Cybersecurity Policy Exercises
Country-specific Cybersecurity Policy Exercises
One of the products the SNV designs and facilitates are so-called “cybersecurity policy exercises in country-specific contexts.” In this regard, SNV experts engage with stakeholders from different countries to design and facilitate (virtual) cybersecurity policy exercises custom-tailored to the individual context.
In the one-day exercise format, participants will have to choose a coping strategy while a large-scale cyber incident develops. Before the exercise, participants get the opportunity to develop the specific goals of the respective exercise in a multi-stakeholder pre-exercise-workshop. The exercise can thus, for example, support the cooperation of different national institutions by practicing information sharing and joint analysis of an incident. SNV staff is adapting the exercise format according to the goals and country-specific context identified in the pre-workshop, for example, to design the scenarios as realistic as possible. Therefore, country-specific exercises are usually part of a broader project.
Currently, the SNV is implementing exercises commissioned by the Deutsche Gesellschaft für Internationale Zusammenarbeit (GIZ) and financed by the German Federal Ministry for Economic Cooperation and Development (BMZ) with stakeholders from Rwanda, Kenya, South Africa, Jordan, Mexico, and Armenia. In cooperation with Konrad Adenauer Foundation Costa Rica, SNV is facilitating a country-specific exercise with stakeholders from Costa Rica.
Country Background Research
In order to adapt the exercises to specific countries, it is important to understand the broader strokes of cybersecurity policies of other countries. Our team, therefore, researches publicly available information on cybersecurity policies of countries in order to adapt the exercises to country-specific needs. The background research, for example, answers open questions that are relevant for the design and implementation of the exercise, for instance, whether there is a mandatory reporting procedure in the event of an incident, which would influence the participants’response process to a fictional incident. The documents published here are a summary of the publicly available information on the fundamentals of a country’s cybersecurity policy.
DISCLAIMER: The research only represents a country's cybersecurity policy to a limited extent and is not an in-depth or complete analysis or assessment of current policy.
The research will be shared with participants as background material in preparation for the exercise. Therefore, the documents have a timestamp and will only consider policy up until the date of publication. In the interests of non-profitability, we decided to make the background research publicly available. If you are using these materials, please include the disclaimer. Please do not hesitate to contact us.
Within the" International Cybersecurity Policy" cluster, the SNV developed the e-learning course "Introduction to International Cybersecurity Policy," available on the platform atingi.
The seven modules provide fundamental knowledge on International Cybersecurity Policy and related topics. Due to the self-paced structure, participation is open to everyone who is interested in the intersection of policy, cybersecurity, and international relations worldwide.
The course is based on a self-learning principle; participants work on the various modules independently. It is possible to work on or skip individual modules. Each module consists of a collection of informative slides and a quiz in which the participants can test their knowledge. In addition, participants have the opportunity to exchange views on specific reflection questions in a forum to strengthen their understanding.