Global Conference on Cyber Capacity Building: Phil Sheriff
The Conference on Cyber Capacity Building was held in Ghana at the end of November 2023, with RHUL represented and jointly running a workshop. The aim of the conference was to mainstream cyber resilience and capacity building within the international development agenda, breaking down silos to help better integrate digital development and cyber-security. It was preceded by the Global Forum for Cyber Expertise conference, with a number of events bringing together considerable experience and expertise in the form of practitioners, donors, recipients and academics.
The conference championed the theme of cyber capacity building. The subject matter ranged from the technical aspect of CERT information sharing and critical infrastructure protection through to implementing international commitments and the role of international law in strengthening cyber resilience. As with the very best conferences, there were opportunities to network and socalise with participants ranging from foreign ministers, senior decision makers from multinational organisations such as the World Bank and the ITU, and an international smorgasbord of government officials from the West African region and beyond.
RHUL, along with the Oxford Global Cyber Security Capacity Building Centre (GCSCC), the Cybersecurity Capacity Centre for Southern Africa (C3SA), and Integrity Global, ran one of only a handful of workshops, focusing on the benefits and challenges of cyber capacity building evaluation. Pre-workshop research focused on the intersection of cybersecurity capacity building and the international development agenda, looking at capacity building drivers, the relevance of cyber security to the UN’s Sustainable Development Goals (SDGs), and associated long-term impacts. Having identified better evaluation as a key requirement, the workshop then focused on defining and measuring impacts, data requirements, and the challenges of data acquisition/analysis.
Invited participants to the workshops were subdivided by expertise and experience into one of four groups; donors, implementers, recipients, and academics, with an equal distribution of each taking part in a series of small groups which allowed for in-depth discussion. Feedback was collected via colour-coded post-it notes to disaggregate feedback by actor group, with colour-coded stickers given to all participants at the end to weight specific points, again disaggregated by actor group. The end-result was that we were able to better understand how, where and why better evaluation of cyber-capacity building matters.
From an evaluation perspective, using novel measures such as the volume of discussion, the over-running of small-group sessions, the number of people loitering after to continue conversations, the comprehensive data captured on the whiteboards, as well as the generous feedback from a good number of participants, it would appear to have been a well-received and successful workshop.
The aim was not only to enhance understanding of the various issues across the stakeholder groups, however. Another goal was to create a community of likeminded practitioners across all groups who would be committed to further engagement on topics such as intervention typologies, the collation of existing/potential new data points etc. Such a community could draw upon the participants’ collective experience and theoretical knowledge. Once the collation and analysis of the workshop data is completed, it will be distributed to participants, with feedback intended to initiate a longer-term dialogue with a reconvening workshop planned in and around the 2nd conference in 2025.
Having enjoyed an excellent closing dinner on the Thursday evening, there were optional extra activities for the Friday, including a trip to the beach, a walking tour of Accra, or a tour of the government CERT and private enterprise SOC facilities. Choosing the final option, a packed bus set off on a fascinating tour of government offices and a number of companies specializing in different aspects of information security. Of most interest was seeing a number of issues and challenges discussed at the conference come to life, in particular around the cyber-workforce, staff retention, information sharing, and the importance of international collaboration. Interestingly, cyber capacity building is as much a regional, as well as international, activity, moving away from the classic Global North donor to Global South recipient model to a more inclusive model of local and regional interactions and ownership. And Ghana is clearly keen to enhance and embrace its cyber-leadership role in the region, showcasing an impressive CERT and associated infrastructure in the tour, and clearly keen to engage at the conference at a senior ministerial levels.
From a PhD student perspective, it was important to see the role of academic research. It is clear that there are no panaceas to the complex issues and challenges of cyber capacity building evaluation. Rather, there are a considerable number of areas where anecdotal evidence and assumption need to be replaced, through data capture and research, with theory and evidence. In doing so, this will enable greater integration of CCB into a broader International Development agenda, with the ultimate aim being the universal improvement in the security of the cyber eco-system, leading to a more even distribution of the benefits of digitalization, with associated benefits for the higher level UN SDGs.
This comment has been removed by the author.
ReplyDelete