Financial Crime World

Cybersecurity Strategy Lacks Coherence and Resources

A recent analysis of Estonia’s cybersecurity strategy between 2008 and 2013 has highlighted a lack of coherence between the strategy and agencies’ mandates and actual activities. The report also found that the strategy duplicated other development plans and failed to match its priority on cybersecurity with resource allocation.

Prioritization a Major Challenge

Cybersecurity planning often faces the challenge of trying to prioritize everything, leading to unclear priorities and resource constraints. Estonia’s cybersecurity planning has been no exception, with many stakeholders arguing for their own most pressing issues.

  • The new draft strategy aims to address this issue by prioritizing core infrastructure and incident prevention and response capabilities, rather than trying to tackle every aspect of cybersecurity.
  • This approach will help focus efforts on the most critical areas and allocate resources more effectively.

Metrics System a Key Challenge

Measuring progress is crucial in national cybersecurity strategies. However, Estonia’s experience has shown that designing a metrics system can be challenging due to misaligned priorities, inadequate data quality, or insufficient monitoring and reporting.

  • The study highlighted the importance of attaching quantifiable goals to strategic objectives, as measurement is key to control and improvement.
  • A well-designed metrics system will help Estonia track its progress and make adjustments as needed.

National Strategy as a Process

Estonia has recognized the importance of inclusiveness in its strategy development process, engaging stakeholders from various sectors in both planning and implementation. However, the country still faces challenges in monitoring progress and ensuring effective governance.

  • The study’s findings underscore the need for Estonia to improve its metrics system and prioritize its cybersecurity efforts more effectively.
  • By doing so, Estonia can strengthen its cybersecurity efforts and better protect its digital infrastructure.

Conclusion

Estonia’s experience highlights the challenges of developing an effective national cybersecurity strategy. While the country has made progress in engaging stakeholders and recognizing the importance of inclusiveness, it still faces significant challenges in prioritization, metrics, and governance.

  • By addressing these issues, Estonia can strengthen its cybersecurity efforts and better protect its digital infrastructure.
  • Cybersecurity is a discipline that continues to evolve, requiring ongoing improvement and adaptation.

Key Takeaways

• Prioritization is a major challenge in cybersecurity planning • Measuring progress is crucial in national cybersecurity strategies • Inclusiveness is essential in strategy development processes • Effective governance requires clear metrics and prioritization • Cybersecurity is a discipline that continues to evolve, requiring ongoing improvement and adaptation.