Download This PaperCybersecurity Capacity Maturity Model for Nations (CMM) 2021 Edition
63 Pages Posted: 21 Apr 2021
Date Written: March 25, 2021
Abstract
The world’s economies continue to develop with an ever- increasing dependence on technology. If we do not ensure that cybersecurity capacity exists across the entirety of cyberspace, we will inevitably create cyber-ghettos. In such environments, cyber-harm may become prevalent and cyber- attacks can easily be launched. The ability of countries to respond and grow capacity in the face of changing threats – be they due to trends in technology use, the socio-political climate, or evolution of the threat-actor ecosystem – has never been more important.
The Cybersecurity Capacity Maturity Model for Nations (CMM) helps nations understand what works, what does not work and why, across all areas of cybersecurity capacity. This is important so that governments and enterprises can adopt policies and make investments that have the potential to significantly enhance safety and security in cyberspace, while also respecting human rights, such as privacy and freedom of expression.
Since 2015, the Global Cyber Security Capacity Centre (GCSCC, Capacity Centre) has actively promoted the CMM across sectors, to drive conversation around cybersecurity capacity and to help improve global technology. The resulting adoption of the CMM by various key international stakeholders, and the completion of more than 120 CMM reviews in more than 85 countries around the world, demonstrates the positive impact of the research, supports government self-assessments and informs the development of industry tools and resources.
Prompted by the changing threat landscape and corresponding cybersecurity practice, the GCSCC has led a revision of the CMM, the first to be carried out since the 2016 edition was issued. To produce this 2021 edition, the Capacity Centre undertook a global collaborative exercise aimed at extracting and synthesising the community’s latest knowledge. The GCSCC developed change proposals based on lessons learned from CMM deployments, and undertook a series of online and offline consultations with experts, to validate the findings and discuss the changes. Those who were consulted included the GCSCC Expert Advisory Panel, strategic, regional and implementation partners of the GCSCC, and other experts from academia, international and regional organisations, governments, the private sector, and civil society. Based on their input, indicators for each Aspect have been identified, designed, refined, and validated.
Actors around the world, ranging from individuals to nation states, need to ensure that cyberspace and the systems dependent on it are resilient to increasing attacks. The CMM 2021 Edition and its deployment will continue to contribute towards efforts to achieve this resilience, not only by gaining a more profound understanding of international cybersecurity capacity, but also by increasing effective investment into cybersecurity capacity based on a rigorous analysis of data collected from the deployment of the model. Critical gaps in all areas of international cybersecurity will be identified and filled with scalable and effective countermeasures, in co-operation with international partners from the global cybersecurity community.
The enhancement of the CMM is not intended to be a static exercise; a continuous process of refinement will be maintained to ensure the CMM remains applicable to all national contexts and reflects the global state of cybersecurity capacity maturity. However, this evolution will continue to be a considered exercise, stimulated by evidence and practice.
Keywords: cybersecurity, cyberpolicy, capacity building, awareness, critical infrastructure, development
Suggested Citation: Suggested Citation