Cyber security is an essential condition for modern societies. According to estimates produced by the World Economic Forum, cyber attacks – given their destructive capacity – can be classified among major global risks, capable of affecting international stability and security. The growing ability of cyber attacks to cause real damage with virtual tools is of major concern. According to various authors, this situation has led to an excess of distinctions between the virtual world and the real world.

In the cyber context, States retain primary responsibility for national security and the protection of their citizens; including the enjoyment of human rights in the digital environment. However, many States, particularly low and middle income countries, are faced with a shortfall in technical, economic, and human capacity to protect their ICT systems, both physically and virtually.
This vulnerability can have harmful effects on national security, critical national infrastructures (such as hospitals, airports, dams, ports, the financial and energy sector), citizens, and the private sector.

This would result in a vicious cycle for economic development and social security in said country. Yet at the same time, given the interdependence and interconnection of the cyber dimension, a weak cyber security capability can favor malicious actors (state and non-state actors) who can exploit the ICT infrastructure of a cyber-insecure State in order to achieve economic and political objectives.

In line with the above considerations, there is an international need to develop capacity building programs aimed at improving cyber security capabilities at an international level. In particular, the basic idea – underlined in various UN works – is that cyber security must be considered an indispensable process within every organization, both public and private, in order to guarantee citizens’ safety and protection of their own business. In this regard, Alexander Klimburg and Hugo Zylberberg, in their report entitled Cyber Security Capacity Building: Developing Access have argued that:
“There are three principle reasons why CCB is likely to grow in importance.

Firstly, it is becoming increasingly clear that a key factor in economic and social development (and therefore political stability) is access to cyberspace. In turn, cyber security becomes a key ingredient for promoting this access, and ensuring that it is not jeopardized through predatory criminal behaviour. Secondly, given the nature of the Internet, if countries in the rich industrialized world are to be able to respond to cyber-threats against their own citizens, increasing coop- eration is needed with the developing world – which increasingly hosts the infrastructure and indeed the actors behind malicious cyber activi- ty. Such cooperation can be possible only if basic cyber security institu- tions and skills are present in the partner countries – which is very much in the direct interest of donor countries. Thirdly, the increasingly politicized global struggle for dominance over governance of the Inter- net makes the issue of overriding importance within international relations.”

From a practical point of view – as underlined by the Research ICT Africa report, – the effects of low level cyber capacity in a given country also impacts the possibility of that country acting compliantly with international regulations since: “Considering that a number of developing countries have not articulated clear and functional national co-ordination mechanisms to respond to cyber-incidents, most probably will not be able to observe the norms and to cooperate in developing and applying measures to increase stability and security in the use of ICTs”.

This includes the capacity building activities favored by various international and regional actors, in order to guarantee a better awareness and diffusion of the culture of information security and the reduction of the skill shortage in the cyber sector. According to the World Bank, there are 5 dimensions in which an effective cyber capacity building program should focus on, namely:

DIMENSION 1 CYBERSECURITY POLICY AND STRATEGY;
DIMENSION 2 CYBER CULTURE AND SOCIETY;
DIMENSION 3 CYBERSECURITY EDUCATION, TRAINING, AND SKILLS;
DIMENSION 4 LEGAL AND REGULATORY FRAMEWORKS;
DIMENSION 5 STANDARDS, ORGANIZATIONS, AND TECHNOLOGIES

The dimensions comprise of several factors with different indicators, steps, and actions to enhance countries cyber capacity. In today’s world, as we have claimed in the introductory lines, cyberspace is a conditio sine qua non for the development of any country to progress in economic, political, and social fields. However, one step closer to successful implementation could broadly increase the chance for States to fully benefit from any elements of cyberspace; enhancing security to fill the gap with “have” countries which possess higher cyber capacity and increasing the overall cyber stability.

In order for these 5 actions to take place it is necessary that – in addition to creating a framework of policies created ad hoc – there is an ability to understand that with respect to threats coming from cyberspace, a “win-win” situation must be implemented between public bodies, companies, and civil society where all the players in the field receive the benefit of collaboration in the form of partnerships through a participatory security approach.