a UN cyber fellowship program for small states that would support the training in cyber issues for mid-to senior level officials from smaller developing countries. It offered that this fellowship programme be organised under the auspices of the existing UN-Singapore cyber program, and focus on cyber and digital security governance, including best practices. The Netherlands called the OEWG to adopt a gender sensitive approach to capacity-building, in order to mainstream the gender and the position of women and girls. The Lao PDR supported enhancing women participation, such as through a cyber fellowship programme. Columbia emphasised the inclusion of marginalised groups, particularly women, girls, older people, people with disabilities, and indigenous communities, in the ICT discussions.

The UN role and avoiding duplication

Brazil saw the OEWG as a platform for regional dialogue, and establishment of capacity-building coordination mechanisms with involvement of other stakeholders, to help match the needs and available resources. Columbia considered that the UN should maintain a repository of capacity-building initiatives. The Lao PDR reminded of the important role of UNODC with capacity-building, and suggested that the UNIDIR Cyber Policy Portal could also serve for collecting needs and actions in support of capacity-building. Cuba argued that the UN, and particularly the ITU, should assume a central role as a standing forum for dialogue and capacity-building, while regional and other efforts should only complement multilateral ones.

The Netherlands confirmed the merits of the UN’s role as coordinator in the area of capacity-building, as long as it reinforces and supports the work of regional organisations and other existing multi-stakeholder endeavours, like the GFCE. Switzerland warned about possible duplication of efforts – for instance, the UN efforts to create database overlaps with GFCE work which already bridges demand with offer, such as through the GFCE-AU programme – and invited for the improvement of coordination of international partnerships among states and stakeholders, – providers, as well as recipients of capacities. The UK also suggested promoting the existing routes by which states can access support, including funding, such as the GFCE.

Programme of Action

Several countries reflected on the role that the Programme of Action (PoA), proposed by France, Egypt, and over 50 other countries, could play in capacity-building. The Netherlands stressed that the GGE and OEWG consensus reports are now ready to be implemented, and that the PoA could contribute to this through capacity-building. Switzerland reminded that the PoA was mentioned in the OEWG 2021 report as important for building capacities of states to implement the framework, and compared the PoA, as a place for implementation, against the OEWG as the place for negotiations. Korea presented that PoA would establish a permanent, open, and inclusive instrument focused on capacity-building. Japan added that PoA is seen as an action-oriented form of institutional dialogue that would also deal with capacity-building, regularly share actual efforts, and provide periodical reviews.

The EU and several aligned states suggested that the PoA can advance cooperation on national, regional and global levels, and foster meaningful multistakeholder initiatives. The PoA could also explore dedicated funding mechanisms and enhance coordination between existing instruments such as the World Bank, in line with principles as set out in par. 56 of the OEWG 2021 report. France added that the PoA should have necessary financial and human resources, including a dedicated secretariat, for seeking new financing for capacity-building. Building on Singapore’s proposal, Egypt suggested that the PoA could also discuss establishing a UN fellowship program – possibly following the model of the PoA on small arms and light weapons, which provides specialised courses and training for cyber experts on the technical and political levels.