Hosted by the GCSCC’s regional partner, the Oceania Cyber Security Centre (OCSC), in Melbourne, Australia, the key event for the global cybersecurity capacity building community provided an opportunity to show what cybersecurity capacity really means, and how and why it matters for nations. It was also an opportunity to welcome the Cybersecurity Capacity Centre for Southern Africa (C3SA) as the second regional partner of the GCSCC.
In February 2020, cybersecurity capacity experts from Africa, Asia, Europe and North America, and Oceania, in particular from the Pacific Islands, met in the Melbourne’s Central Business District for the Global Cybersecurity Capacity Building Conference 2020. Historically, this annual event was held by the GCSCC at the Oxford Martin School at the University of Oxford with a global lens. In 2020 the event was hosted in Melbourne in recognition of the ongoing relationship between the GCSCC and its regional partner OCSC.
A key purpose of the event was to share insights and lessons learnt from the deployment of the Cybersecurity Capacity Maturity Model for Nations (CMM), the GCSCC’s flagship product, and to explore how capacity building can be coordinated across various actors, nationally and globally. Researchers, representatives of regional and international organisations, implementers, and government officials also discussed emerging priorities, new activities and requirements for the future, arising from the CMM reviews but also upcoming risks and threats in cyberspace and how to tackle them.
In her presentation, Dr Patricia Esteve-Gonzalez, Oxford Martin Fellow at the GCSCC, explained the shaping and impacts of cybersecurity capacity on a country, a joint work with Professor Sadie Creese and Professor William Dutton, both from the GCSCC and Dr Ruth Shillair from Michigan State University.
Data from the deployment of the CMM in 62 countries over the last 5 years demonstrates that the status of cybersecurity capacity is at or below a formative state (which is the second lowest stage of five stages of maturity according to the CMM) in nearly all the nations studied. This underscores the degree that many nations are in the earliest phases of capacity building. However, the variation across nations shows that greater levels of maturity translate into better experiences for Internet users, better perceptions of freedom of expression, and greater ICT usage within different sectors of society. In addition, the results show a cybersecurity divide between more developed countries, with the resources to invest in cybersecurity capacity, and relatively low-income countries.
“The research outcomes of this analysis lead us to support international efforts in capacity building aimed at mitigating the gap between high- and low-income countries”, says Dr Patricia Esteve-Gonzalez.
Sustaining Footprint in the Southern Hemisphere
The conference was also the first meeting of the Global Constellation of Regional Cybersecurity Capacity Research Centres’ Global Governance Board to welcome the Cybersecurity Capacity Centre for Southern Africa (C3SA) as the second regional partner since OCSC joined in 2016.
C3SA which started operations in January 2020 is based at the University of Cape Town (UCT) and is a consortium between the GCSCC, UCT’s Department of Information Systems, Research ICT Africa, a digital policy think tank based in Cape Town, and the Norwegian Institute of International Affairs (NUPI).
The three centres of the Global Constellation, GCSCC, OCSC and C3SA, aim to drive regionally informed cybersecurity capacity research and lead the deployment of the CMM in their respective regions, sustaining the CMM’s impact from the past 6 years.
Enhancing Global and Regional Coordination
The GCSCC Annual Meeting was only one of several events that the OCSC organised for the community in the setting of the conference. The Global Forum on Cyber Expertise (GFCE) held its Regional Pacific Meeting, bringing together funders and recipients of capacity building initiatives. During this meeting, the new globally owned one-stop knowledge hub, CYBIL, was presented. CYBIL brings together knowledge on international cyber capacity building developed by the GCSCC in partnership with the GFCE since 2019.
This opinion piece reflects the views of the author, and does not necessarily reflect the position of the Oxford Martin School or the University of Oxford. Any errors or omissions are those of the author.