Exploring National Cyber Security Strategies: Policy Approaches and Implications
This Occasional Paper examines national cyber security strategies from around the world and identifies six recurring policy challenges to be considered when building a national cyber strategy.
The UK’s 2016 National Cyber Security Strategy (NCSS) is reaching its conclusion. In 2021, the UK government is due to release a new strategy. To complement the increasing popularity of NCSSs around the world, this paper explores 22 strategies. In doing so, it identifies six recurring policy challenges to be considered when building a national cyber strategy:Â
- An overarching challenge is to set and appropriately communicate actionable strategic objectives. Metrics to track progress and investment should be aligned with these objectives.Â
Â
- States need to clearly articulate their perception of the threat landscape, their priorities and greatest challenges. This may be based on an overall national threat assessment, or if little has changed from a previous strategy, simply rearticulating the threat.Â
Â
- Closely aligned to the threat landscape, a strategy should outline the approach to tackling cybercrime. Cybercrime can cost the economy a great deal and erode trust between citizens and technology, further damaging the digital economy.Â
Â
- Raising cyber security standards in critical national infrastructure (CNI) is a major challenge for all states and should be a priority alongside investment in emerging technology to modernise CNI.Â
Â
- Public–private partnerships should be aligned to the priority areas set by the strategy and the role of stakeholders beyond the walls of government should be clearly articulated.Â
Â
- There should always be room for investment in soft power objectives, such as cyber capacity building. These interventions can contribute to increasing national and global cyber resilience.Â
Â
This paper highlights the importance of learning from other national approaches when formulating a new NCSS. There are no simple solutions in such a complex and evolving policy area, but by highlighting how states conceptualise cyber policy issues it is possible to draw out some common approaches. Cyber security is a global policy challenge, and the UK government should continue to remain aware of other national approaches. It should not develop a new strategy in isolation from this global context.Â
While this paper does not examine the UK’s NCSS specifically, it is part of a wider RUSI research project on future UK cyber security strategy. A subsequent paper will present direct policy recommendations on the priorities that the next UK NCSS (for 2021 and beyond) should consider.