Abstract
Over the last two decades the state’s traditional duty to defend its citizens against threats has been extended to a new man-made domain: the cyber domain. As part of this defence states have created systems for establishing a level of preparedness in order to ensure societies’ resilience. ‘Resilience’ in this regard describes societal robustness – not only to deflect outside pressure, but also to absorb its effects and constantly adapt to changing conditions by collecting knowledge of negative events, learning from it and implementing the experience. Denmark’s cyber resilience plays an increasing role, as digitisation has meant that threats in the cyber domain have changed from peripheral nuisances to questions of national security. Hence, the Danish government has initiated the development of a new strategy for cyber and information security. Also, Denmark has committed to implementing the EU NIS Directive concerning measures for a high common level of security of network and information. This report focusses on those governmental aspects of the strategy that play a role in Denmark’s resilience against cyber threats. The report suggests that the new cyber strategy, along with the implementation of the EU NIS Directive, is an occasion to adjust the current interpretation of the sector responsibility principle. The report finds that the sector responsibility principle must remain the basic principle for governance of societal resilience in Denmark, but that adding some central authority and clarifying the division of responsibilities may overcome identified weaknesses in the current implementation of the principle.
Highlights
The report suggests that the new cyber strategy along with the implementation of the EU NIS Directive is an occasion to adjust the current interpretation of the sector responsibility principle
Due to the ongoing efforts to develop the upcoming cyber strategy, the Danish Agency for Digitisation could not at the time of writing comment on the content of the strategy, including whether or not the involved ministries have a common understanding of how tasks, responsibilities and costs will be divided between them according to the sector responsibility principle (Author, 2017e)
With the caveat that the upcoming cyber strategy is unfinished at the time of writing (January 2018), the present analysis gives rise to the following conclusions: The need for central definitions of critical infrastructure: It is less likely that the strategy will establish clear institutional definitions of ‘critical infrastructure’ in Denmark
Summary
Over the last two decades the state’s traditional duty to defend its citizens against threats has been extended to a new man-made domain: the cyber domain. As part of this defence states have created systems for establishing a level of preparedness in order to ensure societies’ resilience. The report suggests that the new cyber strategy, along with the implementation of the EU NIS Directive, is an occasion to adjust the current interpretation of the sector responsibility principle. The report finds that the sector responsibility principle must remain the basic principle for governance of societal resilience in Denmark, but that adding some central authority and clarifying the division of responsibilities may overcome identified weaknesses in the current implementation of the principle
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have