A national cybersecurity strategy is NCCS is referred to as a plan of action that is established and designed to improve the resilience and security of national services and infrastructure. The critical information protection is defined by NCCS that is prone to global cybersecurity threats. The strategies have been used to analyze the existing NCCS in development, outlining and implementation of information security. Several countries have highlighted the importance of information and network security and resilience through cybersecurity strategies. There have been proposed updates on the regulatory framework directives and the CIIP propose a concrete policy that can be used for improvements in the resilience and security of public telecommunications.
Common principles and guidelines in ENISA & CTO.
A strategy is a long-term action that is designed to achieve the overall aim. The aim of this cybersecurity objective among the member states is to improve the security and resilience of national ICT assets that will be able to support critical function among the states. This is through setting clear priorities and objectives that will successfully help in reaching the aims and objectives of cyberspace security. Due to rapid changes in the cyber threats environment, the Commonwealth and EU member states have decided to look into a dynamic and flexible cybersecurity strategies to mitigate the new global cybersecurity threats. The strategies are considered as approaches for higher national objectives and priorities that should be used for achievement for a specific time-frame (Barnard-Wills et al., 2015). Most countries have a National cybersecurity strategy that is used to tackle some risks to enhance their achievements of social and economic benefits from the cyberspace. Both have strategized on improving education and training that can be used to improve skills of use for information security specialists to create professions that have a strong cybersecurity. As an aim of setting national efforts to enhance security in the cyberspace, they have facilitated a comprehensive development and research programs that have focused on resilience and security issues for the current and future systems. They have also strategized on effective protection against malware. They have argued that this is possible if new threats are neutralized after they have been identified. This is because defense-related activities are related to the cybersecurity research and development activities. It is important to carry out a scientific research as part of the strategy to implement protective measures for information systems that have been advancing rapidly in the field of high technology. The priority areas for development of protection is the intelligent software protection and the mitigation of cyber-attacks to enhance cybersecurity.
unique aspects of the ENISA principles and guidelines
In the guide for to govern the strategy for the national security of information, they have relied on two phases which has been assumed to be the strategy life cycle. These include the development and execution of the strategy; second is the evaluation and adjustment of the strategy. The strategy has also relied on three approaches in governing the strategy. These include the linear approach whereby the strategy will be developed, evaluated and implemented and then terminated. The second approach is the life cycle approach. This approach is identified as a phase for output evaluation that will be involved in the adjustment and maintenance of the strategy. Cycles for continuous improvement are facilitated by the final approach in different levels. This is the hybrid approach. (Klimburg,2012). National risk assessment is the key element in cybersecurity strategy which is relevant for a specific focus on critical information infrastructure.
The scope of the national risk assessment as a strategy is risk identification, risk analysis, and risk evaluation. This strategy aims to coordinating the use of resources, controlling monitoring and minimizing the impact of unfortunate events. This is because the risk assessment can be used to provide valuable information that can be used in execution and development of certain strategies. Through carrying out the national risk assessment, the member states will be able to align their objectives with their strategies within the national security needs which will facilitate the focus on important challenges regarding cybersecurity.
Before defining the cybersecurity strategy, it is important for the member states to have an evaluation the key elements at national levels to identify important gaps. The strategy has emphasized in identifying the regulatory measures that are taken in different levels and their impacts on the improvement of security. Taking stock will also include looking at the capabilities that exist in developing and addressing the challenges in cybersecurity such as national CERTs.
The strategy for cybersecurity will only succeed if there is a clear and concise governance structure. This structure will evaluate the responsibilities, roles, and the accountability of all stakeholders important. This will offer a structure for coordination and dialogue of certain activities that are set about in the strategy lifecycle (Barnard-Wills et al., 2015). Identifying and engaging stakeholders is an important strategy for proper cooperation between private and public stakeholders. This is because they will facilitate the security and safety of critical services and infrastructure in the nation. It is also important to establish a trusted mechanism of sharing information.
The nations are required to present contingency plans for national cyber security. This will include interim measures and structures to respond and recover information involved in CIIs (critical information infrastructures). The strategy has emphasized on the establishment of baseline security requirements and reporting mechanisms that can be used to report threat environments. These will enable tailor and adjust security measures regarding recovery and response capabilities. The strategy has also emphasized on user awareness, fostering R&D, addressing cyber-crime, strengthening educational and training programs, engaging in international cooperation, an evaluation approach and key performance indicators. The key performance indicators are a list of possible initiatives in the strategy.
unique aspects of the CTO principles and guidelines
The CTO has undertaken an approach for serving and guiding countries to strategize on their national cyber security. These guides are the national security strategies for their member countries for practical actions and proposed advice that will be adopted by its members in their circumstances (Bankole et al., 2015). The cyber governance model has four key principles that have been stepped in by the Commonwealth values. The national cybersecurity strategy has been used to offer guidance to the member countries for the deployment and revision of their developed security strategies. The national security strategy has addressed some areas to create an effective cyber governance.
According to the guidelines on cyber security strategies by CTO, the strategies developed should be dependent on practical situations within the country. It is relevant for the country to ensure that they have a strategy that will attract strongly visible cybersecurity. The strategy should consider the risk-based and out-come focused design. This will derive the best services and assets that are important for the delivery of the strategic goals for the nation and the practical mitigations to be put in place.
The maturity model has been relied on as part of the strategy to indicate where a certain country has lack cybersecurity (Brown et al., 2015). The capacities indicated in the maturity model can be used in reducing risks and increasing opportunities for cyberspace in the country. For instance, the model can be utilized in measurement of legal frameworks in a nation’s cybersecurity. To ensure that the cybersecurity strategies in a country are being achieved the CTO has strategized appropriate mechanisms to monitor and evaluate the implementation through a key choice of the key performance indicators. The key performance indicator is supported by the use of maturity model that can measure the performance of the desired outcome for the strategies.
Resource and market forces are key parts of the strategy in development and allocation of resources to facilitate the response of the strategy. These are a key part of the CTO strategy design vital to avoid damaging outcomes. Another step in national cybersecurity in CTO is communicating the ideas and concepts of the strategy. This is important to inform and educate influential individuals to harness the ability and support the success of the strategy. After the publishing and adopting the strategy they aim at setting the direction for all the stakeholders participating in delivering their objectives and providing communication for the wider audience.
The implementation of the strategy requires being monitored to identify the gaps in a future review. In this case, the CTO strategy design offers a review of the strategy to get feedback on the strategy for continuous improvement. The CTO approach to cybersecurity has key elements of the cybersecurity strategy. This is provided to align the development plans and goals for country’s cybersecurity strategy. These include the guiding principles section, vision and strategic goals section, priorities and objectives section, stakeholder’s section, strategy implementation section and the monitoring the evaluation of the strategy. The CTO recommends implementation of those strategies in every country’s cybersecurity strategies.
Utilizing the European Union Agency for Network and Information Security (ENISA)is the most appropriate approach for national cybersecurity approach. This is because the strategies are dynamic and flexible to meet new global threats. The strategies have put together objectives with good examples of how they can be implemented. The strategy has offered objectives in key areas and identified key performance indicators in the strategy hence helping in creating a long-term condition. It has also offered a safe, resilient digital domain that is reliable and can be utilized for opportunities of mitigating threats in the society. The framework has offered guidance to nations in modification and meeting their national cybersecurity strategies with emphasis that each nation should take into account their impacts, and risks associated with their strategy.
The national cybersecurity is important in protection a nation’s asset. Through the guidelines in the strategy, a government can signal security incidents associated with cyberspace that facilitate effective information and communications and technology (ICT). Establishing the national cybersecurity strategy is considered as an important element for the overall economic and national security for the government. The paper has summarized the national cybersecurity strategies for both the commonwealth and ENISA with effective best practices that seek to support the member states in the activity of cyberspace protection.
It is important for a nation to implement national cybersecurity strategies through guidelines and principles to facilitate the benefits of security of information among nations.
Bankole, F. O., Osei-Bryson, K. M., & Brown, I. (2015). The impacts of telecommunications infrastructure and institutional quality on trade efficiency in Africa. Information Technology for Development, 21(1), 29-43.
Barnard-Wills, D., Marinos, L., & Portesi, S. European Union Agency for Network and Information Security (ENISA): Threat Landscape and Good Practice Guide for Smart Home and Converged Media, 2014.
Brown, C. S. (2015). Investigating and prosecuting cybercrime: Forensic dependencies and barriers to justice. International Journal of Cyber Criminology, 9(1), 55.
Commonwealth Telecommunications Organization. (2015). Commonwealth approach for developing national cybersecurity strategies. London, UK: Author. Retrieved from http://www.cto.int/media/fo-th/cyb-sec/Commonwealth%20Approach%20for%20National%20Cybersecurity%20Strategies.pdf
European Network and Information Security Agency. (2012). National cybersecurity strategies: Practical guide to development and execution. Heraklion, Crete, Greece: Author. Retrieved from https://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/national-cyber-security-strategies-an-implementation-guide/at_download/fullReport
Klimburg, A. (2012). National cybersecurity framework manual.