Article Preview
Top1. Introduction
The continuous development of the internet in the last few decades together with the resulting growth, innovation and capital investment in related technologies, compel developing nations to establish and mature its cybersecurity environment in order to mitigate the threats that accompany the vast capabilities that these innovations provide. The growing access of developing countries to cyberspace, requires that all such countries should have a proper plan to help secure their cyberspace. Although some documents for this purpose do exist, they are usually long and complex and do not provide simple and clear cut guidance on where to start securing cyberspace. Developing countries, because of financial and expertise constraints, cannot do everything at the same time – so a more basic document is needed with clear steps on how to start.
What is therefore needed is a strategic framework for developing countries to secure cyberspace (in the rest of the paper referred to as ‘The Framework’), to provide a starting point for developing countries when implementing its cybersecurity strategy. Such a framework can then be utilised as best practice or a blueprint by developing countries as a starting point in designing their own framework and strategy.
The purpose of this paper is to present such a framework in order to establish a guidance based on relevant factors and to encourage developing countries to address the securing of cyberspace in a comprehensively approach, instead of just focussing on a narrow scope of activities (Fischer, 2005).
Similar to the approach that ENISA followed in drafting an evaluation framework for national cyber security strategies, during which it analysed, among other, existing EU and non EU national cyber security strategies (ENISA, 2014); the approach taken in this research project is to study a number of relevant cybersecurity documents from a number of countries (developed and developing) and regional bodies. From these documents, the core elements which are common to all documents, are identified and extracted to determine the real important elements of such a strategic framework.
These identified elements are then evaluated in terms of the problems experienced by developing countries (DCs), and those ones which can add the quickest value to DCs – the quick wins – were used as the basis for the final framework. This approach ensures that DCs who want to venture along this path, has a framework document which provides clear direction on where to start and what to implement first – within the limitations of a DC.
The paper is structured as follows:
- •
Section 2 will briefly review the documents which were studied, while section 3 will list the priority elements which were identified;
- •
In section 4 the need for cyber warfare and the utilisation of related techniques within a developing country is discussed, with a deliberation on its inclusion within the strategic framework in line with the effort to secure cyberspace;
- •
Within section 5 the major focus areas are noted, with a brief mentioning of the important elements (‘quick win’ elements) as extracted from the documents as mentioned in section 2. These will now be the building blocks for the eventual framework;
- •
In section 6 the final framework is presented, and initial guidance is given on how to start the process.
Top2. Studying Existing Documents When Developing A Framework For Developing Countries
To be able to identify and understand the various elements or drivers that are needed within a strategic framework to secure cyberspace as they are perceived and articulated by different countries and organisations, it is necessary to look at existing cybersecurity policies and strategies that were developed by both developed countries, developing countries and regional bodies.
It is also necessary to look at related cybersecurity documents as written by subject matter expert organisations within this field.
The specific policies and strategies discussed within the research project were selected based on their relevance to the subject of the research project, and are to be as representative as possible. The criteria for the selected documents included the following: