#LANG
According to Wikipedia, strategy is “a high level plan to achieve one or more goals under conditions of uncertainty”.
Still according to the online encyclopaedia, “the word ‘strategy’ came to denote a comprehensive way to try to pursue political ends, including the threat or actual use of force, in a dialectic of wills in a military conflict, in which both adversaries interact”, and “strategy generally involves setting goals, determining actions to achieve the goals, and mobilizing resources to execute the actions”. When it comes to cybersecurity, the “adversary” is difficult to grasp because too versatile and vague: these are the cyber threats in their large diversity.
To develop a cybersecurity strategy is challenging – a challenge that Luxembourg has just accepted through 5 axis, 7 goals and 38 pages. Here is a quick reading of a document that weighs much more than it appears.
By browsing through it, one will be rapidly and positively surprised by its structure and accuracy. Starting from the major axis, the strategy develops into very concrete and tangible measures, such as the protection of smartphones used by the government, the existing trainings for children, parents and businesses, the tools and methods made available to professionals, the fight against cybercrime…
In short, one has the feeling that nothing has been forgotten and that the contributors didn’t just stick to the major strategic axis, which could contain almost everything and anything. In this document, there is no room for vagueness or “what could be”: it is concrete, it contains facts & figures and dates. Perhaps too many… because facing such versatile threats also means that a possible future reorientation could be needed. But at least, some concrete foundations are laid, and it is up to each of us each to grab them and maybe add some extra personal propositions.
Last but not least, several objectives and actions have been carried out in order to harmonize the standards’ requirements used by the major national players such as the CSSF, ILR, CNPD, ILNAS and HCPN. On this point, Luxembourg is a pioneer. More reason to appropriate the strategy and actively participate in its realization. This is an extra reason to pay great attention to this strategy and actively participate in its realization.
Securitymadein.lu already contributes to it with the following initiatives:
- Trainings by CASES
- MONARC (Optimised Method for Risks’ Analysis)
- MISP (Malware Information Sharing Platform)
- CIRCL (Incident Response Team)
- BEE SECURE Stopline