ICTworks

Rapid digital transformation – underpinned by affordable communications and cheap devices – has introduced new risks and vulnerabilities that cannot be ignored. Organizations and countries alike are becoming increasingly concerned about the misuse of digital technologies that might lead to critical infrastructure failures, financial destabilization, increased surveillance, human rights abuses, disinformation, data exploitation, and other negative impacts on public health and safety.

It is important to recognize that digitization and resilience are two sides of the same coin. The digital development community and the cybersecurity community share related goals of strengthening digital capacity building, including the ability to effectively use advanced technologies while simultaneously ensuring that citizens remain safe, protected, and productive online. Despite these similar aims, the two communities operate primarily within their own disciplines, rarely partner, and embed cybersecurity activities within digital development projects.

Integrating Cyber Capacity into the Digital Development Agenda identifies pathways to bridge the development community to the cybersecurity capacity building community.

Multiple benefits can arise from integrating cybersecurity, digital resilience, and cyber capacity into digital development.

At a foundational level, decision-makers need to gain a deeper understanding of the threats emanating from the potential misuse of information and communications technologies (ICTs) and emerging technologies, such as becoming tools for unauthorized surveillance, disinformation, digital authoritarianism, data exploitation, espionage, etc.

This understanding can guide the development community in supporting countries’ digital adoption and increasing their maturity in maximizing the use of new digital technologies as enablers of sustainable and secure development.

On a more practical level, it is clear that integrating these aspects into development programs would lead to achieving better outcomes; streamlining processes/eliminating duplication of efforts/maximizing resources; and building stronger resilience, safety, security, and trust into recipient countries’ digital transformation projects.

10 Cybersecurity Changes for International Development

The recommendations provided in this report are intended to help multilateral organizations and other donors investing in digital development and cyber capacity building activities to integrate cybersecurity and digital resilience throughout the lifecycle of a project, identify areas where they can partner, build mechanisms to de-risk their investments, build stronger and enduring digital infrastructures and projects, and accelerate the safe adoption of technologies to meet the intended outcomes of the SDGs.

A few recommendations stand out.

1. The development and cybersecurity communities need to update their “playbook” for the digital era by connecting cybersecurity and digital resilience to the economic aspirations, digitization strategies, and development priorities of recipient countries. Digital capacity building must be more needs-driven and tailored to individual and national circumstances, and better coordinated globally. Tailored programming and approaches based on a demand-driven signal and the political, economic, and social context of a recipient country is central to ensuring the long-term sustainability and scalability of any capacity building efforts. Providing sufficient funding should also remain an important objective.
2. The cybersecurity narrative in the context of international development should be reframed in terms of digital resilience, safety, trust, sustainability, and risk management rather than security.
3. The OECD Development Assistance Committee should add “digital resilience” to the eligibility criteria for Official Development Assistance as part of the peace and security activities to enable cybersecurity-related assistance.
4. To ensure the continuity and sustainability of a project (e.g., continuity of the program, staff, equipment, etc.), funds should be programmed into the country’s national budget. Both the development community and recipient countries see ICTs as long-term capital assets and expenditures, rather than commodities that will need updating and replacing within a five to ten-year period. ICTs that are still in use and no longer supported by hardware and software updates make the recipient country more vulnerable to digital risks. This vulnerability leaves a critical shortfall in a program’s sustainability and its ability to achieve the desired resilient outcomes. A digital development project’s total-cost-of-ownership and ICT refresh must, therefore, be included in project formulation and programmed into assistance packages.
5. The development and cybersecurity communities should invest in the development of “Digital Public Goods” (universal tools and instruments) that can be shared and applied broadly.
6. Growing a cybersecurity skilled local labor force/talent pools and indigenous capacity should be a key objective of any digital development project. This requires addressing many related challenges, including the affordability of cyber certifications, the need to reform school and university curricula, and the need to identify and cultivate local talent and commercial implementors.
7. Funding should be allocated to students and local institutions in order to build knowledge of local ecosystems, culture, and digital risks to society. Local data, trends, statistics, and field research that characterize the threat within a country or region can provide compelling evidence to drive economic and political arguments as to why cybersecurity is an important and necessary component of digital development.
8. Development organizations should be used as a conduit to raise cybersecurity awareness and build capacity in lowand middle-income countries. While digital risks stemming from increased reliance on ICTs and the expansion of e-services, digital systems, and platforms may not be prioritized, the development community has established connections and better understanding of local challenges within these countries and can offer particular insights and valuable relationships with local “implementors.”
9. Duplication of efforts should be avoided by developing greater coherence and coordination between stakeholders. Scalable approaches and solutions are needed as well as innovative platforms and pilot projects that identify on-the-ground/ local partners to implement the necessary actions and improve coordination efforts with local authorities. The practice of favoring “darling countries” that receive multiple offers of foreign aid from different donors, while neglecting “orphan countries” should be evaluated to maximized development resources more broadly.
10. There are a number of venues that should be leveraged to bridge the international development community with the cybersecurity capacity building community. Networking the networks may lead to cybersecurity becoming an integral activity within digital development and help both communities achieve more resilient outcomes.

A lightly edited synopsis of Integrating Cyber Capacity into the Digital Development Agenda by Melissa Hathaway and Francesca Spidalieri.