National cyber security strategy

Overview
The security of a nation’s online environment is dependent on a number of stakeholders with differing needs and roles. From the user of public communications services to the Internet Service Provider supplying the infrastructure and handling everyday functioning of services, to the entities ensuring a nation’s internal and external security interests – every user of an information system affects the level of resistance of the national information infrastructure to cyber threats.

Successful national cyber security strategies must take into consideration all the concerned stakeholders, the need for their awareness of their responsibilities and the need to provide them with the necessary means to carry out their tasks. Also, national cyber security cannot be viewed as merely a sectoral responsibility: it requires a coordinated effort of all stakeholders. Therefore, collaboration is a common thread that runs through most of the currently available national strategies and policies.

Moreover, the different national cyber security strategies represent another common understanding: while national policies are bound by the borders of national sovereignty, they address an environment based on both infrastructure and functioning logic that has no regard for national boundaries. Cyber security is an international challenge, which requires international cooperation in order to successfully attain an acceptable level of security on a global level. National interests tend to have priority over common interests and this is an approach which may be difficult to change, if it needs changing at all. As long as we can find the common ground and discuss the problematic issues out in the open, national interests should not impede international cooperation.

The task of drafting a national cyber security strategy is a complex one. In addition to the versatile threat landscape and the various players involved, the measures to address cyber threats come from a number of different areas. They can be political, technological, legal, economic, managerial or military in nature, or can involve other disciplines appropriate for the particular risks. All of these competences need to come together to offer responses capable of strengthening security and resisting threats in unison, rather than in competition for a more prominent role or for resources. Also, any security measures foreseen must consistently be balanced against basic rights and freedoms and their effects on the economic environment must be considered. In the end, it is important to understand that cyber security is not an isolated objective, but rather a system of safeguards and responsibilities to ensure the functioning of open and modern societies.