More than security
Preparing for an uncertain future means understanding the risks and being vigilant for the unexpected. Resilience is the capacity to prepare, to recover and then to adapt and grow from disruptive shocks and stresses. Often, it is described as a process of three “R`s”: Readiness, Responsiveness, Revitalization. Resilience means to bounce back quickly and effectively and to identify new opportunities – constantly. It goes beyond securing and protecting: strategic and long-term thinking are the cornerstones for resilience.
Whilst national and sector approaches are important, the modern interconnected world requires a collaborative approach to building full spectrum resilience. Although this is primarily a national responsibility, each member of a collective is only as resilient as the weakest actor. This puts a premium on a collaborative approach. To this end, not only governments and international organizations, industry and the military need to strengthen their ties to support each other during times of need, but more than that: resilience builds on the involvement of all stakeholders to include individual actors.
Living in an interconnected world renders us more fragile than we have ever been. Everything depends on energy, transportation, and communication. Cyberspace – the embedded domain – touches upon it all and securing it is vital for reaching the Agenda 2030 goals.
In recent events, however, cyber-attacks have been part of hybrid warfare, they have targeted businesses and individuals and they have shaken the very foundation of our democracies. The responses have not kept up with the threat – especially developing nations often lack the capacity to secure their cyberspace - with detrimental effects to their development. Viewing cyber resilience capacity building as a development issue is, therefore, of crucial importance.
Developing capacity for cyber resilience
The importance of capacity building in fostering cyber resilience has been documented by the cyber community, academia and policy makers. The UN Group of Governmental Experts on Developments in the Field of Information and Telecommunications in the Context of International Security emphasized the vital importance of capacity building to securing ICTs and their use.
Consequently, the group recommends states to support “the development and use of e-learning, training and awareness-raising with respect to ICT security. More than that, expanding education, experimentation, modelling and training is critical to test interdependencies between sectors and build mutual trust. Connectivity between the sectors is indispensable for comprehensive cyber resilience.
Putting strategy first
Cyber Security is often perceived as a mainly technical issue with predominately technical solutions. As technology increasingly permeates into every aspect of our lives and has become critical for any country`s development, securing cyberspace has become a strategic issue. This calls for comprehensive responses on the strategic level. Crises demand fast action and counter measures offer clear returns. Yet, making decisions outside the heat of a crisis is indispensable for building resilience and for an orderly process once disruptions occur.
A comprehensive learning strategy for cyber resilience enables cities and organizations to go beyond security and systematically identify gaps and take respective measures while leveraging existing initiatives and programmes. Today, awareness, knowledge and skills are often bottlenecks in this regard that must be overcome.