In 2016, NATO allies recognized cyberspace as a new operational area that NATO must protect as much as it must protect air, land, and sea space.
Worldwide statistics show an alarming increase in cyber attacks and according to trends they will not slow down.
Escalations of geopolitical tensions are increasingly ending with organized cyber attacks sponsored by various states. For this reason, in 2016 NATO allies recognized cyberspace as a new operational field that NATO must protect as much as it must protect air, land, and sea space.
Cyber warfare can be defined as a cyber attack or a series of attacks that target a state. These attacks are intended to wreak havoc on government, civilian infrastructure, and disrupt critical systems, resulting in extensive damage and even loss of life.
Since we are living in a new reality where the risks from cyber attacks are constantly evolving, then in order to mitigate the cyber security risks facing citizens, businesses, countries and their critical infrastructure, governments must take concrete actions as soon as possible to develop a comprehensive national cyber security protection strategy.
Over the years, many countries have developed national cyber security protection strategies. However, if we study and compare the national strategies of the top-10 countries (which have been shown to be successful and comprehensive to some extent), then five common elements can be observed, and they are:
- Establishing a national cybersecurity agency – Creating a single entity that has overall responsibility for defining and directing the nation’s cybersecurity agenda.
- Drafting of the national program for the protection of critical infrastructure – The national agency for cyber security should work with the regulators of each critical sector to prepare the criteria of cyber security protection for the sectors that are considered part of the critical infrastructure.
- Drafting a national incident response and recovery plan – Cyber attacks are inevitable, so every government should develop or continuously update incident response and recovery plans to mitigate the effects of cyber incidents.
- Adoption of laws related to cybercrimes – Governments should as soon as possible draft or update the legal framework and harmonize the laws related to cyber security. A good option when developing national cyber security laws is to embrace the guidelines set by the Budapest Convention – an international treaty governing cyber laws agreed upon by more than 65 countries.
- Building a Vibrant Cyber Security Ecosystem – Although a country may have comprehensive strategies, at the same time it is impossible for a single entity (such as the National Cyber Security Agency) to realize all the objectives of its strategy . Therefore, partnerships between stakeholders that include the private sector, the public sector, academic institutions, as well as other parties both domestically and internationally are essential to combating a country’s cyber security risks.
Across governments, across borders, and beyond any differences we may have, the digital age connects us all. Therefore, the security of all users, the well-being of societies, as well as economies around the world depends on the joint effort to mitigate the threatening cyber risks that are undermining the world order every day.
Arian Sheremeti specializes in the development and implementation of strategies for information security by securing and protecting assets from the risks of cyber attacks