Cybersecurity as one of the priorities of national policy
Abstract
The criticality of the Internet for today's economy has several implications for cybersecurity policy development, the main of which is the adoption of strategies that approach cybersecurity in a comprehensive and comprehensive manner. That is, cybersecurity policy should include:
- The importance of multi-stakeholder dialogue;
- The importance of economic aspects of cybersecurity;
- Flexible approach to policy formation and implementation;
- Consideration of sovereignty issues in the development of cybersecurity policy;
- Respect for fundamental values;
- Improving international cooperation;
- Strengthening public-private cooperation;
- Strengthening government coordination at the political and operational levels.
Cybersecurity policy in Ukraine should be based on the following principles:
- introduction of a strategic approach to cybersecurity;
- comprehensive solution to cybersecurity problems, including the use of effective coordination mechanisms adapted to the culture and style of governance in the country;
- timeliness, flexibility and adaptability in decision-making in the field of cybersecurity;
- development of national capacity of teams to counter cyber incidents;
- introduction of advanced methods of cybersecurity;
- improving the protection of critical information infrastructures;
- respect for the fundamental values of freedom of information, but with the use of appropriate precautions, checks and balances;
- increasing the cyber literacy of society;
- use of a system of incentives for the development of cybersecurity and the corresponding human resources;
- cooperation with private and non-governmental organizations, development of public-private partnership;
- strengthening the fight against cybercrime;
- encouragement of research and development in the field of cybersecurity;
- development of international cooperation, in particular, by participating in the development of common norms of behavior in cyberspace.
In general, as can be seen from the experience of many countries, cybersecurity policy development is reaching a new level of maturity compared to previous policies of the first decade of the 21st century, with better leadership, better coordination and greater stakeholder involvement. At the same time, the challenges of policy-making are increasing, suggesting that governments are also facing a new level of complexity. For example, the need for greater coordination between agencies needs to be met through a higher degree of centralization, while providing dynamic and fast, almost real-time, decision-making processes at all levels. Another challenge is the need to implement integrated approaches that take into account sovereignty and economic / social issues, the participation of a wide range of public authorities and the expansion of cooperation with the private sector. Another problem is the need to maintain the openness of the Internet and fundamental values in accordance with the 2011 Recommendation of the Council on the principles of Internet policy-making. These and other challenges take time, while the key task for the cybersecurity public sector at the moment is to prepare for and counter possible serious cyber incidents, but in a way that does not undermine the openness of the Internet.
Downloads
References
Asllani, A., White, C.S. & Ettkin, L. (2012). Viewing Cybersecurity as a Public Good: The Role of Governments, Businesses, and Individuals. Allied Academies International Conference: Proceedings Of The Academy Of Legal, Ethical & Regulatory Issues (ALERI), 16 (1), 1–2.
Campbell, S. (2013). Who Should Drive Cybersecurity Policy: Government or Private Industry? URL: http://www.threattracksecurity.com/blogs/cso/best-cybersecurity-policy-driver-government-private-industry/.
ENISA (2012). National Cyber Security Strategies. Setting the course for national efforts to strengthen security in cyberspace. URL: www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/cyber-security-strategies-paper.
Fetzer, P. (2014). A Compilation of Enforcement and Non-Enforcement Actions – 30 April 2014. Mondaq Business Briefing. May 2. URL: http://bi.galegroup.com.ezproxy.umuc.edu /essentials/article/GALE%7CA366740594/da1cb a907f837d6534b75f26925c2f8c?u=umd_umuc.
OECD (2002). Guidelines for the Security of Information Systems and Networks: Towards a Culture of Security, Paris. URL: www.oecd.org/ document/42/0,3746,en_2649_34255_15582250_1_1_1_ 1,00.html.
Rosenzweig, P. (2011). Cybersecurity and Public Goods: the Public/Private Partnership. In P. Berkowitz (Series Ed.). Emerging Threats in National Security and Law (pp. 2–35). URL: http://www.emergingthreatsessays.com.
Smith, J. (2012). Groups Warn оf Privacy Concerns іn Cybersecurity. Bills. National Journal Daily. February 9. URL: http://bi.galegroup.com.ezproxy.umuc.edu/essentials/article/ GALE%7CA296609515/1bdddd15100244706117f040a6f0096a?u=umd_umuc.
UK Home Office (2010). Cyber Crime Strategy. URL: www.official-documents.gov.uk/document/cm78/7842/7842.pdf.
United States: US Senate Intelligence Committee approves Cybersecurity Information Sharing Act. (2014). TendersInfo News. July 10. URL: http://bi.galegroup.com.ezproxy.umuc.edu/ essentials/article/GALE%7CA374562170/47ae2 c726538f15d98557c7726d5ccf0?u=umd_umuc.
US Department of Defense. (2011). Department of Defense Strategy for Operating in Cyberspace. URL: www.defense.gov/news/d20110714cyber.pdf.
Warfield, D. (2013). Critical infrastructures: IT Security and Threats from Private Sector Ownership. Information Security Journal: A Global Perspective, 21(3), 2012, 127–136. doi10.1080/19393555.2011.652289.
