The European Union Agency for Cybersecurity (ENISA) defines a National Cybersecurity Strategy as ‘a plan of actions designed to improve the security and resilience of national infrastructures and services’. It is a high-level top-down approach to cybersecurity that establishes a range of national objectives and priorities that should be achieved in a specific timeframe. It can also be described as a careful plan or method of protection for both informational and non-informational assets through the ICT infrastructure for achieving particular national goals, usually over a long period (Azmi et al.).
Usually, National cybersecurity strategies are high-level, stakeholder-oriented country-owned plans that governments use to describe issues such as:
[Source: Guide to developing a national cybersecurity strategy – (International Telecommunication Union (ITU) et al. 2018, 13) ]
The aim of developing the NCS is not strictly for cybersecurity only. It can also serve as a tool for economic development. There are various phases and activities that would form part of developing and implementing a national cybersecurity strategy. These activities and outcomes are usually referred to as the lifecycle of the strategy. We will discuss this later in the text. The International Telecommunications Union (ITU) Guide to developing national cybersecurity strategies, identifies nine guiding principles that should help officials and stakeholders throughout the strategy development lifecycle. These principles are not limited to any phase of the cycle and should be taken together as a whole because they apply to all key focus areas of the NCS. These principles are depicted in the diagram below.
Figure 1. A graphic outline of the Guiding Principles of the NCS process.
Reflection point
Do you know any National Strategy from your country in the area or subject matter? If yes, kindly look at its structure.