The 3rd edition of the Guide for developing a National Cybersecurity Strategy

Developing a National Cybersecurity Strategy (NCS) is one of the most critical steps a country can take toward building long-term cyber resilience, yet many strategies fail to move beyond the page. In this interview, Rūta Jašinskienė, an NRD Cyber Security cyber capacity building expert, shares insights on what makes an NCS truly effective – from inclusive stakeholder engagement to concrete action plans, and reflects on the latest edition of the Guide to Developing a National Cybersecurity Strategy.

Rūta Jašinskienė, an expert in cyber capacity building at NRD Cyber Security, has been part of the working group updating the guide for developing a National Cybersecurity Strategy.

Icon
1. What is the role of the National Cybersecurity Strategy (NCS), and why is it important for building national cyber resilience?

The NCS is the country’s main cybersecurity policy document.  Even though it isn’t mandatory, it is highly recommended to have it While some countries start with establishing cybersecurity laws, most begin their cyber resilience journey with the strategy. At NRD Cyber Security, we strongly recommend starting with the former: the strategy provides direction and a vision for the future, showing where the country wants to be in five years (this is the most common period of strategies). It provides the foundation for creating and coordinating relevant legal bases, setting operational capabilities. It also helps to identify cybersecurity governance, priorities, involved parties and their responsibilities, and ensure that resources are allocated to long-term planning.

2. What makes an NCS effective, and what causes it to become 'just another document' that doesn't work in practice?
3. Why are guidelines such as The Guide to Developing a National Cybersecurity Strategy important, and what do they offer?

4. What recent amendments have been made, and what changes and improvements do they bring?

The third edition of the guide provides greater clarity, particularly in the governance section. The guide was developed by 37 contributors from international organisations, the private sector, academia, and so on. The working group I collaborated with concentrated specifically on governance as an overarching framework of rules, roles, responsibilities and decision-making processes. Our intention was to make it as pragmatic as possible, providing realistic examples. Consequently, the new version focuses on practical recommendations and ease of use.

decoration

The updated guide strengthens implementation and sustainability across the entire NCS lifecycle, with a strong emphasis on long-term financing.

decoration

It also introduces more structured monitoring and evaluation, requiring SMART KPIs, baseline metrics and regular review cycles.

decoration

A new emphasis is placed on technological foresight, encouraging governments to anticipate risks from emerging technologies such as AI, the Internet of Things (IoT), quantum computing and 5G/6G, and translate this into adaptive policy.

decoration

There is an expanded focus on critical infrastructure protection, including systemic and cross-border risks. Stronger requirements are in place for national risk management frameworks, which include continuous risk assessment and feedback loops into policy and investment decisions.

decoration

Guidance on incident response and resilience has also been broadened to highlight the roles of CERTs/CSIRTs, SOCs, information-sharing mechanisms and coordinated exercises.

It is very important to note that this version of the Guide will provide a dynamic Reference Section on its website (www.ncsguide.org ), enabling simplified access and maintenance to keep references up to date.

 

5. Which NCS projects did you and your team work on that were most significant to you personally?

The two projects in São Tomé and Príncipe and Guinea-Bissau were the most significant. In both countries, after an initial assessment, we discovered that cybersecurity maturity was very low. While many important stakeholders recognised the need and were keen to move forward, there was no structure or vision. There was almost no communication between the stakeholders.  After conducting several workshops, we helped both countries develop a National Cybersecurity Strategy that worked for them. It was the eagerness of the people that made the projects so significant – if there is the will, starting from scratch is not going to be a barrier.

6. What is your last piece of advice for anyone willing to start their NCS development journey?

Other news and stories

SOCcare March 2026: A “Little Gift” from the photo shop
SOCcare March 2026: A “Little Gift” from the photo shop
Safe4SOC updates: enhancing CyberSOC efficiency through unified alert sharing
Safe4SOC updates: enhancing CyberSOC efficiency through unified alert sharing
SOCshare: cybersecurity landscape in February 2026
SOCshare: cybersecurity landscape in February 2026
SOCshare January 2026: cybersecurity landscape review
SOCshare January 2026: cybersecurity landscape review
SOCshare: cybersecurity landscape in December 2025
SOCshare: cybersecurity landscape in December 2025
CTI-AI project: end of year update
CTI-AI project: end of year update
The most common myths related to the implementation of the DORA Regulation
The most common myths related to the implementation of the DORA Regulation
SOCcare December 2025: RondoDox Campaign: Routers Beware
SOCcare December 2025: RondoDox Campaign: Routers Beware