EU and NATO cybersecurity strategies and national cyber security strategies: a comparative analysis
- 477 Downloads
Given the global nature of cyber threats, assurance of a cyber security policy is very important not only at organization level but also at national level. Currently, cyber security as such is not independently regulated internationally; therefore the role of the EU and NATO in ensuring cyber security has become particularly significant. This article presents a study which compares the cyber security policies of the EU and NATO organizations. An analysis of how national cyber security strategies correspond with the cyber security policies and the strategic directions of these organizations has been carried out. We have also carried out a comparative study of the provision of national cyber security strategies of the EU and NATO. The study reveals that regardless of similar goals, namely assurance of cyber resilience, the selected harmonization and coordination approaches, as well as norms of national cybersecurity strategies, differ.
Keywordscyber security strategies regulation comparative analysis EU NATO
This research was funded by a grant (No. MIP-099/2015/PRC-36) from the Research Council of Lithuania.
- ‘Cybercrime and cybersecurity strategies in the Eastern Partnership region. Results of a regional workshop’, Chisinau, Republic of Moldova, 12–14 November 2014, https://rm.coe.int/CoERMPublicCommonSearchServices/DisplayDCTMContent?documentId=09000016803053d2, accessed 1 February 2016.
- BBC News (2014) World War One: How radio crackled into life in conflict, (Charlotte Dubenskij. 18 June 2014), http://www.bbc.com/news/uk-wales-27894944, accessed 4 July 2016.
- BSA. (2015) EU Cybersecurity Dashboard: A Path to a Secure European Cyberspace, http://cybersecurity.bsa.org/index.html, accessed 1 February 2016.
- Carayannis, E., Campbel, D. and Efthymiopoulos, M. (2014). Cyber-Development, Cyber_Democracy and Cyber-Defence: Challenges, Opportunities and Implications for Theory, Policy and Practice. New York: Springer.Google Scholar
- CCDCOE (2014) Summit Updates Cyber Defence Policy, Insider news, 24 October, http://ccdcoe.org/nato-summit-updates-cyber-defence-policy.html, accessed 1 February 2016.
- Council of Europe (2001) ‘Convention on Cybercrime, Budapest’, No. 185, 23 November, http://www.coe.int/en/web/conventions/full-list/-/conventions/rms/0900001680081561, accessed 1 February 2016.
- Council of Europe (2016) Chart of signatures and ratifications of Treaty 185, http://www.coe.int/en/web/conventions/full-list/-/conventions/treaty/185/signatures?p_auth=P60tWvz9, accessed 1 February 2016.
- Cybersecurity Strategy for Norway (2012) https://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/Norway_Cyber_Security_StrategyNO.pdf, accessed 1 February 2016.
- Directive 2011/92/EU of the European Parliament and of the Council of 13 December 2011 on combating the sexual abuse and sexual exploitation of children and child pornography, and replacing Council Framework Decision 2004/68/JHA, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2011:335:0001:0014:EN:PDF, accessed 1 February 2016.
- Directive 2013/40/EU of the European Parliament and of the Council of 12 August 2013 on attacks against information systems and replacing Council Framework Decision 2005/222/JHA, http://eur-lex.europa.eu/LexUriServ/LexUriServ.do?uri=OJ:L:2013:218:0008:0014:en:PDF, accessed February 1, 2016.
- Directive 2016/1148/EU of the European Parliament and of the Council of 6 July 2016 concerning measures for a high common level of security of network and information systems across the Union, http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016L1148&from=EN, accessed 10 August 2016.
- ENISA. (2014) An Evaluation Framework for National Cybersecurity Strategies. November 2014, https://www.enisa.europa.eu/activities/Resilience-and-CIIP/national-cyber-security-strategies-ncsss/an-evaluation-framework-for-cyber-security-strategies-1/an-evaluation-framework-for-cyber-security-strategies/at_download/fullReport, accessed 1 February 2016.
- European Commission (2001) Communication from the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions, Network and Information Security: Proposal for a European Policy Approach, COM (2001) 298 final, 6 June, https://ccdcoe.org/sites/default/files/documents/EU-010606-NISProposal.pdf, 1 accessed February 2016.
- European Commission (2006) Communication from the Commission to the Council, the European Parliament, the European Economic and Social Committee and the Committee of the Regions, A strategy for a Secure Information Society – Dialogue, partnership and empowerment, COM(2006) 251 final, 31 May, http://ec.europa.eu/information_society/doc/com2006251.pdf, accessed 1 February 2016.
- European Commission (2013a) Joint Communication to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions, ‘Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace. JOIN (2013)’ 1 final. Brussels, 7 February. http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=1667, accessed 1, February 2016.
- European Commission (2013b) ‘EU Cybersecurity plan to protect open internet and online freedom and opportunity’, Press Release, 7 February, http://europa.eu/rapid/press-release_IP-13-94_en.htm, Accessed 1 February 2016.
- European Commission (2013c) Proposal for a Directive of the European Parliament and of the Council concerning measures to ensure a high common level of network and information security across the Union. COM(2013) 48 final. Brussels, 7 February, http://ec.europa.eu/newsroom/dae/document.cfm?doc_id=1666, accessed 1 February 2016.
- European Commission (2013d) Commission Proposal for a Directive concerning measures to ensure a high common level of network and information security across the Union, 7 February, http://ec.europa.eu/digital-agenda/en/news/commission-proposal-directive-concerning-measures-ensure-high-common-level-network-and, accessed 1 February 2016.
- European Commission (2015) Communication from the Commission to the European Parliament, the Council, the European Economic and Social Committee and the Committee of the Regions. The European Agenda on Security. COM (2015) 185 final, Strasbourg, 28 April, http://ec.europa.eu/dgs/home-affairs/e-library/documents/basic-documents/docs/eu_agenda_on_security_en.pdf, accessed 1 February 2016.
- Hiller, J. and Russel, R. (2013) The challenge and imperative of private sector cybersecurity: An international comparison, Computer Law & Security Review 29(3): 236–245. 10.1016/j.clsr.2013.03.003, accessed 1 February 2016.
- Klimburg, A. (2012). NATO cybersecurity framework manual. Tallinn: NATO CCD COE Publication, NATO Cooperative Cyber Defence Centre of Excellence.Google Scholar
- Lee, B. (1994) Radio Intelligence Developments during World War One and Between the Wars, California Historical Radio Society, http://antiqueradios.com/chrs/journal/intelligence.html.
- Min, K., Chai, S.-W., and Han, M. (2015) An International Comparative Study on Cyber Security Strategy. International Journal on Security and Its Applications 9(2): 13–20. 10.14257/ijsia.2015.9.2.02, accessed 1 February 2016.
- NATO (2011) Defending the networks: The NATO Policy on Cyber Defence, https://ccdcoe.org/sites/default/files/documents/NATO-110608-CyberdefencePolicyExecSummary.pdf, accessed 1 February 2016.
- NATO (2014) Wales Summit Declaration issued by the Heads of State and Government participating in the meeting of the North Atlantic Council in Wales. Press Release, 5 September, http://www.nato.int/cps/en/natohq/official_texts_112964.htm, accessed 1 February 2016.
- NATO (2015) Cybersecurity, 25 November 2015, http://www.nato.int/cps/en/natohq/topics_78170.htm, accessed 1 February 2016.
- Natowatch (2014) NATO Moves towards a ‘Cold War stand-off lite’: Defence Ministers Meetings in Brussels 3–4 June 2014. Briefing Paper No. 52, 12 June, http://natowatch.org/sites/default/files/briefing_paper_no.52_-_defence_ministers_meeting_june_2014.pdf, accessed 1 February 2016.
- Segura Serrano, A. (2015) Cybersecurity: towards a global standard in the protection of critical information infrastructures. European Journal of Law and Technology 6(3), http://ejlt.org/article/view/396/590, accessed 1 February 2016.
- Singh, S. (2011). The Code Book: The Science of Secrecy from Ancient Egypt to Quantum Cryptography. New York: Knopf Doubleday Publishing Group. ISBN 978-0-307-78784-2.Google Scholar
- Stahl, W. (2007) The uncharted waters of cyberspace: applying the principles of international maritime law to the problem of cybersecurity. Georgia Journal of International and Comparative Law 40: 247–273, http://digitalcommons.law.uga.edu/cgi/viewcontent.cgi?article=1024&context=gjicl, accessed 1 February 2016.
- Worldatlas (2016) How Many Countries are in the World? http://www.worldatlas.com/nations.htm, accessed 1 February 2016.