Capacity Building (extracted from 2021 OEWG Report)
54. The international community’s ability to prevent or mitigate the impact of malicious ICT
activity depends on the capacity of each State to prepare and respond. It is of particular relevance to
developing States, in order to facilitate their genuine participation in discussions on ICTs in the
context of international security and their ability to address vulnerabilities in their critical
infrastructure. Capacity-building helps to develop the skills, human resources, policies, and
institutions that increase the resilience and security of States so they can fully enjoy the benefits of
digital technologies. It plays an important enabling function for promoting adherence to international
law and the implementation of norms of responsible State behaviour, as well as supporting the
implementation of CBMs. In a digitally interdependent world, the benefits of capacity-building
radiate beyond the initial recipients, and contribute to building a more secure and stable ICT
environment for all.
55. Ensuring an open, secure, stable, accessible and peaceful ICT environment requires effective
cooperation among States to reduce risks to international peace and security. Capacity-building is an
important aspect of such cooperation and a voluntary act of both the donor and the recipient.
56. Taking into consideration and further elaborating upon widely accepted principles, States
concluded that capacity-building in relation to State use of ICTs in the context of international security
should be guided by the following principles:
Process and Purpose
• Capacity-building should be a sustainable process, comprising specific activities by and for
• Specific activities should have a clear purpose and be results focused, while supporting the
shared objective of an open, secure, stable, accessible and peaceful ICT environment.
• Capacity-building activities should be evidence-based, politically neutral, transparent,
accountable, and without conditions.
• Capacity-building should be undertaken with full respect for the principle of State
• Access to relevant technologies may need to be facilitated.
• Capacity-building should be based on mutual trust, demand-driven, correspond to nationally
identified needs and priorities, and be undertaken in full recognition of national ownership. Partners
in capacity-building participate voluntarily.
• As capacity-building activities should be tailored to specific needs and contexts, all parties are
active partners with shared but differentiated responsibilities, including to collaborate in the design,
execution and monitoring and evaluation of capacity-building activities.
• The confidentiality of national policies and plans should be protected and respected by all
• Capacity-building should respect human rights and fundamental freedoms, be gender
sensitive and inclusive, universal and non-discriminatory.
• The confidentiality of sensitive information should be ensured.
57. States concluded that capacity-building is a reciprocal endeavour, a so-called “two-way
street”, in which participants learn from each other and where all sides benefit from the general
improvement to global ICT security. The value of South–South, South–North, triangular, and
regionally focused cooperation was also recalled.
58. States concluded that capacity-building should contribute to transforming the digital divide
into digital opportunities. In particular, it should be aimed at facilitating genuine involvement of
developing countries in relevant discussions and fora and strengthening the resilience of developing
countries in the ICT environment.
59. States concluded that capacity-building can help to foster an understanding of and address
the systemic and other risks arising from a lack of ICT security, insufficient coordination between
technical and policy capacities at the national level, and the related challenges of inequalities and
digital divides. Capacity-building aimed at enabling States to identify and protect national critical
infrastructure and to cooperatively safeguard critical information infrastructure was deemed to be of
particular importance. Capacity-building may also help States to deepen their understanding of how
international law applies. Information sharing and coordination at the national, regional and
international levels can make capacity-building activities more effective, strategic and aligned to
60. In addition to technical skills, institution-building and cooperative mechanisms, States
concluded that there is a pressing need for building expertise across a range of diplomatic, legal,
policy, legislative and regulatory areas. In this context, the importance of developing diplomatic
capacities to engage in international and intergovernmental processes was highlighted.
61. States recalled the need for a concrete, action-oriented approach to capacity-building. States
concluded that such concrete measures could include support at both the policy and technical levels
such as the development of national cyber security strategies, providing access to relevant
technologies, support to Computer Emergency Response Teams (CERTs) or Computer Security IncidentResponse Teams (CSIRTs) and establishing specialized training and tailored curricula including
“training the trainer” programmes and professional certification. The benefits of establishing
platforms for information exchange including legal and administrative good practices was
recognized, as were the valuable contributions of other relevant stakeholders to capacity-building
62. States concluded that taking stock of national efforts with regard to the conclusions and
recommendations in this report, as well as the assessments and recommendations Member States
agreed to be guided by consensus resolution 70/237, is a valuable exercise to identify progress and
where further capacity-building is needed.
The OEWG recommends that
63. States be guided by the principles contained in paragraph 56 in their ICT-related capacitybuilding efforts in the field of international security, and other actors be encouraged to take these
principles into consideration in their own capacity-building activities.
64. States, on a voluntary basis, continue to inform the Secretary-General of their views and
assessments on Developments in the field of ICTs in the context of international security and to
include additional information on lessons learned and good practice related to capacity-building
programmes and initiatives.
65. States, on a voluntary basis, use the model “National Survey of Implementation of United
Nations General Assembly Resolution 70/237” (to be made available online) to help them do so.
Member States may also wish to use the model survey, on a voluntary basis, to structure their
abovementioned submissions informing the Secretary-General of their views and assessments.
66. States and other actors in a position to offer financial, in-kind or technical assistance for
capacity-building be encouraged to do so. Further promotion of coordination and resourcing of
capacity-building efforts, including between relevant organizations and the United Nations, should
be further facilitated.
67. States continue to consider capacity-building at the multilateral level, including exchange of
views, information and good practice.