The COVID-19 pandemic has propelled digital transformation and shown the opportunities that exist for infrastructure to transform developing countries, accelerate their recovery, and increase growth. With these opportunities, there are also serious risks to be addressed. Specifically, cyberattacks on critical infrastructure (CI), such as power plants, electricity grids, communication networks, and data centers, can pose significant vulnerability and substantial loss of public goods and services related to national security, administration, communications, energy, and more.
To support developing countries in building their cybersecurity policies, governance, capabilities, and resilience for strengthening national CI, the Korea Digital Development program (KoDi) organized its first Knowledge Exchange program on Cybersecurity and Resilience of Critical Infrastructure in Seoul, The Republic of Korea, on November 8-11, 2022. Over four days, delegations from Cabo Verde, Cote d'Ivoire, Djibouti, Ghana, Kyrgyz Republic, Mongolia, Vietnam, and West Bank and Gaza engaged in workshop sessions, peer-to-peer knowledge sharing, action planning activities, and site visits.
During the knowledge sessions, the participants learned about the concept of CI and related cyber-risks, studied real cases in different countries for cybersecurity policy and governance, and practiced developing cyber-smart policy designs. The delegations also visited operating facilities such as Korea Internet & Security Agency (KISA)’s Internet Security Center in Seoul, national ICT provider KT's innovative data center, and Korea Electric Power Corporation (KEPCO)'s power plant to learn more about various cybersecurity strategies and resilience measures and gain practical expertise in specific sectors such as energy, networks, and telecommunications.
This capacity-building program enabled the participants to analyze their own national cybersecurity strategies with a focus on specific sectors and apply the new knowledge to their countries’ context. On the first day, the program helped them identify common challenges the countries face related to cybersecurity of critical infrastructure to inform future work. Among those were a lack of infrastructure, human resources, and technical skills, a low level of awareness, an absence of specialized cybersecurity agencies, and limited government funding. The thematic and technical sessions held after that allowed participants to rethink and rebuild cybersecurity strategies based on these priorities. Partaking in the program, the participants most valued the opportunity to learn about the step-by-step policy design process for developing and enhancing CI policies and compare their cases with other countries' experiences.
"It's very important to us to protect our data before going to digital transformation." shared Mohammed K. E. Alawi, Director, Government Computer Center, Ministry of Telecommunications and IT, West Bank and Gaza, "in this workshop, we note that we don't have a clear strategy for cybersecurity, a dedicated cybersecurity loan, and we learned that there should be a combination between all other stakeholders to achieve your goals in cybersecurity. We hope to make this point the correct way once we are back."
Each delegate exited the program with a realistic action plan to reduce risks and create a cyber-secure environment for critical information infrastructure, which they can continue working on and implementing in their countries. Those early blueprints prioritized capacity building and training, and many included enhancing existing policies and establishing a specialized agency to strengthen governance. They also emphasized plans for increasing awareness within the government, investing in monitoring and evaluation, and collaborating with academia and the private sector for a sustainable cyber-ecosystem. The participants shared that this program made them better equipped to develop appropriate policies, regulations, and operations―an essential step in helping nations achieve an effective digital economy.