National Cybersecurity Strategies

Introduction

A study from Luiijf et al. (2013) was conducted to research about the the structure, sections and elements of nineteen National Cybersecurity Strategies (NCSS) from these countries [Australia, Canada, Czech Republic, Estonia, France, Germany, India, Japan, Lithuania, Luxembourg, Romania, The Netherlands, New Zealand, South Africa, Spain, Uganda, The United Kingdom - UK (2009 and 2011) and The United States of America (USA)]. Most NCSS in this research, embraced a holistic approach for cyberspace, and all nations have considered international threats and risks in cyberspace. Most NCSS are focusing on societies, more specifically citizens, businesses, public sector and government. Subsequently, the authors proposed a structure for developing NCSS that encompasses an executive summary, an introduction, a strategic national vision on cybersecurituy, existing NCSS’ relationships with other strategies at the national and international level and legal frameworks, any guidance principles, the definition of cybersecurity objectives, an inventory of tactical actions and a glossary.

As reported by NATO (2013), cyber operations indicate the employment of cyber capabilities with the primary purpose of achieving objectives in or by the use of cyberspace, and under international laws States may be responsible for the conduction of cyber operations by their organs including non-state actors.

For several years, there have been four notorious domains in warfare: Air, Sea, Space and Land. With the information era booming, a new domain was added which is now Cyberspace. Lemieux (2015) reserached several events that led to the consolidation of cyber domains as part of modern warfare studies. Network-Centric Warfare (NCW) was conducive during the US military dominance during the 1991 Gulf War, commanders took advantage of NCW to maintain their forces informed at all times regarding situational awareness, troop movement and always outmaneuvering enemy forces. Henceforth, these battlefield experiences were observed and explored by Russia and China for further acceptance into their own military operations.

The US Department of Defense - DOD (DOD, 1991) published the Joint Publication 3-0: Operations which included ‘Information’ as the fifth warfighting domain to join the existing Air, Sea, Space and Land domains. The DOD (1996) declassified the National Military Strategy for Cyberspace Operations (NMS-CO) where information was escalated to the cyberspace domain.

Many nations are straighten out their cyber capabilities in cyberspace by proposing, creating, implementing and continuously updating a National Cybersecurity Strategy, policy or programme. Sabillon et al. (2016) described a cybersecurity policy as the instrument developed by nations to communicate and express those aspects that want a state to protect in cyberspace. North Atlantic Treaty Organization - NATO (2019) introduced a repository with NCSS and legal documents for 81 countries [13 for Africa, 11 for Americas and The Caribbean, 19 for Asia and Oceania and 38 for Europe] and The European Union Agency for Cybersecurity (ENISA, 2019) maintains the ENISA NCSS map for the 28 member states of the European Union (EU) and for the 4 member states of the European Free Trade Association (EFTA) that lists the implementation date and the number of objectives of each NCSS . International Telecommunication Union (ITU) (2016) highlights that 72 out 193 member states have published a National Cybersecurity Strategy but the majority of countries now have a NCSS (ITU, 2019). According to the Global Cybersecurity Index GCI 2018 v3 (ITU, 2019), 58% of the United Nations members have a NCSS in place with Europe and countries from the Commonwealth of Independent States (CIS) with the highest numbers of nations with NCSS, while the Africa region has the lowest indicator (14 out of 44 countries with a NCSS).