Study for the creation of a national capabilities assessment framework
ENISA, the EU Agency for cybersecurity, held a workshop to validate the results of the study for the creation of a national capabilities assessment framework together with the EU Member States and related stakeholders. By assessing their National Cybersecurity Strategy objectives both at strategic and at operational level, Member States will be able to possibly enhance existing and build new cybersecurity capabilities. The purpose of the framework is to help Member States perform a self-assessment of their level of maturity. Other benefits include:
- Identification of elements missing within the strategy;
- Establish a history of lessons learned;
- Referencing best practices;
- Generate credibility and showing transparency for the public, National and international stakeholders and partners.
Sixty participants coming from academia, EU institutions, National Authorities, Ministries, and CSIRTs attended the online workshop. They were all actively engaged in the assessment and validation of the proposed report, which will be published later.
Members of the Hellenic Ministry of Digital Governance and of the Ministry of Justice and Security in the Netherlands also intervened. Each of them gave a short presentation on the recent NCSS efforts conducted in Greece and in the Netherlands respectively. They also shared the main challenges they face as well as good practices and lessons learned.
The representatives identified the following challenges and lessons learned:
- Most resources tend to be dedicated to the planning and implementation phase. While obviously important, this may lead to a lack of coordination and organisation in the monitoring and evaluation phase of the strategy.
- The strategy should provide explicit ownership and accountability for the measures identified to reach the objectives. This is not currently the case.
- Clarifying relations between objectives, measures, resources and expected outputs of the next national strategy will be essential in order to re-structure the policy theory.
- Cybersecurity is a domain where information is highly confidential and not easily distributed. This is why it is crucial for EU Member States to have common tools and processes based on the shared experience.
Background on National Cybersecurity Strategies
In line with its strategic objectives, the European Agency for Cybersecurity, (ENISA) supports the efforts of Member States in the area of NCSS by:
- Supporting cybersecurity as an integral part of national policies through the development of guidelines on the NCSS lifecycle and through analysis of existing strategies to outline good practices. The Good Practice Guide on NCSS published in 2016 is one of them.
- Supports cutting-edge competencies and capabilities through performing deep dives on specific national strategic objectives, such as the publication on the Good practices in Innovation. This can also be done by developing online tools to support the uptake of lessons learned and good practices. Examples of such tools are the NCSS evaluation tool and the NCSS Interactive Map.
- Empowering and engaging Member States through community building by maintaining an experts group on NCSS and by fostering cooperation and exchange of good practices between MS. Publications on effective collaborative models for PPPs and ISACs are good examples of such effort.