Understanding cybersecurity capacity building and its relationship to norms and confidence building measures

Abstract

ABSTRACT International cybersecurity capacity building emerged in the mid-2000s as a mechanism for countries and organisations to assist each other, across borders, in protecting the safe, secure and open use of the digital environment. In parallel with this practical cooperation, the international community negotiated norms and confidence building measures to support peace and stability in cyberspace. The purpose of this paper is threefold. Having critiqued previous definitions and frameworks for cybersecurity capacity building, the paper proposes alternatives that both better represent actual practice and are of more use to the negotiations on stability in cyberspace. The proposed framework shifts capacity building beyond developed-developing country relationships and stresses the many goals that it serves. The paper then explores the relationship between cybersecurity capacity building, norms and confidence building measures. It contends that capacity building does not just support norms and confidence building measures, but is also an instance of them, and it benefits from norms of its own. The paper concludes by considering the proposals for cybersecurity capacity building principles that emerged from the 2019–2021 round of cyberspace diplomacy at the United Nations and by recommending the next steps.