Sammendrag
This paper has performed the first comparative study of the Norwegian Cyber Security Strategy
vs. the strategies of cyber security in EU and the US. The paper has adapted the framework and detailed evaluation used by Luiijf and Besseling (2013) as they compared nineteen national cyber security strategies, not including Norway. Issues of special interest have been emergent threats and vulnerabilities due to increased integration of systems and thus use of resilience as a strategy to handle surprises and unanticipated incidents. The analysis of the terrorist attack in Norway, 22nd of July 2011, exposed the gap between plans and actions in Norway. To improve the Cyber Security Strategy there is a need to focus on the socio-technical perspective to ensure clarity of responsibility and establish control structures to ensure timely execution. The paper recommends focusing on international collaboration and mitigation of cyber physical threats (i.e. cybersafety) due to integration between information technology systems and systems used to control physical processes.
vs. the strategies of cyber security in EU and the US. The paper has adapted the framework and detailed evaluation used by Luiijf and Besseling (2013) as they compared nineteen national cyber security strategies, not including Norway. Issues of special interest have been emergent threats and vulnerabilities due to increased integration of systems and thus use of resilience as a strategy to handle surprises and unanticipated incidents. The analysis of the terrorist attack in Norway, 22nd of July 2011, exposed the gap between plans and actions in Norway. To improve the Cyber Security Strategy there is a need to focus on the socio-technical perspective to ensure clarity of responsibility and establish control structures to ensure timely execution. The paper recommends focusing on international collaboration and mitigation of cyber physical threats (i.e. cybersafety) due to integration between information technology systems and systems used to control physical processes.