NRD Cyber Security, a cybersecurity technology consulting, incident response and applied research company and the Global Cyber Security Capacity Centre (GCSCC) at the University of Oxford have signed a memorandum of understanding. The organisations will be working together in the field of cybersecurity capacity-building.

The fast-paced adoption of digital technologies and the rapidly increasing usage of cloud-based solutions are bringing new challenges in securing the cyber environment. Speedy digitalisation must, therefore, go hand in hand with cybersecurity and as more public, private and academic organisations become interconnected, cybersecurity should be treated as a multi-subject ecosystem. A holistic approach has become paramount in assessing a country’s cybersecurity capacity.

In consultation with international experts from across the world, the GCSCC developed the Cybersecurity Capacity Maturity Model for Nations (CMM) in 2013. This model provides a comprehensive picture of the status of cybersecurity maturity in five distinct dimensions: Cybersecurity Policy and Strategy, Cyber Culture and Society, Cybersecurity Education, Training and Skills, Legal and Regulatory Frameworks, and Standards, Organisations and Technologies. By having an all-inclusive overview of the cybersecurity capacity situation in the country, policy and decision makers can identify problematic areas more accurately and allocate resources more efficiently. As the digital environment continues to change and new cyber threats emerge, the CMM will also continue to evolve, as it has been since its inception.

Akvilė Giniotienė, Security Governance Expert at NRD Cyber Security, highlighted the importance of such comprehensive approach: “NRD Cyber Security sees a great value in the CMM in assisting nations to assess their cybersecurity capacities in a systematic and research-based way. The model stands out due the involvement and close interaction of all national cybersecurity stakeholders, which serves as a capacity building exercise in itself.  NRD Cyber Security’s experience in working with many countries around the world shows that the existence of legal and regulatory frameworks for cybersecurity does not necessarily mean that they are implemented, and that cybersecurity capacity is there. We are particularly happy to become a partner of the GCSCC in helping nations to understand their cybersecurity capacities and promote a secure digital environment for the well-being and prosperity for all”.

The CMM has been deployed almost 100 times in more than 60 countries worldwide. In 2017, a team of cybersecurity researchers from the University of Oxford, in collaboration with NRD Cyber Security and Vilnius University experts, assessed cybersecurity maturity in Lithuania. The report, produced as a result of the assessment, listed a number of practical recommendations on how Lithuania‘s cybersecurity maturity can be fostered in all five dimensions. For example, it suggested promoting a wider understanding among users of protecting their personal information online and developing their skills to manage their own privacy online. Encouraging the production of cybersecurity products by domestic providers in accordance with market needs was also advised.

“The CMM enabled Lithuanian officials to look at the country’s cybersecurity capacity from various perspectives and get a good understanding of the areas requiring attention. As a result, a strategic approach has been taken to strengthen cybersecurity by incorporating the findings in the National Cybersecurity Strategy and by allocating resources,” said the Vice-minister of National Defence, Edvinas Kerza.

NRD Cyber Security becomes the sixth key strategic partner for the University of Oxford to deploy the CMM. Other partners include the World Bank (WB), the Organization of American States (OAS), the Commonwealth Telecommunications Organisation (CTO), the International Telecommunication Union (ITU), the Norwegian Institute of International Affairs / Norsk Utenrikspolitisk Institutt (NUPI), and the Oceania Cyber Security Centre. The company will be deploying the model in countries that want an assessment of their cybersecurity capacity before making strategic decisions. NRD Cyber Security and the GCSCC have also collaborated in the deployment of the CMM in Bangladesh and have just started the same assessment in Sakartvelo.

The impact of the CMM depends on the uptake by the global community. Thanks to our strategic partners who have been crucial to the success of this global research project, the CMM has enjoyed buy-in and resulted in almost 100 deployments since 2015 around the world. The partnership with NRD Cyber Security will further increase the impact of the research of the GCSCC and will contribute to ensuring the sustained use of the CMM around the world,” ­said Professor Sadie Creese, Founding Director of the GCSCC. "After the successful CMM deployments in Lithuania, Bangladesh and Sakartvelo, we are looking forward to further joint national cybersecurity capacity assessments and engagement activities. Together we contribute to a better understanding of cybersecurity capacity worldwide’’.