The Commonwealth Cyber Declaration is yet another demonstration of the importance countries ought to place on addressing cybersecurity. We thus highlight some of the key commitments Commonwealth countries have made, and briefly discuss on whether such a declaration will be effective.
For many of us, the recently held Commonwealth Head of Government Meeting, in the United Kingdom, would not truly have come unto our radar had it not been for the Windrush controversy. However, at that meeting, the 53 Heads of Government made a landmark declaration through which they unanimously committed to take action on cybersecurity between now and 2020 (The Commonwealth).
Globally, cybercrime and cybersecurity are worrying concerns. Many governments, along with public and private sector organisations that should have the resources to better protect themselves, have been subject to very debilitating attacks over the years, which are likely to become even more sophisticated and damaging.
Further, as reflected in many of our articles on cybersecurity, there are continuing concerns that the Caribbean is not a prepared and organised as it should be. Hence, the attention paid to this issue, and the declaration made, is generally welcomed. Below, we outline some of the key commitments made by the Heads of Government, and what the likely outcome will be over the next two years.
Key commitments made in the Commonwealth Cyber Declaration
The Commonwealth Cyber Declaration was made on 20 April 2018. Following a preamble in which the Heads of Government acknowledged, among other things, the importance of the Internet (cyberspace), and the threats to its stability and to critical infrastructure, the following key commitments were made, which have transcribed verbatim from the Declaration:
- Commit to promote interoperable and global technical standards, through appropriate consultative processes involving industry, academia, governments and other relevant stakeholders, recognising that standards should be open, foster security and trust and not act as barriers to trade, competition or innovation.
- Commit to limit the circumstances in which communication networks may be intentionally disrupted, consistent with applicable international and domestic law
- Commit to work towards the development and convergence of approaches for internet-connected devices and associated services, in order to promote user security by default.
- Commit to exploring options to deepen cooperation on cybersecurity incidents and responses between Commonwealth member countries, including through the sharing of information about threats, breaches, vulnerabilities, and mitigation measures.
- Commit to exploring options to deepen cooperation on cybersecurity incidents and responses between Commonwealth member countries, including through the sharing of information about threats, breaches, vulnerabilities, and mitigation measures.
Implementing the Declaration
Affixed to the Declaration is an implementation plan, for the period 2018—2020, which envisages the continued support of the Commonwealth Secretariat, through the Commonwealth Cybercrime Initiative, and the Commonwealth Telecommunications Organisation. In the stated period, the countries have agreed to examine and to assess their cybersecurity frameworks, with the goal of being able to comprehensively determine their capacity building needs over a broad range of area including, but not limited to:
- strengthening cybersecurity strategies, policies and legislation
- training and skill development for law enforcement and criminal justice responses to cybercrime
- strengthening cyber incident response capabilities
- the protection of election systems; and
- strengthening cybersecurity within the banking and finance system, including the security of FinTech and digital currencies.
(Source: The Commonwealth)
Some thoughts on the Declaration
As stated above, virtually any effort that seeks to draw attention to, and seek the commitment of countries to address, cybersecurity is a good thing. In the Declaration, the Commonwealth countries have made some comprehensive commitments, which will require concerted and sustained effort on their part in order to be successfully realised.
It is thus prudent that an implementation plan was prepared in concert with the Declaration to guide the effort over the next two years. Although the focus of the plan is primarily on assessing and prioritising the capacity building needs across the participating countries, it still seems an ambitious undertaking over a period of 18 months to two years, cognisant that inputs ought to be received from all 53 countries, which must then be condensed into a cohesive and coherent output.
At this juncture, it is too early to tell whether the Declaration will be effective. For all intents and purposes, between now and 2020, only preparatory work would have begun on addressing cybersecurity. Further, the Declaration contains broad statements – as it should – from which SMART (Specific, Measurable, Attainable, Realistic, Time-based) goals can be established.
However, based on precedent, along with the number of countries involved, and their disparate stages of readiness), it would not be surprising if the desired outcomes are not achieved – either within the time frames, or to degree of completeness, envisaged. Notwithstanding, we live in hope.
Image credit: Cytonn Photography (Pexels)
Good point re various stages of readiness. What we also noticed in this declaration is that there is a heavy emphasis on security more than other areas such as human rights (typically a priority area for CW) and development. Time will tell.