Building A National Cybersecurity Agency

For many national governments, figuring out how to counter cyber threats means puzzling together a national cybersecurity agency. After a national leader or legislative authority releases an official decree, the first question often asked by the government is, “Where do we start?”

Just like putting together a jigsaw puzzle, governments need a picture of how the finished product should look. This picture is the national cybersecurity strategy. It defines the relationships and authorities within the government, as well as the government’s relationship with private industry and the broad capabilities required to establish and operate a new agency.

After you have the big strategic picture, you'll need to find your “corner pieces” and build the puzzle's outer edges based on the national cybersecurity strategy. This means that governments need to define the roles and responsibilities of a national cybersecurity agency. First, they'll need to assess how much risk their nation can afford and determine what the residue risk is by not taking on certain cyber-related responsibilities.

The question that needs to be addressed by government leaders is: What are the responsibilities for cybersecurity between the national government, the government ministries and regulators, critical infrastructure providers, and private industry?

Here are the key pieces of a national cybersecurity agency plan:

The new agency needs to establish standards for protecting and communicating cyber threats across the national landscape—but make sure that these standards don’t block or slow good data that impedes commerce.

Ensure and identify the cyber mission, authority, regulations, and enforcement for each part of the government. Establish roles and responsibilities for critical infrastructure providers, regulators and law enforcement, military and intelligence, and the private industry. A critical component of the national cybersecurity agency is coordinating with national telecommunications providers, or providing technical guidance. Whose job is it to respond first? What do you want this new agency to do? It sounds basic, but it is the key to successfully creating a strong and resilient cyber defense.

Among the military, law enforcement, intelligence, internal security, private, and critical sectors, it's vital to ensure that there is national cybersecurity situational awareness. This includes serving as a cyber intelligence repository for the nation. And make sure your agency is set up to produce actionable cyber intelligence. That doesn’t mean this new agency needs to be the first to respond, just that it is collecting the right, timely, and specific information.

While you want to solidify your data-collection standards, you don’t want to do anything that will slow or block the flow of good data. You’ll also want to build a cyber intelligence repository to keep all that information on cyber incidents.

Your approach to national cybersecurity shouldn’t involve specific products or software. The strategy should stay above the purchase level. Don’t get locked in to something that isn’t compatible with the rest of your government’s IT.

It’s important to plan and provide appropriate levels of deterrence against people and organizations who aim to harm the government through malicious cyber activities. These deterrents include a combination of legislative, law enforcement, regulatory, and military actions.

Your approach should provide advanced cybersecurity capabilities not found elsewhere in the nation. These include the ability to create custom cyber threat signatures, develop a cadre of engineers who can find out who already invaded your systems, create a team of malware analysts who can analyze the cyberattack software, and create a national forensics lab to investigate.

Establishing national cybersecurity education programs, identifying cyber talent early, and offering corporate incentives and on-the-job training will fill the pipeline of talent within the nation to support a growing demand.

With a solid strategy, you can put the pieces of a new cybersecurity agency together. Building and enhancing a national cybersecurity agency or a national cybersecurity operations center is a complex, multiyear endeavor that requires planning, organization, and technical expertise. Booz Allen brings the people with the experience to assist national governments with their most challenging problems.

Our employees have supported the establishment of national-level cybersecurity agencies and operations centers for governments in Asia, Middle East, and the United States. Our Asia headquarters is in Singapore, with offices and engineers in Jakarta, Okinawa, and Inchon.