The UK government and World Bank have both published reports that talk about the value and impact of the Cybersecurity Capacity Maturity Model for Nations (CMM) process on national cybersecurity policy and strategy development. The OCSC is the Australian node of world leading cybersecurity research centres and leads the roll out of the CMM in the Oceania region. The CMM has been successfully rolled out in the UK and in 84 countries. Since 2018 the OCSC has conducted 6 CMM reviews with countries in the Oceania region, providing reports with specific recommendations to inform national policy, strategy and practice to build cybersecurity capacity and resilience.

It is our ambition to do the same for all countries in the region and we welcome the opportunity to work with the Australian government in conducting a CMM review of Australia as part of #2020Cyber strategy.

UK Cabinet Office

The United Kingdom’s Four Year National Cybersecurity Strategy Progress Report 2016-2021 recognises the value of the Cybersecurity Capacity Maturity Model for Nations (CMM) for international cybersecurity capacity-building. Deployed in 80+ countries across the globe the CMM’s national cybersecurity capacity reviews contribute to strengthening national cybersecurity capability, strengthen ‘geopolitical, technological and threat environments and contributes to building an international coalition willing to work together’.

OCSC leads the roll out of the CMM outreach program in the Oceania region and welcomes the opportunity in working with the Australian government in conducting a national Australian review as part of #2020Cyber strategy.

Read the Global Cyber Security Capacity Centre’s (GCSCC) report on the CMM’s first five years and the value the CMM has contributed in global cybersecurity capacity building with state actors.

United Kingdom’s Foreign, Commonwealth and Development Office

Whilst the OCSC’s CMM partner initiative is funded by the Victorian Government, OCSC’s partner the Global Cyber Security Capacity Centre (GCSCC) at the University of Oxford is co-funded by the UK Foreign and Commonwealth Office making the UK Commonwealth Chair-In-Office Report (2018-2020) and the CHOGM 2018 Cyber Declaration relevant to the work of the OCSC, the Global Constellation partnership and our Oceania nation partners.

The report discusses the delivery and impact of the Commonwealth Summit commitments to improve cybersecurity competence and capability noting the CMM as a main contributing vehicle in its delivery; “Commonwealth members committed to support each other in undertaking national cyber security capacity reviews. This was the cornerstone commitment of the Declaration’s Implementation Plan. These reviews, using a comprehensive model developed by the University of Oxford, help countries establish a baseline for current capacity and identify priority areas for development. Since CHOGM 2018, 13 reviews have been completed, 7 of which were funded by the UK. A total of 38 out of 54 Commonwealth countries have now completed reviews” with the OCSC team delivering 6 of these reviews.

As part of the Commonwealth Cyber Security Programme the report cites: “Since CHOGM 2018, every Commonwealth member has taken steps to improve their cyber security competence and capability, and build capacity. A range of pan-Commonwealth, regional and national-level activities have resulted in stronger networks to exchange knowledge and expertise, enhanced sharing of threat intelligence and understanding of risks, and a more informed and engaged civil society.” The OCSC’s Global Cybersecurity Capacity Building Conference in February 2020 is a fine example of this where global partners and diplomats, regional funders and implementers and client nations come together for four days to discuss how to better coordination, contextualisation and strategic cybersecurity impact.

World Bank Group

“The beneficiary governments have leveraged the newly-acquired knowledge and awareness of their cybersecurity capacities to address existing gaps through enhanced policies, legislative mechanisms, and cyber awareness media campaigns, as well as by fine-tuning the implementation of existing public investment projects or by designing new ones.

Furthermore, the #CMM assessments and workshops helped the countries to build multi-stakeholder cybersecurity coalitions that include the public and private sectors, academia, and the civil society. The safety and security of cyber space cannot be handled by a single individual; increased awareness and coordination on an inter institutional level is of utmost importance for building trust and triggering the actions required to prevent and mitigate cyber incidents and attacks”.

The World Bank document summarises the main results, lessons learned during completion of the Global Cybersecurity Capacity Program which was conducted by the World Bank and related recommendations towards strengthening similar activities including the Cyber Security Capacity Maturity Model for Nations (CMM).

Information contained in this material reflects the status of the Program as of 31 May 2019.