The cyber security threat to both national safety and economic prosperity is very real. Following the publication of a set of national cyber security strategies (NCSSs), a new paper assesses the different approaches to addressing this threat.
Nineteen National Cyber Security Strategies is written by cyber specialists Eric Luiijf, Kim Besseling and myself and sets out some recommendations for developing effective strategies. What is clear is that despite the threat being common, the approaches to tackling it – and even defining it – vary considerably. The paper looks at these differences and considers the guiding principles and tactical action lines of each NCSS.
It suggests that given the global nature of cyber security, nations can and should learn from each other. However, our analysis points to the fact that nations may well be hampered in collaboratively addressing the global threats to cyber space. This due to there being little harmonisation in terms of cyber terminology, let alone any detailed description in each NCSS of international collaboration activities.
And what about the need for a society-wide approach? With this I mean not just for governmental bodies and private organizations, but citizens as well. While this is viewed as important, only Australia had an outreach programme supporting its citizens with national cyber security tools. This is clearly an oversight and shows how most nations underrate the risk of loss of public confidence in ICT and its consequences on economic prosperity and e-government plans.
A key recommendation is for nations to adopt a SMART (specific, measurable, achievable, realistic and timely (SMART) definition for all NCSS action lines and planned activities. Currently only three of the national strategies analysed had done so. Yet without SMART criteria being applied, it is impossible to measure whether a strategy is successful, or whether the action plan is on the right track.
Any nation planning to develop or adapt a NCSS should consider the recommendations and findings in this paper. At this moment Capgemini is conducting an informal evaluation of the Dutch 2012 NCSS, taken into account the lessons of this article.