Tag Archives: NCSC

Cyber Across Global Governments: International Cooperation and National Strategies

Who sets the global rules for cyber—and how nations are building resilience, alliances, and deterrence.

Cybersecurity has become a pillar of national security, digital economy growth, and global diplomacy. From ransomware attacks on hospitals to interference in democratic elections, governments worldwide now treat cyber threats as matters of statecraft—not just IT hygiene. While national strategies differ, a few shared patterns have emerged: defence of critical infrastructure, capacity building, and international coordination.

This article outlines how governments around the world are shaping cybersecurity policy—individually and collectively—and where influence, funding, and global norms are being forged.


1. Multilateral Forums and Cyber Diplomacy

United Nations (UN) – Open-Ended Working Group (OEWG) on ICTs

  • Role: Establishes international norms, confidence-building measures, and voluntary principles for state behaviour in cyberspace.
  • Why it matters: Although non-binding, OEWG discussions influence global standards and set expectations for state conduct during peacetime.

Link: https://www.un.org/disarmament/ict-security/


NATO – Cooperative Cyber Defence Centre of Excellence (CCDCOE)

  • Headquartered in: Tallinn, Estonia
  • Activities:
    • Organises Locked Shields, the world’s largest cyber defence exercise.
    • Publishes the Tallinn Manual on cyber warfare law.
  • Why it matters: Key hub for collective cyber defence strategy among NATO members.

Link: https://ccdcoe.org/


OECD – Digital Security Policy Committee

  • Role: Creates recommendations and guidance on digital security risk management, data governance, and resilience.
  • Why it matters: OECD frameworks influence national legislation and digital trust strategies, especially in high-income countries.

Global Forum on Cyber Expertise (GFCE)

  • Role: Facilitates global capacity-building for cyber resilience in developing countries.
  • Why it matters: Key platform for international development agencies, NGOs, and governments supporting cyber infrastructure globally.

Link: https://thegfce.org/


2. Country-Level Strategies and Leadership Examples

Estonia

  • Known for: E-government, e-residency, cyber defence leadership.
  • Notable Actions: Early victim of state-sponsored DDoS attacks (2007) that led to national cyber doctrine and NATO hosting CCDCOE in Tallinn.

Israel

  • Approach: Defence-first, export-driven, high-tech innovation.
  • Key Agencies: Israel National Cyber Directorate (INCD) and Unit 8200.
  • Why it matters: Pioneers in OT security, threat intelligence, and cyber startups; strong global export footprint.

Singapore

  • Model: Centralised, technocratic, and innovation-focused.
  • Key Body: Cyber Security Agency (CSA) of Singapore.
  • Initiatives: Leads the ASEAN-Singapore Cybersecurity Centre of Excellence and has strong cyber diplomacy in Southeast Asia.

Australia

  • Key Strategy: 2023–2030 Cyber Security Strategy includes a ‘six shields’ framework: citizens, businesses, critical infrastructure, government, technology, and global engagement.
  • Regulator: Australian Cyber Security Centre (ACSC), under the Australian Signals Directorate.

Link: https://www.cyber.gov.au


United Arab Emirates

  • Approach: Government-led, with a push for regional cyber leadership.
  • Entity: UAE Cybersecurity Council; strong collaboration with private sector, especially in AI, fintech, and energy.

India

  • Focus Areas: Critical infrastructure protection, cybercrime, and digital services trust.
  • Agency: Indian Computer Emergency Response Team (CERT-In).
  • Challenges: Balancing digital inclusion, sovereignty, and international norms.

Brazil

  • Leadership Role: In Latin America cyber coordination and public-private partnerships.
  • Strategy: Emphasises democratic norms, inclusion, and the protection of public institutions from disinformation.

3. Cross-Border Cyber Threat Coordination

Bilateral and Multilateral Alliances

  • US–UK Joint Cyber Partnership: Includes intelligence collaboration and shared frameworks (e.g. zero trust, supply chain assurance).
  • Five Eyes (FVEY): Intelligence-sharing alliance between the US, UK, Canada, Australia, and New Zealand—with growing cybersecurity collaboration.
  • EU Cyber Diplomacy Toolbox: Enables collective responses to cyber incidents, including sanctions.

CERT-to-CERT Cooperation

National Computer Emergency Response Teams (CERTs or CSIRTs) increasingly operate via:

  • FIRST.org: The Forum of Incident Response and Security Teams—connects over 600 teams globally.
  • APCERT (Asia-Pacific), AfricaCERT, and LATIN American CSIRTs: Regional forums for collaboration and information exchange.

Cybercrime and Law Enforcement Coordination

  • INTERPOL Cybercrime Directorate: Coordinates global cybercrime investigations.
  • Europol EC3: European Cybercrime Centre; leads cross-border takedowns, threat intelligence, and training.
  • Budapest Convention on Cybercrime: The first binding international treaty on cybercrime, adopted by 66+ countries.

4. Global Capacity Building and Funding

World Bank and Regional Development Banks

  • Support national cyber strategies in low- and middle-income countries (LMICs), especially via digital infrastructure funding.

UK FCDO’s Digital Access and Cyber Programmes

  • Funds capacity building, resilience projects, and policy development across Africa, Southeast Asia, and Eastern Europe.

USAID / USTDA

  • Promote cybersecurity standards, incident response, and digital resilience through trade and technical assistance programmes.

5. How to Engage with Global Government Cyber Agendas

  • Attend global forums: Munich Security Conference, IGF (Internet Governance Forum), CYBERUK (UK), Cyber Week Tel Aviv.
  • Contribute to standards: ISO/IEC, ITU-T, and IEEE bodies shaping global security protocols.
  • Collaborate through aid or capacity-building: Via GFCE, UK FCDO, or US State Department partnerships.
  • Leverage diaspora and embassies: Many countries support cyber startups and tech experts abroad through trade missions, attachés, and embassy-driven innovation efforts.

Final Thoughts

In today’s interconnected world, no cyber threat or strategy exists in isolation. Governments around the globe are rapidly upgrading their cyber capabilities—through alliances, standards, innovation, and shared norms. From NATO exercises to UN frameworks, from Tel Aviv to Tallinn, cyber is now central to diplomacy and defence.

For cybersecurity professionals, founders, and researchers, the opportunity is clear: align with national strategies, show up in global discussions, and build partnerships that extend beyond borders.

Cyber is global. Influence is earned. Strategy is shared.

Cyber Across US Government: Agencies, Frameworks, and Innovation Pathways

The United States is arguably the most influential force in global cybersecurity, but its governance model is sprawling, federal, and often opaque to outsiders. Responsibility is distributed across military, civilian, and intelligence agencies—each with their own authorities, funding mechanisms, and strategic priorities.

Continue reading

Cyber Across European Governments: Key Bodies, Funding, and Coordination

The European cybersecurity landscape is layered, fragmented, and fast-evolving. Unlike the centralised approaches of some governments, the EU’s model of collective sovereignty means cybersecurity is coordinated, rather than controlled by Brussels. National governments still manage their defence and digital sovereignty, but major funding, regulation, and cross-border frameworks increasingly come from the EU level.

Continue reading

Cyber Across UK Government: Departments, Programmes, and Policy Players

The definitive guide to who shapes cyber policy in Whitehall, and how to work with them.

Continue reading

Inside the UK Cyber Ecosystem: A Strategic Guide in 26 Parts

An extensive guide mapping the networks, policy engines, commercial power bases, and future-shapers of British cybersecurity.

Continue reading

The Insider’s Guide to Influencing Senior Tech and Cybersecurity Leaders in the UK

Influencing senior leaders in cybersecurity and technology is no small task, especially in the UK, where credibility, networks, and standards carry immense weight. Whether you’re a startup founder, a scale-up CISO, or a policy influencer, knowing where the key conversations happen (and who shapes them) can make the difference between being heard and being ignored.

Continue reading

When a Parking Permit Becomes a Cyber Risk: Understanding Indirect Supply Chain Threats

While applying for a parking permit, I discovered an expired SSL certificate on a council website, highlighting how small oversights in public services can expose broader cybersecurity risks. This real-world example shows why organisations must take indirect supply chain risk seriously, particularly in regions critical to national security.

Continue reading

Professionalising Cyber: Reflections from Conway Hall

A first-hand reflection on the UK Cyber Security Council’s recent “The Journey to Professionalisation” event at Conway Hall, exploring the ongoing professionalisation of the cyber security sector. Highlights include the expansion of recognised specialisms, the development of the UK Cyber Skills Framework, and discussions on AI, early-career challenges, and the need for a more inclusive, realistic skills framework to support a growing cyber economy.

Continue reading

Scaling Cyber: A Startup Founder’s Journey from Idea to Exit

This virtual book is a guide to the entrepreneurial journey, drawn from real-world experiences in cyber startups. It distils insights from my time on the NCSC for Startups accelerator (cohort 13, 2023), the DSIT Cyber Runway Scale programme (2024/2025), and my mentoring on DSIT’s Cyber ASAP programme. It’s a collection of lessons, reflections, and hard-earned knowledge from the founders, investors, and industry leaders I’ve met along the way. Thanks to Marcel Duchamp you can think of it as a “ready made”, a curated work built from my blog articles, assembled to help you navigate the path from startup to scale, and beyond.

Continue reading

Overview, Summary, Thoughts, and Recommendations on the NCSC Cyber Security Risk Management Guidance

This article evaluates the NCSC’s Cybersecurity Risk Management Guidance, highlighting its strengths in broad coverage and practical tools but identifying key weaknesses, including the lack of an integrated end-to-end framework, inconsistent depth, and limited audience-specific tailoring. It recommends strengthening the framework’s integration, providing accessible tools, addressing organisational resistance, and incorporating strategies for emerging technologies and black swan events. These enhancements could elevate the guidance to a truly comprehensive standard for diverse organisations.

Continue reading

Masking and Personality Typing: An Asperger’s Perspective

This article explores how masking, often necessary for those with Asperger Syndrome, complicates the accuracy of personality typing systems. Drawing from personal experiences in a challenging post-war inner-city environment, it critiques the limitations of these systems in truly capturing one’s authentic self and offers insights into the interplay between identity, masking, and neurodiversity.

Continue reading

Comparing SaaS GitHub and Self-Hosted GitLab: An In-Depth Analysis of Pros and Cons with Alternatives

On the penultimate day of the NCSC For Startups programme, there was an ad hoc discussion on code repositories and DevOps tooling. A couple of the cohort were long-time GitHub users, while we use a self-hosted version of GitLab. One of the teams had just moved from the latter to the former, while the final team used Azure DevOps. I thought it would be nice to write up an objective look at the first two options, along with alternatives, as well as summarise our decision. I didn’t want to cover Azure DevOps as I’ve just spent two years using it and I’m grateful to have escaped its clutches. Learn more here.

Continue reading

“What’s Causing a Rise in Seed-Stage Valuations?”: Analysis, Key Takeaways, and Advice

In response to Beauhurst’s article “What’s Causing a Rise in Seed-Stage Valuations?” on seed-stage valuations, this critique offers a concise analysis, highlighting strengths, areas for improvement, and key takeaways. We delve into the complex landscape of seed-stage valuations, exploring the factors behind their rise and assessing the article’s contribution to the discussion.

Continue reading

Thriving in Perpetuity: Simon Sinek’s Infinite Mindset in Action

Explore how Simon Sinek’s Infinite Mindset model can revolutionize organizational strategy and leadership in our comprehensive analysis. This article provides an in-depth look at the model’s principles, showcases their application within the cybersecurity pioneer Cyber Tzar, and offers a step-by-step guide to cultivating an infinite mindset in your own organization. Learn how to lead with vision, adapt with courage, and build a legacy of sustained success.

Continue reading

Empowering Success Through Purpose: Mastering Simon Sinek’s Golden Circle Model

Discover the essence of Simon Sinek’s Golden Circle model in our latest article, where we explore its foundational principles and offer a practical guide to applying it in your organization. Learn how to articulate your purpose, differentiate your approach, and clearly define your offerings to inspire and achieve lasting success. Whether you’re enhancing cybersecurity with Cyber Tzar or navigating another sector, this article provides the insights you need to connect deeply with your audience and turn vision into action.

Continue reading

Crafting Compelling Value: Mastering the Value Proposition Canvas and Mapping

Unlock the full potential of your business offerings with our in-depth guide on the Value Proposition Canvas and Mapping. Learn how to align your products and services precisely with customer needs, crafting a value proposition that speaks directly to your target audience. This article provides a step-by-step approach to understanding customer requirements, optimizing your offerings, and communicating value effectively, setting the stage for enhanced customer satisfaction and business success.

Continue reading