The OCSC Cybersecurity Roadmap is a tool that provides a pathway for a nation to improve their cyber resilience, capacity and maturity. Building from the data gathered and recommendations from the Cybersecurity Capacity Maturity Model for Nations (CMM), OCSC’s Research and Capacity Building Team works with the government and their key stakeholders to further evaluate the country’s specific circumstances and identify key steps that are aligned with the nation’s priorities and available resources. The resulting Roadmap is then divided into three stages for implementation: immediate; medium; and long-term. The OCSC Cybersecurity Roadmap provides an evidence-based path forward for nations to advance their cyber maturity.
OCSC Cybersecurity Roadmap Overview
The OCSC Cybersecurity Roadmap provides a guide for nations to improve their cyber resilience, capacity and maturity, building on the CMM as both a baseline and an evaluation. The Roadmap presents the recommendations from the CMM in a framework of short-term (1-2 years), medium-term (2-4 years), and long-term (4-6 years) priorities.
Workshops and consultation with key stakeholders to develop this timeline of priorities ensure that the Roadmap is characterised by codesign and remains responsive to the country’s national context and priorities.
Subsequent CMM assessments after the initial benchmarking can evaluate progress made through the Roadmap and the various cyber capacity building (CCB) interventions that have taken place in the interim. This will provide a nation, donors, and implementors with an evidence-base for programs, and will ensure that CCB activities consider long-term impact and ‘Embedded Sustainability’ in the Pacific region.
Regional Impacts of the OCSC Cybersecurity Roadmap
Pacific Islands Forum 2050 Strategy for the Blue Pacific Continent and 2030 Implementation Plan
The OCSC Cybersecurity Roadmap and accompanying stages can be crucial in the achievement of aspirations proposed in various regional agreements, included but not limited to the Pacific Islands Forum (PIF) 2050 Strategy for the Blue Pacific Continent and accompanying 2030 Implementation Plan.
Through its staged approach and evidence-based methodology, the OCSC Cybersecurity Roadmap provides a pathway to achieving the aspirations of these regional documents and enabling Pacific Island nations to achieve the collective ambitions.
Partners in the Blue Pacific
2023–2030 Australian Cyber Security Strategy and Action Plan
Shield 6 of Australia’s NCS is seeking to build a more cyber-resilient region that is better able to manage, mitigate and recover from the impacts of cyber incidents. The holistic, “all-of-economy” approach of the CMM and Roadmap enables countries to build enduring cyber resilience and allows them to be better prepared to respond and recover from cyber threats. The Cybersecurity Roadmaps provide an evidence-base for Pacific island nations to progress their cyber maturity and resilience.
United Kingdom – National Cyber Strategy- Pillar 4
Following its 2021 Integrated Review, the United Kingdom has pursued a policy of re-engagement in the Indo-Pacific through Pillar 4 of its 2022 National Cyber Strategy. OCSC has worked closely with the UK FCDO to help facilitate its reengagement with the Pacific using the robust network of regional expertise that the Centre has cultivated over time. Using this network, OCSC has helped to develop trusted partnerships between the UK government and regional stakeholders and deliver high-quality capacity-building outcomes.
The OCSC Cybersecurity Capacity Building Lifecycle
Case Study: Federated States of Micronesia
The Cybersecurity Roadmap (Roadmap) of the Federated States of Micronesia (FSM) is intended as a guide to inform the FSM Government of the priorities for the development of a national cybersecurity strategy, supporting policies, laws and regulations, based on 3 stages:
- Launching the National Cybersecurity Strategy to provide a clear vision for a cyber secure digital FSM.
- Further developing critical infrastructure protection, establishing incident reporting and strengthening the national CERT.
- Improving data protection.