Editor’s Note: This post is adapted from a lightning talk presented at the recent Global Digital Development Forum (GDDF) 2023.
Over the last few years, DAI has expanded its cybersecurity portfolio to cover regions including Asia-Pacific, Eastern Europe, and the Western Balkans. Designing and delivering programs that focus on building the resilience of cybersecurity stakeholders and ecosystems involves investments in three key elements of cybersecurity: people, process, and technology. It also demands that we apply this approach with local existing conditions. Importantly, cybersecurity programming also requires flexibility for rapid responses in case of unforeseen and new threats, political turnover, or major geopolitical developments expanding cyber or hybrid warfare. This is naturally dictated by realities and conditions in the geographies where we work, where local actors and beneficiaries often face external shocks requiring adaptation.
On the one hand, medium- and long-term considerations are paramount to reducing vulnerabilities, while advancing and sustaining cybersecurity ecosystems and industries. For instance, there is a clear, ongoing need to strengthen the cybersecurity workforce and address the global shortage of 3.4 million workers in this field. Remedying this takes time, and it may involve developing targeted curricula together with industry to meet the growing demand for skills, or initiatives to reduce perpetual brain drain issues. On the other hand, the rapidly evolving nature of the cybersecurity threat landscape, geopolitical instabilities, and the deepening sophistication of tools and methods of inflicting damage to networks and systems demands immediate responses.
Adapting in Dangerous Circumstances
Here a few real-life examples that demonstrate the importance of adaptability in cybersecurity programming, and how we balance short-, medium- and long-term needs in the fast-evolving cybersecurity sector:
Russia’s full-scale invasion of Ukraine in February 2022 upended lives and livelihoods for Ukrainians and produced far-reaching international and regional consequences, dramatically shifting the cyber threat landscape with it. Over the past year, the Russian Federation has targeted cyberattacks against government institutions and critical infrastructure, such as telecommunications, electricity, and data storage systems. Emerging through the fog of war, one of Ukraine’s success stories in this tragic event has been the ability for government institutions to withstand and repel an unprecedented volume of cyberattacks. A surprise to many, but not for those tirelessly building its foundations. This is a result of prioritization of cybersecurity efforts by the government, the private sector, civil society, and academia to strengthen the overall ecosystem, supported by DAI.
Since its inception, recognizing the complexity of the threat posed by Russian hybrid warfare, the team adopted a multi-sector approach to improve Ukraine’s cybersecurity for critical infrastructure through legislative reform, workforce, and market development. U.S. Government assistance has been particularly critical during the war, helping Ukraine keep its state institutions and key infrastructure running to meet the needs of the Ukrainian people. For such a project, this meant adapting and maximizing existing efforts, while responding to an unprecedented surge in needs for local partners.
Examples of critical support include legislative amendments to legalize off-premises cloud migration, analyzing, and responding to massive distributed denial-of-service (DDoS) attacks through embedded experts in key institutions, and delivering, modernizing, and deploying technology and power generation equipment needed to sustain the country’s defenses in a protracted war and beyond.
As another example comes from the Critical Infrastructure Digitalization and Resilience (CIDR) program. Government institutions and critical information infrastructure operators in southeastern Europe sustained waves of cyber attacks in 2022, leading to disruptions of government services. In one country in the Western Balkans, because of these attacks and subsequent cybersecurity audits by the program for key public sector institutions to identify immediate critical vulnerabilities, the program quickly adapted its workplan to establish a rapid response mechanism to empower critical infrastructure operators in mitigating foundational IT security vulnerabilities and responding to future incidents.
These events teach us a lesson about the fickle nature of cybersecurity. As we look ahead in designing and implementing future programs, the development community must approach these efforts with a combination of sustained medium-and long-term interventions, while incorporating flexible crisis management and rapid response mechanisms for clients and local beneficiaries. This ensures that we deliver impactful programming and shape best practices in a nascent field for the wider community.