United Nations Welcome to the United Nations. It's your world.

Agenda: Capacity Building Seventh substantive session of the Open-ended Working Group on security of and in the use of information and communications technologies 2021-2025

Thursday, 07 March 2024
Presenter: 
Ms. Diane Shayne D. Lipana, First Committee Expert, Permanent Mission of the Republic of the Philippines to the United Nations in New York
Location: 
Conference Room 4, United Nations Headquarters, New York

 

Thank you, Mr. Chair for giving me the floor.

Mr. Chair, Esteemed Delegates,

In the second APR, States were called on the continue discussion on the Global Cyber Security Cooperation Portal as a "one-stop-shop" tool for States, to be developed under the auspices of the UN. The Chair also asked us how it will look like in practice and for possible modules to include or integrate into this one-stop shop. The Philippines recognizes India’s proposal captures two modules on a capacity building, one module on a CB calendar and another module on assistance mapping. Nevertheless, we offer this food for thought on a Needs-Based Capacity Building Catalog to be considered as a possible module in our future “one-stop-shop” portal. Building the catalog is envisioned as a means to match CB needs with CB providers, in a manner driven by the demand/needs of recipient states.

Responding to the of the Chair for concrete suggestions for effective capacity building, I am pleased to present highlights of this Draft Working Paper (currently a non-paper) on Capacity Building, a  proposal aimed at enhancing cyber capacity across UN member states. This draft working paper, titled "Needs-Based Cyber Capacity Building Catalog (CB Catalog) for the Open-Ended Working Group on Security of and in the Use of Information and Communications Technologies 2021-2025," attempts to outline a comprehensive approach to address the evolving challenges in the realm of cybersecurity.

The Philippines is pleased to note, that although we initiated the concept, many experts in this room, from our region and other regions who equally value capacity building, has helped us shape this proposal in its current draft form.

Allow me to describe its rationale, principles, elements, and features:

  1. Rationale: The catalog is envisioned to help Member States independently identify their capacity-building needs; match their needs with existing providers; study the national experience of previous recipient countries and provide information on an inquiry or to apply for a capacity building program.
  2. Principles of Partnership: The paper emphasizes the importance of partnerships in capacity building, highlighting principles such as mutual trust, demand-driven initiatives, national ownership, and shared responsibilities. It sets the stage for a collaborative and inclusive framework.
  3. Elements of the CB Catalog: The CB Catalog is structured into four key headings - Capacity Needs, Providers, Models, and Inquiry/Information. This systematic approach allows for efficient navigation and access to relevant information for both providers and recipients.

In the draft working paper, we presented one sample set of entry:

4. Capacity Needs Enumeration: The paper advocates for a menu of capacities needed for cybersecurity, drawing on experiences of other states. It suggests using foundational studies, such as UNIDIR's Unpacking Cyber Capacity Needs Study, as a starting point to identify and evolve capacity needs.

In the example (on screen), we chose “setting up a CERT” as an example as it is one of the foundational cyber capacity needs identified in  UNIDIR’s Unpacking Cyber Capacity Needs Study/Report. Recognizing the different cybersecurity maturity of Member States, after populating the catalog with foundational CB needs, the catalog could also capture more advanced CB needs. For starters, the Philippines has identified a CB need to address and improve our CERT Team Operation and our CII cybersecurity assessment.

5. Comprehensive Provider Coverage: Recognizing the diversity of providers globally, the CB Catalog aims to be as comprehensive as possible, ensuring that states have access to a wide array of options when addressing their specific capacity needs.

Although the sample providers (on screen) refer to non-state providers, the catalog could also capture bilateral partnerships. Taking an example from our national experience, the Philippines and Australia just signed on 28 February 2024 an MOU on Cyber and Critical Technology Cooperation, the Philippines looks forward to contributing to the catalog by reporting on the practical partnerships between the Philippines and Australia as we implement this recently concluded MOU.

6. Good Practices and Models: The CB Catalog goes beyond listing providers by featuring good practices and model programs. This allows aspiring recipients to learn from successful implementations and encourages the replication of effective capacity-building initiatives.

7. Simplified Inquiry Process: To streamline the process, the CB Catalog facilitates direct correspondence between program recipients and providers. This feature eliminates the need for extensive research and enables quick, targeted inquiries. Like a “contact us” button, we envision that the inquiry button immediately links interested Member States to the designated focal person of CB providers.

8. Features of the Proposal:

  1. User-Friendly CB Catalog: The proposal introduces the concept of a user-friendly CB Catalog, designed to be a centralized repository that organizes existing capacity-building programs. This catalog serves as a valuable resource for states seeking guidance on cybersecurity initiatives.
  2. Avoid Hazard of Exposing Vulnerabilities: Once the catalog is populated and made available to Member States, States, who feel reluctant being assessed by a third party and assessing their national vulnerabilities, can make a domestic assessment and use the catalog as a starting point to build on improving national capacity.
  3. Basis for New CB Programs: Once the catalog is populated, there could be a realization that there are capacity needs where CB providers are lacking. The catalog could then serve as empirical basis for the creation of new capacity-building programs to meet new or underserved capacity needs.
  4. Feedback Mechanism: Development and updating of the catalog can also serve as a natural feedback mechanism on CB program implementation as additional providers/good practices/models can share/link their program of work and/or their implementation report to the catalog.
  5. Integration into Global Cyber Security Cooperation Portal: The proposal envisions the CB Catalog as a living document, regularly updated and could be integrated as a module into India’s Global Cyber Security Cooperation Portal, fostering continuous improvement and global collaboration. We also see the possibility of using Kenya’s threats repository as a source of ideation in identifying cyber capacity needs.

In closing, we wish to emphasize that the proposal is still in its draft form, and still open to inputs, questions, and refinements. We welcome collaboration and hope this initiative will serve as a valuable and complementary asset to existing proposals, designed to meet the diverse and dynamic needs of UN member states in the field of cyber capacity building.

We look forward to the constructive engagement and contributions from all delegations to enrich and refine this proposal for the collective benefit of our global cybersecurity efforts.

Thank you, Mr. Chair.