The lifecycle of a national cybersecurity strategy includes five phases (ITU, 2018, pp. 16-27):
Overall, action plans include the solutions (or measures) that can be implemented to achieve objectives, the stakeholders responsible for the tasks, the metrics that will be used to determine the timeline for completing the task and whether the desired outcome was achieved. Action plans have been implemented on the national level (e.g., National Security Authority, Action Plan for the Implementation of the Cyber Security Concept of the Slovak Republic for 2015-2020 ) and regional level (e.g., CARICOM's Cyber Security and Cybercrime Action Plan ).
Emerging technologies (e.g., blockchain, artificial intelligence, and quantum computing) are mentioned in some national cybersecurity strategies (see, for example, the US National Cyber Strategy and the UK National Cybersecurity Strategy 2016-2021).
The European Union Agency for Network and Information Security's (ENISA) National Cyber Security Strategy Good Practice Guide (2016) includes examples of strategic objectives and tasks that need to be completed to achieve these objectives and provides guidance on how to develop a national cybersecurity strategy (pp. 14-21). ENISA (2014) also emphasized the need to create evidence-based national cybersecurity strategies by engaging in one-off and periodic assessments of these strategies (i.e., examining outcomes based on predefined evaluation metrics) and utilizing the results of these assessments to modify the strategies and action plans for the implementation of the strategies (pp. 9-10).
National cybersecurity strategies may be included in a single document or parts of the strategy may be disbursed in different instruments that cover some facet of cybersecurity (ITU, n.d.). The International Telecommunication Union (ITU) has a repository of national cybersecurity strategies that includes national policies, plans, and other cybersecurity-related documents (i.e., the National Cybersecurity Strategies repository ). Moreover, the North Atlantic Treaty Organization's (NATO) Cooperative Cyber Defence Centre of Excellence houses NATO and non-NATO member states' cybersecurity strategies and related documents on its website . What is more, ENISA has developed an interactive map that includes the national cybersecurity strategies of European Union Member States and their strategies' objectives (e.g., addressing cybercrime; establishing an incident response capability; engaging in international cooperation; establishing baseline security requirements; and establishing public-private partnerships, to name a few).