National Cybersecurity Policy: Balancing Risk and Innovation
Countries around the world are developing new cybersecurity policies, practices, and programs to manage national-level risks related to the protection of key government assets and data, and working to identify and help to manage risks around critical infrastructures, enterprises, organizations, and citizens. As governments around the world begin to create their own national strategies for cybersecurity or contemplate the most effective measures to ensure security within borders, it is crucial for policy-makers to understand what makes for sound, effective national cybersecurity strategies and how these policies can be designed to protect vital infrastructures and data while still allowing for economic growth and technological innovation. This course will explore several key attributes of national strategies for cybersecurity and use examples from national strategies around the world and from key multinational organizations like the ITU, to illustrate both the ways in which policies can strengthen a nation's cybersecurity, as well as the ways they can hinder other goals, if they are not carefully constructed. The focus of the course will be on identifying national strategies that balance security objectives with key economic considerations and provide clear, actionable guidance to both government and industry actors, as well as for citizens.
This course will introduce key concepts and principles intended to benefit countries just beginning to build cybersecurity strategies, as well as those who are in the process of updating their current plans, including:
1. The importance of having a national cybersecurity strategy and its central role in establishing principles, policies, and even programs to reduce risk;
2. The challenges of coordinating cybersecurity policy across the various governmental elements responsible for law enforcement, commerce, diplomacy, interior security, and even defense;
3. Recommendations for structuring international engagement and cooperation on cybersecurity issues;
4. Processes for organizing national-level risk identification, assessments and management efforts;
5. Approaches and models for public-private partnerships, including how to build and govern information sharing programs;
6. Strategies for maintaining flexibility in the face of constantly changing threat landscape;
7. Development of education and public awareness efforts.
Government regulators and representatives of intergovernmental organizations