Step 7 is:
Develop U.S. Government positions for an international cybersecurity policy framework and strengthen our international partnerships to create initiatives that address the full range of activities, policies, and opportunities associated with cybersecurity.
Wow…this is a very complex step when you consider the Cyberspace Policy Review described cybersecurity policy as:
cybersecurity policy as used in this document includes strategy, policy, and standards regarding the security of and operations in cyberspace, and encompasses the full range of threat reduction, vulnerability reduction, deterrence, international engagement, incident response, resiliency, and recovery policies and activities, including computer network operations, information assurance, law enforcement, diplomacy, military, and intelligence missions as they relate to the security and stability of the global information and communications infrastructure. The scope does not include other information and communications policy unrelated to national security or securing the infrastructure.
Step 7 is also very complex because of:
- International partnerships and
- Creating initiatives that address the full range of activities, policies and opportunities associated with cybersecurity.
The easy part of Step 7 is “developing U.S. Government positions”, because Lessons Learned have proven over and over that developing a position is fairly simple to do and all it takes is a PC and a megaphone or Press Release.
However, implementing and managing the “cybersecurity policy framework” across international partnerships (different languages across all appropriate individuals) and “creating initiatives that address the full range of activities, policies and opportunities associated with cybersecurity” will require extensive situational awareness, accountability, measurability and audit-ready documentation to ensure the initiatives are working.
If you can’t measure it…you can’t manage it.
Stay tuned for Step 8…