Same threat, different answers? Comparing and assessing national cyber defence strategies in Central-Eastern Europe

In the article, National Cyber Security Strategies (NCSS) of the Central and Eastern European states are compared and assessed. After it had become evident that a variety of crucial new threats to national security had emerged over recent years, virtually all states reacted with national strategies. These strategies are aimed at securing national cyberspace from cyber threats through legal, operational, technical and policy-related measures. They exist in addition to general national security strategies and are meant to support these. Even if most countries have National Cyber Security Strategies, the author demonstrates that these strategies show, at least in part, remarkable differences. The role national particularities play is explained, whether they are really this specific and whether they might be generalised and transferred to other national contexts and what approaches turned out best under what circumstances. Based on these results, existing strengths, weaknesses and best practices are explained to open avenues for improving existing strategies and generate a higher degree of strategy interoperability in an environment that maybe like no other requires international cooperation. It is evident that precise definitions of terms and concepts are essential. However, not all strategies provide those definitions, which might lead to misunderstandings and complicate cooperation both on domestic and international level. While some strategies offer clear cut responsibilities for the actors involved, others remain unclear. Even if laws are there to specify concrete procedures, the NCSS should not be too superficial. The NCSS itself should already make clear statements, particularly when it comes to the crucial aspect of coordinating the various cyber actors and stake holders. The author demonstrates that National Cyber Security Strategies ought to be detailed enough to clearly determine actors and responsibilities, but open and flexible enough for adaptability to fast developments.