What is the aim?
To strengthen the capacity of the government to co-ordinate across its ministries, and with external partners and stakeholders, a process for overseeing the implementation of the strategy and action plan.
Why do it?
A critical part of the strategic planning process is a cross-government process to coordinate and oversee the implementation of the new strategy and action plan. There is a greater likelihood of the strategy being used if the project helps the government prepare for this and start the process.
What are typical outputs?
One size does not fit all, but a typical output would be a cross-government committee, with Terms of Reference and processes for its work.
How is it delivered?
This activity is typically provided through advice and coaching. It may also involve exercises that demonstrate the importance of coordination and practice committee meetings.
How easily can a country do it themselves?
Much of the work to prepare for and conduct the coordination is done by the government, applying their own experience and standard approach. They can ask other countries for their coordination lessons. An added value of the external experts, which can be hard to replicate internally, is that they provide a challenge function to question and test the coordination plans.
- Have a clear point of responsibility for coordinating and overseeing the implementation of the strategy.
- Make all stakeholders across government accountable and responsible for the follow up.
- Make the strategy relevant and known also for private sector and other external stakeholders, to increase the likelihood of a broad contribution on the follow up of the strategy.
Dependent upon expert day rates, duration and whether you include exercises.
It can begin at the Strategy Production stage, or even earlier, and continue into the Implementation phase.
In Norway, the individual ministry is responsible for civil protection and emergency preparedness, including cybersecurity in their own sector. This implies responsibility for work on prevention, emergency preparedness and crisis management. The Ministry of Justice and Public Security (MoJ) has a general coordinating role in the area of civil protection and emergency preparedness, including cybersecurity across the whole of civilian society.
MoJ and the Ministry of Defense (MoD) were jointly responsible for drafting Norway’s 4th national cybersecurity strategy. This ensured that the strategy covered the whole of government, both civilian and military aspects of cybersecurity, including the international dimension. The need for coordination was therefore large. A key for success was aligning the different stakeholders, making the strategy relevant and creating a joint feeling of ownership.
In the strategy itself, the Prime Minister had the foreword and also opened the launch conference of the strategy to show that the strategy is overreaching and a key priority. The opening also included contributions from the Minister of Public Security, Minister of Justice and Immigration, Minister of Defense and Minister of Research and Higher Education, together playing a vital part in presenting the different parts of the strategy. This showed that the challenges we face are cross-sectoral and a key priority for the whole government.
After the release of the strategy, all ministries received notifications from the MoJ about the expectations for follow up in all sectors. They were at the same time informed that they would need to report on the follow up to the MoJ and MoD about two years after the launch. This was seen as important to ensure focus on the follow up at an early stage and make different stakeholders accountable. As a part of the reporting on the follow up, the MoJ and MoD will conduct a digital questionnaire that will target both public and private companies across Norway. The questionnaire will measure the follow-up on the ten measures recommended as a part of the strategy to improve companies’ own ability to prevent and handle cybersecurity incidents.
Both a public-private partnership forum and an inter-ministerial network have been established in Norway. These high-level groups are led by the MoJ and were consulted during the development of the strategy and to report on the overseeing of the implementation of the strategy.
Together, these activities and chosen approach have strengthened the coordination across government and external stakeholders, and at the same time increased the likelihood of successful implementation of the national strategy. In addition, it secured top level support and sent strong signals across society of the importance of the work on cybersecurity and the follow-up from the strategy.