Presentation is loading. Please wait.

Presentation is loading. Please wait.

8 Building Blocks of National Cyber Strategies

Similar presentations


Presentation on theme: "8 Building Blocks of National Cyber Strategies"— Presentation transcript:

1 Cyber Strategy Workshop for African Union Member States July 23-27, 2018 Addis Ababa, Ethiopia

2 8 Building Blocks of National Cyber Strategies

3 What is Big and Strong ENOUGH?
Foundations must be big enough & strong enough to support the whole structure Size: ALL key stakeholders – Government, Private Sector, Civil Sector, Academia, Partner Governments, Others…? Strength: Depth of stakeholders’ commitment It may have many levels, but it must start with a solid foundation. A National Strategy for Cyber Capacity is like a Building… What is Big and Strong ENOUGH? The size and function of the building determines number and layout of floors Every foundation must reflect what it is designed to support It must be comprised of the right materials

4 8 Building Blocks - Summary
Key Partnerships: Internal, Public-Private, International Cybersecurity Awareness & Culture: Leadership, Workforce Pipeline, Public Awareness Cyber Workforce Development: Education, Training, Pipeline & Progression Incident Response: Detection, Response, and Remediation Processes Resilience: Critical Systems Protection and Incident Response Capabilities Countering Cybercrime & Law: Legal Framework, Cyber- and Cyber-Enabled Crime Prevention, Response, and Prosecution Capabilities Policy, Governance, & Resourcing: Governance and Regulatory Mechanisms and Processes, Resource Sources, Adjudication, and Accountability Strategic Foundations: Risk Management Approach, National Goals, Stakeholder Involvement, Leadership Commitment Enabling Operational Governance Foundational

5 Strategic Foundations
This area addresses a country’s fundamental preparedness for cyber capacity building to develop a national cyber strategy. It focuses on establishing: A Risk Management approach appropriate to the country’s threat landscape for identifying and prioritizing threats and opportunities National goals that reflect the country’s needs and aspirations with regard to cyberspace Leadership commitment toward attaining development goals Key stakeholder (governmental and public/industry/civic) involvement in shaping strategic approaches Is the Foundation Ready to Build on?

6 Policy, Governance & Resourcing
This area is focused on the mechanisms through which a cyber strategy is articulated, implemented, and enforced. It addresses: Governance structures, such as decision-making bodies and processes Policy roles, responsibilities, and oversight The adoption of cybersecurity best practices and standards in key areas like critical industries Resource governance, including processes for prioritizing, allocating, distributing, and tracking resources associated with cyber development

7 Counter-Cyber Crime & Law
Cybercrime (including data theft, identity theft, destruction, or fraud) and cyber-enabled crime (such as extortion or trafficking) can present a serious national problem, undermining trust in government, foreign investment, citizen safety and prosperity, economic security, and national security. This area addresses: The country’s legal framework, which allows it to define, identify and prosecute cyber- and cyber-enabled crimes Awareness, training and capacity of law enforcement in preventing and responding to cyber threats Capabilities required for cyber-crime prosecution, such as electronic evidence handling, cyber-forensics, and judicial training In addressing these capabilities, we draw on but are not limited to the provisions of the Budapest convention.

8 Cyber Incident Response
Incident Response includes detecting, identifying and characterizing, and responding to a cyber incident affecting key systems or services. It includes: Situational awareness Information sharing—both internal and with partners Internal communications processes for coordination, escalation and prioritization Incident Response & Recovery Capabilities CERT & CSIRT capabilities and processes This Photo by Unknown Author is licensed under CC BY

9 Operational Resilience
Resilience addresses how well a country is postured to protect against, withstand, and recover from a cyber incident affecting key systems or services. This area includes: Operational Best Practices, such as access management and routine patching Secure engineering and architectures for key systems, critical infrastructure, and essential digital services Provisions for critical systems protection— such as vulnerability assessments, physical diversity, or back-up The capacity of key stakeholders to assist in recovery, including through partnerships

10 Key Partnerships This category is focused on both internal and external partnerships that can support a nation’s cyber strategy. It addresses: Internal partnerships (for instance, between ministries or key offices and agencies) Public-private partnerships (such as between government and key industry or civic leadership) International partnerships to facilitate threat sharing, criminal prosecution, and training

11 Cybersecurity Workforce
A nation’s cybersecurity workforce is essential to capacity building in nearly every area: CERTs, protecting critical systems and services, modernizing industry and finance, establishing a digital economy, developing standards and policy, supporting cyber law enforcement. This category considers: Cyber workforce development pipelines Cybersecurity training, evaluation and certification programs University curricula and incentives for students to pursue technical education Relationship with industry in skills development Salaries, retention, and career path progression

12 Cybersecurity Awareness & Culture
Cybersecurity culture, or a “culture of security” is an essential component of a nation’s development in digital capabilities. Cybersecurity culture addresses the degree to which government and citizens understand the risks inherent in cyberspace, and how to manage those risks through good security practices. This category considers the nation’s capacity in: Basic science and technical education Public Cyber Safety awareness Cybersecurity training for non-technical workforce Effectiveness of government security awareness programs Public awareness of the government’s commitment to cybersecurity programs This Photo by Unknown Author is licensed under CC BY-SA

13 Questions?


Download ppt "8 Building Blocks of National Cyber Strategies"

Similar presentations


Ads by Google