Reflections on the New Cybersecurity Strategy Guide

Written By Apple User

Today, the third edition of the Guide to Developing a National Cybersecurity Strategy was launched. This year, UNDP was invited to contribute to the revision of the guide, and I was fortunate to be included in two working groups: one focused on risk, and one on capacity building.

While I didn't contribute as much as I would have liked (newborn timing!), I still feel privileged to have shared thoughts and inputs on the working draft in both areas. Two points from this work feel especially important and interesting to me:

Supply chain risks and digital sovereignty. As countries think more seriously about digital sovereignty, some argue it's not the right approach in our globally interconnected world. Yet cybersecurity is one area where even skeptics tend to agree: countries need solid approaches to managing supply chain risk. That means conducting proper risk assessments, developing hardware and software bills of materials, and thinking strategically about how to protect critical infrastructure. It also means clearly understanding external technological dependencies and deliberately weighing the trade-offs they create.

Cybersecurity as a human challenge. It's often said that it's easier to break a human than a computer system. This plays out in different ways: externally, AI-enabled threats such as audio and video deepfakes are making scams and phishing attacks more sophisticated and harder to detect. Internally, organizations face the challenge of protecting sensitive data when employees take shortcuts, for example by uploading files to personal LLM accounts. Organizations can put technical safeguards in place (such as restricting file downloads), punish the behavior (sometimes effective), or try to understand why people do it in the first place (convenience, familiarity, or simply a better user experience than official tools) and work to address those underlying reasons. Either way, continuous training and awareness remain essential.

You can find the NCS Guide here: https://ncsguide.org/

Apple User
Next

Launching the Digital Rights Dashboard