Cyber security strategies
The cyber security report by OECD (2012) states that most cyber security strategies have the following concepts:
- Enhanced governmental coordination at policy and operational levels
- Reinforced public-private cooperation
- Improved international cooperation
- Respect for fundamental values
Enhanced governmental coordination at policy and operational levels
Generally, responsibility for cyber security policy making and implementation is assigned within the government. Nevertheless, due to the complicated nature of cyber security, there is no one single governmental body which holds all responsibilities. Therefore, coordination among the relevant bodies is vital. For example, in the UK there is the National Cyber Security Centre (NCSC) that works in cooperation with other related governmental agencies, when required, such as GCHQ, etc.
As they state themselves:
The NCSC provides a single point of contact for SMEs, larger organisations, government agencies, the general public and departments. We also work collaboratively with other law enforcement, defence, the UK’s intelligence and security agencies and international partners.
Reinforced public-private cooperation
It is clear that cyber space is largely owned and operated by the private sector. Therefore, it is paramount that policies should be based on inclusive public-private partnerships, such as business, civil society, the internet technical community and academia.
As the NCSC states:
The NCSC support the most critical organisations in the UK, the wider public sector, industry, SMEs as well as the general public. When incidents do occur, [the NCSC] provides an effective incident response to minimise harm to the UK, help with recovery, and learn lessons for the future
Improved international cooperation
International cooperation, better partnerships with like-minded countries or allies are important. Most countries, however, provide little detail on how to reach international cooperation. There are some exceptions though. For instance, the US’s specific international strategy for cyberspace and the UK’s concept of international norms of behaviour in cyberspace can also be found in the Australian and German strategies. However, more cooperation is required from such international organisations such as the Council of Europe, the EU, the G7, the OECD, the OSCE, and the UN, including the ITU.
Respect for fundamental values
Cyber security policies should respect fundamental values, such as privacy, freedom of speech, the free flow of information.
Browse the website of the National Cyber Security Centre.
You can find some really interesting reports, speeches, blogs and weekly threat reports.
Familiarise yourself with the website, which has lots of useful information. Visit the website regularly, follow their Twitter account. Keep updated!
Share anything you find particularly interesting, and why you find it interesting, in the comments.
Hill, R. (2015) ‘Dealing with Cyber Security Threats: International Cooperation, ITU, and WCIT’. International Conference on Cyber Conflict, CYCON. January, Article. no. 7158473, 119–134
OECD (2012) Cybersecurity Policy Making at a Turning Point. Analysing a New Generation of National Cybersecurity Strategies for the Internet Economy. Paris: OECD. available from http://www.oecd.org/sti/ieconomy/cybersecurity%20policy%20making.pdf [5 September 2019]
The National Cyber Security Centre (n.d) About the NCSC [online] available from https://www.ncsc.gov.uk/section/about-ncsc/what-we-do [5 September 2019]
The National Cyber Security Centre (n.d) The National Cyber Security Centre [online] available from https://www.ncsc.gov.uk/ [5 September 2019]
© Coventry University. CC BY-NC 4.0