The UK’s National Cybersecurity Centre opened seven years ago, and other nations have since been inspired to open similar agencies.
Juliette Wilcox, cybersecurity ambassador for the UK’s Department for International Trade, recently traveled to Kuwait where the UK agreed on a deal to support the functions of the Kuwait National Center for Cybersecurity. Wilcox spoke to Dark Reading about how the Middle East and Africa, among other nations, are building their own cybersecurity strategies and opening such centers.
How are countries opening national cybersecurity agencies and centers in the image of the NCSC?
Wilcox: A number of other governments looked at and admired it and asked how do they get one? If other countries want a version of that, then the way they do it is by getting industry experts who have done this before and setting it up in a way that works for their country. But these are really complicated conversations, partly because creating anything like that — anything that touches on national security or critical national infrastructure — is something you don’t just invite any old company in: you need to know that they’ve got credibility.
How advanced are some countries when it comes to opening these centers?
Wilcox: Different countries have approached it differently; I would say that everybody’s looking at it similarly now as I think it’s understood that having some kind of central [cybersecurity] authority is a good thing. Everybody thinks differently about where it should be housed: sometimes they want it housed under their Ministry of Defense or their Home Ministry or whatever the version is, and they are at different stages and thinking [about what they want] to do.
Over time, I think they will all develop and in the way that central banking authorities have effectively grown up in every country. I can see this is going to be something that if people haven’t got them already, they’re likely to want one.
How is the UK supporting the development of these centers?
Wilcox: The signing of the statement of intent with the government of Kuwait was after a number of years of discussion, and at this moment in time Kuwait is one of many countries around the world to have [cyber agencies] or [an] equivalent. Some don’t yet, and some are still thinking about how they do it.
With Kuwait, we looked at how we can be the country that they turn to for the help, at least in setting that up and thinking it through and then developing it.
Some of [the support] is: How have you tackled certain approaches? Can we learn from your experience of creating cyber skills frameworks, or can an we learn from your experience of creating a national technical authority?
You start to develop a central authority, and this automatic question of where does it sit in government [arises]? What does it have the authority to be responsible for — or indeed dictate? Every country will think about it differently.
All we can do is explain our experience and it will help others to think through some of the things that really must happen for it to be successful.
How are these agencies and centers evolving?
Wilcox: Increasingly [the centers] have talked to each other across regions as well, and you see quite good regional collaboration. They know what they would like to have, and they know what the options are out there. We now see that the Gulf Cooperation Council has a Computer Emergency Readiness Team, for example.