Cybersecurity and Development: Initial Draft

As part of the CEB cybersec working group, UNDP has agreed to take the lead in two of the five thematic areas identified by the CEB Steering Committee, namely the role of cybersec in development and the post2015 agenda, and the coordination of cybersec activities of all UN agencies via UNDG. Below is the first draft that I shared with the WG.

Background

The widespread diffusion of new Information and Communication Technologies (ICTs) around the globe has already brought many direct and indirect benefits to users, including those in developing countries. In similar fashion, the new innovation wave, has kick-started social innovation and generated a community of social innovators in the Global South who are playing a key role at the local, national and international levels.

New ICTs and innovation, however, also carry new risks to the confidentiality, integrity and availability of important information which we rely on in our daily lives. Cybersecurity has become a truly global governance issue as the Internet and other ICTs become a pervasive and integral part of the global economy. For example, the latest data suggest that over 3 billion people are now connected to the Internet. The Internet is now an integral part of the global economy and cybersecurity has become critical to all countries, both developed and developing.

Unfortunately, cybersecurity is still seen by many, including policy makers and development practitioners, as either a complex technical issue or as one that is not relevant to policy and development agendas. From the vantage point of poorer countries, especially LCDs and LICs, the latter is particularly relevant as these countries still have both low Internet penetration and slow ICT diffusion while facing daunting challenges such as pervasive poverty, increasing inequality, social exclusion and lack of political participation by many.
The current post-2015 process where ICTs are thus far almost invisible and new global issues such as cybersecurity are not on the radar screen of those making decisions on the identification of new Sustainable Development Goals, SDGs (e.g. see http://sustainabledevelopment.un.org/focussdgs.html for latest draft on focus areas).

Approach

Cybersecurity is thus facing the same conundrum that new ICTs have been facing since the early 1990s. While the MDGs did include a specific target on access to ICTs, the new technologies were not seriously considered as means of implementation for the MDGs, especially those related to public service and information provision. And in some quarters, there was even strong opposition to allocating development resources to ICTs as they were seen as competing with other core development priorities.

From a developing country perspective, cybersecurity, like ICTs, should primarily be considered as a means to an end, and not as goal in itself. This approach can provide a good entry point to bring the issue into both the development discourse and national and global development agendas. Developing countries who are still starting to deploy local ICT networks, platforms and applications have indeed a unique opportunity to put cybersecurity as a key cornerstone in the process while having the potential to leap-frog ahead of other countries what might have a plethora of networks and ICT assets than are already exposed to cyberattacks and cybercrime.

There is also a clear need to go beyond the somewhat simplistic “cyberwar” and “cyberweapons” approach to cybersecurity and instead bring into the picture a perspective that takes a human rights based approach to the issue. In this context, it is essential to link the issue to governance principles and mechanisms, as we are indeed talking about an issue which has global scope but also demands national responses from governments and other stakeholders.

UNDP’s role

UNDP is well positioned to put forth a vision for including cybersecurity as a cross-cutting issue for both development programming and the post-2015 development goals. UNDP has been a pioneer in the use of ICTs as enablers for development and thus has considerable experience and knowledge in this area. UNDP is also the largest multilateral provider of democratic governance services with a portfolio of almost 3,000 projects functioning in over 140 developing countries and spending close to 2 billion USD a year. The latest UNDP programme data indicates that only around 20% of these projects use ICTs in some sort of fashion -cybersecurity being conspicuously absent throughout.

UNDP’s core idea to mainstream cybersecurity into developing programming is to integrate the issue into key development programmes and agendas -and not trying to add a new priority to already crowded and seemingly competitive development agendas. UNDP will also take a human rights based approach to the issue to foster a proper balance between security and privacy and ensure people, and their security, are at the center of the issue.

Priority 2

In this light, the areas where assistance will be provided by UNDP, together with other UN agencies and partners, to mainstream cybersecurity into development programming include:

  • Assisting in national policies and regulations that advance cybersecurity including national strategies for key assets and an enabling environment for e-commerce and data protection, among others
  • Enhancing local capacities to ensure policies and regulations are effectively implemented while increasing both awareness on the issue and cross-country cooperation
  • Building a network of experts to provide technical expertise and advise on the issue based on local contexts and local needs
  • Linking cybersecurity issues to overall development agendas and goals at the local level to mainstream the issue at the national level
  • Promoting a multi-stakeholder approach where all sectors and actors are part of the process and the governance of national ICT assets is transparent
  • Bringing forward a human rights approach to cybersecurity to ensure that security is not at odds with privacy and the protection of people’s fundamental rights, including online freedom.

The modalities to accomplish these targets include, among others:

  • Raising awareness of the issue to policy and decision makers at high-level meetings, including UN gatherings
  • Sharing of comparative experiences from other countries that might have already embarked in the processes via South South and Triangular cooperation
  • Development of local technical expertise to ensure long term sustainability of cybersecurity policies and their sound implementation
  • Development of detailed case studies and compilation of successes and failures
  • Capacity to measure progress either via national or international standards

Priority 3

To ensure coherence and coordination in its assistance to Member States and avoid duplication of efforts, UNDG must play a central role in the process. While coordination can be a daunting task in many cases, the best approach would be to utilize current UNDG mechanisms such as the current Working Groups. In this context, the Working Group on Programming Issues (WGPI) could be approached to explore ways in which cybersecurity could be incorporated into the UNDAF process.

In any event, the work to be undertaken here is essentially process driven and will demand close oversight and follow-up by a resource person. UNDP could use its executive live within UNDG and advocate for mainstreaming cybersecurity into development programming.

Cheers, Raúl