A year in the ‘American mountains’
It has been about a year since the Global Cyber Expertise Magazine’s issue 6 in spring 2020 featured an article introducing EU CyberNet as the ‘new kid on the cyber capacity building block’. Little did any of us reading it know of what was to follow?
Needless to say, the pandemic changed a lot on the global cyber capacity building scene,
posing new challenges for both the various projects as well as the increased teleworking bringing cybersecurity to limelight around the world. No doubt, it was a real rollercoaster, or as we call it in Estonian – ‘American mountains’; as in order to stick to the work plans, creative thinking became useful. However, by December 2020, we had two more surprises waiting. Having led the project for a little over a year, we received two major decisions from the European Commission. First, EU CyberNet was included in the new EU Cybersecurity Strategy whereby the EU is to leverage EU CyberNet’s expertise in implementing the cyber capacity building related parts of the strategy. Secondly, the European Commission proposed to extend the project by two years and added tasks that were to take EU CyberNet’s activities to a new level. The new tasks are to train the entire network of EU Delegations in cyber security capacity building and to provide lead support in establishing a regional cybersecurity competence center in the Dominican Republic that would cover the entire Latin America and the Caribbean region.
Why Latin America and the Caribbean?
In the context of cyber security, the countries in Latin America and the Caribbean are important partners for the EU due to their ambition to digitalize their societies and achieve better preparedness to counter cyber incidents, as well as the existence of shared values between the two regions in general. However, as was highlighted in the 7th issue of the Global Cyber Expertise Magazine, there are also several areas where EU-funded cyber capacity building initiatives could be of particular value. Cyber attacks on critical infrastructure continue to increase in frequency and venture into new areas. Just to highlight the most recent cases, the Colonial Pipeline attack in the United States or ransomware attacks such as the one against the health sector in Ireland inter alia indicate the need for the inclusion of such threats in nation-wide risk management. In addition, a regional approach is essential. Not only would it mean developing regional capabilities, but also building upon the routine of collaboration and sharing of information, which is ever more important in the ever more connected cyberspace. Thirdly – there can never be an OSFA (one size fits all) label on countries when it comes to cybersecurity maturity – as cyberspace realities evolve, so should legislation, policies and initiatives. The levels of cyber resilience and the general awareness in Latin America about cyber threats differ from country to country. Few have established rules for the cyber defense of critical infrastructure or an effective partnership between the state and the private sector. Cyber exercises are rather rare and practical collaboration between the continent’s countries are often not as close as, for example, in the EU. At the same time, the region has a booming ICT sector and some governments have taken the pandemic as an opportunity to revise and redefine what cybersecurity means. EU CyberNet and its growing network of experts can therefore become a practical tool for the various EU projects that are already active in the region.
What is a regional cyber competence centre?
Spearheaded by the establishment of the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE) in Estonia in 2008, the number of regional cyber centers has continued to grow. For example, in 2019 Singapore created a regional cyber center, the ASCCE, for fostering cybersecurity in the ASEAN countries. There are at least two similar initiatives in Africa. So far, Latin America and the Caribbean does not have one and this presents the EU and RIA with a great responsibility. An international and regional organization cannot be established overnight. Fortunately, EU CyberNet can leverage both its host nation’s know-how – Estonia has the unique experience of initiating and developing the NATO CCDCOE – as well as that of an international group of experts who on time for this issue of the Magazine have completed a feasibility study on the future center. The implementation plan foresees that the regional center in Santo Domingo should achieve initial readiness by the end of 2021. Negotiations with the Dominican Republic authorities concerning the location of the center’s facilities are already ongoing. Our goal is to create maximum synergy with the original tasks of the EU CyberNet, i.e. the establishment of an international network of experts and organizing trainings. Therefore, we see the conduction of trainings as an essential part of the center’s activities. Preparations for the first engagements in this area are ongoing. In cooperation with the Cyber4Development project on May 19 we supported the Dominican Republic authorities to conduct a cybersecurity exercise “Ciber Llamas”. In the coming years, the center should develop into a regional hub that covers the full range of cybersecurity needs of the regional participants, similarly to how EU CyberNet is to furnish the full range of needs of the EU. Reaching out to regional experts and building capacity will be a key functionality of the center that will support its long-term sustainability.
Building sustainable bridges in cyber security expertise
EU CyberNet’s expert pool today covers many areas of expertise, making it possible to support raising awareness of cyber security matters in general and to strengthen links between governments, academia, and the private sector. In March we launched our online technical platform CynAct that will allow the stakeholders of the network to inform experts of their upcoming missions and find potential contributors. Further development of the platform will
continue in 2021-22. In May 2021 another important milestone was reached when we launched the monthly online EU CyberNet Club event series – an expert-to-expert forum where experts can learn from and discuss with other members of the EU CyberNet community of various issues happening on the cyber security scene today. Over the coming months we aim to cover topics that touch upon the full span of cyber security, from strategic to technological issues, and from operational to legal and regulatory issues. The task of providing cyber capacity building related training to EU delegations are targeted at well-versed experts in the delegations that can act as reliable and knowledgeable partners in the cooperative effort of cyber capacity building. In cooperation between the EU, the host nations and cybersecurity experts can be supported in order to prevent the critical infrastructure of the countries from falling victim to hostile activity as this could start a cyber crisis with global implications. In the end, however, the sustainability of our activities depends on the people. EU CyberNet is already open for EU experts to sign up as members of the network. If you know, for example, how to carry out sectoral and/or national strategies, increase institutional capacity, prepare laws that respect human rights, defend the critical information infrastructure, organize the work of CERT, or build international cooperation networks, please check out our website: www.eucybernet.eu/expert-pool.
The past couple of months have seen rapid growth in the opportunities for experts to become involved in different activities of the network. Therefore the best time to join is now.