For many national governments, figuring out how to counter cyber threats means puzzling together a national cybersecurity agency. After a national leader or legislative authority releases an official decree, the first question often asked by the government is, “Where do we start?”
Just like putting together a jigsaw puzzle, governments need a picture of how the finished product should look. This picture is the national cybersecurity strategy. It defines the relationships and authorities within the government, as well as the government’s relationship with private industry and the broad capabilities required to establish and operate a new agency.
After you have the big strategic picture, you'll need to find your “corner pieces” and build the puzzle's outer edges based on the national cybersecurity strategy. This means that governments need to define the roles and responsibilities of a national cybersecurity agency. First, they'll need to assess how much risk their nation can afford and determine what the residue risk is by not taking on certain cyber-related responsibilities.