Professional Documents
Culture Documents
(Lecture Notes in Computer Science 14
(Lecture Notes in Computer Science 14
In the absence of a clear picture of the severity and likelihood of different threats to
cybersecurity, most strategy and policy papers define response strategies that reduce
vulnerability to all forms of cyberattacks. Despite the differences between various
kinds of attacks, there are also similarities that can be used to define general response
strategies. For example, cybercriminals and cyberterrorists may exploit the same
vulnerabilities to intrude into IT systems. Furthermore, both types of actors benefit
from the lack of knowledge of many users and from the fact that they can start their
attacks from the location of their choice, which can make it hard to prosecute them.
It is thus possible to mitigate the risk of all kinds of attacks by reducing vulnerabilities
and improving national and international coordination and prosecution. Thus, even though
strategies and policy papers sometimes differ in their threat description, they all identify
similar response strategies: they promote an increase of public-private collaboration to
enable a better exchange of information; they call for more coordination within the public
sector in order to foster coherent responses; they highlight the importance of public
awareness campaigns; and they point to the need for more international cooperation. These
response strategies shall be briefly discussed.
define the structure of partnerships on the level of a strategy paper. On the other hand, it is unsatisfactory to
promote better PPPs without describing how the difficulties in their implementation shall be addressed. A
potential solution is the definition of frameworks and programs for PPPs. Such frameworks are, for example,
proposed by the US Cyberspace Policy Review[46] or by the Communication from the EU Commission on
Critical Information Infrastructure Protection.[47]