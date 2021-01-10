Strategic management of cybersecurity is the safeguarding of state capabilities and vital functions both under normal circumstances and during exceptional times.

Cyber ​​security is part of the overall security of society. Today, cyber affairs appear to be mundane among critical infrastructure, businesses and citizens alike. Therefore, the debate on cybersecurity and its management is understandably focused on these issues. However, the strategic management of cybersecurity is a broader entity encompassing national security and sovereignty.

Strategic management of cybersecurity is the safeguarding of state capabilities and vital functions both under normal circumstances and during exceptional times. Disruptions, in turn, can occur under both normal and exceptional conditions. Systems and contingency plans built under normal conditions provide the basis for action in exceptional circumstances. Similarly, contingency arrangements can be utilized to manage disruptions under normal circumstances.

Cyber ​​security threats also appear to be an increasingly important part of the hybrid impact. Understanding the relationships between threats requires a strong and centralized observation – snapshot management ability. Strategic management of cybersecurity therefore requires an understanding of the situation, clear management responsibilities and roles, a seamless flow and exchange of information, and the timeliness of legislation.

Strategic leadership in cybersecurity must be identifiable so that there is no situation for administrations where a leader cannot be found and the necessary action cannot be taken. It is particularly important for the functionality of strategic cyber security management to find structures that have the ability to meet the operational requirements of the environment.

It is essential that the measures required to manage sudden and rapid cyber incidents be able to be taken quickly. Cyber ​​incidents are characterized by the multidimensional nature of their effectiveness, which requires the widest possible cross-administrative support to be provided to the competent authority, where necessary. At the same time, it must be possible to ensure the functioning of society in spite of disruptions.

Strategic leadership and management structures should be as clear as possible and identifiable by all actors in different situations. Placing a cyber security director with competence in the management of overall security in society in the Prime Minister’s Office would be a clear and politically neutral option, with positive examples from international reference countries.

Martti Lehto

University of Jyväskylä

At Jarno Liml

Aalto university

cyber security working life professors

