What is the aim?
Technical assistance to strengthen the cybersecurity capacities.
Why do it?
A national strategy is a broad and high-level document. Often countries will need to develop policies under the strategy to further define the government’s position and what it will do. Policies might cover: the purpose and governance of the national CSIRT or National Cyber Security Centre (NCSC); cyber skills and education; cyber standards for industry and government procurement; international engagement.
What are typical outputs?
Manuals, training and workshops.
How is it delivered?
Online through different methodologies: reports, virtual meetings, online cyber exercises, organization of cyber woman challenges.
How easily can a country do it themselves?
Not very likely as often the capacities may not be resident in country; support and expertise from international organizations is therefore advisable.
What good practice guidance is available?
The recently published revision of the Colombian National Cybersecurity Policy ( CONPES 3995 – July 2020) included an implementation roadmap with specific actions to be carried out to achieve the strategic goals. These included: workforce development, different training courses and strategic exercises around digital security, as well as the development of activities to support and promote CSIRTs. OAS-Colombia’s long history of partnership made the OAS/CICTE Cybersecurity Program as the best option to support the Colombian Government in the implementation of their NCS.
- Identify goals and objectives.
- Define a road map to implementation.
- Identify parties responsible.
- Assign a budget.
- Regularly monitor the agreement implementation.
$260k USD approx.
With more than 15 years of experience, the OAS/CICTE Cybersecurity Program has become a regional leader in the support of OAS member states in the development of technical capacities and cybersecurity policies to prevent, identify, respond to, and successfully recover from cyber incidents.
In 2020, the OAS/CICTE Cybersecurity Program signed an agreement with the government of Colombia to collaborate on the implementation of the second review of their National Cybersecurity Policy. This model focused on the key areas of the strategy which the government believed could benefit from external expertise to address the stated goals.
This collaboration is divided into four (4) components and seven (7) activities.
Component 1: Elaboration of the strategic vision for the implementation of actions of the national trust and digital security policy. This component took into account the creation of a Digital Security governance model in the country and the preparation of a methodological guide for the identification and management of digital security risks in adopting new technologies, such as, Internet of things (IoT), blockchain, Big data, Cloud Computing, Artificial Intelligence (AI), etc.
Component 2: Development of skills (workforce development), built on some existing initiatives of the OAS and support was given to organize a national virtual meeting of the Cybersecurity Innovation Councils which brings together regional experts and specialists in Design Thinking to promote innovation, raise awareness among citizens and disseminate best practices in cybersecurity in the region. Additionally, there is a target to train at least 500 public officials from public entities of the government of Colombia in information security under this component.
Component 3: Strengthening capacities for the Government’s Cyber Incident Response Team (CSIRT) seeks to expand the capacity of the national CIRT through the provision of specialized technological services to strengthen cyber attack prevention mechanisms to critical web portals and services of 50 Colombian Government entities.
Component 4: Digital security capabilities with a differential approach, focuses on reimagining the delivery of capacity building especially in the current climate. As such virtual courses on cybersecurity, which include cyber exercises, focus on youth and students, preferably from low-income communities in the country, as well as on gender inclusion in order to exchange information, strengthen technical capacities in cybersecurity, and promote more inclusive career opportunities in cybersecurity, will be organized.
Overall, this approach to implementation makes the targets specific, measurable and time sensitive and can help a government become outcome oriented.