The OCSC Cybersecurity Roadmap: Charting the Course to Cyber Maturity

Despite geographic, cultural, and contextual differences, and irrespective of the location of a cyber capacity building (CCB) project, it is universally acknowledged that “one size does not fit all”. As such, CCB interventions must take into account the unique national context, priorities, and resources of the recipient country. The question then arises: how do CCB practitioners consider these unique dynamics, under the assumption that that one size indeed does not fit all? It is here that the Cybersecurity Capacity Maturity Model for Nations (CMM) Review provides direction. As an assessment of a country’s cyber maturity, the CMM provides an extensive, holistic, and rich understanding of the national context, and identifies priorities for improvement. However, a second crucial question remains: What happens next?

The requirement, development, and methodology of the Roadmap

The CMM provides a comprehensive review of a country’s cyber capacity, through a series of stakeholder consultations and associated research. The review takes a holistic approach to cyber, looking beyond IT to include policy, legislation, culture, and more. The review process helps governments to engage with their stakeholders and identify their own priorities, supported by evidenced-based specific recommendations to address identified gaps across 5 key dimensions of a country’s national capacity. Subsequent reassessment identifies what actions based on these recommendations have been successful, but an impasse that many countries reach is how to in actual fact implement these recommendations.

The Oceania Cyber Security Centre (OCSC) Cybersecurity Roadmap was born out of this challenge. The Roadmap serves as a manner of providing a clear, evidence-based pathway for host and donor countries to direct and implement CCB priorities. This is done through the sequential mapping of the recommendations provided within the CMM report into short-, medium-, and long-term goals based on the unique context, resources, and priorities of the host nation. Following the completion of the CMM report, OCSC’s Research and Capacity Team conduct a series of consultations, and validation workshops with key stakeholders within the host country, identifying what actions to focus on across a phased timeline according to what is achievable for the country and subject to their own priorities.

Effectiveness of the OCSC Roadmap

The OCSC Cybersecurity Roadmap provides an evidence-based path for CCB activities, enabling host countries to gain a clear direction for their journey to improve their cyber maturity. It further empowers these countries to identify projects and implementors best suited to their unique needs and priorities, enabling them to refocus efforts on areas of importance and saving valuable time and resources. The codesigned nature of the CMM and the OCSC Cybersecurity Roadmap further ensures that the journey to improve cyber maturity remains led and owned by the recipient country.

Additionally, if recipient countries share their roadmap with their partners, then it can provide an evidence base for donor countries to direct their cyber capacity building programs. Instead of focusing on ad-hoc and siloed projects, programs can instead prioritise funding in a needs-based and streamlined direction, informed by the data and recommendations of beneficiary countries’ CMMs and Roadmaps. This can in turn reduce waste and inefficiencies within programs, enabling a more effective use of funding.

The cyber capacity building landscape presents a clear story: whilst there is no doubt of the good will in CCB programs, there are clear inefficiencies and challenges at hand. A more tailored, direct, and streamlined approach is possible to properly address the issue of “one size does not fit all”. The OCSC Cybersecurity Roadmap plots the chart through the challenging and ever-changing terrain of cybersecurity, guiding the pathway to improving a country’s cyber maturity.