UNIDIR Cyber Policy Portal Database

Table of Contents 1.0 EXECUTIVE SUMMARY ............................................................................................................................ 4 1.1 INTRODUCTION ....................................................................................................................................... 4 1.2 THE SCOPE OF THE STRATEGY ................................................................................................................ 5 1.3 MISSION STATEMENT: ............................................................................................................................ 5 1.4 VISION STATEMENT ................................................................................................................................ 6 2.0 STRATEGIC CONTEXT............................................................................................................................... 7 2.1.1 THREATS ........................................................................................................................................... 8 2.1.1.1 Cyber criminals.......................................................................................................................... 8 2.1.1.2 States and state-sponsored threats .......................................................................................... 8 2.1.1.2 Terrorists ................................................................................................................................... 9 2.1.1.3 Hacktivists ................................................................................................................................. 9 2.2 VULNERABILITIES ................................................................................................................................ 9 2.2.1 Internet of things (IOTs) ............................................................................................................... 9 2.2.2 Poor cyber hygiene and compliance .......................................................................................... 10 2.2.3 Insufficient training and skills .................................................................................................... 10 2.2.4 Legacy and unpatched systems ................................................................................................. 10 2.2.5 Access to hacking resources ...................................................................................................... 11 2.3 CONCLUSIONS ................................................................................................................................... 11 3.0 NATIONAL RESPONSE............................................................................................................................ 11 3.1 PRINCIPLES ........................................................................................................................................ 11 3.2 DUTIES ............................................................................................................................................... 12 3.2.1 Persons ....................................................................................................................................... 12 3.2.2 Private sectors and organizations .............................................................................................. 12 3.2.3 Government ............................................................................................................................... 13 3.2.4 Driving change............................................................................................................................ 13 4.0 IMPLEMENTATION PLAN....................................................................................................................... 14 4.1 DEFEND ............................................................................................................................................. 14 4.1.1 ACTIVE CYBER DEFENCE ............................................................................................................. 14 4.1.2 BUILDING A MORE SECURE INTERNET ....................................................................................... 16 4.1.3 PROTECTING GOVERNMENT ...................................................................................................... 18