Global Conference on Cyber Capacity Building: Phil Sheriff

The Conference on Cyber Capacity Building was held in Ghana at the end of November 2023, with RHUL represented and jointly running a workshop. The aim of the conference was to mainstream cyber resilience and capacity building within the international development agenda, breaking down silos to help better integrate digital development and cyber-security. It was preceded by the Global Forum for Cyber Expertise conference, with a number of events bringing together considerable experience and expertise in the form of practitioners, donors, recipients and academics.

The conference championed the theme of cyber capacity building. The subject matter ranged from the technical aspect of CERT information sharing and critical infrastructure protection through to implementing international commitments and the role of international law in strengthening cyber resilience. As with the very best conferences, there were opportunities to network and socalise with participants ranging from foreign ministers, senior decision makers from multinational organisations such as the World Bank and the ITU, and an international smorgasbord of government officials from the West African region and beyond.

RHUL, along with the Oxford Global Cyber Security Capacity Building Centre (GCSCC), the Cybersecurity Capacity Centre for Southern Africa (C3SA), and Integrity Global, ran one of only a handful of workshops, focusing on the benefits and challenges of cyber capacity building evaluation. Pre-workshop research focused on the intersection of cybersecurity capacity building and the international development agenda, looking at capacity building drivers, the relevance of cyber security to the UN’s Sustainable Development Goals (SDGs), and associated long-term impacts. Having identified better evaluation as a key requirement, the workshop then focused on defining and measuring impacts, data requirements, and the challenges of data acquisition/analysis.

Invited participants to the workshops were subdivided by expertise and experience into one of four groups; donors, implementers, recipients, and academics, with an equal distribution of each taking part in a series of small groups which allowed for in-depth discussion. Feedback was collected via colour-coded post-it notes to disaggregate feedback by actor group, with colour-coded stickers given to all participants at the end to weight specific points, again disaggregated by actor group. The end-result was that we were able to better understand how, where and why better evaluation of cyber-capacity building matters.

From an evaluation perspective, using novel measures such as the volume of discussion, the over-running of small-group sessions, the number of people loitering after to continue conversations, the comprehensive data captured on the whiteboards, as well as the generous feedback from a good number of participants, it would appear to have been a well-received and successful workshop.

The aim was not only to enhance understanding of the various issues across the stakeholder groups, however. Another goal was to create a community of likeminded practitioners across all groups who would be committed to further engagement on topics such as intervention typologies, the collation of existing/potential new data points etc. Such a community could draw upon the participants’ collective experience and theoretical knowledge. Once the collation and analysis of the workshop data is completed, it will be distributed to participants, with feedback intended to initiate a longer-term dialogue with a reconvening workshop planned in and around the 2nd conference in 2025.

Having enjoyed an excellent closing dinner on the Thursday evening, there were optional extra activities for the Friday, including a trip to the beach, a walking tour of Accra, or a tour of the government CERT and private enterprise SOC facilities. Choosing the final option, a packed bus set off on a fascinating tour of government offices and a number of companies specializing in different aspects of information security. Of most interest was seeing a number of issues and challenges discussed at the conference come to life, in particular around the cyber-workforce, staff retention, information sharing, and the importance of international collaboration. Interestingly, cyber capacity building is as much a regional, as well as international, activity, moving away from the classic Global North donor to Global South recipient model to a more inclusive model of local and regional interactions and ownership. And Ghana is clearly keen to enhance and embrace its cyber-leadership role in the region, showcasing an impressive CERT and associated infrastructure in the tour, and clearly keen to engage at the conference at a senior ministerial levels.

From a PhD student perspective, it was important to see the role of academic research. It is clear that there are no panaceas to the complex issues and challenges of cyber capacity building evaluation. Rather, there are a considerable number of areas where anecdotal evidence and assumption need to be replaced, through data capture and research, with theory and evidence. In doing so, this will enable greater integration of CCB into a broader International Development agenda, with the ultimate aim being the universal improvement in the security of the cyber eco-system, leading to a more even distribution of the benefits of digitalization, with associated benefits for the higher level UN SDGs.



Comments

Post a Comment

Popular posts from this blog

Post-PhD thoughts on the Cyber Security field: Amy Ertan, 2017 CDT Cohort, now Cyber and Hybrid Policy Officer at NATO HQ in Brussels.

It has been just over a year since I successfully completed my viva – a milestone that initially felt both terrifying and insurmountable when I first joined the CDT. Now, I have the privilege of reflecting on my PhD journey and how its opportunities have shaped my present. I also wish to inspire curious students to embrace the full potential of the CDT and similar programs.   When I first came across the CDT application form, I initially envisioned transforming from a disillusioned city worker into a technical cyber security wizard, focusing on governance or incident response – as those were the only cyber security functions I was familiar with at the time. Very quickly, the CDT taught me that cyber security encompasses a vast and comprehensive range of approaches, offering me a holistic perspective on the field. Supported by the CDT, I engaged with exciting research and practitioner communities to learn about security governance, feminist and critical approaches, geography, the philos
Read more

Remote working and Cyber Security: Georgia Crossland and Amy Ertan

Image
Introducing the project The shift to remote working represents a huge shift for employees and organisations alike, introducing significant implications for cyber security. Amy Ertan and Georgia Crossland are currently working on a research project, in collaboration with the Research Institute for Sociotechnical Cyber Security (RISCS) and funded by the UK National Cyber Security Centre (NCSC), on the impact of remote working on cyber security and wellbeing. This blog post will give an overview of a section of this project, how remote working impacts cyber security. In response to COVID-19, in March 2020, organisations across the world made the rapid shift away from physical office working to remote working, wherever possible. This shift has had a significant impact across many aspects of organisations. This blog post will offer a high-level overview of how the cyber threat landscape was impacted for many organisations and may further change organisational cyber resilience. Remote workin
Read more

New Publication: Remote Working and (In)Security?: Amy Ertan

Image
A recent research report by CDT researchers Amy Ertan and Georgia Crossland has been published with the Research Institute for Sociotechnical Cyber Security (RISCS). The report examines ‘The Impact of Pandemic-Driven Remote Working on Employee Wellbeing, the Psychological Contract and Cyber Security’, with research carried out through a series of interviews with senior cyber security colleagues between January and April 2021. The full report can be found on the RISCS website: New publication: Remote Working and (In)Security | RISCS. Context In the UK and around the world, the impact of COVID-19 represented a total shift away from what was considered ‘normal living’. One aspect of this change was the rapid transition to remote working as people were encouraged to work from home and limit contact with others as far as possible through repeated lockdown conditions. Fellow CDT colleague Georgia Crossland and I were curious to explore how remote working has impacted the experiences - and se
Read more