The field of cyber capacity building is rapidly maturing. The Global Forum on Cyber Expertise (GFCE), as the multi-stakeholder platform for cyber capacity building, supports and addresses the needs of the community while reducing fragmentation of efforts.
As part of the GFCE’s efforts to meet the needs of different regional stakeholders, the GFCE Regional Meeting for Europe 2024 is being held back-to-back with the European Cyber Agora. GFCE Europe Regional meeting participants are invited to join both events; however, please note there is a separate registration for European Cyber Agora – you can check their program and register here.
The GFCE Europe Regional Meeting provides stakeholders with an opportunity to discuss priorities for cyber capacity building in Europe and to share insights on developing best practices and innovative approaches that may help inform cyber capacity building in other regions. The meeting will also be an opportunity to update the community on the ongoing process around the Global Conference on Cyber Capacity Building (GC3B), which held its inaugural event in Accra, Ghana, in November 2023. Preparations are underway for the upcoming May 2025 GC3B to be held in Geneva, Switzerland.
Program elements & Networking opportunities
In line with previous GFCE Annual and Regional Meetings, an open, informal, and interactive setting will be established throughout the day.
There will be several networking opportunities during the GFCE Regional Meeting.
GFCE Europe Regional Meeting 2024 – program:
Welcome and setting the stage
David van Duren, Director GFCE Secretariat
Regional Cyber Capacity building: discussing the way forward
Cormac Callanan, Cyber Security Coordinator of the ESIWA
Erna Catic, Policy Officer at EEAS
Miguel Exposito, Deputy Head of Unit for Science, Technology, Innovation and Digitalisation at the European Commission’s DG INTPA
Moctar Yedaly, Africa Hub Director at GFCE
Silja-Madli Ossip, Community Lead at EU CyberNet
Moderator: Tereza Horejsova, Outreach Manager at GFCE
Conclusion and next steps
David van Duren, Director GFCE Secretariat
Language and meeting format
The meeting will be conducted in English. Hybrid meeting arrangements will be provided.
GFCE Secretariat Visits Skopje and Welcomes New Member – Republic of North Macedonia – to the GFCE Community.
On Friday 10th February 2023, by invitation of the Government of the Republic of North Macedonia, the GFCE Secretariat had the honor and pleasure to be in Skopje, North Macedonia, for a welcoming event to celebrate the recent GFCE Membership of North Macedonia, who are the 103rd Member of the GFCE.
Deputy Prime Minister, Slavica Grkovska, kindly invited GFCE Global Outreach and Partnerships Manager, Wouter Veenstra, to meet with representatives of all relevant ministries and agencies dealing with cyber, including several academic institutions. At the event it was discussed how North Macedonia could participate, contribute and benefit best from the global multistakeholder GFCE community and its tools and mechanisms.
In line with GFCE’s strategic priorities of Global Cooperation, Regional Coordination and Local Collaboration, the Western Balkan region is one of GFCE’s five priority regions, alongside Africa, the Pacific, Southeast Asia and the Americas. The GFCE community, including global actors and those local to the region, voiced the need for increased cooperation and coordination on cyber capacity building (CCB) in the Western Balkans region. The GFCE efforts in the region are aimed to enhance coordination of CCB activities through aligning donors and implementers, improving information sharing, raising high-level awareness and avoiding duplication of efforts.
To support these ambitions, a dedicated GFCE Western Balkans stakeholder group of more than 75 participants has been launched with representatives of Western Balkan governments, donors and implementers. Deputy Prime Minister, Slavica Grkovska, reaffirmed the commitment of North Macedonia to this group and possibilities for hosting a future event later this year will be explored.
The need to further raise cyber resilience in the Western Balkans is apparent. Thus, in line with the GFCE’s demand-driven approach and in recognition of the importance of the region and its actors, the GFCE has been honored to welcome the Government of Republic of North Macedonia as a member and looks forward to continued cooperation on cyber capacity building.
AUC-GFCE Collaboration: “Enabling African countries to identify and address their cyber capacity needs”
News Item | 8 March 2021
The Global Forum on Cyber Expertise is happy to announce its collaboration with the African Union Commission (AUC) on “Enabling African countries to identify and address their cyber capacity needs” through a two-year project.
Introduction Digital financial services can reach excluded and underserved populations quickly and efficiently, making it a vital strategic pillar to enhance financial inclusion in developing countries. However, because of the digital nature of the deployment of such financial services, cyber risk is growing rapidly and evolving dynamically in developing countries with low cybersecurity capacity. Countries that do not have, for example, a national cybersecurity strategy, a national computer emergency response team (CERT) and cybercrime legislation may find it difficult to increase its capacity to respond to the increasing cyber risks. According to various national cyber security assessments[1], there is an urgent need to connect Africa’s digitalization efforts with ongoing global efforts to improve cybersecurity as this will enable the region to recap the benefits of digital growth while protecting society and reducing cyber risks.
The Global Forum on Cyber Expertise (GFCE) is a multi-stakeholder community of more than 120 members and partners from all regions of the world, aiming to strengthen cyber capacity and expertise globally. The GFCE has extensive expertise and experience that could be valuable for the African region. Various GFCE members and partners are involved in large cyber capacity programs in Africa. This was a key reason to organize the GFCE Annual Meeting 2019 in Addis Ababa with the support of the African Union Commission (AUC). Over 40 African countries participated within the Annual Meeting where the GFCE Working Groups organized workshops on key cyber topics. Additionally, GFCE side-meetings were organized, bringing together donors, implementers and regional organizations to discuss how they could improve coordination and avoid the duplication of efforts in the African region.
To build on the success of the Annual Meeting 2019 and the continuous efforts of the AUC, the GFCE and the AUC seek to strengthen cyber resilience in the African region in close collaboration with all relevant stakeholders.
Two-year collaborative project The GFCE, in partnership with the AUC, aims to develop cyber capacity building knowledge to enable African countries to better understand cyber capacities and support them in strengthening their cyber resilience with support from the Bill & Melinda Gates Foundation.
Through a two-year collaborative project, the GFCE and AUC aim to achieve the following outcomes:
Grow a trusted community of cyber leaders from the different African countries;
Identify relevant cyber capacity gaps on a national and sub-regional level in African countries;
Enable African countries to prioritize, address and communicate their national cyber capacity needs; and
Foster coordination and increasing international collaboration between (existing) cyber capacity building efforts in Africa.
The project will build on and utilize existing cyber structures, plans, expertise and capacities within the AUC, as well as within the multi-stakeholder and international GFCE Community. The GFCE Secretariat and the AUC will be responsible for the coordination of the program.
In order to meet these outcomes, the project will focus on the following deliverables:
Online database of current projects and programs on cyber capacity building in the African region;
Published report of current cyber capacities as well as capacity gaps in the African region based on desk research and engagement with the African countries, AUC and the African Union Cyber Security Expert Group (AUCSEG);
Formation of a regional GFCE Africa group with relevant stakeholders from the global community;
Knowledge modules on key CCB topics[2] with an African regional focus developed in collaboration with the GFCE Working Groups as well as a module on “Communicating the impact of CCB” and “Reducing the gender gap in cybersecurity leadership”;
Formal and informal knowledge sharing opportunities during in-person and/or online meetings;
Concrete requests for national cyber capacity support as input for the tailor-made spin-off projects.
If you have any questions, please contact the GFCE Secretariat at contact@thegfce.org.
[1] For example, the Global Cybersecurity index published by the ITU and cybersecurity maturity assessments done by Oxford University’s Global Cybersecurity Capacity Building Center.
[2] Based on the themes identified in the GFCE Global Agenda for Cyber Capacity Building.
GFCE continues to grow: A warm welcome to Austria and Mauritius
News item | 16-10-2017
We are proud to announce Austria and Mauritius as the newest members of the GFCE community. This adds up to a total of 63 members united to strengthen global cyber capacity efforts. Please read a quick introduction of both members below.
Austria
The BKA recognizes the importance of strong global networks and prevention of duplication, especially in cyber capacity building, and therefore supports the vision of the GFCE. While starting preparations for the Austrian presidency of the Council of the European Union (July to December 2018), the BKA could not hope for a more suitable time to join the GFCE and looks forward to jointly take cyber capacity to the next level.
Mauritius
The Government of Mauritius recognises the serious threats posed by cybercrime and herewith the need for cyber capacity building efforts. Mauritius has developed a National Cyber Security Strategy and National Cybercrime Strategy, which are currently in effect. These strategies give insight on the approach and strategy of the Mauritian Government and what measures are taken to effectively protect their cyberspace. One of the main focus areas of these strategies is strengthening cyber capacity of different target groups through various programs within society.
Countdown to the GFCE Annual Meeting 2017 in Brussels
News item | 29-05-2017
This week the GFCE will have its Annual Meeting in Brussels, which is kindly hosted by one of its members, the European Union.
Participants from all continents and representing more than 75 countries, International organizations or private entities will gather in The Hotel in Brussels to share and discuss current and future Cyber Capacity Building (CCB) activities.
The focus of this year’s Annual is to agree on a set of Global Good Practices to be made available for the global community and to discuss the CCB Agenda for the coming years. These goals were set out in the GFCE Roadmap.
The outcomes will lay the foundation for the GFCE’s input for the upcoming Global Conference on CyberSpace 2017 to be held later this year in India.
The EU Experience in Global Cyber Capacity and Institution Building
In recognizing the intersection between cyber resilience and development, the EU has defined cyber capacity building in third countries as a strategic building block of its 2013 Cybersecurity Strategy. Based on lessons learnt from traditional development cooperation and its internal experience and best practice, the EU has tailored a cyber capacity building model that aims at increasing the cyber resilience of partner countries while integrating a multistakeholder and rights-based approach. The challenges are numerous, as are the needs, and require innovative, cross-sectoral and integrated cooperation.
Written by: Ms. Panagiota-Nayia Barmpaliou, Cybersecurity and Organised Crime Programme Manager at the Directorate General for International Cooperation and Development of the European Commission.
The intersection of cyber resilience and development
Two thirds of Internet users live in the developing world where access to the Internet is growing almost four times faster than in developed countries. Broad ICT strategies are rolled out especially by developing nations which seek to reap the digital dividends. The importance of ICT as an enabler for sustainable development and a means for governance accountability has been long recognized by the development community and further confirmed in the 2030 Agenda for Sustainable Development.
In recent years this process has been accompanied by increased awareness of the need to have a safe and secure underlying digital environment, or cyberspace. Threats posed by malicious cyber activities, such as cybercrime and attacks to digital services and infrastructure, or accidental failures, demonstrate that the economic and social benefits of ICT cannot materialize in a vacuum. Instead, the incorporation of cyber resilience aspects is a prerequisite for any such effort to be constructive and sustainable.
Anchored in its development cooperation commitments, the EU has recognized the need to foster open and prosperous societies through cyber capacity building measures in third countries that pursue a whole-of-government approach and enable citizens to fully enjoy the social, cultural and economic benefits of cyberspace. The EU started its programmatic approach by supporting justice sector reforms in the fight against cybercrime in the Western Balkans in 2010 and a year later also with Eastern European partners in joint programmes with the Council of Europe. Building on this experience, the EU commenced a comprehensive cyber-specific capacity building engagement at a global level following the adoption of its 2013 Cybersecurity Strategy.
Joint EU-Council of Europe project “Global Action on Cybercrime – GLACY” (2013-2016)
The EU experience and approach
The EU has tailored a cyber capacity building model that integrates its internal experience with lessons learnt from traditional development cooperation. The EU approach is based on the EU Member States’ internal experience to enhance their cyber capabilities and best practice identified with the support of the European Cybercrime Centre (EC3) at Europol and the European Union Agency for Network and Information Security (ENISA). The EU’s support focuses on:
Facilitating the development or reform of appropriate regulatory and legal frameworks in compliance with international standards and in a manner that fosters greater international cooperation. In this context, the EU is committed in promoting the Budapest Convention on Cybercrime as the international legal framework of reference in the fight against cybercrime;
Enhancing the capacities of criminal justice authorities, such as law enforcement, prosecutors and judges, in order to enable them to effectively investigate, prosecute and adjudicate cases of cybercrime and other offences involving electronic evidence;
Supporting the development of organizational, technical and cooperation mechanisms that increase cyber resilience and preparedness, such as: facilitating the development of national cybersecurity strategies, promoting effective inter-institutional, inter-agency and international cooperation as well as public-private exchanges and setting up functional national Computer Emergency Response Teams.
In order to pursue effective institutional and administrative cyber reforms and increased operational capacities of third countries, the EU draws on the overall aid effectiveness agenda and its experience in actions that are at the heart of the security-development nexus. The criteria used are: local ownership, transparency and accountability, result orientation, inclusive partnerships in the pursuit of sustainability and the application of an overarching rights-based approach.
Given the considerable disparities in the level and maturity of Internet, telecommunication, ICT infrastructure and criminal justice capabilities across countries, a tailored and demand-driven approach is necessary to address their divergent needs. Any engagement needs to be formulated around the three dimensions that form the tenet of any comprehensive cybersecurity conceptual framework: the adoption and implementation of a comprehensive set of policy, organizational, and technical measures that will increase their cybersecurity preparedness, following a multi-stakeholder and human rights compliant approach.
To date, the EU’s experience confirms several key challenges that are specific to the cyber sphere. Firstly, the cyber needs of developing countries especially with regards to institutional capacities (law enforcement, judiciary, incident response agencies) are so high that effective and consistent cooperation in capacity building is the x factor in coordinating limited resources and avoiding fragmentation. For this reason, the creation of the Global Forum on Cyber Expertise can play a pivotal role as a platform for deconflicting and synergizing amongst the plethora of actors that are ushered in the cyber capacity building universe.
This aspect cannot be overstated, as the available expertise for delivery of technical assistance does not meet the demand of developing countries, whilst even developed countries are often struggling. Thereby, the scaling up of cybersecurity capacity building programmes that require long-term expert commitment could be positively pursued through the promotion of a regional approach in triangular cooperation that can lead to the creation of hubs of local experts in different regions.
A second challenge touches upon the persistent silos amongst different cyber communities within a given country. While in the area of cybercrime the stakeholders are clear thanks to the distinct criminal justice context, within the broader cybersecurity ecosystem the policy, technical, business and civil society communities most often do not cooperate. In order to overcome the disconnect between these actors, the facilitation of functional multi-stakeholder and multi-dimensional engagement is fundamental.
Undoubtedly, these challenges also represent opportunities to drive the different communities to work together in innovative ways. Critical to this process will be the successful mainstreaming of cyber as a crosscutting issue across policies and practices both in developed and developing countries. We are not there yet.
EU International Cyber Policy: promoting a free and secure global cybespace
Since the adoption of the EU Cybersecurity Strategy in 2013, EU has invested heavily in cyber stability and resilience internally and globally. Many new EU policy initiatives have advanced cyber security of companies and public organisations within the EU. The European Cybercrime Center was established to facilitate cooperation in fighting cybercrime, and new European legislation will take effect in 2016 to improve cyber security of critical infrastructures. Internationally, the EU is promoting a free and open cyberspace, where norms and existing international law should apply. In recent years, the EU has launched many cyber capacity building programmes to address cybercrime and cyber threats globally.
Written by: Ms. Heli Tiirmaa-Klaar is Head of Cyber Policy Coordination at the European External Action Service (EEAS) of the European Union
EU commitment to cyber capacity building
Cyberspace is growing exponentially. Fast growth and technological development will shape this new global policy area for decades to come. The number of Netizens will double in next 5 years, reaching 5 billion soon. A vast majority of these new Internet users will come from Asia, Africa and Latin America as European countries, the US and Japan are nearing their maximum saturation point in Internet connectivity. In the background of these dynamics, there is a lack ca 1 million cyber security experts globally, claim industry reports. That is why in parallel to internal cyber resilience, the EU invests in international cyber cooperation and has included cyber policy issues into the European Common Foreign and Security Policy agenda. Part of this approach is the EU’s membership of the Global Forum of Cyber Expertise and our commitment to global cyber capacity building.
EU achievements in international cyber cooperation include the launch of cyber dialogues with many EU key strategic partners – the US, Japan, South Korea, India and China. A new dialogue will start soon with Brazil. In addition to dialogues with the strategic partners, EU is also holding regular cyber consultations with other international organisations.
Cyber capacity building in developing and transition countries is high on the EU agenda. An increasing share of the EU development assistance funds will address cybercrime and cyber threats globally. Since 2013, the EU has launched several global projects to advance cyber security and to fight cybercrime.
Launch of the EU Cybersecurity Strategy in 2013 by EU Commissioners Neelie Kroes (Digital Agenda), Catherine Ashton (Foreign Affairs and Security Policy) and Cecilia Malmstrom (Home Affairs)
Cyber diplomacy
In January 2015, the EU Member States adopted the Council Conclusions on Cyber Diplomacy. This document established major policy guidelines for developing EU international cyber efforts. As a cornerstone of cyber diplomacy, the EU will continue to promote the understanding that there is a need to apply laws and norms in cyberspace. EU has been supporting the international discussions on developing norms of responsible state behaviour. Agreed international rules will help to enhance transparency and predictability of state behaviour in cyberspace. Several reports of the UN Group of Governmental Experts in cyber security have agreed on norms such as refraining from attacks against critical civilian infrastructure, cooperating during cyber incidents and not engaging in malicious cyber activities against CERTs.
One of the major achievements in international cyber policy has been the development of cyber security confidence building measures, where the EU has played an important coordinating role in OSCE discussions. Two sets of OSCE cyber confidence building measures will address how to increase transparency and cooperation between states. There is a key role for regional organisations in this field as they provide a forum for neighbours to talk, and, ideally, to resolve their grievances. Such mechanisms can help resolve any incipient disputes, reducing the danger of escalating tensions over hostile cyber action. EU also supports cyber confidence building process between the ASEAN Regional Forum members.
EU High Representative for Foreign Affairs and Security Policy, Frederica Mogherini and Dutch Foreign Minister, Bert Koenders, during the Global Conference on CyberSpace 2015 in The Hague
Internet should remain free, open and secure
As an important element for cyber diplomacy, the EU is of the opinion that the Internet should remain a free and open platform accessible to all. Internet is governed by the model where the private sector, civil society and the governments all are engaged and feed in with their expertise. EU High Representative for Foreign Affairs and Security Policy, Ms Frederica Mogherini emphasised this EU commitment to a free, open and secure internet during the Global Conference on CyberSpace in 2015: “We are working to provide a better life for future generations, where the safe and peaceful use of technology facilitates the free flow of information and ideas”.
States are also bound by international legal obligations related to Human Rights. State behaviour should follow the long established principles of existing international human rights law, such as the legal obligations enshrined in the International Covenant on Civil and Political Rights, and other human rights laws. To protect freedom of expression online, the EU Foreign Affairs Council adopted EU Human Rights Guidelines “on freedom of expression online and offline” in 2014.
EU will continue its efforts to improve security and freedom in cyberspace.
GFCE Europe Regional Meeting 2023
The GFCE Europe Regional Meeting took place back-to-back with the European Cyber Agora conference 2023 in Brussels, Belgium.
Ms Tereza Horejsova, GFCE Outreach Manager, opened the regional meeting by sharing the context of regional efforts of the GFCE, which serve to better understand regional perspectives and capacity needs and translate them into specific activities to support capacity building. The aims of the meeting thus included: to encourage and support European regional coordination and cooperation through mechanisms and tools, such as the Cybil Portal; to share knowledge; to offer support for individual needs of countries and the global Cyber Capacity Building research agenda by filling in knowledge gaps; and to support sustainable growth of GFCE structures such as the GFCE Foundation, Advisory Board, and various other Committees and Groups that ensure inclusivity and diversity of perspectives within the GFCE. She stressed similar format meetings are organized for other regions in which the GFCE is active, including Africa, the Americas and the Caribbean, Pacific Islands and South-East Asia. Special focus, within Europe, is given to the region of Western Balkans.
The director of the GFCE, Mr David Van Duren, followed by explaining the GFCE structure, highlighting the evolution of the Forum over the years. He stressed that the GFCE main focus has shifted from awareness to implementation. In addition, he highlighted that strengthening international cooperation and cyber capacity building is and should always be the main mission of the GFCE.
The highlight of his presentation was an announcement of the Global Conference on Cyber Capacity Building (GC3B), which will take place in Accra, Ghana, on 29-30 November 2023. The conference will conclude months of efforts in building a program that reflects the shaping of global agenda on cyber capacity building and will be important for further connecting development and cyber discussions.
The GFCE Europe Regional Meeting took place back-to-back with the European Cyber Agora conference 2023 in Brussels, Belgium.
Ms Tereza Horejsova, GFCE Outreach Manager, opened the regional meeting by sharing the context of regional efforts of the GFCE, which serve to better understand regional perspectives and capacity needs and translate them into specific activities to support capacity building. The aims of the meeting thus included: to encourage and support European regional coordination and cooperation through mechanisms and tools, such as the Cybil Portal; to share knowledge; to offer support for individual needs of countries and the global Cyber Capacity Building research agenda by filling in knowledge gaps; and to support sustainable growth of GFCE structures such as the GFCE Foundation, Advisory Board, and various other Committees and Groups that ensure inclusivity and diversity of perspectives within the GFCE. She stressed similar format meetings are organized for other regions in which the GFCE is active, including Africa, the Americas and the Caribbean, Pacific Islands and South-East Asia. Special focus, within Europe, is given to the region of Western Balkans.
The director of the GFCE, Mr David Van Duren, followed by explaining the GFCE structure, highlighting the evolution of the Forum over the years. He stressed that the GFCE main focus has shifted from awareness to implementation. In addition, he highlighted that strengthening international cooperation and cyber capacity building is and should always be the main mission of the GFCE.
The highlight of his presentation was an announcement of the Global Conference on Cyber Capacity Building (GC3B), which will take place in Accra, Ghana, on 29-30 November 2023. The conference will conclude months of efforts in building a program that reflects the shaping of global agenda on cyber capacity building and will be important for further connecting development and cyber discussions.
Representatives of the GFCE Africa Team and AUDA-NEPAD consequently presented an overview of the importance and achievements of the flagship AU-GFCE Collaboration project, a 2-year project funded by the Bill and Melinda Gates Foundation.
The keynote speaker, Dr. Towela Nyirenda-Jere, Head of Economic Integration at AUDA-NEPAD provided an overview of the African cybersecurity ecosystem by reminding participants that 14 countries have ratified Malabo Convention, meaning that it is one country shy of coming into effect. This in itself is good news for the continent, as the convention already lays out the provisions that countries will have to adhere to, as well as the requisite capacities that AU Member states will need to have to implement said convention. In considering implementing CCB programs and initiatives in Africa, she reminded, Partners and implementors are encouraged to take into account the various studies conducted by AUDA-NEPAD and the GFCE, institutions used an inclusive approach for gathering inputs and priorities for AU-Member countries. The inputs gathered have been translated into an Africa Agenda on CCB—a blueprint that will prove useful for all CCB actors on the continent.
The GFCE’s Clearing House Coordinator, Ms. Jaqueline Pateguana, presented the proposed Africa Agenda on CCB, a document which is in development phase by the Africa CCB Coordination Committee. The AA-CCB proposes strategic goals and priorities for CCB programming in Africa, and it aims to ensure coordinated CCB programming in Africa. As it stands, the document has 5 strategic goals (strengthening of regional and national cyber posture, developing an interconnected cyber ecosystem, to name a couple) which can be accomplished through the execution of priority actions that are also listed. While the document is still in the development phase, it will be submitted for AU endorsement and later shared with the global CCB community once approved. Meeting participants were encouraged to stay tuned to the Global Conference on Cyber Capacity Building (GC3B), as the global CCB agenda as well as Africa Agenda on CCB will be discussed during the event.
Lastly, Dr. Martin Koyabe, the Senior Manager for the AU-GFCE Project spoke to participants about how the GFCE Africa Regional Hub will support the coordination of CCB activities in Africa. The Hub, which is currently operating virtually with a staff of 4 people, will serve as a one-stop CCB resource center for GFCE Members and Partners wishing to execute CCB activities on the continent.
