On the occasion of the OSCE CBMs Contact Meeting in Vienna, (1-3 July 2019), Dr. Eneken Tikk and Dr. Mika Kerttunen of ICT4Peace presented best practices and recommendations for the Development and Implementation of National Cybersecurity Strategy and Legislation.
The lectures delivered are based on the ICT4Peace International Cybersecurity Capacity Building Program. An outline of this Program can be found here.
Based on the analysis of 107 national cybersecurity strategies adopted to date, Eneken and Mika derived the following high-level overview of the main concerns that countries share in cyberspace: basic information security, critical information infrastructure protection, combatting cybercrime, cybersecurity awareness and organisations and international cooperation.
Emphasising that each country follows its unique path in cybersecurity, they introduced the main characteristics of a successful cyber security strategy: It defines and prioritises national strategic objectives; remains focused on the clearly identified core issues; maintains a long-term perspective; is harmonised with other policies and strategies; clearly allocates resources and responsibilities; implements international best practices and lessons learned; and considers international cyber security directions.
Cybersecurity legislation will need to be tailored to a country’s particular goals and issues. While national legal systems are different, one can identify ways to verify that national laws are current and adequate. Some tips for national legislation: keep track of International, regional and other (relevant) developments in regulation and case law; keep an evidence-, issue-based approach to regulation; consider and incorporate relevant standards; make legislation development and inclusive processes (consultations, commentaries), keep assessing the impact of existing laws, provide thorough and clear explanatory notes, definitions, principles and mandates to allow for efficient implementation.