Since its creation, Information and Communication Technology has evolved to become the backbone of modern business, critical services and infrastructure, social networks, and the global economy as a whole.

As a result, national leaders have started to launch digital strategies and to

fund projects that increase Internet connectivity and leverage the benefits

stemming from the use of ICTs, to stimulate economic growth, to increase

productivity and efficiency, to improve service delivery and capacity, to

provide access to business and information, to enable e-learning, to enhance

workforce skills and to promote good governance. Countries cannot ignore the

opportunities associated with becoming connected and participating in the

Internet economy.

While the reliance of our societies on the digital infrastructure is growing,

technology remains inherently vulnerable. The confidentiality, integrity

and availability of ICT infrastructure are challenged by rapidly evolving

risks, including electronic fraud, theft of intellectual property and personal

identifiable information, disruption of service, and damage or destruction of

property. The transformational power of ICTs and the Internet as catalysts for

economic growth and social development are at a critical point where citizens’

and national trust and confidence in the use of ICTs are being eroded by


To fully realise the potential of technology, states must align their national

economic visions with their national security priorities. If the security risks

associated with the proliferation of ICT-enabled infrastructure and Internet

applications are not appropriately balanced with comprehensive national

cybersecurity strategies and resilience plans, countries will be unable to

achieve the economic growth and the national security goals they are seeking.

In response, nations are developing both offensive and defensive capabilities

to defend themselves from illicit and illegal activities in cyberspace and to

pre-empt incidents before they can cause harm to their nations. This document

will look specifically at defensive responses, particularly in the form of national

cybersecurity strategies.

Several national and international definitions of the term “cybersecurity”

exist. For the purpose of this document, the term “cybersecurity” is meant

to describe the collection of tools, policies, guidelines, risk management

approaches, actions, trainings, best practices, assurance, and technologies

that can be used to protect the availability, integrity, and confidentiality

of assets in the connected infrastructures pertaining to government,

private organisations, and citizens; these assets include connected

computing devices, personnel, infrastructure, applications, digital services,

telecommunications systems, and data in the digital-environment.


What is


Benefits of

a National



and strategy


processNational cybersecurity strategies can take many forms and can go into varying

levels of detail, depending on the particular country’s objectives and levels

of cyber-readiness. Therefore, there is no established and commonly agreed

definition of what constitutes a National Cybersecurity Strategy.

Relying on existing research in this area, this document encourages

stakeholders to think of a National Cybersecurity Strategy as:

• an expression of the vision, high-level objectives, principles and priorities

that guide a country in addressing cybersecurity;

• an overview of the stakeholders tasked with improving cybersecurity of

the nation and their respective roles and responsibilities; and;

• a description of the steps, programmes and initiatives that a country will

undertake to protect its national cyber-infrastructure and, in the process,

increase its security and resilience.

Setting the vision, objectives, and priorities upfront enables governments

to look at cybersecurity holistically across their national digital ecosystem,

instead of at a particular sector, objective, or in response to a specific risk – it

allows them to be strategic. Priorities for national cybersecurity strategies

vary by country, so while the focus for one country may be addressing

critical infrastructure-related risks, for others it may be protecting intellectual

property, promoting trust in the online environment, or improving cybersecurity

awareness of the general public or a combination of these issues.

The need to identify and subsequently prioritise investments and resources

is critical to successfully managing risks in an area as all-encompassing

as cybersecurity.

A National Cybersecurity Strategy also provides the opportunity to align

cybersecurity priorities with other ICT-related objectives. Cybersecurity

is central to achieving socio-economic objectives of modern economies

and the Strategy should reflect how those are supported. This can be done

by referencing existing policies that seek to implement a country’s digital

or developmental agendas or by assessing how cybersecurity can be

incorporated into them.

Finally, a National Cybersecurity Strategy development process should

translate a government’s vision into coherent and implementable policies that

will help it achieve its objectives. This includes not only the steps, programmes

and initiatives that should be put in place, but also the resources allocated for

those efforts and how these resources should be used. Similarly, the process

should identify the metrics that will be used to help ensure that desired

outcomes are achieved within set budgets and timelines.

Template Design © VibeThemes. All rights reserved.