Share these talks and lectures with your colleagues
Invite colleaguesPractice paper
Strategic decision making in cyber security: Lessons learned
Cyber Security: A Peer-Reviewed Journal,
1
(3),
218-226
(2017)
Abstract
The threats to the international community currently emerging in cyber space represent great challenges to security and it is of utmost importance to be ready to respond. This calls for a stronger and more resilient community, which will be well prepared to face these new challenges. The paper considers the preparation of strategic leaders to deal with cyber space crisis management processes in the form of a European Defence Agency (EDA) tabletop exercise. This is developed from the EU approach to cyber crisis management and the efforts undertaken by the European Defence Agency and European Cyber Security Initiative (ECSI), as well as a customised scenario based upon the Austrian Cyber Security Strategy. The paper gives a brief history of the development of the cyber crisis management exercise and explains its purpose, which is to devise an exercise curriculum for a coherent conceptual toolkit that could be used in assessing current decision-making frameworks. It describes how to run such a decision-making exercise, building on concepts and methodologies used to manage a cyber security crisis. It gives an overview of typical situations, threats, nature and likelihood, possible impact and the assessment of typical cyber situations, illustrated with scenarios, frameworks and doctrines. It further deals with response management, options, decisions (outcome, execution) and success control. Last but not least, it describes lessons identified and learned, offers a short evaluation of the exercise and the process of decision making and draws some conclusions.
Keywords: Austrian Cyber Security Strategy; strategic decision making in cyber security challenges; awareness of pertinent issues in cyber security; legal framework in cyber emergency; international cyber cooperation; European Cyber Security Initiative
The full article is available to subscribers to the journal.
Author's Biography
Helmut Habermayer joined the Austrian Armed Forces (AAF) in 1977 and was commissioned as an Army Reconnaissance Officer in 1981. After several command posts in light and armoured reconnaissance units, he was selected for general staff and commissioned as a General Staff Officer in 1991. After commanding a mechanised infantry battalion in the AAF and command posts at UN and NATO missions, he changed to the Operations Division in the Austrian Ministry of Defence, responsible for military reconnaissance and military security (J2). In 2006 he was appointed head of the Military Strategy Division. In this capacity he was strongly involved in the transformation process of the armed forces, the development of networkenabled capabilities and cyber-use in military operations. In 2013 he was promoted to Deputy Head General Directorate Planning of the AAF, responsible for capability development, which included the Chief Information Officer and the Cyber Coordinator of the AAF until 2016. He was responsible for the cyber policy of the MOD and the role of the AAF in the comprehensive cyber security effort of Austria. He was also cyber defence adviser to the National Security Council and had strong influence on the development of Austrian Cyber Security Capabilities. Currently he is responsible for the implementation of the Cyber Defence Command of the AAF. He holds a Magister of the University of Vienna and a distinguished Master’s degree of the National Defence University, Washington, DC. He has published several articles on cyber threats and cyber security.
