Executive Summary

The Foreign and Commonwealth Office’s (FCO) inaugural conference on cyber security capacity building highlighted the UK’s global role in this area. In a series of sessions that involved thought leaders, policymakers and practitioners in cyber security capacity building, the conference was an opportunity for the FCO to showcase its past and current work relating to international action and influence in cyber security. It was also an opportunity to discuss and explore, with the participants, the future of cyber security capacity building as the UK approaches a cyber security milestone. The 2016 National Cyber Security Strategy (NCSS), together with its £1.9 billion of investment, reaches its conclusion in 2021. The FCO is the lead department for the aims outlined in Strategic Outcome 12 (SO12) of the 2016 NCSS. An aspiration of the FCO, which is part of SO12, is to promote a ‘free, open, peaceful and secure cyberspace’.

The main aims of the conference were to: broaden and deepen the community of implementers delivering international cyber security capacity building; raise awareness of the current and future capacity building programmes, including the launch of the new Prosperity Fund programme; and spur discussion, innovation and ambition for future capacity building project concepts. Participants shared experience and expertise on best practice in capacity building and how this can be applied to the FCO’s work. Breakout sessions facilitated discussions on a broad range of topics, including current FCO projects and emerging tools and techniques to consider for the next phase of UK cyber strategy, starting from 2021.

This event note summarises the themes that emerged from presentations, workshops and discussions on international cyber security capacity building at the conference. It was commissioned by the FCO and written and published by RUSI. Some recommendations emerged from this event that could shape the FCO’s future work in cyber security capacity building. They are as follows:

Recommendations

• Cyber security capacity building evaluation efforts should seek to build on quantifiable metrics that enable a baseline against which impact can be assessed.
• Cyber security capacity building programmes should consider pre-conditions for engagement based on the unique values, behaviours and culture of the target country or region.
• The UK is considered by some to have a leadership role in global cyber security. There is an opportunity to make a greater impact through cyber security capacity building. This could be a main objective in the next UK National Cyber Security Strategy.
• If the UK’s international cyber security capacity building work is further prioritised, future resources should match the level of ambition.