5 minute read
Carlos Bandin Bujan, Brussels We need more efficient cybersecurity building worldwide A transversal issue in development and cooperation
We need more efficient cybersecurity capacity building worldwide
28 by Carlos Bandin Bujan, Programme Manager, DG DEVCO, European Commission, Brussels
Ever-evolving Information and Communications Technologies (ICT) have revolutionised the way we live and interact in our society. Over the past 20 years, ICT has evolved to become in many cases a determining element in a variety of policy areas. Cyberspace provides the underlying platform for development, distributing transformative digital technologies, with profound global implications and many human, economic as well as social benefits 1 .
Our vulnerability to intrusion and manipulation Nowadays, two thirds of internet users are said to live in the developing world, where access to the internet is growing almost four times faster than in developed countries. It is estimated that by 2020 the number of devices connected to the internet will reach 50 billion – all potentially vulnerable to intrusion and manipulation. Businesses, banks, utility services, critical national infrastructure, and government agencies – all rely on IT systems to provide a flow of information that enables fast delivery of services across national and international territories. But these, and even our personal social media systems and personal appliances, leave us more exposed to potential harm. Nevertheless, there is increasing awareness that the benefits of ICT cannot materialise in a vacuum. The increased number of cybersecurity incidents that cause major economic damage to the global economy and security underscore the need to prioritise measures addressing such threats and promote secure digital services and infrastructure. The landscape of threats can be categorised into three main areas: • The threat to critical infrastructure: due to the increasingly digitalised environment we operate in, it has expanded in scope in comparison to a decade or more ago. Potential damage of this typology of security incidents can cause thousands if not millions of casualties and/or billions of losses; • Online criminal activity (cybercrime) in relation to digital content, ranging from ID theft and non-cash payment fraud, to online terrorist propaganda and child exploitation etc., and last but not least; • Cyber as modus operandi and enabler of many other threats, including hybrid attacks. This is particularly worrisome with the prominence of the crime-as-a-service business model.
The EU Cybersecurity Strategy In the 2013 EU Cybersecurity Strategy and its 2017 revision, it is highlighted that external cyber capacity building is a strategic building block of the EU’s cyber policy. This was also brought forward as a key ingredient in the 2015 European Agenda on Security. It also contributes significantly to creating operational cooperation frameworks between partner countries and the EU (ensuring an internal-external security nexus), which ultimate
ly should lead to an improved global cyber ecosystem with positive results for the entire community. Finally, it allows cooperation with partner countries in a way that eventually translates to policy influence. This is especially important in the context of global polarisation on cyber issues, including the promotion of principles of open, free and secure cyberspace in full compliance with human rights protection and the rule of law. Since the adoption of its Cybersecurity Strategy in June 2013, the EU has been leading in international cyber capacity building and systematically linking these efforts with its development cooperation funds. Such actions are based on promoting a rights-based and whole-of-government approach that integrates lessons the EU has learnt from the development effectiveness agenda. Moreover, in 2017 there was a clear recognition at the EU level that cybersecurity should be considered a transversal issue in development and cooperation that can contribute to the realisation of the 2030 Agenda for Sustainable Development, as stipulated in the EU’s Digital4Development policy framework. The significance of efforts to build national resilience in third countries as a means of increasing the level of cybersecurity globally, with positive consequences for the EU, was also recognised in the 2017 Joint Communication on ‘Resilience, deterrence and defence: Building strong cybersecurity for the EU’. photo: U.S. Embassy Ghana, Flickr.com
Carlos Bandin Bujan
has been SecurityDeskOfficerand
Programme Manager in Unit B5 of
the European Commission’s Direc
torate-General for Development
and International Cooperation
photo: private
(DEVCO) since 2017. He was born in 1973. From November 2006
to June 2007 he was the Head of the Military Police Unit of EUFOR in Mostar before becoming Head of Unitin the Crime Department at Guardia Civil HQ in La Coruna in 2007. He joined the European Commission as Intelligence Analyst and Investigator (team leader) in the Security Directorate in 2015.
impact is still difficult to translate into metrics and we will have to wait a few more years to witness the evolution of our digital societies and whether today’s efforts have been rightfully identified and implemented. However, some lessons learned can already be drawn from this process: • Tackling cybersecurity threats and building cyber resilient societies is something which has to happen at multiple levels, and across the globe. • We can no longer hope to protect ourselves by building an effective barrier which keeps all threats out. From time to time successful attacks on our systems will happen, consequently we need to develop strategies and operational capabilities to bounce back from successful attacks on our systems and ensure the functioning of the services. • Effective interinstitutional and international cooperation is key when tackling cyber threats, as the cyberspace is ubiquitous and threats can emanate from the most remote areas on earth, targeting our assets in seconds.
Lessons learned for the way ahead In essence, cyber capacity building is crucial to promote cybersecurity across the globe and as such, in broader terms, capacity building in the cyber domain aims to build resilient and accountable institutions to respond effectively to existing cyber threats and to strengthen society’s cyber resilience. This is an integral component of international cooperation that can foster international solidarity with the EU’s vision for a free, open, peaceful, secure, interoperable cyberspace for everyone, while ensuring compliance with human rights and the rule of law. Efforts made by the EU in building a stronger and more resilient digital ecosystem are measurable and quantifiable, however the 1 The European Commission’s 2017 Digital4Development Staff Working document, explores the significant influence digitalization can have towards increased productivity, sustainable growth, job creation and the empowerment of women. Digital4Development The Digital4Development approach was set out in a European Commission working Paper of May 2017. This approach aims to promote information and communication technologies in developing countries as enablers of growth, and to better mainstream digital solutions in development. Digital4Development is guided by international frameworks, such as the UN’s 2030 Agenda for Sustainable Development and its Addis Ababa Action Agenda for financing development (AAAA). One of the objectives is to promote access to affordable broadband connectivity and contribute to reducing the digital divide and facilitate access to Internet to the least developed populations or communities having no access to digital technologies today. > Web https://bit.ly/2p0jMAO
