NATIONAL CYBERSECURITY STRATEGIES: COMPARATIVE ANALYSIS
Abstract
In this paper were compared and analyzed 14 National cybersecurity strategies (NCSS). Comparing this NCSS, major differences in approaches stemming from the differences in starting points are found: economics, national security, or military defence. Many of the NCSS are unclear about the relationship of the NCSS with existing national and international policies such as about CIP, the European Digital Agenda, and a national security policy.
Only six countries have defined the notion cyber security. The other eight countries either use descriptive text in their NCSS or a kind of common public understanding. As there is lack a harmonized cyber terminology, they might be hampered in collaboratively addressing the global threats to cyber space. Moreover, countries have a different understanding of the scope of what cyber security is supposed to cover: internet connected systems only or the whole of ICT.
All countries pointed in their NCSS the international threats and the risk of cyberspace. Nevertheless, the NCSS are relatively weak when describing detailed action plans under the topic “international collaboration”. International topics such as harmonization activities across international borders, collaborative acceleration of international response to cyber crime and other disturbances do not seem to be on the priority lists of the governments.
Most NCSS lack a dynamic approach to cyberspace (technological) threats and challenges; only the UK mentioned electromagnetic spectrum threats to cyberspace. Emerging cyber security threats are only explicitly addressed by Germany and Japan in their NCSS, where the innovation cycle of ICT is high causing a fast appearance of new security risk.
When it comes to tactical and operational plans, only two countries use some of the SMARTness criteria. Interestingly, Uganda uses a system of metrics for the current state, the midway milestone, and the end result. Whether a strategy is a success or not, and whether the action plan is on the right track, cannot be measured when SMART criteria lack. Nations could implement a dashboard, including metrics related to dependence/relevance and to changing threats.
Most NCSS recognize the need for a society-wide approach: citizens, businesses, the public sector, and the government. However, the set of actions aimed at citizens is most often limited to awareness campaigns and information security education at schools. Only Australia has an outreach programme which supports the citizens with national cyber security tools. This also shows that most countries underrate the risk of loss of public confidence in ICT which may seriously hamper economic prosperity and e-government plans.
Downloads
References
Bert, G. R. M. Walker, J. M. (2019). Does Strategic Planning Improve Organizational Performance? doi.org/10.1111/puar.13104.
Council Directive 2008/114/EC on the Identification and Designation of European Critical Infrastructures and the Assessment of the Need to Improve their Protection. (2008). European Commission, Brussels, Belgium. URL: http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2008:345:0075:0082:EN:PDF.
Cyber Security Strategy. (2009). Office of the Attorney General, Australia. URL: http://www.ag.gov.au/www/agd/agd.nsf/Page/CyberSecurity_CyberSecurity#h2strategy.
Cyber Security Strategy for Germany. (2011). Federal Ministry of the Interior (Bundesministerium des Innern). Berlin, Germany. URL: http://www.cio.bund.de/SharedDocs/Publikationen/DE/IT-Sicherheit/css_engl_download.pdf?__blob=publicationFile.
Cyber Security Strategy of the United Kingdom: Safety, Security and Resilience in Cyber Space. (2009). Cabinet Office, London, UK. URL: http://www.official-documents.gov.uk/document/cm76/7642/7642.pdf.
Cyber Sicherheitsstrategie fur Deutschland. (2011). Bundesministerium des Innern, Berlin, Germany. URL: http://www.bmi.bund.de/SharedDocs/Downloads/DE/Themen/OED_Verwaltung/Informations gesellschaft/cyber.pdf?__blob=publicationFile.
Defense et Securite nationale: Le Livre Blanc. (2008). Secretariat general de la Defense et de la Securite Nationale, Paris, France. URL: http://www.livreblancdefenseetsecurite.gouv.fr/IMG/pdf/livre_blanc_tome1_partie1.pdf.
Derrick, L. (2011). An Intelligent Use for Cupcakes Hacking Terrorist Sites URL: http://lafiga.firedoglake.com/2011/06/03/finally-an-intelligent-use-for-cupcakes-hacking-terrorist-sites.
Information Security Strategy for Protecting the Nation. (2009). Information Security Policy Council, Tokyo, Japan. URL: http://www.nisc.go.jp/eng/pdf/New_Strategy_English.pdf.
Information Systems Defence and Security: France’s Strategy. (2011). Secretariat general de la defense et de la securite nationale, Paris, France. URL: http://www.ssi.gouv.fr/IMG/pdf/2011-02-15_Information_system_defence_and_security_- _France_s_strategy.pdf.
International Strategy for Cyberspace. (2011). The White House, Washington DC, USA. URL: http://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf.
Kiechel, Walter. (2010). The Lords of Strategy. Harvard Business Press.
Mintzberg, Henry, Quinn, James. (1996). The Strategy Process: Concepts, Contets, Cases. Prentice Hall.
National Cyber Security Strategies. (2012). European Network and Information Security Agency, Heraklion, Greece (ENISA). URL: http://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies- ncsss/cyber-security-strategies-paper/at_download/fullReport.
National Information Security Strategy (2011). Ministry of Information and Communication Technology, Republic of Uganda. URL: http://www.ict.go.ug/index.php?option=com_docman&task=doc_download&gid=49&Itemid=61.
Rauscher, K.F. and Yashenko, V. (Eds.). (2011). Critical Technology Foundations. EastWest Institute, London. URL: http://www.ewi.info/system/files/reports/Russia-U%20S%20%20bilateral%20on%20terminology%20v76%20%282%29.pdf.
Strategia de Securitate Cibernetica a Romaniei. (2011). Bratislava, Romania. URL: http://www.mcsi.ro/Transparenta-decizionala/21/Strategie_Cyber_23052011.
The National Cyber Security Strategy (NCSS): Success Through Cooperation. (2011). Netherlands Ministry of Security and Justice, The Hague, Netherlands. URL: http://www.enisa.europa.eu/media/news-items/dutch-cyber-security-strategy-2011.
The UK Cyber Security Strategy: Protecting and Promoting the UK in a Digital World. (2011). Cabinet Office, London, UK. URL: https://update.cabinetoffice.gov.uk/sites/default/files/resources/ukcyber-security-strategy-final.pdf.