Table of Contents
1.0 EXECUTIVE SUMMARY ............................................................................................................................ 4
1.1 INTRODUCTION ....................................................................................................................................... 4
1.2 THE SCOPE OF THE STRATEGY ................................................................................................................ 5
1.3 MISSION STATEMENT: ............................................................................................................................ 5
1.4 VISION STATEMENT ................................................................................................................................ 6
2.0 STRATEGIC CONTEXT............................................................................................................................... 7
2.1.1 THREATS ........................................................................................................................................... 8
2.1.1.1 Cyber criminals.......................................................................................................................... 8
2.1.1.2 States and state-sponsored threats .......................................................................................... 8
2.1.1.2 Terrorists ................................................................................................................................... 9
2.1.1.3 Hacktivists ................................................................................................................................. 9
2.2 VULNERABILITIES ................................................................................................................................ 9
2.2.1 Internet of things (IOTs) ............................................................................................................... 9
2.2.2 Poor cyber hygiene and compliance .......................................................................................... 10
2.2.3 Insufficient training and skills .................................................................................................... 10
2.2.4 Legacy and unpatched systems ................................................................................................. 10
2.2.5 Access to hacking resources ...................................................................................................... 11
2.3 CONCLUSIONS ................................................................................................................................... 11
3.0 NATIONAL RESPONSE............................................................................................................................ 11
3.1 PRINCIPLES ........................................................................................................................................ 11
3.2 DUTIES ............................................................................................................................................... 12
3.2.1 Persons ....................................................................................................................................... 12
3.2.2 Private sectors and organizations .............................................................................................. 12
3.2.3 Government ............................................................................................................................... 13
3.2.4 Driving change............................................................................................................................ 13
4.0 IMPLEMENTATION PLAN....................................................................................................................... 14
4.1 DEFEND ............................................................................................................................................. 14
4.1.1 ACTIVE CYBER DEFENCE ............................................................................................................. 14
4.1.2 BUILDING A MORE SECURE INTERNET ....................................................................................... 16
4.1.3 PROTECTING GOVERNMENT ...................................................................................................... 18