Cyberterrorism is one of the serious threats to global security. Although Cyberterrorism is a global issue, different countries take Cyberterrorism from different perspectives. For some, Cyberterrorism is an act where terrorists use computer gadgets to harm nations politically, socially, and ideologically; others take Cyberterrorism as a global act of war to gain strategic advantages. This difference of opinion has created a global standoff in formulating a common strategy to curb Cyberterrorism. Without global consensus, there is no standard framework or international law currently available to stop Cyber-terrorism or apprehend Cyber-terrorists under international Cyber agreements. The 2016 U.S. Presidential Election is one example case where Russia was held responsible by the U.S government for hacking and influencing the election campaigns. In the absence of an international legal framework, the U.S was only able to take state-level actions, such as applying economic sanctions on Russia, adopting the Vienna Convention on Diplomatic Relations, and following the ‘doctrine of Retorsion’. The growing Cyber-terrorist attacks and lack of international Cyberlaw is a fair worry for the countries where most of the infrastructure operates through Cyberspace. Cyber-terrorism is an active threat to the national security of these countries. Many countries started working on their own Cybersecurity strategies to secure the Cyberspace and prevent Cyber-terrorist activities. Following is a brief overview of the National Cybersecurity Strategies of five countries including the United Kingdom (Europe), the United States (America), China (Asia), Australia (Australia), and Mauritius (Africa). These countries have a great Cybersecurity ranking in the latest Global Cybersecurity Index (GCI). GCI is a trusted reference model initiated by the International Telecommunication Union (ITU) that ranks countries based on their commitment to secure cyberspace.
United States National Cyber Security Strategy 2018 (US-NCSS-2018)
United States issued an updated National Cyber Security Strategy (US-NCSS-2018) in September 2018. The US-NCSS-2018 focuses on the following objectives:
(1) Defend the United States by identifying vulnerabilities and protecting networks, functions, systems, and data of the homeland.
(2) Promote American prosperity through steps like developing a robust digital economy and developing a superior Cybersecurity workforce.
(3) Preserve peace by enhancing Cyber stability and deterring unacceptable behaviors in cyberspace.
(4) Expand American influence by enhancing international Cyber capacity and promoting open, reliable, interoperable, and Secure Internet.
In the strategy, the United States has shown its concerns about rogue states and terrorist networks that can undermine the economy and democracy through Cyber-attacks. The strategy has also expressed that the critical infrastructure of the United States is always at risk during a crisis short of war. The United States believes that the success of US-NCSS-2018 depends on the following actions.
- Identification of the vulnerabilities (Criminal networks, Rogue states, Strategic adversaries, Terrorists)
- Adequate response and fast recovery from the incidents
- Deterrence against all the illicit cyber activities that harm the United States interest
UK’s National Cyber Security Strategy 2016-2021 (UK-NCSS-2016)
UK has published a National Cyber Security Strategy (NCSS) in 2016 for a period of 5 years (2016-2021). The strategy has explicitly defined the following as threats and vulnerabilities in order to refine the core Cybersecurity objectives.
- States and state-sponsored threats
- Script Kiddies
- Less secure devices
- Poor Cyber compliance
- Insufficient training and skills
- Legacy and unpatched systems
UK government has clearly mentioned the role of individual and state-sponsored terrorists that can use cyberspace to harm the government, energy, finance, and telecommunication sector in order to achieve political, commercial, technological, diplomatic, or strategic goals. Defense Deter and Development (3D) is the main objective of UK-NCSS-2016. The strategy focuses on improving the defense capabilities of the country against all threats and vulnerabilities mentioned in the documentation. Achieving maximum deterrence to discourage adversaries planning cyber-attacks against the UK is on the priority list of the country. UK government has also shown its intentions to excel in development programs that can produce the best Cybersecurity talent in the country and fill the gap between supply and demand in the context of Cybersecurity tools, strategies, and skills required to secure cyberspace.
Mauritius National Cyber Security Strategy 2014-2019 (MU-NCSS-2014)
The ITU’s GCI-2018 report ranked Mauritius at the top position in the African region due to its strong commitment to secure cyberspace. Mauritius government previously launched National Information & Communication Technology Strategic Plan (NICTSP) 2007–2011 and (NICTSP) 2011–2014 to enhance the country’s Information and Communication Technology (ICT) sector and improving the Cybersecurity framework of the country. Recommendations in these strategic plans were also taken into account while designing the latest National Cyber Security Strategy. The MU-NCSS-2014 was published in 2014 with goals to be achieved in the next five years. The main objective of the strategy is to provide guidelines, measures, and action plans to secure the information systems, networks, and national critical infrastructures of the country. The action plans include a variety of Cybersecurity related projects, such as the development of a Cyber Threat Monitoring System, designing an illicit content filtering system, and enhancing law enforcement Cybersecurity capabilities.
China’s National Cyber Security Strategy 2016 (CH-NCSS-2016)
China announced its first National Cyberspace Security strategy in December; 2016. The CH-NCSS-2016 gives an overview of the Cyberspace challenges of China and strategies that can help the country in overcoming different Cybersecurity challenges, such as political, social, and economic security of the country. The main objective of the CH-NCSS-2016 is to counter all those actions that can harm the national security of China. According to the strategy’s documentation, all countries without any discrimination should be allowed to play their part in Cyberspace governance. Defending Cyberspace sovereignty is included in the core objectives of China’s national Cybersecurity strategy. China has committed to curb Cybercrimes and Cyber-terrorism through the implementation of its strategic Cybersecurity plans. Protection of Critical Information Infrastructure (CII) from Cyber-attacks is on the priority list of CH-NCSS-2016. The CH-NCSS-2016 has defined the scope of CII in its documentation. According to the strategy, all those sectors that are related to China’s national security, economy, and livelihood of people of China is part of CII. Key sectors mentioned under the CII umbrella include public communication networks, radio and television transmissions, information networks, information systems, and internet application systems. The use of internet application system is subcategorized into various fields, such as scientific research, finance, energy, education, industry, social security, public utilities, medicine, and other state agencies that use the internet applications to perform their duties.
Australia’s National Cyber Security Strategy 2016-2020 (AUS-NCSS-2016)
Australia published its National Cyber Security Strategy (AUS-NCSS-2016) in 2016 that describes the Australian Cybersecurity plan for a span of the next five years (2016-2020). The main objective of the strategy is to make Australian networks and systems hard to compromise. The AUS-NCSS-2016 explains different Cyberspace challenges that can create issues for the national security of Australia and damage different government and private sectors in the country. State-sponsored cyber-attacks, espionage, and Cyber-attacks by non-state actors are the top actors included in the threat list of the strategy. Australia has founded different bodies at the government level that are given the responsibility of handling cyber threats at the national level. The Australian Cybersecurity center, Australia’s Computer Emergency Response Team (AusCERT), the Australian Signals Directorate, and the Australian Cybercrime Online Reporting Network (ACORN) are core authorities to implement the government’s Detect, Deter, and Response (DDR) plans against all forms of cyber threats. A good portion of Australian digital infrastructure is possessed by private organizations in the country. Australia has also focused on the private sector in its national Cybersecurity plan to combat Cyber-terrorism and other cyber-threats.
The following table shows a brief summary of threats, vulnerabilities, and vulnerable sectors identified by the most advanced Cyber states. Although there should be a global consensus on dealing with Cybercrimes, the developing countries can adopt and follow these Cyber strategies to fight back the global Cyberterrorism issue.