• No se han encontrado resultados

Actividades y criterios de evaluación

In document ANX-PR/CL/ GUÍA DE APRENDIZAJE (página 13-24)

Nations applying our NCMF should contextualise the dimensions and mandates for their countries. This contextualisation helps with the identification of actors. The contextualisation also informs the selection and prioritisation of national cybersecurity functions. We illustrate this approach by contextualising the dimensions and mandates for the South African environment. The three dimensions and five mandates contextualised for the South African environment are shown in Figure 19.

Figure 19 was developed using input from NATO [1] and shows the five mandates and three dimensions with its actors specific to South Africa. One, many or all of these mandates can be

83

The NCMF Level 1

assigned to actors present in the government, national or international dimensions. The figure further shows that each mandate can be viewed from a different perspective such as a government, national or international perspectives. Figure 19 is populated with some of the actors we identified using the stakeholders and actor identification template presented in Section 3.5.3 in Table 8, as well as the function, structure and actor identification template for domains in Table 10.

Figure 19 illustrates how responsibility may be assigned to actors for the different mandates. To illustrate the assigning of responsibilities to actors, the responsibility of government and its departments is to coordinate national crisis management efforts, whereas the national responsibility and focus would be to foster cooperation between, and within industries and their sector-CSIRTs. From a South African context, the Justice, Crime Prevention and Security Cluster (JCPS) [93] is responsible for most mandates. The JCPS consists of the Department of Defence and Military Veterans (DOD and DMV); South African Police Service (SAPS); Justice (DOJ) and Correctional Services; Home Affairs (DHA); State Security Agency (SSA) and Finance.

Figure 19: Mandate actors mapped to dimensions in the South African context [1]

A National Cybersecurity Management Framework for Developing Countries

84 Figure 19 also illustrates that from a government perspective (Whole of Government) the South African Department of Defence (DOD) is responsible for the military cyber mandate, the South African Police Service is responsible for the counter cybercrime mandate, and the intelligence and counter intelligence mandate is the responsibility of the South African Secret Service (SSA).

Figure 19 further shows that the critical infrastructure protection and national crisis management mandate is the responsibility of the Department of Public Enterprises, and the Department of Telecommunications and Postal Services (DTPS) - who are the state actors at government level. The national Cybersecurity Hub is a state actor at national level, while the sector-CSIRTs are national, non-state actors. FIRST is an international, organised non-state actor.

The cyber diplomacy and internet governance mandate is the responsibility of the South African Department of Justice (DOJ) and the Department of International Relations and Cooperation (DIRCO). It is also shown in Figure 19 that government has a national coordinating function and that non-state actors cooperate at national level. Collaboration takes place at international level, but in essence, the cooperative and collaborative functions need to be managed and facilitated by government.

The responsibilities for the different mandates are assigned in the South African National Cybersecurity Policy Framework (NCPF) [4] and the South African Cybercrimes and Cybersecurity Bill [33]. The state actors, non-state actors and non-state actors abroad may be identified by using the stakeholders and actor identification template introduced in Section 3.5.4, presented in Table 8. The perspective from where the mandates are viewed from, influences the cybersecurity functions required.

The government, with a perspective on coordinating responsibility, might want to implement national cybersecurity crisis management centres to accomplish this (the National Cybersecurity Hub is an example), while at a national level, sector-CSIRTs could be established nationally across sectors and industry to foster cooperation. In terms of international collaboration, the National Cybersecurity Hub and sector-CSIRTs liaise with the Forum of Incident Response and Security Teams (FIRST).

Nations applying the NCMF could select one, or more than one mandate. Each mandate requires a cybersecurity function, or functions. Considering the fiscal and skills constraints, as well as in keeping with the recommendation that developing countries should start small and follow a phased approach during the implementation of national cybersecurity functions, we recommended that developing countries only select one mandate at a time.

85

The NCMF Level 1

The Critical Infrastructure Protection and National Crisis Management mandate is selected as the mandate in context of which the illustrative application of the NCMF implementation part will be done in Part 2.

3.10 Conclusion

Section 3.10 concludes the development of level 1 of the NCMF. In this section, we will provide a summation of the work we have done in Chapter 3, and we then present level 1. The Chapter started with a motivation for the development of a NCMF in Section 3.2. In Section 3.3, the concepts of national and international authoritative and normative sources were introduced. These authoritative sources are of paramount importance, as they will be consulted to identify prescripts for mandatory national cybersecurity functions. National and international normative sources may be used to identify non-mandatory functions.

In sections 3.5 to 3.8, the dimensions, mandates and domains were introduced, and selected to illustrate the application of the NCMF. The NCMF dimensions, mandates and domains assist the user of the NCMF to identify non-mandatory national cybersecurity functions and actors. Section 3.5 introduced the three dimensions of government, national and international.

Each of these dimensions has actors associated with its and some of the actors in the three dimensions were identified in the context of South Africa. The identification of actors is important since responsibility for the application of the NCMF, as well as responsibility for the implementation of national cybersecurity functions will be assigned to them. To assist with the identification of

actors, we proposed, and presented a stakeholders and actor identification template in Section 3.5.3 in Table 8.

Section 3.6 introduced the two domains. The two domains are the offensive domain, and the defensive domain. The defensive domain was selected as the domain of operation for the NCMF, and the selection was made based on our work experience in the defensive domain. The defensive domain’s four lifecycle phase was introduced. They are the protecting, detecting, responding and recovering phases. Different defensive domain lifecycle phases need different national cybersecurity functions, and national cybersecurity structures. An understanding of the defensive domain lifecycle phases can thus assist with dentifying national cybersecurity structures, the functions and services it offers, and its actors.

The domain selected may also influence the selection of national cybersecurity functions for implementation. To assist with the identification of domain-specific structures and actors we have

A National Cybersecurity Management Framework for Developing Countries

86 Table 10. This template may be populated with the actors identified with the stakeholders and actor identification template in Section 3.5.3 inTable 8. Section 3.8 introduced and discussed the five mandates. The five mandates are military cyber, counter cybercrime, intelligence and counter intelligence, critical information infrastructure protection and national crisis management, and cyber diplomacy and internet governance.

The mandate selected to illustrate application of the NCMF implementation part, is the critical information infrastructure protection, and national crisis management mandates. Our motivation for selecting this mandate, is that we have experience working with these mandates at the national level. Level 1 is presented in Figure 20.

Figure 20 shows that authoritative and normative prescripts and recommendations, dimensions, mandates and domains in which the NCMF operate need to be considered. It also shows that a nation’s government is responsible for level 1 of the NCMF. Level 1 of the NCMF is foundational in nature, and if not applied correctly, the identification, selection and prioritisation of national cybersecurity functions might not be relevant to the nation-state applying the NCMF.

Figure 20: NCMF Level 1

Now that we have introduced and discussed level 1 of the NCMF, we will use level 1 in Chapter 4, to identify general cybersecurity functions. We will identify the prescripts in national and international authoritative sources, as well as the recommendations in national and international normative sources. This will result in a list of mandatory and non-mandatory cybersecurity functions. From this list, we will identify the most commonly occurring functions to get to a list of general cybersecurity functions.

It is important to identify and introduce these functions, since some of them will serve as examples during our illustrative application of the rest of the NCMF levels. Chapter 4 is still part of level 1 and identifies and introduces the general cybersecurity functions. This is achieved by building on, and using the level 1 elements discussed in this Chapter. The sole purpose of Chapter 4 is thus to

87

The NCMF Level 1

identify and introduce the general cybersecurity functions. Chapter 4 must be read as being part of the level 1 discussion, and as flowing from Chapter 3.

89

General Cybersecurity Functions

Chapter 4: General cybersecurity functions

4.1

Introduction

Chapter 4 builds on the introduction and discussion we had of level 1, in Chapter 3. The purpose for the development of our NCMF, is to provide a framework that can assist developed and developing countries with their national cybersecurity management tasks. These tasks were introduced in Section 2.1 as the identification, selection, prioritisation and implementation of national cybersecurity functions. National mandatory or non-mandatory cybersecurity functions are identified at level 1 of the NCMF, and selected and prioritised at level 2 of the NCMF.

Level 1 is used to identify national and international authoritative sources, and from those sources, identify their mandatory cybersecurity function prescripts. Level 1 may also be used to identify non-mandatory cybersecurity functions using general recommendations in national and international normative sources. A nation-state may also select to identify and use existing authoritative sources from other countries, and use the other countries’ mandatory functional prescripts as its non-mandatory function recommendation. This means that the authoritative sources of a disparate country become a normative reference for the country using it. We will follow this approach, and use the NCMF’s level 1, to identify a list of the most general cybersecurity functions.

In most instances, most developing nations have not yet developed national authoritative sources such as a NCS [94]. They also often lack the capability and capacity to identify national cybersecurity functions themselves. Our general cybersecurity functions will provide these developing countries with a list of predetermined, general cybersecurity functions, and they can select functions from this list for national implementation. The general cybersecurity functions are identified and discussed in more detail here. The two cybersecurity function types were briefly introduced as nation-state specific and mandatory national cybersecurity functions, and non-mandatory cybersecurity functions that are general in nature, and this Chapter builds on the introduction made in Section 3.3.

The purpose of Chapter 4 is to identify and introduce, in more detail, general cybersecurity functions that appear most commonly across the sources we will consult. It is important to have a solid understanding of these functions, their service and complementary capabilities, and the structures from where they are offered. Our intention is to select two of these functions, and then merge their relevant services and capabilities (consisting of people, processes and technology as explained in Section 2.4). These merged services and capabilities will then be offered from a new national cybersecurity structure, called the E-CMIRC (See Part 2 for a best practice guide on how to establish such a structure). This selection must happen in context of developing countries, keeping in mind their constraints and unique requirements. The rest of the Chapter is structured as follows:

A National Cybersecurity Management Framework for Developing Countries

90 Section 4.2 provides a motivation for the identification of the general cybersecurity functions.

Section 4.3 presents the aims of the general cybersecurity functions, and illustrates how they can be selected

In document ANX-PR/CL/ GUÍA DE APRENDIZAJE (página 13-24)

Documento similar