РНБОУ National Security and Defense Council of Ukraine

The working group at the NCCC at the NSDC of Ukraine approved the draft Cybersecurity Strategy of Ukraine

The working group at the National Coordination Center for Cybersecurity at the National Security and Defense Council of Ukraine approved the draft Cybersecurity Strategy of Ukraine for 2021-2025.

The basis for developing this document was primarily the National Security Strategy of Ukraine, approved by the Decree of the President of Ukraine of September 14, 2020, № 392; experience of the world’s best practices (conceptual provisions of cybersecurity strategies of the EU countries, the EU itself, the USA, Japan, etc. were studied); a number of opinion polls and empirical studies conducted late last year and early this year.

On October 12, last year, the President instructed the National Coordination Center for Cybersecurity to develop a draft Cybersecurity Strategy of Ukraine and submit it to the NSDC of Ukraine within six months.

To fulfill this task, Secretary of the NSDC of Ukraine Oleksiy Danilov established a working group consisting of representatives of the main subjects of the national cybersecurity system, the Verkhovna Rada of Ukraine, the Office of the President of Ukraine, the Secretariat of the Cabinet of Ministers, the Ministry of Energy, the Ministry of Infrastructure and the National Institute for Strategic Studies.

The purpose of the Cybersecurity Strategy of Ukraine for 2021–2025 is to create conditions for the safe functioning of cyberspace, its use in the interests of the individual, society and the state. The document is based on the principles of deterrence, cyber resilience and interaction. The coordinator of the Strategy implementation is the National Coordination Center for Cybersecurity.

The working group identified conceptual approaches to the further development of the national cybersecurity system. The main ones are based on:

comprehensive understanding and analysis of the digital environment, global trends in the cybersecurity environment (while taking into account the characteristics of our country), strict protection of national interests of Ukraine;

permanence of measures to improve legislation in the field of cybersecurity;

focus on economic and social growth of society;

balanced provision of the needs of the state and the rights of citizens, observance of the rule of law, procedural guarantees and legal remedies;

defining clear roles, needs, responsibilities in solving cybersecurity tasks of varying complexity;

a risk-based approach to cybersecurity and cybersecurity measures;

introducing public-private partnership mechanisms in the field of cybersecurity;

a proactive approach, involving preventive measures;

ensuring democratic civil control over the functioning of the national cybersecurity system.

The innovation of the Strategy is the definition of mechanisms for its implementation and criteria for measuring success along the way.

The draft Strategy structurally consists of 9 sections with the following thematic content:

Section 1. Cybersecurity: a global context.

Section 2. Implementation of the Cybersecurity Strategy of Ukraine for 2016-2020.

Section 3. National cybersecurity system: building principles.

Section 4. Challenges and cyber threats.

Section 5. Cybersecurity priorities and strategic goals.

Section 6. Strategic objectives.

Section 7. Directions of Ukraine’s foreign policy activity in the field of cybersecurity.

Section 8. Mechanisms for implementing the Strategy and ensuring openness.

Section 9. Measurements of success (metrics).

It is expected that during the first year of the Strategy implementation, indicators for assessing the state of cybersecurity and cybersecurity will be developed immediately; a review of the state of cyber protection of critical information infrastructure, state information resources and information, which are required to be protected by law, will be conducted; mechanisms for conducting reviews of the state of the national cybersecurity system will be developed and implemented. This will allow, if necessary and given the changes in the security environment, to amend the general plan and annual action plans for the Strategy implementation.

The National Center for Cybersecurity will annually publish a public report on the status Strategy implementation and will systematically inform about decisions, events and the situation in the field of cybersecurity.

We invite the public to discuss the draft Cybersecurity Strategy. Email address for submitting proposals: strategy@ncscc.gov.ua

Links:

Draft Cybersecurity Strategy of Ukraine for 2021–2025 (in Ukrainian)

Draft Cybersecurity Strategy of Ukraine for 2021-2025 (in English, unofficial translation)

Presentation materials for the draft Cybersecurity Strategy of Ukraine for 2021-2025

Analytical studies of the state of communication, coordination and interaction between the subjects of the national cybersecurity system, the results of which were used during the development of the draft Strategy

Analytical studies of the state of development of the national cybersecurity system, the results of which were used during the development of the draft Strategy