What is the aim?

To support countries to involve relevant stakeholders in their national cybersecurity strategy (NCSS) development and implementation process in a holistic and sustained way.

Why do it?

  1. While there is an intrinsic value to involving a wide range of stakeholders in cybersecurity processes, there are two practical reasons why engaging stakeholders in the NCSS process specifically is beneficial: involving stakeholders in policy development leads to better informed and evidence-based policy outcomes. Bringing stakeholders’ diverse expertise into the NCSS process can help get a more accurate and evidence-based picture of the cybersecurity landscape, the possible implications of different policies being considered, and how best to engage with those other stakeholders during the NCSS’s implementation and review stages; and
  2. involving stakeholders in the development can lead to more effective NCSS implementation. Stakeholders who have been involved in the development of the NCSS will have a stronger understanding of the strategy and what is required from them, making implementation efforts more effective and sustainable, and it can also help build trust amongst stakeholders, which is crucial for smooth implementation.

What are typical outputs?

A comprehensive NCSS development roadmap which includes a stakeholder map and stakeholder engagement plan.

How is it delivered?

Through expert advice developed in close consultation with the policymakers via calls and/or in person meetings.

How easily can a country do it themselves?

Policymakers can draft the roadmap themselves using existing guidance documents.

What good practice guidance is available?

GPD’s “Involving stakeholders in national cybersecurity strategies: A guide for policymakers”

  • Genuine commitment to inclusive approaches from governments is required (although not sufficient).
  • Piecemeal approaches can only be partially successful; stakeholders should be involved throughout and in a holistic way.
  • Reliance on local expertise can contribute to a roadmap that reflects local needs and context.

Cost

Depends on the outputs and the format for delivery but would typically include staff time for the organization that is supporting the government in the process and hard costs for any related activities.

Duration

3 to 6 months to develop a comprehensive roadmap that is informed by stakeholder input.

The OAS/CICTE Cybersecurity Program and GPD supported the government of Belize in developing their first NCSS. Belize’s efforts to address cyber issues started in 2017, when the government organized the first National Cybersecurity Symposium, where the development of a strategy was identified as a key priority for Belize.

At the beginning of the process, an NCSS development roadmap was produced by the government with OAS/CICTE and GPD support. The roadmap included a holistic stakeholder engagement plan. Specific modalities for stakeholder engagement included:

  • The establishment of a multi-stakeholder NCSS task force, set up under the leadership of the government’s National Security Council Secretariat and tasked with drafting the strategy. It comprised 15 different entities, ranging from governmental stakeholders and the private sector to civil society and academia. The Task Force held around ten different meetings during the process.
  • A capacity-building training, aimed at increasing awareness and building capacity of civil society actors to engage more effectively in the NCSS development process.
  • Once a first draft was developed by the dedicated multi-stakeholder task force, an open online consultation was undertaken by the government with the aim of gathering stakeholder feedback on the text. The text of the first draft was published online on the Belize Crime Observatory Website. The draft was open for comments, suggestions and edits from stakeholders for three weeks. In addition to this, the government shared the strategy draft via email, inviting specific stakeholders to provide input.
  • A multi-stakeholder workshop aimed at presenting the NCSS draft and gathering input and feedback from stakeholders, as well as to kick off discussions around implementation of the strategy.

OAS/CICTE provided the government of Belize with technical and strategy support to develop the NCSS with stakeholder engagement. GPD supported the process by developing and delivering a capacity-building program for civil society in Belize to increase their awareness and understanding of cyber policy issues and encourage their engagement in the NCSS development process. This process also demonstrated a mechanism where two implementers were able to use their resources complimentarily for the benefit of stakeholders and direct beneficiaries.