Towards a national cybersecurity capability development model

Abstract

Nations need to develop cybersecurity capabilities at national level in order to facilitate the requirements expressed through national authoritative and normative documents. These national cybersecurity capabilities typically consist of people, processes and technology or tools. From the research conducted, no publicly available models or frameworks for national cybersecurity capability development could be found. In this paper, the authors identify and compare existing military capability development models and propose a national cybersecurity capability development model based on these models. Military capability development frameworks are a comprehensive way to define work deliverables and work standards, and provides a way to measure the work deliverables (eWorks Moodle, 2016). The use of such a national cybersecurity capability development model is advantageous during the planning phase of the national cybersecurity capability. For example, the using of a model allows for a capability to be broken down into its components, a model serves as a blueprint to ensure that those building the capability considers all components, allows for cost estimation and facilitates the evaluation of trade-offs. One national cybersecurity capability - the incident management cybersecurity capability - is selected to illustrate the application of the national cybersecurity capability development model. This model was developed as part of previous research, and is called the Embryonic Cyberdefence Monitoring and Incident Response Center (E-CMIRC) (P. Jacobs; S.H. von Solms & M.M. Grobler, 2016). The characteristics of national incident management cybersecurity incidents have to be determined, as these would affect each component of the military-based national cybersecurity capability development model. Once the national cybersecurity capability components are identified using the military-based cybersecurity capability development model, it also has to be operated. To achieve this requirement, available organisational operational models are identified and compared, and one operating model is selected to augment the national cybersecurity capability development model. The fusion of the military-based national cybersecurity capability development model with the operations models results in the national military-based cybersecurity capability development model. This paper has three outcomes in mind: firstly to determine the characteristics of national cybersecurity incidents, secondly, the development of the national cybersecurity capability development model, and thirdly, the development of a national cybersecurity capability operational model. This paper describes the methodology followed in describing the E-CMIRC structure using a capability development framework, and organisational operational models. The national cybersecurity capability development model – using a military capability development framework - and the national cybersecurity capability operational models derived from existing organisational frameworks, are presented as a single, integrated model.