Project
CMM Review Myanmar (as part of the Global Cybersecurity Capacity Program I)
About
Cybil code: G0529
Status: Finished
From: Aug 2017
To: Dec 2018
Partners
Themes & Topics
Region
Countries
Contact
Summary
In collaboration with the World Bank (WB), and the Ministry for Information Society and Administration (Myanmar), the Global Cyber Security Capacity Centre (GCSCC) undertook a review of the maturity of cybersecurity capacity in Myanmar.
Details
Aim
The objective of the review was to enable Myanmar to gain an understanding of its cybersecurity capacity in order to develop an investment strategy for the development of the cybersecurity capacity of the country.
Context
The Global Cyber Security Capacity Centre (GCSCC) conducts research to understand and identify trends in cybersecurity, to help the world prepare and respond to cyber threats. Together with a global multistakeholder community with expertise in cybersecurity capacity building, the Centre has developed a model that helps countries self-assess and identify their strengths and needs for their cybersecurity maturity. The Cybersecurity Capacity Maturity Model (CMM), which was last revised in 2021, considers cybersecurity maturity to comprise five dimensions which together constitute a wide breadth of national capacity that a country requires to be effective in delivering cybersecurity resilience. Dimension 1 looks at the country’s ability to develop and implement cybersecurity policies and strategy. Dimension 2 looks at culture and societal elements that affect public understanding and their ability to protect themselves in the cyberspace. Dimension 3 looks at the initiatives by different stakeholders in driving cybersecurity awareness among users. Dimension 4 looks at the capacity of countries to prosecute cybercrime and Dimension 5 looks at the availability of protective technologies and standards
The GCSCC’s support to a CMM in Myanmar was funded by the United Kingdom, Korea-World Bank Group Partnership Facility (KWPF) under its Global Cybersecurity Capacity Program. The assessment was hosted by the Ministry of Transport and Communications (MOTC).
For this CMM, the GCSCC received additional support from the Norwegian Institute of International Affairs (NUPI) as part of its project “Cybersecurity capacity building 2.0 – Bridging the digital divide and strengthening sustainable development through cybersecurity capacity building”.
Outcomes
According to the finalized Report, some relevant key findings were identified across the five dimensions of cybersecurity capacity at the time of the assessment. Notably, the lack of national cybersecurity strategy document and cybersecurity units within public departments, no understanding of critical infrastructure as a term and CI stakeholders, lack of cybersecurity awareness and awareness-raising within the public and private sector as well as amongst users, none or inadequate legislation on digital rights, data protection, ICT security or cybercrime, no uniform set of standards and policies within the public sector or an public organisation responsible of them, no inventory of secure software and a lack of policy regarding controls on critical infrastructure.
Outputs
The CMM Report was completed in 2018.
A summary of the CMM’s findings and information on follow-on action was included in the World Bank’s report ‘Global Cybersecurity Capacity Program: Lessons Learned and Recommendations Towards Strengthening the Program’.
Activities
The CMM in-country assessment review was conducted in Myanmar during 29-31 August 2017. Some of the stakeholders which participated in the consultations to review Myanmar’s cybersecurity capacity were Myanmar’s public entities (Ministries, Central Bank, CERT, etc.), the criminal justice sector, the technology and telecommunications sector, the finance sector, critical infrastructure owners (hospitals, transportation, electricity, and water), Academia, professional societies as well as NGOs and the international community.
Other website links
Image courtesy of the GCSCC
The Cybil project repository is being continuously updated, and the information it contains is either publicly available, or consent for publication was given by the owner. Please contact the portal manager with any additional information or corrections. Whilst every reasonable effort is made to keep the content of this inventory accurate and up to date, no warranty or representation of any kind, express or implied, is made in relation to the accuracy, completeness or adequacy of the information contained in these pages.
