National Cybersecurity Strategy

It is now clear that no Government Internet-linked system is immune from the ever more daring, frequent and complex cyber attacks. Indeed, many countries regard cyber attacks by other States, organised crime and terrorists as highest priority national security risks. Yet, it is clear that Governments are not building cyber defence capabilities at the pace required to stem cyber attacks. This is the inevitable result of the prevalent reliance on a reactive approach to cyber threats that views cybersecurity as a technical problem. Thus, we counsel a strategic and business-led view instead. We help our clients devise a holistic approach to preventing, detecting, deterring and responding to cyber threats and risks most likely to disrupt essential activities. We typically follow the steps below:

Stage 1 — Cyber Healthcheck

We work with you to assess cybersecurity readiness in States. We seek to establish whether systems and services that support commerce, public health and safety and national security or any combination of essential services can continue functioning even in the face of cyber attack. Because cybersecurity is a shared responsibility, we engage all relevant Government and private sector stakeholders during the cyber Healthcheck phase. The phase helps us establish the concerns and capabilities of relevant stakeholders.

Stage 2 — Strategic Context

We conduct a detailed evaluation of the factors that influence cybersecurity activities. For Governments, the factors shaping cybersecurity include strategies in domains such as national security and e-Government.

Stage 3 — Strategic Goals/Ends

At this stage, we work with top leaders at national, departmental or corporate levels to identify what the strategy is seeking to accomplish. As the title implies, strategic goals are long-term and aim to help a Government build durable capacity to mitigate and respond to the cyber threats most likely to disrupt essential business processes. Whilst requirements differ across States, our clients often define goals in domains including national security; effective, efficient and responsive services; the economic benefits of IT-enabled businesses and boosting IT expertise.

Stage 4 — Project Priorities

We identify project priorities that we align with your business goals and obtain top leadership sign-off. We then devise the most effective approaches for pursuing the identified strategic priorities. We further propose the activities needed to realise each strategic priority. Additionally, we help you develop a structure for governing the allocation of the needed resources as well as the coordination and monitoring of activities. We also help with defining expectations for activities and thus give a performance verification basis.

Stage 5 — Project Resources

At this stage, we help clients identify the human, technical and institutional resources required to achieve the strategic cyber goals. We use the same model to assess resourcing of live programmes.

Stage 6 — Assurance

Lastly, we help build a mechanism for monitoring cybersecurity initiatives to ensure that they continue to meet business goals. We tailor processes to your needs.

We developed the comprehensive cybersecurity model that the International Telecommunication Union (ITU) recommends to its Member States.

National Cybersecurity Conceptual Model

National Cybersecurity Conceptual Model