Despite the universality of cyberspace as a concept, and persistent notions of a shared, trans-national cyber commons, the internet and its governance have long been characterised by differences: in perspectives, in representation and perhaps, especially, in the distribution of practical knowledge, capabilities and access. The resulting gaps between well-resourced and under-resourced regions and states, between policymakers, scholars and practitioners, or between competing ideologies and approaches to digital policy and regulation are, in effect, core challenges for effective global cooperation towards an inclusive and just digital society and economy.
Bridging such gaps in the cybersecurity domain was the goal of this month’s ‘Closing the Gap’ Conference, organised by the European Commission’s ‘EU Cyber Direct’ project. In partnership with a diverse group of international organisations including the European Institute for Security Studies, ASPI’s International Cyber Policy Centre and Research ICT Africa, the 5-day digital conference brought together research from the academic, civil-society and private sectors in engaging conversations about closing gaps in, for example, knowledge, diversity, geography, gender and accountability.
The irony of online conferences is that by foregoing physical interaction, the reach and accessibility of the conversation is extended to people and regions that may not always be privy to meaningful participation and engagement in higher-level discussions of such issues. Yet, while there was an overwhelming enthusiasm for a diversity of perspectives in cyber diplomacy debates, the challenge of such discussions will be the move from agreements in theory, to actions and results in practice.
Currently, African countries remain underrepresented in international discussions about the peace and stability of cyberspace, and as Research ICT Africa’s work has demonstrated, the opportunities and risks associated with the access and use of the internet are not evenly distributed.
At an individual level, despite limited access, Africans users are disproportionately affected by, for example, ransomware, illicit cryptocurrency mining, phishing attacks, malware infections, and social media scams according to a report from Symantec and the African Union, and a recent Microsoft Security Intelligence Report. At the level of suppliers, technology firms and practitioners, many African countries also have very few secure servers, limited internet exchange points, and a high percentage of pirated software. Moreover, as very few ICT supply chains originate in Africa, they have limited ability to set or uphold security standards. Meanwhile, at a state and regional level, only 14 African states have cybersecurity policies and strategies, 22 have Cybersecurity Incident Response Teams (CSIRTs)—13 of which are part of the international Forum of Incident Response and Security Teams (FIRST)—and there is a general lack of institutional or technical capacity according to, for example, the Cybersecurity Capacity Maturity Model (CMM) assessments by the Global Cyber Security Capacity Centre (GCSCC).
We can conceptualise these security gaps in African digital ecosystems as logical extensions of the inequality paradox, in which inequalities increase as more African users come online. In part, as a result, cyber diplomacy debates have seen lower levels of engagement from African stakeholders in established international processes like the United Nations Group of Governmental Experts, in declarations like the Malabo and Budapest Conventions on Cybercrime, or in other fora such as the Freedom Online Coalition or Paris Call for Trust and Security in Cyberspace.
Brussels Executive Director for the European Institute for Security Studies, Patryk Pawlak, noted in his closing remarks of the conference that it is people who create gaps, and it is therefore up to people to close them. Grappling with these challenges, and the closing of these various gaps, will require new and creative ways to build integrative layers of sustained, multi stakeholder engagements that take a broader view of cyberspace. These should also consider the social, economic, human rights and development implications of cybersecurity in conjunction with coordinated capacity building initiatives that foster regional cooperation, participation and dialogue.
Although a regional dialogue on the governance of cyberspace certainly exists in Africa, what such new and developed mechanisms will look like in practice remains an open question. However, the lively discussions underway in the cyber policy space represent an effort to chart a course towards a new and more inclusive technology diplomacy, in part, by seeking out and valuing diverse voices and perspectives. Keynotes, Roundtable discussions and workshops from EU Cyber Direct’s ‘Closing the Gap’ Conference are available here.