The promise of global connectivity to improve well-being in developing countries is becoming a reality as more citizens get online and international aid agencies and their partners improve their delivery of digital services. This surge can spur economic growth, advance freedoms, increase transparency and accountability, strengthen civil society, and empower women.
However, this shift carries serious risks that could undermine security at multiple levels (citizens, donors, implementing partners, governments, etc.). This threat signals an urgent need to strengthen end-to-end cybersecurity. It is this threat that is why visionaries and risk analysts are quick to point to weak cybersecurity protections as one of today’s greatest global liabilities. Failure to pay more attention to the relationship between international/humanitarian aid and cybersecurity would be a serious miscalculation with grave consequences.
Cyber threats and the provision of assistance
The importance of cybersecurity continues to dominate today’s news headlines. Recently, Microsoft, one of the world’s leading IT companies, reported that an elite group backed by Russia had hacked the emails of the company’s top executives and cybersecurity staff. This shows that even IT legends like Microsoft are not immune to cyber intrusions. The importance of firewalls to repel cyberattacks was front-page news again when one of the largest medical billing and payment providers in the United States, including major hospitals, clinics, and healthcare providers, was paralyzed by a cyberattack, leaving drugstore pharmacists unable to write prescriptions and surgeons unable to get paid. Not to mention the serious concerns raised that patients’ medical records had been compromised. The hack was orchestrated by a “ransomware-as-a-service” provider called BlackCat, which relies on multiple freelancers or affiliates. Nation-state sponsored cyberattacks are also accelerating. According to the latest U.S. Worldwide Threat Assessment, state-sponsored cyberattacks by the People’s Republic of China (PRC) against the U.S. government, private sector, and critical infrastructure across the U.S. are relentless and growing. These cyberattacks are the most direct and serious threat to U.S. national security. As a result, the US and UK recently announced sanctions against China's elite intelligence hacking squad for planting malware on US critical infrastructure and stealing the voting records of 40 million UK citizens.
When governments, businesses, military forces, and other organizations fail to harden their computer systems, servers, software, networks, data banks, and other systems, they increase risk from hackers and malicious users. Vulnerabilities can also emerge accidentally when well-intentioned users accidentally introduce viruses or other malware. Whether caused by cybersecurity blind spots, easily hacked systems, unintentional privacy leaks, or malicious misinformation and disinformation campaigns, these threats can disrupt businesses, halt operations, and put partners and end users at risk.
Donor Cyber Obligations
Over the past two decades, online support services for aid recipients have steadily increased, including online access to banking and other financial services, wired delivery of skills training for basic employment and upskilling opportunities, network sharing of best practices in agriculture, manufacturing and enterprises to boost productivity and profitability, and digital delivery of life-saving health information, including telemedicine. In short, digitalization is becoming central to inclusive and resilient donor efforts to reduce poverty, mitigate environmental and other shocks, transform lives, and strengthen governments and the private sector. The COVID-19 response has further highlighted the critical role of digital technologies in a highly interconnected world.
Developing countries are more susceptible to cyber attacks than developed countries, so international donors have an obligation to carefully weigh the benefits of providing digital services against potential risks and vulnerabilities. Recent evidence, such as the UN's Global Cybersecurity Index (GCI), which measures the legal, technical, organizational, capacity and cooperation elements of national cybersecurity plans, makes it crucial to address the large cybersecurity gap between developed and developing countries.
Many donors have been slow to respond to these threats. The United States Agency for International Development (USAID) was one of the first to publish a digital strategy to address the impact of the growing trend of providing aid online and the inherent risks that come with it. The strategy benefited greatly from the earlier International Working Group’s Digital Development Principles, which in 2014 served as a foundational template for the ever-growing, complex, and risk-ridden digital environment. “Do no harm” evolved as one of the nine core principles, calling on all donors to better anticipate and mitigate digital risks, ranging from confidentiality, privacy, and unlawful surveillance to outright censorship. The digital strategy foresaw the potential misuse of machine learning and artificial intelligence. It also marked the starting point for USAID to launch its “Cyber Calvary” to provide rapid technical support to overseas implementing partners and aid recipients to harden their systems and devices to repel cyber attacks.
The Organization for Economic Cooperation and Development (OECD), whose more than 100 member countries work on major global policy issues, has long recognized that as international development assistance becomes more digital, member countries need to develop policies that strengthen public trust in these services. Rather than referring to cybersecurity safeguards, the OECD emphasizes the need for better “digital security,” to highlight the economic and social impacts of cyber, not just the technical issues surrounding cybercrime (such as identity theft, ransomware attacks, and software piracy) and criminal law enforcement. Digital security in developing countries is likely to be a major topic at the upcoming UN General Assembly Future Summit.
One promising approach for donors and other organizations to evaluate Digital Risk The key is to include the threat alongside other known threats in a process called enterprise risk management (ERM), which uses scenario planning to uncover the root causes of risk and drive risk mitigation plans across the organization. Digital Risk A new and higher level of awareness is needed to be recognised as a significant threat.Failure to maintain digital security awareness will undermine the digital security of donors, their implementing partners and beneficiaries.
Cybersecurity Cooperation in Developing Countries
Developing countries with weaker cybersecurity practices are increasingly becoming targets for cyberattacks, so donors must redouble their efforts to deliver development and humanitarian assistance safely. Here are two noteworthy cybersecurity cooperation efforts:
- Digital Connectivity and Cybersecurity Partnership. Chaired by the Department of State and the United States Agency for International Development (USAID), DCCP works with 12 U.S. departments and agencies to work with partner developing countries and their private sectors to build “an open, interoperable, trusted, and secure digital economy.” DCCP's innovative projects include the Digital Asia Accelerator Support program, which aims to improve digital awareness and cybersecurity among small and medium-sized enterprises; ProICT, which places dedicated experts in key country ministries and agencies to co-design, develop, and implement secure ICT policies; and the Cross-Border Privacy Rules (CBPR) project, which focuses on building capacity and improving the enabling environment for the Asia-Pacific Economic Cooperation (APEC) Cross-Border Privacy Rules System (CBPR). DCCP's countries include Jamaica, India, Cambodia, Mongolia, Timor-Leste, and the Philippines.
- Cybersecurity Multi-Donor Trust Fund. Part of the World Bank's broader Digital Development Partnership (DDP), the Trust Fund targets low- and middle-income countries and promotes the development of a “global knowledge of cybersecurity solutions” that can address country- and sector-specific information and communications technology (ICT) infrastructure deficiencies. In addition to cyber technical assistance and country-specific staff training, the Trust Fund will provide a cyber maturity assessment model that examines deficiencies in cybersecurity practices, capabilities, or resources in critical economic sectors. It will also recommend steps to increase cybersecurity resilience.
Future outlook
Online aid delivery will continue to grow over the next decade, but donors are unlikely to be able to strengthen the critical cybersecurity infrastructure of the countries they engage with and the people they serve on their own. Public-private partnerships are needed to make significant progress. In addition to traditional online aid, cyber threats can undermine donor efforts at conflict prevention and stabilization by degrading the critical digital infrastructure and information systems that citizens rely on for timely and accurate information on government policies, programs, and activities. Cyber threats can also undermine legitimate elections, human rights, and independent media, undermining the role of vibrant civil society as a bulwark against authoritarianism.
What else can donors do? Donors can increase funding for a range of cybersecurity initiatives, from raising organizational awareness of cybersecurity risks and developing remediation measures, to providing additional training for in-house staff on cybersecurity best practices, to building/strengthening cybersecurity skill sets of program designers and implementers, NGOs, and other development partner organizations. They can also increase country-level support to foster the development of legal frameworks, regulations, and standards for a resilient cybersecurity ecosystem. These actions won't happen overnight, but they will go a long way toward promoting a safer and more secure digital environment for all.
And finally, there is some good news regarding cybersecurity: rising service-oriented employment opportunities globally. Beneficiaries of training aid in cybersecurity awareness and the latest techniques to enhance their own digital security may be in a better position to take on service-oriented “on the rise jobs” in their countries. Some development experts see this as the next wave of non-manufacturing jobs to chip away at poverty.
Steve Gale He is a member of New Security Beat's 2024 Editorial Advisory Board, a Strategic Advisor at Global Foresight Strategies and a former Senior Foresight Advisor at USAID, a former U.S. Representative and later Chair of the OECD/DAC Friends of Foresight, a frequent foresight keynote speaker and blogger, and an award-winning author of a book on the future.
source: Applied Clinical Informatics, Carnegie Endowment for International Peace, Cross-Border Privacy Rules System, DigitalPrinciples.org, Euractiv, Harvard Kennedy School, ITU Publications, KPMG, KrebsonSecurity.com, OECD, Office of the Director of National Intelligence, The New York Times, World Bank, United Nations Department of Economic and Social Affairs, Division for Capacity Development, UN News, USAID, Woodrow Wilson International Center for Scholars, World Economic Forum, World Future Council.
Photo credit: Young men discussing business plans to implement on the farm. Courtesy of vic josh/Shuttertock.com.