Vous êtes sur la page 1sur 3

When a segment gets repeated, the font is light grey and you do NOT have to translate it.

Segments with dark grey background are locked.


en ro 1 converter2 Mems ource Mems ource

ID # Source Target Comment

While the acts of authoritarian regimes fighting for


their political lives may seem extreme to many in the
Western world, what these episodes demonstrate is
iZtTXRngob4wCLxm_
dc2: 962
1 that the very interconnectedness that people around
the globe enjoy because of improvements in ICT can be
swiftly denied, and that freedom of communication and
political freedom are clearly linked.
iZtTXRngob4wCLxm_
dc2: 963
2 1.6.
iZtTXRngob4wCLxm_
dc2: 964
3 CONCLUSION
Addressing a nation’s cyber security needs is no easy
iZtTXRngob4wCLxm_
dc2: 965
4
task.
Indeed, it is not even always apparent what those
needs exactly are, or what protecting (or not
iZtTXRngob4wCLxm_
dc2: 966
5
protecting) a nation’s cyber environment actually
entails.
Quite often there are different and competing
iZtTXRngob4wCLxm_
dc2: 967
6
considerations within each nation’s approach.
Yet each nation is faced with a steadily increasing level
of cyber threat, and thus requires the nation’s
iZtTXRngob4wCLxm_
dc2: 968
7
leadership to recognise the strategic problem and set
forth goals and strategies to address it.
In this section we have defined NCS as ‘the focused
application of specific governmental levers (which
iZtTXRngob4wCLxm_
dc2: 969
8 includes both incentives and regulation) and
information assurance principles to public, private, and
relevant international
Hillary R. Clinton, ‘Internet Freedom [Speech at
iZtTXRngob4wCLxm_
dc2: 970
9 Newseum in Washington, DC],’ Foreign Policy, 21
January 2010.
Amrutha Gayathri, ‘Iran To Shut Down Internet
iZtTXRngob4wCLxm_
dc2: 971
10 Permanently; ‘Clean’ National Intranet In Pipeline,’
International Business Times, 9 April 2012.
Christopher Williams, ‘How Egypt shut down the
iZtTXRngob4wCLxm_
dc2: 972
11
internet,’ The Telegraph, 28 January 2011.
iZtTXRngob4wCLxm_
dc2: 973
12 {1}{2}{3}43
iZtTXRngob4wCLxm_
dc2: 974
13 Preliminary Considerations:
iZtTXRngob4wCLxm_
dc2: 975
14 On National Cyber Security
ICT systems, and their associated content, where these
iZtTXRngob4wCLxm_
dc2: 976
15
systems directly pertain to national security.’
As nations and intergovernmental organisations set
about developing and implementing measures to
establish NCS strategies, they must balance the
iZtTXRngob4wCLxm_
dc2: 977
16
economic and social importance of free flow of
information to the security needs of government,
industry, and citizens.
The conceptual prism set forth in this section is
iZtTXRngob4wCLxm_
dc2: 978
17
designed to assist in this development and debate.
iZtTXRngob4wCLxm_
dc2: 979
18 ORGANISATIONAL STRUCTURES & CONSIDERATIONS
iZtTXRngob4wCLxm_
dc2: 980
19 Eric Luiijf, Jason Healey
iZtTXRngob4wCLxm_
dc2: 981
20 Section 4:
iZtTXRngob4wCLxm_
dc2: 982
21 Principal Findings
Essentially, national cyber security (NCS) can be split
iZtTXRngob4wCLxm_
dc2: 983
22
into five distinct subject areas or mandates.
These ‘Five Mandates’ are Military Cyber, Counter
Cyber Crime, Critical Infrastructure Protection (CIP) &
iZtTXRngob4wCLxm_
dc2: 984
23
Crisis Management, Intelligence/Counter-Intelligence,
and Cyber Diplomacy & Internet Governance.
These mandates can be mapped along all stages of a
cyber incident, as well as all four levels of government:
iZtTXRngob4wCLxm_
dc2: 985
24
the political/policy, strategic, operational, and
tactical/technical levels.
Further, these Mandates connect with ‘cross-
iZtTXRngob4wCLxm_
dc2: 986
25
mandates’:
Information Exchange & Data Protection, Coordination,
iZtTXRngob4wCLxm_
dc2: 987
26
as well as Research & Development and Education.
While it is important to understand the uniqueness of
each of the five mandates, it is even more important to
iZtTXRngob4wCLxm_
dc2: 988
27
understand their commonalities, and their need for
close coordination.
A wide range of organisations engage in international
iZtTXRngob4wCLxm_
dc2: 989
28
cyber security activities.
The most relevant of these are often not state but non-
iZtTXRngob4wCLxm_
dc2: 990
29
state groups.
A lack of understanding of the mandates can lead to
stovepiped app-roaches resulting in conflicting legal
iZtTXRngob4wCLxm_
dc2: 991
30
requirements and friction bet-ween cyber security
functions, organisations and capabilities.
Assigning resources without a policy can be as
iZtTXRngob4wCLxm_
dc2: 992
31 dangerous as drafting a policy without assigning the
resources.
iZtTXRngob4wCLxm_
dc2: 993
32 {1}{2}{3}109
iZtTXRngob4wCLxm_
dc2: 994
33 Organisational Structures & Considerations
iZtTXRngob4wCLxm_
dc2: 995
34 4.1.
iZtTXRngob4wCLxm_
dc2: 996
35 INTRODUCTION
The purpose of this section is to review specific types of
national cyber security (NCS) areas (also called
iZtTXRngob4wCLxm_
dc2: 997
36
‘mandates’) and examine the organisational and
collaborative models associated with them.
Before discussing the wide variety of organisational
structures at the national and international levels, a
decomposition model will be presented that delineates
iZtTXRngob4wCLxm_
dc2: 998
37
both common and specific cyber security functions,
capabilities, and responsibilities along three different
axes (Section 4.2).
On the one hand we will distinguish between five NCS
iZtTXRngob4wCLxm_
dc2: 999
38
mandates.
This section expands Klimburg’s{1>351<1}
iZtTXRngob4wCLxm_
dc2: 1000
39 segmentation and supplements it by three additional
cross-mandates.
Other axes are the cyber security incident response
iZtTXRngob4wCLxm_
dc2: 1001
40
cycle and the various levels of decision-making.
iZtTXRngob4wCLxm_
dc2: 1002
41 This decomposition model shall assist the reader in
understanding the rationale behind the functions,
responsibilities, and capabilities of organisations
involved in cyber security as entities which, over the
years, have been shaped by the specific division of
tasks between the government, its agencies, public
organisations, associations, and private companies.
Section 4.3 provides an overview of the stakeholders
iZtTXRngob4wCLxm_
dc2: 1003
42
involved in the provision of cyber security.
Taking the decomposition model as the point of
departure, Section 4.4 strives to determine the main
iZtTXRngob4wCLxm_
dc2: 1004
43
focus of analysis along the five mandates mentioned in
Section 1 and three cross-mandates.
Building upon this framework, Sections 4.5, 4.6 and 4.7
iZtTXRngob4wCLxm_
dc2: 1005
44 introduce the common set of national and international
organisations.
It is important to note that these sections also pay due
attention to the special tasks which may be recognised
by, and assigned to, various organisational subunits or
iZtTXRngob4wCLxm_
dc2: 1006
45 organisations all belonging to one and the same
mandate, or to a single service organisation in one of
the mandates with the aim of supporting the other
mandates.
Finally, Section 4.8 will discuss some organisational
iZtTXRngob4wCLxm_
dc2: 1007
46 pitfalls and lessons identified when addressing cyber
security at the national level.
iZtTXRngob4wCLxm_
dc2: 1008
47 4.2.
DELINEATING ORGANISATIONAL FUNCTIONS,
iZtTXRngob4wCLxm_
dc2: 1009
48
CAPABILITIES AND RESPONSIBILITIES
To position the many cyber security functions,
capabilities and responsibilities at the national and
iZtTXRngob4wCLxm_
dc2: 1010
49
international levels, an analytical framework can be
useful for further discussion.
While there are certainly a number of methods that can
be employed, the approach applied here focuses on
three closely connected building blocks: the NCS
iZtTXRngob4wCLxm_
dc2: 1011
50
mandates and cross-mandates; a generalised tool to
analyse organi-sational conduct at large, and the
incident management cycle.
See Klimburg in Klimburg and Mirtl, Cyberspace and
iZtTXRngob4wCLxm_
dc2: 1012
51
Governance – A Primer (Working Paper 65).
iZtTXRngob4wCLxm_
dc2: 1013
52 15-9.
{1}{2}{3}{4>Delineating Organisational Functions,
iZtTXRngob4wCLxm_
dc2: 1014
53
Capabilities and Responsibilities<4}
iZtTXRngob4wCLxm_
dc2: 1015
54 {6>110<6}
A first decomposition is to split the functions across the
five perspectives (called mandates) as described at
iZtTXRngob4wCLxm_
dc2: 1016
55
more length elsewhere{1>352<1} and in Section
1.{2>353<2} These mandates include:
(1) Internet Governance and Cyber Diplomacy, (2)
Cyber Crisis Management and Critical Infrastructure
iZtTXRngob4wCLxm_
dc2: 1017
56 Protection (CIP), (3) Military Cyber Operations, (4)
Intelligence/Counter-Intelligence, and (5) Counter
Cyber Crime.
This approach is supplemented by three additional
iZtTXRngob4wCLxm_
dc2: 1018
57 cross-mandates that work across all the mandates
equally.
They include (1) Coordination, (2) Information
iZtTXRngob4wCLxm_
dc2: 1019
58 Exchange and Data Protection, and (3) Research and
Education.
iZtTXRngob4wCLxm_
dc2: 1020
59 4.2.1.
iZtTXRngob4wCLxm_
dc2: 1021
60 Across the Levels of Government
An obvious, second way of decomposition is a vertical
iZtTXRngob4wCLxm_
dc2: 1022
61 one, perpendicular to each of the mandates and cross-
mandates.
Along four distinct levels of analysis, this approach
iZtTXRngob4wCLxm_
dc2: 1023
62 combines both a military and a political understanding
of war.
The two probably most succinct (and opposing) notions
on the nature of war equally address the most
important relationship between the act of war and the
political sphere: either ‘[w]ar is a mere continuation of
policy’,{1>354<1} or ‘[p]olitics is the continuation of
war’.{2>355<2} It is long understood that it is necessary
to combine the military and the political perspective
into a more comprehensive approach of understanding
iZtTXRngob4wCLxm_
dc2: 1024
63
conflict, such as was done in the US military construct
of state-conflict.{3>356<3} By adding a ‘political’ or
‘policy’{4>357<4} level on top of the traditional war-
fighting triangle (which is composed of the
strategic,{5>358<5} operational{6>359<6} and
tactical{7>360<7} levels),{8>361<8} this model goes
beyond a purely military understanding of military
operations.
iZtTXRngob4wCLxm_
dc2: 1025
64 See ibid.
iZtTXRngob4wCLxm_
dc2: 1026
65 See Klimburg in Section 1.5.4.
iZtTXRngob4wCLxm_
dc2: 1027
66 Carl von Clausewitz, On War (London:
iZtTXRngob4wCLxm_
dc2: 1028
67 Penguin Books, 1982 [1832]).
iZtTXRngob4wCLxm_
dc2: 1029
68 119.
iZtTXRngob4wCLxm_
dc2: 1030
69 Michel Foucault, ‘Society must be defended’:
Lectures at the Collège de France, 1975-1976 (New
iZtTXRngob4wCLxm_
dc2: 1031
70
York:
iZtTXRngob4wCLxm_
dc2: 1032
71 Pan Books Limited, 2003).
iZtTXRngob4wCLxm_
dc2: 1033
72 15.
David W Barno, ‘Challenges in Fighting a Global
iZtTXRngob4wCLxm_
dc2: 1034
73
Insurgency,’ Parameters 36, no. 2 (2006).
Defined as: ‘principle or course of action’ (see Policy,
iZtTXRngob4wCLxm_
dc2: 1035
74 Oxford English Dictionary Online (Oxford University
Press, 2012)).
Defined as: ‘the art of projecting and directing’ (see
iZtTXRngob4wCLxm_
dc2: 1036
75 Strategy, Oxford English Dictionary Online (Oxford
University Press, 2012)).
Defined as: ‘a planned and coordinated activity
involving a number of people’ (See Operation, Oxford
iZtTXRngob4wCLxm_
dc2: 1037
76
English Dictionary Online (Oxford University Press,
2012)).
Defined as: ‘skilful in devising means to ends’ (See
iZtTXRngob4wCLxm_
dc2: 1038
77 Tactical, Oxford English Dictionary Online (Oxford
University Press, 2012)).
iZtTXRngob4wCLxm_
dc2: 1039
78 In the civil context, the operational and tactical levels of
decision-taking are often reversed.
In this section, however, we will use the military
iZtTXRngob4wCLxm_
dc2: 1040
79
naming order: strategic, operational and tactical.
iZtTXRngob4wCLxm_
dc2: 1041
80 {1}{2}{3}111
iZtTXRngob4wCLxm_
dc2: 1042
81 Organisational Structures & Considerations