Building on previously completed Cybersecurity Capacity Maturity Model for Nations (CMM) Reviews and Roadmaps, evaluations provide an opportunity to assess the impact of capacity building initiatives conducted between reviews. Using the same methodology as the CMM, the OCSC can evaluate the specific achievements, outputs and policy alignment of cyber capacity building (CCB) interventions from a dimensional basis and demonstrate how such actions have (or have not) improved a nation’s cyber maturity and resilience.
The OCSC Cybersecurity Capacity Building Lifecycle
The OCSC Cyber Capacity Building Lifecycle details the contribution CMMs, Roadmaps, and subsequent evaluations can have on the cyber journey of a nation. Establishing an evidence-base for activities is critical in ensuring efficiency of resources, value for money, measurability and tangibility of results.
In the period following a CMM and Roadmap, a number of CCB interventions and initiatives may have been implemented, albeit the national context and circumstances may have changed. Subsequent CMM assessments will focus on evaluating the effectiveness of such initiatives whilst taking into account the updated environment, and relevant changes to the domestic, regional and global landscape. The outcomes from this process are designed to inform the next steps to further improve the nation’s cyber resilience and maturity. This iterative approach ensures that nations continue their cyber capacity journey in an informed and targeted manner.
The OCSC Cyber Capacity Lifecycle is made up of five sequential stages:
- Stage 1 – the CMM as an initial benchmarking exercise
- Stage 2 – The report and its recommendations are reviewed by recipient country
- Stage 3 – The OCSC Cybersecurity Roadmap is developed in partnership with the recipient country
- Stage 4 – CCB development programs are implemented, in coordination with donor partners and the wider CCB community
- Stage 5 – Subsequent re-evaluation using a CMM to empirically assess where progress (or otherwise) has been made and how
Regional Impacts of the Cybersecurity Capacity Building Lifecycle
There are numerous cyber and national security related aims stipulated in the Pacific Islands Forum 2050 Strategy for the Blue Pacific Continent. These objectives are designed to improve digital security and resilience in the region; however, the practical reality of achieving this is a greater challenge.
By incorporating the elements and activities currently being implemented in the CCB community, and recontextualising them to be a part of a holistic model instead of ad-hoc or siloed outputs, the Cyber Capacity Building Lifecycle can enable regional partners to achieve the collective ambitions for a more resilient region.
Independant Evaluations
Independently evaluating the outcomes and impact of CCB interventions is an ongoing priority of donor partners seeking to assess the value of their investments and associated achievements against their policy objectives. Through the expertise and the data obtained through the CMM assessment process and other project delivery, the OCSC has the skills and resources to conduct independent evaluations, on behalf of donor governments to meet their priorities. This process can be used by donor governments to account for CCB investment spending and can be further used as a process to improve future policy and program design and development.