National Cybersecurity and Cyberdefense Policy Snapshots
Date of Publication
2018 12:00 AM
Security Theme
Cybersecurity
Keywords
Cybersecurity, cybersecurity, critical infrastructure
Description
The goal of this publication is to understand current cybersecurity policies as a facet of a country’s national security policy, and particularly how cyberdefense is embedded in a state’s cybersecurity posture. In the past decade cyberconflict has been increasingly discussed at the highest political and military levels. It has also broadened as a concept to include not just cyberattacks on critical infrastructure, but acts of hybrid warfare and state-sponsored campaigns to affect or change public opinion. Cyberspace is therefore increasingly being viewed as both a strategic domain and as a tool to be used in a strategic manner. Cyberconflict itself has moved towards what Liddell Hart (1965) described as “grand strategy”: all the of a nation state – economic, military, diplomatic, social and informational – are being deployed in both peacetime and wartime to ensure that the state and its citizens remain secure in an increasingly digital and connected world. Due to the ever-increasing availability and variety of sophisticated malicious digital tools and the ease with which these tools can be deployed, cybersecurity is now a crucial element of national security. Within this larger context, the concept of cyberdefense, with its implicit military connotation, has also gained significantly more prominence. Defining “cybersecurity” and “cyberdefense” is problematic and presents an ongoing challenge (Kruger, 2012). National policies of the kind analyzed in the snapshots contained in this collection define these concepts very differently. However, in order to conduct an effective examination and analysis of national policy a set of base-line definitions is needed. As working definition, we understand cyberdefense to fall under the purview of a country's national security policy, and therefore is a part of its defense department or ministry, while nevertheless retaining a close a link to the overall policy efforts to improve a country's cybersecurity. As such cyberdefense intersects with cybersecurity. Cybersecurity policies tend to be more holistic and are released into the public domain, with references to ensuring civilian that infrastructures such as banking and personal computer networks are secure and resilient to cyber intrusions, and setting out measures designed to tackle online criminal activity (cybercrime). Cyberdefense by contrast is more of a closed box. This is due to its close relationship to secret, classified aspects of government policy and activity1. As such, cyberdefense deserves special attention in studies of national policy such as this collection of analyses and is treated separately in the policy snapshots contained in this collection. Since there is an overall impression that the risks to national security from cyberspace have changed both in terms of quantity (more incidents are occurring) and quality (these incidents are becoming more sophisticated), many states have re-evaluated their previous cybersecurity efforts. In the ten years to 2018 a large number of national policies and strategies have been published specifically addressing cybersecurity and cyberdefense. Although these policies and strategies address similar issues, there is significant variation in approaches given national priorities and conceptualizations of the issues at hand.
National Cybersecurity and Cyberdefense Policy Snapshots
The goal of this publication is to understand current cybersecurity policies as a facet of a country’s national security policy, and particularly how cyberdefense is embedded in a state’s cybersecurity posture. In the past decade cyberconflict has been increasingly discussed at the highest political and military levels. It has also broadened as a concept to include not just cyberattacks on critical infrastructure, but acts of hybrid warfare and state-sponsored campaigns to affect or change public opinion. Cyberspace is therefore increasingly being viewed as both a strategic domain and as a tool to be used in a strategic manner. Cyberconflict itself has moved towards what Liddell Hart (1965) described as “grand strategy”: all the of a nation state – economic, military, diplomatic, social and informational – are being deployed in both peacetime and wartime to ensure that the state and its citizens remain secure in an increasingly digital and connected world. Due to the ever-increasing availability and variety of sophisticated malicious digital tools and the ease with which these tools can be deployed, cybersecurity is now a crucial element of national security. Within this larger context, the concept of cyberdefense, with its implicit military connotation, has also gained significantly more prominence. Defining “cybersecurity” and “cyberdefense” is problematic and presents an ongoing challenge (Kruger, 2012). National policies of the kind analyzed in the snapshots contained in this collection define these concepts very differently. However, in order to conduct an effective examination and analysis of national policy a set of base-line definitions is needed. As working definition, we understand cyberdefense to fall under the purview of a country's national security policy, and therefore is a part of its defense department or ministry, while nevertheless retaining a close a link to the overall policy efforts to improve a country's cybersecurity. As such cyberdefense intersects with cybersecurity. Cybersecurity policies tend to be more holistic and are released into the public domain, with references to ensuring civilian that infrastructures such as banking and personal computer networks are secure and resilient to cyber intrusions, and setting out measures designed to tackle online criminal activity (cybercrime). Cyberdefense by contrast is more of a closed box. This is due to its close relationship to secret, classified aspects of government policy and activity1. As such, cyberdefense deserves special attention in studies of national policy such as this collection of analyses and is treated separately in the policy snapshots contained in this collection. Since there is an overall impression that the risks to national security from cyberspace have changed both in terms of quantity (more incidents are occurring) and quality (these incidents are becoming more sophisticated), many states have re-evaluated their previous cybersecurity efforts. In the ten years to 2018 a large number of national policies and strategies have been published specifically addressing cybersecurity and cyberdefense. Although these policies and strategies address similar issues, there is significant variation in approaches given national priorities and conceptualizations of the issues at hand.