What is the aim?
To ensure that the general public is aware of the government’s cybersecurity priorities and objectives, to support any effort to raise cybersecurity awareness, and to communicate and promote opportunities for further engagement and cooperation with civil society and the private sector.
Why do it?
For a strategy’s success and its accountability, it is crucial that stakeholders in all sectors but also the general public are aware of the NCS, its aims and the actions taken to implement it.
What are typical outputs?
A communication strategy is developed which defines the purpose, aims, objectives and activities, and a communication plan is implemented.
How is it delivered?
Activities include but are not restricted to: press conference, press release, validation workshop with stakeholders, publication of strategy on a publicly available website, as well as social media activities. Those are coordinated to ensure that the messages reach the audience.
How easily can a country do it themselves?
Easily. The country can work with the communications/PR team of the agency which is in charge of the NCS. Resources will be required for the implementation of some activities, but many can also be done with existing resources (website, social media accounts, meeting rooms).
- Get key stakeholders involved throughout the drafting process so they become ambassadors for the strategy through ownership
- Use existing resources and expertise in your organization such as the communications/PR department/team
- Choose a set of communication channels, e.g. traditional media (newspaper, radio, TV), social media, presentation, workshops to achieve reach
- Establish cooperation between key stakeholders for creating a broader outreach and creating media plans
- Have a lifecycle plan for the different stages to create attention from the beginning of the drafting, to the release of the strategy, and the time after
- Never let a good opportunity be wasted for getting attention for the strategy
Depending on the activity and the local conditions.
The activities should take place in a coordinated and strategic way over several weeks to achieve reach and create impact. Have a lifecycle plan for the different stages to prolong attention about the strategy.
A national strategy that targets a wide range of stakeholders must also ensure it gets these stakeholders’ attention and that the strategy is perceived as relevant among them, as this will increase the likelihood of successful implementation.
In Norway’s case, when developing their 4th national cybersecurity strategy, the process was seen as just as important as the strategy itself. By having an open and inclusive strategy process, Norway sought to create ownership of the strategy by a large group of stakeholders. An ambition early on was to truly make it a national strategy for society, not only for the public sector: an open and inclusive process where everyone could contribute with ideas and input was considered as one of the main success factors to increase the likelihood of the strategy being perceived as relevant for the different stakeholder groups.
To gain a head start and to get attention from the very beginning, the strategy drafting process was launched with a strategy conference that was opened by the Prime Minister. It was important to get the target group’s attention from a very early stage, and to include everyone that was interested in contributing. The event was thus open to everyone who wanted to attend and saw the involvement of over 300 delegates. Written input and high participation in a range of workshops clearly indicated that there is great interest in identifying shared solutions. Subsequent workshops with participation from both the public and private sector were also used to follow up on various target groups and prioritized areas. Drafts of the strategy were shared openly in these workshops for further input and discussions in order to include stakeholders throughout the different stages of the strategy process.
There is no use in having a good strategy that nobody knows about. Therefore, an integrated part of the strategy process was to develop a media plan to draw attention to the process. The media plan was developed in cooperation among selected ministries and agencies. This was crucial in order to make sure the strategy got attention and was successfully implemented in the wider community. Cybersecurity is a joint responsibility and concerns everyone. This should be reflected in both creating and implementing a national strategy.
A separate strategy launch conference was organized to increase attention for the release of the strategy. The Prime Minister of Norway, Minister of Public Security, Minister of Justice and Immigration, Minister of Defense and Minister of Research and Higher Education played a vital part in the conference and presented different parts of the strategy. This showed that the challenges we face are cross-sectoral and a key priority for the whole government. This open event was fully booked within a day, and the conference was livestreamed to gain as much attention as possible, resulting in over 1000 people following the launch of the strategy.
In addition, it was key to focus on using media and events to attract attention to the strategy in the time after its release. Building on the good cooperation between key stakeholders and utilizing their different outreach potential was seen as an important success factor for gaining broad attention.