NCSS good practice guide : designing and implementing national cyber security strategies

To meet current and emerging cyber security threats, EU Member States need to constantly develop and adapt their cyber security strategies. National cyber security strategies (NCSS) are the main documents of nation states to set strategic principles, guidelines, and objectives and in some cases specific measures in order to mitigate risk associated with cyber security. Following a high-level top-down approach, NCSS set the strategic direction for subsequent actions. Moreover, the recently adopted NIS Directive requires EU Member States to develop and adopt a national cyber security strategy (NCSS). If needed, Member States can call upon ENISA to assists them in drafting a NCSS. Within three months after the adoption of their NCSS, EU Member States need to forward the strategy to the European Commission. ENISA published its first National Cyber Security Strategy Good Practice Guide in 2012. Since then, EU Member States and EFTA countries have made great progress in developing and implementing their strategies. This guide is updating the different steps, objectives and good practices of the original guide and analyses the status of NCSS in the European Union and EFTA area. The aim is to support EU Member States in their efforts to develop and update their NCSS. Therefore, the target audience of this guide are public officials and policy makers. The guide also provides useful insights for the stakeholders involved in the lifecycle of the strategy, such as private, civil and industry stakeholders.