Abstract
In this paper were compared and analyzed 14 National cybersecurity strategies (NCSS). Comparing this NCSS, major differences in approaches stemming from the differences in starting points are found: economics, national security, or military defence. Many of the NCSS are unclear about the relationship of the NCSS with existing national and international policies such as about CIP, the European Digital Agenda, and a national security policy. Only six countries have defined the notion cyber security. The other eight countries either use descriptive text in their NCSS or a kind of common public understanding. As there is lack a harmonized cyber terminology, they might be hampered in collaboratively addressing the global threats to cyber space. Moreover, countries have a different understanding of the scope of what cyber security is supposed to cover: internet connected systems only or the whole of ICT. All countries pointed in their NCSS the international threats and the risk of cyberspace. Nevertheless, the NCSS are relatively weak when describing detailed action plans under the topic “international collaboration”. International topics such as harmonization activities across international borders, collaborative acceleration of international response to cyber crime and other disturbances do not seem to be on the priority lists of the governments. Most NCSS lack a dynamic approach to cyberspace (technological) threats and challenges; only the UK mentioned electromagnetic spectrum threats to cyberspace. Emerging cyber security threats are only explicitly addressed by Germany and Japan in their NCSS, where the innovation cycle of ICT is high causing a fast appearance of new security risk. When it comes to tactical and operational plans, only two countries use some of the SMARTness criteria. Interestingly, Uganda uses a system of metrics for the current state, the midway milestone, and the end result. Whether a strategy is a success or not, and whether the action plan is on the right track, cannot be measured when SMART criteria lack. Nations could implement a dashboard, including metrics related to dependence/relevance and to changing threats. Most NCSS recognize the need for a society-wide approach: citizens, businesses, the public sector, and the government. However, the set of actions aimed at citizens is most often limited to awareness campaigns and information security education at schools. Only Australia has an outreach programme which supports the citizens with national cyber security tools. This also shows that most countries underrate the risk of loss of public confidence in ICT which may seriously hamper economic prosperity and e-government plans.
Published Version
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call