ENISA issued the Evaluation Framework on National Cyber Security Strategies (NCSS)

ENISA has presented at the workshop on National Cyber Security Strategies in Brussels the Evaluation Framework on National Cyber Security Strategies (NCSS).

ENISA issued the Evaluation Framework on National Cyber Security Strategies (NCSS), an important work that addressed to policy experts and government officials that are in charge for the implementation and evaluation of an NCSS policy. The work was presented on the 27th November 2014 at the first workshop on National Cyber Security Strategies in Brussels.

The work resumes a framework on NCSS elaborated by the ENISA in 2012, when the Agency defined a collection of best practices for the implementation of an NCSS through “a well-defined lifecycle.” The previous work also included an analysis on how to align policy and how to involve the private entities. Previous work also includes operational and regulatory objectives.

The framework results from the contribution of the leading experts on NCSS that have shared best practices on the above activities.  The work considers the eighteen EU National Cyber Security Strategies and eight non-EU strategies and was issued  to assist Member States in developing capabilities in the area of NCSS in compliance with Cyber Security Strategy (EU CSS).

The proposed Evaluation Framework on National Cyber Security Strategies (NCSS) consists of the following elements and includes recommendations for proper implementation of the framework itself.

• A blueprint logic model presenting conceptual building blocks and a structure. The Logic modelling is an evaluation tool which is suggested to deploy in order to understand the logic of the
  NCSS and its implementation;
• A list of possible key performance indicators (KPIs);

Within the primary goals of the framework there are the achievement of the cyber resilience and the development of cyber capabilities through the improvement of cooperation within public and private sector. The list of elements in the Logic modelling includes:

• Developing cyber defence policies and capabilities
• Achieving cyber resilience: developing capabilities and cooperating efficiently within public and private sector
• Reducing cyber crime
• Develop the industrial and technological resources for cybersecurity
• Secure critical information infrastructure

The Key performance indicators (KPIs) are an essential component for the evaluation of an NCSS and allow actors to measure performance or progress of the implementation of an NCSS. Key performance indicators are crucial in both phases of NCSS implementation and evaluation, from their analysis, it is possible to review objectives during the lifecycle of the program.

The KPIs are categorized per objective:

• Key objective 1: Developing cyberdefence policy and capabilities
• Key objective 2: Achieving cyber resilience: develop capabilities and efficient cooperation within public and private sector
• Key objective 3: Reduce cybercrime
• Key Objective 4: Develop the industrial and technological resources for cybersecurity
• Key objective 5: Secure critical information infrastructure

“A National Cyber Security Strategy is an important step that allows Member States to address cyber security risks and challenges. This is a continuous process that requires proper evaluation, in order to adjust to the emerging needs of society, technology and the economy. With this work ENISA provides a systematic and practical evaluation framework that allows EU Member States to improve their capabilities when designing NCSS”. Commented Udo Helmbrecht, the Executive Director of ENISA. 

As highlighted in the work, the NCSS has to be adjusted to the needs of different Member States depending on the level of maturity reached in the lifecycle of an NCSS.

Let me suggest you the reading of this excellent work.

Pierluigi Paganini

(Security Affairs –  ENISA, NCSS)