Reviewing cybersecurity capacity in a COVID-19 environment

The launch and setup in early 2020 of the new Cybersecurity Capacity Centre for Southern Africa (C3SA) at the University of Cape Town, the latest member of the Constellation of Cybersecurity Capacity Research Centres, coincided with the beginning of the Coronavirus pandemic. For C3SA and the Oxfordbased Global Cyber Security Capacity Centre (GCSCC), which intended to train and mentor the C3SA researchers from March 2020 onwards, the travel restrictions imposed by several governments impacted all planned activities including training activities and C3SA’s first deployment of the Cybersecurity Capacity Maturity Model for Nations (CMM) in Uganda.

The CMM review in Uganda had been scheduled for early April 2020. The National Information Technology Authority-Uganda (NITA) (‘the host’) had invited the GCSCC and C3SA six months earlier to conduct a CMM re-assessment. The aim was to identify maturity developments and areas for further capacity building since the first CMM review by the GCSCC in 2015. In light of the unknown timescale of the pandemic and its impact on travelling, the partner centres proposed an adapted online CMM review to ensure the on-time delivery of the CMM report. Due to the commitment of NITA, and its previous experience with a CMM review, the proposal was accepted.

This short paper describes our experience navigating the challenges and opportunities of the pandemic, and what we learnt from this real disruptive global threat. We make recommendations to move forward to reap the benefits of virtual team meetings, research processes, and methodologies, while still striving to maintain the high standards and quality for which GCSCC and its partners are recognised.