ENISA publishes the first framework on how to evaluate National Cyber Security Strategies

Back to News

German French Spanish Greek

ENISA issues today an Evaluation Framework on National Cyber Security Strategies (NCSS) addressed to policy experts and government officials who design, implement and evaluate an NCSS policy. This work is strongly aligned with the EU Cyber Security Strategy (EU CSS) and aims to assist Member States in developing capabilities in the area of NCSS.

The framework developed is a flexible and pragmatic approach based on good practices shared by leading experts on NCSS, taken from eighteen EU National Cyber Security Strategies and eight non-EU strategies. It can easily be adjusted to the needs of different Member States depending on the level of maturity reached in the lifecycle of a NCSS.

The framework proposes a step wise approach and introduces a set of practical key performance indicators (KPIs). It also issues recommendations that would allow proper implementation of the framework.

This report builds on ENISA’s previous work on NCSS. In 2012, ENISA introduced a good practice guide on how to implement a NCSS following a well-defined lifecycle. The guide included an analysis on how to involve the private sector in the process, how to align policy; operational and regulatory objectives, and how to develop capabilities on cyber security issues.

Udo Helmbrecht commented on the project: “A National Cyber Security Strategy is an important step that allows Member States to address cyber security risks and challenges. This is a continuous process that requires proper evaluation, in order to adjust to the emerging needs of society, technology and the economy. With this work ENISA provides a systematic and practical evaluation framework that allows EU Member States to improve their capabilities when designing NCSS”. 

The report was presented in Brussels on the 27th November 2014 at the first workshop on National Cyber Security Strategies organised by ENISA. Leading experts from EU Member States showcased their national cyber security action plans and participated in discussion panels on Critical Information Infrastructures, public private partnerships and national capabilities development. Within the workshop the importance of using a pragmatic evaluation framework was highlighted as an increasing need and priority.

ENISA maintains an up to date list of EU and global NCSS by country on its web site. It allows interested public and private stakeholders to be updated on NCSS and download relevant material.

The publication follows the NCSS report and the Good Practice Guide on NCSS in 2012.

For full report: Evaluation Framework on National Cyber Security Strategies (NCSS)

Interactive Map - National Cyber Security Strategies in the World


For interviews: Dimitra Liveri, Security & Resilience of Communication Networks Officer, ENISA, Email: Dimitra.Liveri@enisa.europa.eu , Mobile: +30 6948725557