MalteCyber-space is far from perfect. It is at risk of vulnerabilities, some of which involve genuine human error, whilst others are exposed to malicious intent. Furthermore, global innovations within its realm are even faster than the ability to secure it. Hence the need for cyber security, that is, ensuring the safety, confidentiality, integrity and availability of cyberspace.
Launching cyber security on a national scale, essentially calls for a planned, collective and systemic approach, thus leading to the need of a National Cyber Security Strategy. Digital Malta – the National Digital Strategy for Malta for the period 2014-2020 - recognises and proposes the fulfilment of such need, in the light of Malta’s increased dependence upon cyber-space in its day to day interactivity, within and beyond its shores. Indeed, in 2015, the European Commission’s e-Government Benchmark Report re-confirmed Malta as the leader in the delivery and performance of e-Government services amongst thirty-three countries.
Malta is addressing such a need. A Green Paper for a National Cyber Security Strategy was launched in October 2015, as a basis for consultation. The Green Paper presented a high level, strategic approach for cyber security on a national scale. It intended to inculcate an awareness of cyber security, its extent and its implications of which Malta, as an integral part of cyber-space, needs to consider. The National Cyber Security Strategy being launched is a consolidation of the proposals presented by the Green Paper following online feedback and a number of consultation sessions held.
The National Cyber Security Strategy recognises that tackling cyber security entails the need to:
• Safeguard the rule of law in line with Malta’s Constitution and Malta’s role as a European Union Member State
• Adopt a multi-disciplinary approach
• Ensure that all stakeholders of cyber-space; government, private sector, and civil society understand their shared responsibility and thus commitment to collaboration and cooperation, to ensure a safe, stable and secure environment
• Adopt a risk based approach, based upon the premise that it is impossible to guarantee immunity from any cyber attack.
All of the above constitute the fundamental principles upon which the overall vision is based. In essence, the Vision covers the need and expectations of three key national stakeholders – the public sector, the private sector and civil society to ensure cyber security. Five dimensions enable articulation of the vision into the strategy. They are Policy, Legislation, Risk Management, Awareness and Education upon which the subsequent proposed strategy is based.
Prior to proposing the strategy however, research and assessments have been made so as to enable a high level pragmatic approach towards cyber security within the local context. The ensuing strategic direction within the Green Paper is proposed to be attained by six goals, each of which carries a number of proposed measures, as follows:
1. Goal: Establish a Governance Framework that is based upon the premise that a cyber security strategy needs to be established, and more importantly, be effectively implemented and maintained on a continuous basis. Hence the need to ensure the key coordination structures, processes, roles and practice with particular focus on cyber risk management within the public and private sector.
2. Goal: Combat Cybercrime which aims to ensure and consolidate capabilities to tackle cybercrime.
3. Goal: Strengthen National Cyber Defence which aims to foster sharing of cyber security knowledge and intelligence, review current legislation and regulations in line with cyber- space developments and ensure digital resilience on a national and organisation wide scale of particular consideration are recent legal developments at EU level, notably legislation pertaining to data protection and that related to Network and Information Security.
4. Goal: Secure cyber-space which aims to foster self regulation and voluntary self commitment, bearing in mind that legislation is not a panacea to cyber security commitments. It also aims to stimulate use of standards and best practices that guarantee security whilst allowing for interoperability. Special focus is also given to promote security and trust of online public services and to consolidate support to the private sector.
5. Goal: Cyber security Awareness and Education which aims to target academia, the public and private sector and citizens as a means to sensitize awareness, knowledge as well as capabilities and expertise in cyber security. A national strategic approach towards an ongoing educational and awareness campaign is especially recommended.
6. Goal: National and International Cooperation which aims to ensure effective consultation, cooperation and collaboration on a national level, on a European and on a global basis, enabled by EU and international institutions and activities, based on the understanding that cyber security has no bounds.
All six goals aim to cover two key strategic outcomes expected of the Strategy, namely those of:
• Defending and protecting the national information infrastructure from cyber threats.
• Ensuring the security, safety and protection of users of cyber-space.
The proposed strategic approach is by no means the end in itself. It is understood that the launch of the Strategy is only the start of a continuous process that calls for its implementation, evaluation and maintenance so as to ensure its currency and effectiveness in line with:
• Increased recognition on a nation-wide scale of the importance to adopt cyber security measures in day to day corporate and individual activities
• Evolving maturity of overall cyber security capability
• Technological developments and applicability, along with related cyber security challenges
• Evolution in cybercrime behaviour
• Developments on a national scale, in line with European Union direction on cyber security to its Member States of which Malta forms part.
Hence, the Strategy would be expected to be periodically reviewed and updated. Ultimately, the Strategy is understood as a means for national cyber security investment that indicates Malta as a :
• Secure online jurisdiction
• Centre of excellence in various business sectors interacting within cyber-space.
