“Cyber Secure India” will be running a series of this Title ‘The Nations Cyber Security Strategy and Status‘ for the next 16 issues
The development of Information and Communications Technologies (ICT) all across the globe and its dependency on technology and developments has given rise to a new domain and culture in businesses and governance are managed. The interaction among entities within a nation and also among nations have increased many folds due to the advent of Cyber Domain. The presence of this Cyberspace has not only allowed existence of IT and ICT infra and processes but also has given way to emergence of new technology and processes. Cyberspace, the name given to the global and dynamic domain composed of the infrastructures of information technology – including the Internet – networks and information and telecommunications systems. The domain also provides for new avenues for unprecedented and global exploitation as this domain provides for new challenges, risks and threats. The existence of Cyberspace now adds more dynamics to the field of Cyber Security.
The importance of Cyber Security is more significant in the present era, where the Cyber Attacks are initiated by both the State and Non-State Actors, within States and across Geographical Borders. ‘Cyber Security’ is a necessity for our society and for our economic model, especially where the dependency among countries and ecosystems has no physical borders.
The International Telecommunication Union (ITU), being an international body and also a ‘Watch Dog’ in the Cyberspace, had initiated the framework and also provided a quantification criterion of the Safety of the Cyber Space measurement for each country. The Global Cybersecurity Index (GCI) was formulated by ITU in the year 2014. The aim was to provide a ranking among countries, based on the GCI score. The Global Cybersecurity Index (GCI) is a survey that measures the commitment of Member States.
The Global Cybersecurity Index (GCI) is a multi-stakeholder initiative to raise cybersecurity awareness and to measure the commitment of countries to cybersecurity and its wide field of application cutting across industries and sectors. The objective of the GCI as an initiative is to help countries identify areas for improvement in the field of cybersecurity, as well as to motivate them to take action to improve their ranking, thus helping raise the overall level of commitment to cybersecurity worldwide.
Reference model of GCI
The GCI is a composite index combining 25 indicators into one benchmark measure to monitor and compare the level of ITU Member States cybersecurity commitment with regard to the five pillars identified by the High-Level Experts Group and endorsed by the Global Cybersecurity Agenda (GCA). These pillars form the five pillars of GCI.
The main objectives of the GCI are to measure:
- the type, level and evolution over time of cybersecurity commitment in countries and relative to other countries;
- the progress in cybersecurity commitment of all countries from a global perspective;
- the progress in cybersecurity commitment from a regional perspective;
- the cybersecurity commitment divide, i.e. the difference between countries in terms of their level of engagement in cybersecurity programmes and initiatives.
Conceptual Framework of GCI
The five pillars of the GCI are briefly explained below:
- Legal: Measured based on the existence of legal institutions and frameworks dealing with cybersecurity and cybercrime.
- Technical: Measured based on the existence of technical institutions and frameworks dealing with cybersecurity.
- Organizational: Measured based on the existence of policy coordination institutions and strategies for cybersecurity development at the national level.
- Capacity Building: Measured based on the existence of research and development, education and training programmes; certified professionals and public sector agencies fostering capacity building.
- Cooperation: Measured based on the existence of partnerships, cooperative frameworks and information sharing networks.
Each pillar was then further divided in sub-pillars
The questionnaire that is administered for the measurement, was elaborated on the basis of the sub-pillars. The sub-pillar matrix therefor got out quantification of 25 related indicators. The values for the 25 indicators were therefore constructed through 157 binary questions. This model was adopted in order to achieve the required level of granularity and ensure accuracy and quality on the answers.
Through the information collected, the GCI aims to illustrate the practices of other countries so that Member States can implement selected aspects suitable to their national environment, with the added benefits of helping harmonize practices and fostering, a global culture of cybersecurity.
Conclusion
The GCI score is only indicative and is a dynamic component. The collection of information for the GCI is an ongoing process, and hence the Index is an indicative ranking among nations of the very instance. The goal of the GCI is to help foster a global culture of cybersecurity and its integration at the core of ICTs. This second iteration of the GCI measures the commitment of ITU Member States towards cybersecurity in order to drive further efforts in the adoption and integration of cybersecurity on a global scale.
The Global Cybersecurity Index (GCI) for Year 2020 was released on 29 June 2021. The US topped the list followed by the UK and Saudi Arabia in the second position and Estonia in the third position in the index. The last three on the list are Equatorial Guinea on the 180th position, Dem. People’s Rep. of Korea on 181st, and Micronesia, Vatican, and Yemen on the 182nd position. The other positions are as below:
GCI Results
Rank |
Country |
1 |
USA |
2 |
UK |
2 |
Saudi Arabia |
3 |
Estonia |
4 |
Korea (Rep. of) |
4 |
Singapore |
4 |
Spain |
5 |
Russian Federation |
5 |
UAE |
5 |
Malaysia |
6 |
Lithuania |
7 |
Japan |
8 |
Canada |
9 |
France |
10 |
India |
11 |
Turkey |
12 |
Australia |
13 |
Luxembourg |
13 |
Germany |
14 |
Portugal |
15 |
Latvia |
16 |
Netherlands |
17 |
Norway |
17 |
Mauritius |
18 |
Brazil |
19 |
Belgium |
20 |
Italy |
21 |
Oman |
22 |
Finland |
23 |
Egypt |
24 |
Indonesia |
25 |
Vietnam |
26 |
Sweden |
27 |
Qatar |
28 |
Greece |
29 |
Austria |
30 |
Poland |
31 |
Kazakhstan |
32 |
Denmark |
33 |
China |
33 |
Croatia |
34 |
Slovakia |
35 |
Hungary |
36 |
Israel |
37 |
Tanzania |
38 |
North Macedonia |
39 |
Serbia |
40 |
Azerbaijan |
41 |
Cyprus |
42 |
Switzerland |
43 |
Ghana |
44 |
Thailand |
45 |
Tunisia |
46 |
Ireland |
47 |
Nigeria |
48 |
New Zealand |
49 |
Malta |
50 |
Morocco |
51 |
Kenya |
52 |
Mexico |
53 |
Bangladesh |
54 |
Iran |
55 |
Georgia |
56 |
Benin |
57 |
Rwanda |
58 |
Iceland |
59 |
South Africa |
60 |
Bahrain |
61 |
Philippines |
62 |
Romania |
63 |
Moldova |
64 |
Uruguay |
65 |
Kuwait |
66 |
Dominican Republic |
67 |
Slovenia |
68 |
Czech Republic |
69 |
Monaco |
70 |
Uzbekistan |
71 |
Jordan |
72 |
Uganda |
73 |
Zambia |
74 |
Chile |
75 |
Cote d’Ivoire |
76 |
Costa Rica |
77 |
Bulgaria |
78 |
Ukraine |
79 |
Pakistan |
80 |
Albania |
81 |
Colombia |
82 |
Cuba |
83 |
Sri Lanka |
84 |
Paraguay |
85 |
Brunei Darussalam |
86 |
Peru |
87 |
Montenegro |
88 |
Botswana |
89 |
Belarus |
90 |
Armenia |
91 |
Argentina |
92 |
Kyrgyzstan |
93 |
Cameroon |
94 |
Nepal |
95 |
Chad |
96 |
Burkina Faso |
97 |
Malawi |
98 |
Zimbabwe |
99 |
Myanmar |
100 |
Senegal |
101 |
Liechtenstein |
102 |
Sudan |
103 |
Panama |
104 |
Algeria |
105 |
Togo |
106 |
Jamaica |
107 |
The Gambia |
108 |
Suriname |
109 |
Lebanon |
110 |
Bosnia and Herzegovina |
111 |
Samoa |
112 |
Fiji |
113 |
Libya |
114 |
Guyana |
115 |
Ethiopia |
116 |
Venezuela |
117 |
Andorra |
118 |
Papua New Guinea |
119 |
Ecuador |
120 |
Mongolia |
121 |
Sierra Leone |
122 |
State of Palestine |
123 |
Mozambique |
124 |
Madagascar |
125 |
Trinidad and Tobago |
126 |
Syrian Arab Republic |
127 |
Nauru |
128 |
Tonga |
129 |
Iraq |
130 |
Guinea |
131 |
Lao P.D.R. |
132 |
Cambodia |
133 |
Mauritania |
134 |
Bhutan |
135 |
Eswatini |
136 |
Cabo Verde |
137 |
Somalia |
138 |
Tajikistan |
139 |
Barbados |
140 |
Bolivia |
141 |
Sao Tome and Principe |
142 |
Antigua and Barbuda |
143 |
Republic of the Congo |
144 |
Turkmenistan |
145 |
Kiribati |
146 |
San Marino |
147 |
Bahamas |
148 |
El Salvador |
149 |
Seychelles |
150 |
Guatemala |
151 |
Angola |
152 |
Vanuatu |
153 |
Saint Kitts and Nevis |
154 |
Saint Vincent and the Grenadines |
155 |
Namibia |
156 |
Niger |
157 |
Gabon |
158 |
Saint Lucia |
159 |
Belize |
160 |
Mali |
161 |
Guinea-Bissau |
162 |
Liberia |
163 |
Grenada |
164 |
Lesotho |
165 |
Nicaragua |
166 |
Solomon Islands |
167 |
Haiti |
168 |
Tuvalu |
169 |
South Sudan |
170 |
Congo |
171 |
Afghanistan |
172 |
Marshall Islands |
173 |
Timor-Leste |
174 |
Dominica |
175 |
Comoros |
176 |
Central African Republic |
177 |
Maldives |
178 |
Honduras |
179 |
Djibouti |
179 |
Burundi |
179 |
Eritrea |
180 |
Equatorial Guinea |
181 |
Dem. People’s Rep. of Korea |
182 |
Micronesia |
182 |
Vatican |
182 |
Yemen |
(In the next article we shall elaborate on the top 10 ranked countries and their Cyber Security Strategies)