Cybersecurity capacity building: A foundational element of international peace and stability online

Kaja Ciglic, Senior Director, Digital Peace, Microsoft

International peace and stability in cyberspace is a hotly contested topic. The move towards an effective consensus has become a scarcity despite the increasing risks posed by inaction, which threaten our modern lifestyles and our dependence on a secure cyberspace. This reliance on trustworthy ICT products and services became especially clear in 2020 as the Covid-19 pandemic forced many across the globe to shift their online behaviors for education, work, healthcare, shopping, and even social interactions.

When the challenge is so pressing, and the political will to cooperate is so limited, it is important to seize the issues that have broad support to advance both progress and partnership. This is especially true when the endorsement is not limited to government stakeholders across the globe, and includes civil society and industry as well. Cybersecurity capacity building is an example of this rarest of opportunities. Whether you read the different submissions to the United Nations Open Ended Working Group on developments in the field of information and telecommunications in the context of international security (UN OEWG), or listen to the views of the multistakeholder community recently expressed in an informal consultation, the call and the need for greater focus, coordination and resourcing of cybersecurity capacity building is unmistakable and nearly universal.

While uneven levels of cybersecurity across the world present a gap that needs to be bridged, the million-dollar (or, rather, billion-dollar) question remains – how? Over the past few months, Microsoft organized several sessions at both the Internet Governance Forum and Paris Peace Forum to address this all important conundrum. The following themes emerged:

  • Understand the need. Capacity building efforts can only succeed if they are responding in a targeted way to a real need. Therefore, they must begin with participants’ understanding of what issues matter to them and why, as well as where gaps in capacity or capability exist. These cannot be cookie-cutter trainings and programs applied identically across regions. Inevitably, capacity building needs will vary depending on the regional or local context and centered on technological or knowledge-based gaps, as well as how different cultures approach technology.
  • Strengthen cyber diplomacy. All too often, capacity building efforts focus on the technical aspects of cybersecurity — which are necessary but not enough. For instance, efforts to strengthen cyber diplomacy capabilities in countries worldwide would benefit from additional capacity building attention and resources. This would ensure that more states are equipped to participate in relevant and balanced international negotiations on how to keep the online world safe for all.
  • Be inclusive of all stakeholders. In addition to government stakeholders, it is critical that capacity building focuses on industry and civil society as well. Multistakeholder perspectives should be included in relevant trainings, exercises, and other cybersecurity capacity building actions. Not only is responsibility shared, but the cross-pollination of efforts and ideas among sectors ensures an even greater outcome.
  • Incorporate human rights. A global, open, free, accessible, stable and secure cyberspace, where human rights and fundamental freedoms apply, is essential for our societies’ well-being, growth, and prosperity. These core values need to be part of any capacity building efforts, including careful consideration on how such programs could positively or negatively impact human rights.
  • Finally, utilize existing mechanisms. Numerous states, foundations, and private actors have dedicated funding and resources to capacity building initiatives. Instead of replicating those efforts, Microsoft encourages states to combine resources to generate greater impact and participate in fora, such as the Global Forum for Cyber Expertise (GFCE), which can help match needs with expertise.

Microsoft has been a proud supporter of the GFCE since its creation in 2015 by promoting the multistakeholder community to the technology industry, delivering capacity building trainings, and participating in and chairing various working groups. We believe the GFCE is the right platform – with the necessary mandate – to strengthen, coordinate and make our various global cyber capacity building efforts more efficient and effective. Our excitement to continue building on this partnership follows our recent announcement with GFCE to increase cyber capacity building efforts in Africa, through a program focused on unifying existing cyber capacity building efforts and strengthening the understanding of the continent’s needs.

The GFCE-Microsoft Africa Program Fellow will specifically focus on mapping, coordinating, and ultimately streamlining existing efforts in Africa. While no small task, we hope that this work will help ensure that investments in capacity building are more effective and have greater long-term impact, as well as help strengthen our common understanding of the needs in the region. We hope that the program will focus on strengthening the understanding of cyber diplomacy and issues related to advancing international peace and stability online.

The world needs Africa and given less than 100 signatories to the Paris Call for Trust and Security in Cyberspace are located on the continent (out of more than 1100 globally) the region holds a lot of potential. It is critical that we not only ensure they can realize it by coming online, but that they are empowered to do so safely and securely through a multistakeholder approach – and that they can play a genuine role in international discussions and n­­egotiations. We hope these initiatives can, in a small but meaningful way, contribute towards that goal.