Today, the Swedish Ministry of Foreign Affairs, the International Telecommunication Union (ITU), the Global Forum on Cyber Expertise (GFCE), and Microsoft published Cybersecurity and Sustainable Development: A Global Path Forward, a compendium of recommendations on how to ensure cybersecurity does not remain an isolated concern – which is the case today – but gets woven into the very fabric of development work.
Digital transformation takes center stage for most economies, and it is critical that cybersecurity considerations are not an afterthought but are implemented in parallel. The workshop series that informed this compendium revealed the need to further align connectivity needs toward the Sustainable Development Goals (SDGs). However, as we start to bridge the digital divide, we face a crucial balancing act. While digital advancement promises substantial economic and social benefits, it also opens the door to heightened cybersecurity risks. Cyber threats can disrupt economies, compromise privacy, and be used to manipulate our societies. This dual challenge of fostering cyber resiliency alongside digital growth is not just an imperative for economic stability but also a cornerstone of trust in digital services. Addressing this tension head-on needs to be pivotal in our journey toward a more inclusive, secure, and sustainable digital future for all.
Throughout the past nine months, numerous workshops brought together experts from industry, civil society, and government in cybersecurity and development communities. They have yielded invaluable insights reflected in the recommendations summarized in this compendium. The collective findings emphasize the urgent need for a paradigm shift in how cybersecurity is perceived, integrated, and prioritized within traditional development agendas and include:
- Integrating cybersecurity into development initiatives: There is a gap between the cybersecurity and development communities that is both technical, financial, terminological, and operational. The compendium recommends developing a common framework and language for cybersecurity and digital development, creating comprehensive capacity building programs, integrating cybersecurity metrics into development projects, and exploring the link between cybersecurity and existing international frameworks. A great example of such an effort is a project by the UK Foreign, Commonwealth and Development Office (FCDO), which aimed at developing an online cybersecurity and data protection toolkit to help protect South African small and medium-sized enterprises (SMEs) against cyber harms as they move to online trading.
- Enhancing cross-sectoral collaboration: The participants also recommended developing frameworks for cross-sectoral collaboration, especially in critical infrastructure sectors, facilitating cooperation among government agencies and industry, encouraging public-private partnerships, and emphasizing inter-ministerial coordination. It was underlined that too many times people work in silos and hard lessons are not learned.
- Creating human capacity: Capacity building, particularly in regions with a shortage of skilled cybersecurity professionals, stands out as a priority. Recommendations for soft skills development, mentorship programs, and alignment of job descriptions to attract diverse backgrounds have been proposed. The compendium also highlights how the educations sector plays a critical role in broadening the awareness of cyber resilience for individuals, business and societies alike. This may be achieved by developing and disseminating information resources, and implementing capacity building programs for government officials, civil servants, and others.
- Enhancing supply chain security: The document also recommends developing and implementing stringent supply chain security measures, collaborating with small and medium-sized enterprises in particular to ensure practical and adaptable solutions, and developing redundancies within supply chains to ensure cyber resilience at multiple levels.
- Bridging the gap between cyber resiliency and human rights: Throughout the workshops participants agreed on the need to promote a human-centric approach to cybersecurity, developing clear metrics for political leadership, and fostering dialogue and collaboration between cyber resiliency and human rights communities. Multistakeholder collaboration surfaced as a linchpin for success.
- Bridging the gap between policy and standardization: Participants again and again stressed the significant role policy can play in moving the agenda forward. Both policy harmonization – including on common frameworks and language – and policy development – the latter based on academic research linking cyber resiliency and development, lessons learned from recipient countries – were highlighted as important. The same was true for exploring the integration of cyber resiliency into existing international frameworks, often hindered by structural constraints and a lack of awareness. The importance of raising awareness, not only among technical experts but also within policy and development circles, emerged as a recurrent theme.
Microsoft is already advancing work across all of the areas highlighted above. For example, we have been a proud supporter of the Accra Call and are diligently working with partners around the world to implement its commitments. Our investments in advancing human capacity and cybersecurity skilling are just a small subsection of the work focused on bridging the digital and cyber divides. Our partnership with the ITU builds on those efforts, but also helps address the policy gap with a focus on developing effective national cybersecurity strategies. There are countless other examples, including the Geneva Dialogue, a multistakeholder partnership under the leadership of Switzerland, which seeks to strengthen our cybersecurity supply chains and clarify the different roles and responsibilities in cyberspace.
As we navigate the complex landscape of a digital future, the compendium workshops have paved the way for a deeper understanding of the challenges and opportunities at the nexus of cybersecurity and development. The collective findings serve as a strong call for concerted, collaborative, and strategic efforts to bridge the existing gaps, fostering a resilient and secure digital transformation that aligns with global development objectives. Microsoft stands ready to continue contributing to this effort.
Cybersecurity and Sustainable Development: A Global Path Forward is available for download on the official website of the Ministry of Foreign Affairs, Sweden, here.