CASPA – project: Innovative training methods and cybersecurity in the public sector

Increasing threat, strengthening resilience, digital awareness

In the past, the world of computing, information technology, hardware, software and networks (to sum up cyberspace) was the exclusive field of engineers, i.e. tech-skilled professionals. The threats to systems and networks, as well as the issues of protection against them, appeared only in this technical context. But it’s history now.

With the more and more society-wide aspect of digitalisation and the dizzying pace of spreading ICT technologies, the nature of the threat has changed radically, as the scope of people having to face everyday digital emergencies inevitably widened. Of course, the widening reach of digital technologies not only covers the spread of smart phones and home computer devices. An important part of the process is that the administrative structures of societies have become an unbedded part of the cyberdomain. Modern state administration operates in a web of computer systems, digital data masses and interconnected networks. The administration, the digitisation of public organisations requires a reassessment of security aspects. Cyber security has become a strategic issue: state organisations relying on digitised ecosystems face new cyberspace challenges not only from a technological point of view, but also from a legal, political, diplomatic, economic and military perspective.

The principle of “there is no such thing as a free lunch” prevails in the world, and this is especially true of the cyber reality. While the digitisation of administrative processes has increased the modern state to a qualitatively new level of efficiency, it has at the same time increased its vulnerability and its exposure to threats to an unprecedented degree. Threats, dangers, defense, in short, cyber security is no longer a problem for engineers, but has become a daily issue for “non-technical” actors operating in state administration. Effective operation and responsiveness in this situation require new knowledge, skills and abilities from non-engineer qualified public actors and users. And recently, the situation, at least in Europe, is not very promising. There have been significant gaps in cyber security-related technical areas for some time, but the situation is no better in the field of non-technical skills necessary to thrive in a digitised World. The realisation that, in modern, digitised public administration bodies, the widespread acquisition of the soft skills of cyber security can be the key to the effective functioning of such systems.

The pandemic year 2020, with the global health emergency, the rising geopolitical tensions and the emerging cyber incidents associated with all of this, highlighted the vulnerability of societies and their subsystems more than before. One of the most popular expressions became the concept of resilience, an increased ability to withstand such hardships. In connection with this, perhaps the need for cyber hygiene appears as a most important concept in the world of digital spaces. Which, in essence, is the everyday, non-technological soft capabilities of cyber security.

However, with this socialisation of digital technologies, ICT tools, software and networks have become more than just a daily working tool and operational hardware for public administration. The regulatory and governance aspects of cyberspace are an increasingly pronounced topic for the management of international relations. In the life of diplomacy, the special segment of state administration, digitalisation and cyber reality appear not only as a new tool, but also as the object of its activity. This special area (becoming particularly important) is the terrain of cyberdiplomats. Their effective operation requires a combination of knowledge of classical diplomacy and the know-how of the digital sphere, that is, a cyber-soft-skill set containing many specialised (e.g. strategic, legal) aspects.

Providing such new (in some sense “hybrid”) competences to public administrations in the 21st century, but firstly, recognising the actual need and increasing cyber awareness requires a comprehensive, innovative approach to education. This recognition resulted in a targeted collaboration between prestigious higher education institutions of the V4 and the Baltic regions, which the launch of the CASPA project.

International cooperation between higher education and industry: The CASPA project

CASPA (Cyber Aware Students for Public Administration) is an Erasmus + K2 project coordinated by TalTech, the Technical University of Tallin. The three-year programme was launched in December 2020 and will be implemented by a specially selected international consortium in which the Cyber Security Research Institute of the University of Public Service, the Kosciuszko Institute, one of the largest Polish think tanks have joined the Estonian TalTech. A private company, the Estonian-Hungarian Cyex has also joined the group to deepen the content of the cooperation. The speciality of the partnership is that the members of the consortium, already knowing each other well from many joint projects, will be able to create truly novel result products untill the project’s end in August 2023.

The aim of the project, in short, is to develop and launch innovative training materials and courses to promote public cybersecurity awareness and cyber diplomacy skills. The training to be developed and implemented is not an “engineering” course: it is for students who will later work in various administrative areas and subsystems of public administration, either as users or in cybersecurity duties thanks to their newly acquired expertise. The target group of the project is dual, in line with the duality of cyberspace processes described in the previous chapter. The primary users of the syllabi, training programs and curriculums will be our students who are going to serve, in non-technical positions of the public administration of their country after the university. For them, the aim is to familiarise themselves with the basic concepts, tools and procedures of cyberspace processes, threats and cybersecurity, including the legal, policy and technical aspects of the complex cyberdomain. In addition, the project is going to pay special attention to the training of students who will later specialise as members of their country’s diplomatic corps, or in other positions of foreign affairs administration, national security, international regulation and governance of cyberspace. CASPA results will therefore play just as important a role In the training of future cyberdiplomats, as in the education of future public administration professionals who will be in daily contact with digitalisation.

In the development of educational materials and curricula, the CASPA project is also based on the past experience of the countries participating in the consortium: the good-practices of the recently instituted cybersecurity master’s training of the UPS Cyber Security Institute, or the deep knowledge base of Polish and Estonian partners. The curriculum and training material to be developed during the project will be interactive not only in name: the courses will be implemented in a special virtual environment using the gamification approach. The spectacular, liveable educational environment of the VR/AR (virtual reality and augmented reality) will not only make the training more efficient, but also more interesting and enjoyable, significantly increasing its effectiveness. The Estonian-Hungarian Cyex, an industrial partner of the project, will play an important role in creating this feature.

Feedback, exploitation of results

The project, in which two major higher education institutions play a key role, primarily intends, of course, to serve with its results the training needs of the institutions concerned. Up-to-date specialised knowledge can be integrated into the trainings of UPS and TalTech, which can continue as methodologically innovative courses that are understandable, experienceable and attractive for new generations of students being already „natives” of the world of digitalisation. The making of the Masters in Cybersecurity Course available for international students will also be an important achievement for the University of Public Service. A number of the results of the project could also be integrated into the further development of the Cyber Diplomacy module of the Diplomatic Academy (a joint venture of UPS and the Hungarian MTFA), and could also be used in the Chief of Electronic Information Security specialised further education courses, as well as in updating the cybersecurity curriculum of public service trainings in general. At the same time, an important educational aspect is that the project will involve a number of PhD students in this international work, effectively supporting their research activities, while also increasing their international experience.

The deepening of the professional relationships and cooperations of the higher education institutions in the consortium will be a further benefit of the project, vitalizing the strategic cooperation agreement between UPS and TalTech. Joint courses, graduate and post-graduate courses can be built on the results of the project, while at the same time expanding the possibility of involving international students. The foundation of the professional cooperation between the UPS and the Kosciuszko Institute will be an important results of this project. The project will also have an additional, albeit not negligible, ‘communication benefit’ resulting from Cyex’s involvement. The Estonian start-up, responsible for implementing the VR/AR platform of the training courses, was founded by students graduating from the UPS, or linked to it in other ways, so it may be an attractive spin-off model to university students. At the same time, the Polish think tank participating in the project can further enrich its research and publishing portfolio. The industrial partner Cyex can further develop its educational platform and professional references within the framework of the project. Therefore, from the joint work, there will be abundant benefits for all participants.