National level cyber policy and strategy is needed to ensure that the actions of multiple actors across government, the private sector, and society are mutually supportive. No two countries are the same, and so cybersecurity policy and strategy needs to be grounded in a proper understanding of the unique risks and challenges being faced, and a country’s wider social, economic and political goals.
This Dimension examines a how national level cybersecurity policy is formulated, how priorities are identified and agreed, and how implementation is structured and overseen. It examines specific national level capabilities required to manage incidents and crises, to ensure the security and resilience of critical national infrastructure, and to provide for effective security within the defence and national security sector. International collaboration is essential to effective cybersecurity, and this is also explored within the CMM.
Our research has identified a wide variation in the approaches that are being taken to national level cybersecurity policy and strategy. Common challenges include programme governance, securing the necessary priority, budget and profile for cybersecurity within government, engaging private sector partners, and achieving the right level of broader stakeholder and civil society engagement. Cybersecurity often cuts across traditional inter-agency boundaries within government, making programme governance all the more important. Evaluating the impact of strategic interventions in cybersecurity is a challenge for all countries, and this is one of the areas where we will be focussing our future research.
Other focus areas for research include: national level risk assessment; incentivisation and regulation; how national cybersecurity policy and strategy can support economic growth and development; and the impact of emerging technology on national cybersecurity policy and strategy.
Dimension 1 is led by Dr Jamie Saunders, an Oxford Martin Fellow and Visiting Professor at University College London.