“During the past 3 centuries human population has increased tenfold to 6000 million and fourfold in the 20th century

• Cattle population increased to 1400 million (one cow/family) by a factor of 4 during the past century

• There are currently some 20 billion (20,000 million) of farm animals worldwide

• Urbanisation grew more than tenfold in the past century almost half of the people live in cities and megacities

• Industrial output increased 40 times during the past century; energy use 16 times

• Almost 50 % of the land surface has been transformed by human action”

Paul Crutzen

Dutch Nobel prize winning atmospheric chemist***

“Fish catch increased 40 times

• The release of SO2 (110 Tg/year) by coal and oil burning is at least twice the sum of all natural emissions;

over land the increase has been 7 fold, causing acid rain, health effects, poor visibility and climate changes due to sulfate aerosols

• Releases of NO to the atmosphere from fossil fuel and biomass burning is larger than its natural inputs, causing regional high surface ozone levels

• Several climatically important ”greenhouse gases” have substantially increased in the atmosphere, eg.

CO2 by 40 %, CH4 by more than 100 %.”

Paul Crutzen

Dutch Nobel prize winning atmospheric chemist***

“Water use increased 9 fold during the past century to 800 m3 per capita / year;

65 % for irrigation, 25 % industry, ~10 % households

It takes 20, 000 litres of water to grow 1 kilo of coffee

11,000 litres of water to make a quarter pounder

5,000 litres of water to make 1 kilo of cheese

1 kg meat → 16000 litres of water

1 kg grain → 1000 litres of water”

Paul Crutzen

Dutch Nobel prize winning atmospheric chemist

Воєнна доктрина РФ в переліку загроз містить розширення НАТО і нарощування можливостей США та альнсу в цілому..*** У Стратегії Національної безпеки США дії Росії кваліфіковані як агресія що потребує протидії.. *** Росія реформує силові структури: відбувається створення Федеральної служби військ Національної Гвардії на базі Внутрішніх військ МВС, Федеральної міграційної служби та Федеральної служби контролю обігу наркотиків.. *** Глави оборонних відомств країн ЄС погодили новий план оборони і безпеки та домовилися створити новий штаб і спільні сили швидкого реагування.. ***

research 11


 1.What is the vision for information security in different countries?

The importance of information security as a strategic issue.

What do we mean by information security?

Different perspectives on the issue.

 2.What are the differences between the U.S. and U.K. National Cyber-security Strategies?

Approaches and Strategic objectives.

Challenges, threats and threat perceptions.

Common themes.

 3.International experience in dealing with information security threats and lessons for the Ukraine.

The U.S. and U.K. policy.

Government actions to ensure information security in Europe and Worldwide.

Lessons for Ukraine.







Over the last 10 years, the controlling of information space has moved away from being purely the “internal affair” of individual states. The ability of people and communities to use information space in order to participate in malicious activitiesmakes it impossible to ignore the problem at an international level. The problems are:


§hacker attacks for political reasons;

§the destructive influence on military and civilian infrastructure [including critical infrastructure];

§the collection of sensitive information, and;

§direct espionage in the interests of the state and powerful corporations.

Various discussions at the highest level of government and in business indicate the level of concern by leading states in this regard. The problem becomes more complicated with the lack of a common coordinated view amongst leading countrieson information space and information security in general, as well as increased global discussions about software copyright and related rights on the Internet.

Thus, this thesis is devotedto a common understanding ofthe “information security” concept, comparison of the U.S. and U.K. NationalStrategiesinthe informationsecurity sphere,identifying potentialproblems and key lessons in the implementation ofthese strategic approaches,and the possible position of Ukraine on them.         

The first step to solve the problem of information security in combating cyber-crime at an international level was the Convention on Cyber-crime adopted by the Council of Europe in 2001. It attributed to the sphere of cyber-crimes such offenses:

§Offences against the confidentiality, integrity and availability of computer data and systems: illegal access to a computer system or its part; the illegal interception of computer data; computer data interventions; computer systems interventions; misuse of devices.

§Offences related to computers: computer-related fraud and computer-related crime.

§Offences related to content: offences related to child pornography.

§Offences related to copyright and related rights abuse[1].

However, not all countries- such as Russia, Andorra, Monaco, and San Marino -have ratified this document[2]. In addition, this document is regionally focused and does not solve issues on military usage of cyber-space or global international approaches to information security, despite the fact that other States have taken part in it.

The uncertainty at the global level, and the lack of agreed standards, force individualstate governments to shape information security policy at a national level. To solve this problem a number of countries such as the United States and the United Kingdom have created their own strategies, and organized appropriate departments [both law enforcement and military] to counter cyber-threats[3]. Studying strategic approaches to the information security of these countries may be a good example for the formation of domestic laws in other countries like Ukraineand help influence the international consensus formation on the future of cyber-space.

1.The vision of information security in different countries

The importance of information security as a strategic issue


Rapid and continuous development of information and communication technologies (ICT) simplifies the technical and policy collaboration in the further development of international cooperation. However, some achievements in the information sphere can be used for certain purposes that interfere with the providing of information security and strategic stability in cyber networks. This possiblymeans that information is becoming a factor that can lead to significant technological accidents, military conflicts, disruptbusiness activity, and contribute to system failures. It can also disrupt public administrations, finance systems, and the operation of research centers. And the higher the level of intellectualization and informatization within a society, the more necessary reliable information security becomes, as the implementation of interest, people and states is carried out more by means of free-flowing information and data.

The aforementioned demonstrates to what extent modern society depends on the stable functioning of its information systems. The widespread use of ICT leads to the formation of completely new challenges. That is why information security is seen as a strategic issue at both the national and international level. In addition, it affects all spheres of public life. According to Howard Schmidt, who was appointed to the post of first coordinator on cybersecurity to the President of the United States White House, the main priority of a state's policy should be the creation of a clear strategy as a means of enhancing the security and reliability of the state’s information systems[4].

The strategy on information security sets a number of governmental objectives and priorities which must be achieved in an appropriate period of time. In fact, the strategy is a model for the solving of a state’s security problem. In order to achieve this goal, private and public sectors must work together. Cooperation should be maintained through the exchange of information and up-to-date practices.

One of the first countries that began to see information security as a problem of national importance was the United States. In 2003 the National Security Strategy to secure cyber-space was published[5]. This document was part of a broader National Strategy for homeland security which was created in response to the terrorist attacks on September 11, 2001[6].

After a large-scale cyber attack in 2007 in Estonia[7] [where, during the conflict with Russia most government sites were almost totally disabled], and after Estonia became one of the first EU member states in 2008, a broad National cyber-security strategy was published[8]. Other EU states have also published their own national strategies on this issue[9].

The United Kingdom, whose potential in the sphere of information security is considered to be one of the most powerful in the world, continuous to develop its own security forces in cyber-space. In June 2009, the United Kingdom released the first Cyber-security strategy of the United Kingdom, which included three main areas: reducing risk, recognizing opportunities, and improving responses to cyber incidents[10].

Ukraine began to place emphasis on cyber-security in 2002, when the Ministry of the Interior of Ukraine formed units on high-tech crime prevention[11]. Military participation in combating cyber-threats is stated in the “Strategic Defense Bulletin of Ukraine until 2015”[12]. Ukraine is also a part of a group working with NATO on cyber and military reform issues[13]. Despite this fact, Ukraine has no relevant document on cyber-security. In my opinion[14], this results in an inability to counter new challenges to national security which are related to information technology usage in the age of globalization- previously cyber-threats. The Decree of the President of Ukraine "On the decision of the National Security and Defense Council of Ukraine from June 8, 2012" mentioned a new version of the National Security Strategy of Ukraine”[15].In addition, the inability to counter cyber-threats is not just connected to a lack of strategy, but also to the notable differences in the understanding of “information security”.

What do we mean by information security?

On both the European and international level there is no agreed definition of information security. For each country this definition is different[16]. For example, the term information security” in Ukraine means a state protection of the vitally important interests of the individual, society and state which prevents harm through: incompleteness, timing and inaccuracy of information used; the negative impact of information; negative effects caused by the use of information technologies; unauthorized distribution, integrity use and violation, and confidentiality and availability of information[17]. The U.K. sees information security” as protection of the U.K.'s interests in cyber-space, and the intention to conduct a broader security policy through the use of the many possibilities offered by cyber-space[18]. “Information Security” for the United States includes the protection of electronic information by preventing, detecting and responding to cyberattacks[19].

The same differences in approach can be found in the development of information security strategies[20]. But the lack of a coordinated common approach and understanding makes the process of international cooperation more complicated, despite being important for each. This is the main problem of information security. It is impossible to talk about national security at a high-level without a common understanding on what the priorities are and the essential cyber future we want to protect and why.

For the majority of countries- such as France[21] and the Netherlands[22] -information security is the confidentiality, integrity and availability of electronic, print or other data. Information security ensures the availability and proper use of computer systems, no matterwhat kind of information is stored on the computer. Information security means the protection of information systems against unauthorized access, detection, violations, changes, reading, inspection, recording or destruction.

Thus, information security of civil society and thestate is characterized by the level of its protection, and, as a result, the resistance of main spheres against dangerous information threats and the ability to prevent such threats.

Different views on the issue

The difference in views on information security depends on how governments interpret it. Each state considers global issues in terms of their own national interests and values.

For example, the policy of the Ukrainian government on information security is focused on priorities which are completely different from what the U.S. and Europe has. Americans and Europeans understand information security and information space firstly from a “technological” aspect[23]. Ukrainians, like Russians, use a broader philosophical and political meaning of “information security” and “information space”. The technological aspect of this issue is just one of many components[24] in the Ukrainian understanding of information security. Furthermore, this problem is not a high priority for the current Ukrainian government. In the “Doctrine on information security of Ukraine” only the terms “cyber-crimes” and “computer terrorism” are mentioned. But there is no definition of these terms in the preamble. The primary objectives for Ukraine in the information sphere are to protect national identity and culture, and to ensure the free flow of information[25].

A more coordinated common understanding of this problem, and the formulation of “information security,” would help the governments of different countries talk easilyabout threats to their networks; facilitate cooperation in response to these threats; and reduce the prospects of their development in response to crises.This can initially be achieved through the establishment of appropriate legislation in the information sphere. But this of course takes time and finances.

For some states, such as Ukraine, there is some difficulty in the adoption and implementation of various concepts, strategies, doctrines, etc. due to the absence of an established state policy guidelines hierarchy and the lack of awareness of differences from other legal acts. This leads to unstable and unbalanced state policy, and reduces the effectiveness of the impact of public management, both in the information sphere and in politics in general.

Adoption of the Doctrine on Information Security of Ukraine, which according to the developersisthe basis for development of concepts, strategies, special programmes and action plans projects,” has led to the evaluation of this step as not being the most efficient, beginning from objective-setting and goal-formulation for a practical result. Doctrine, as a declaration of the official State position, expresses only a safe measurement of information activities[26]. There are no clear division of information security and cyber-security, nor a definition of a strategic approach in combating cyber-crime. Therefore, countries like Ukraine- from the very beginning -should develop a strategy to combat cyber-crime in accordance with the existing strategies of leading countries in this sphere, for example the U.S. and U.K.which haveclearly definedstrategic objectives andapproaches to challenges and threats, principles and priorities of state policyin cybersecurity.

2. Differences between the U.S. and U.K. national cyber-security strategies, approaches, and strategic objectives

A key U.S. foreign policy initiative on the prospects of cyber-space development was published on May 16, 2011 and named the International strategy for cyber-space: Prosperity, Security, and Openness in a Networked World. The name of this document itself highlights that the U.S. not only states its fundamentals in shaping their own policy on cyber-space, but also outlines their desired “expected future” of cyber-space which is  open to innovations. The U.S. develops a plan of cooperation with other countries and nations to fully implement benefits which are promised to the world by networked technologies. Moreover, these systems must function reliably and securely. The U.S. strategic approach to cyber-space issues is based on achievements and the recognition of challenges to national and economic security. It focuses on the adherence to fundamental freedoms of expression, association, privacy and the free flow of information[27].

Distinct from the U.S. is the U.K. cyber-security strategy: Protecting and promoting the U.K. in a digital world- published on November 25, 2011 -which refers to its own cyber-space protection against the many threats in the global digital world and is open to innovations in cooperation with private sectors and other countries. The strategic approach of this document lies in economic and social development while using secure cyber-space, where actions are guided by priority values, civil freedom, transparency and the rule of law, social welfare, national security and a strong society[28].

The U.S. and U.K. strategies are based on such principles as:

§freedom of expression in cyber-space [the ability to seek, receive and import information and ideas through any media and communications, across borders];

§protection of citizens and their interests [users’ awareness of threats in cyber-space to their personal information and the possibility of cyber-crimes being committed against them];

§free flow of information [in order to increase safety, cyber-space should be open to innovations and cooperation between governments and businesses][29].

However, the U.K. strategy on cyber-security refers to strong national leadership in cooperation with the private sector, despite the fact that the Internet is fundamentally transnational. The U.K. intends to create partnership with other countries in those segments of the information infrastructure which are not UK-based[30].

The U.S. objective is to work internationally, providing open and inter-operable [the priority is to develop new information technologies that are based on international standards which will ensure the growth of the digital economy and society], secure and reliable information and communication infrastructure [a key issue is the establishment of international technical standards for software and hardware systems, incident management systems, as well as agreed international norms of behavior], stability through norms [a key task is to develop common rules of behavior in cyber-space, because “it will promote predictability of state behavior that will prevent conflicts or misunderstandings”. Moreover the U.S. is ready to work on the elaboration of consensus in terms of the criteria for “acceptable behavior” as well as on partnership in cyber-space][31].

The U.K. strategy on cyber-security states in detail its four strategic goals:

§to combat cyber-crime and to be one of the most secure places for business in cyber-space;

§to build cyber-space which sustainable against cyber-attacks and more able to defend its own interests in it;

§to foster an open, stable and dynamic cyber-space which the U.K. public can use safely; and one which supports open societies;

§to have cross-cutting knowledge, skills and capabilities which the U.K. needs as the basis of other such goals[32].

Considering the situation in Ukraine, and according to the Act “On the Basic principles of the information society development in Ukraine in 2007 – 2015,” the level of the formation of information society in comparison with global trends is insufficient. Therefore, the principles, strategic approaches and objectives are focused on:

§improvement of the legislation in this sphere;

§development of national information space;

§improvement of information security through international cooperation[33].

However,U.S.and U.K.strategicgoals in combating cyber-threats suchas the developmentof information technologiesin-countryand the establishmentof agreed international normsof behaviorin Cyber-space”can be appliedin Ukraine. Thus, in spite of some Ukrainian information space features, challenges and threats to the information security of the U.S. and U.K. are also could be equally important for Ukraine.

Challenges, threats and threat perceptions

When analyzing the cyber-security strategies of countries such as the U.S. and U.K., it should be noted that the United States puts emphasis on general challenges. These includes: natural disasters, accidents, sabotage, technical challenges, extortion, fraud, identity theft, child exploitation, and personal safety. In the U.K. cyber-security strategy, the challenges for the state are outlined in a complicated information environment[34].

One of the key challenges the U.K. considers in its strategy is the dynamic development of cyber-space. So, there will be awareness of new risks at all times. In other words threat latency can lead to an underestimation of risks[35].    

The U.S. International strategy for cyber-space does not have a clear definition for threats in cyber-space. But the threats are described in the U.S. National Security Strategy. According to the U.S. Strategy, cyber-security threats represent one of the most serious problems for national security, public safety, and the economic sphere. These threats in cyber-space range from individual criminal hackers to organized criminal groups, from terrorist networks to advanced nation states[36].

According to the U.S. International strategy, cyber-security threats can even endanger international peace and security in general, unlike traditional forms of conflicts which are spread throughout cyber-space[37].

With regards to the U.K. Cyber-security Strategy, there are clearly defined national security threats that appear as a result of the increasing role of cyber-space which is open to new opportunities- resulting in the emergence of new threats. The first is criminals. Cyber-space is used as a field for committing cyber-crimes such as fraud, identity theft and child pornography. The second is states. These include: espionage, spreading disinformation, and the destabilization of critical infrastructure. The third important threat is terrorist groups. They operate by spreading propaganda, radicalizing potential supporters, and mobilizing capital. And the fourth is hacking groups which cause disruption of network equipment, damage to property, and reputation undermining or receiving unwanted publicity[38].Alpha

As such, the Ukrainian cyber system is one of the most vulnerable to attack in the world, including to terrorist attacks[39]. Among the actual potential threats to the information sphere of Ukraine in cyber-security today, only two feature: cyber-crime and cyber terrorism[40], which are also identical for both the U.S. and the U.K.  Nevertheless, there are examples ofhacker groups” in Ukrainewhich should be identifiedas a threat tocyber-security. In August 2011, there were illegal activities within the Ukrainian Center for International Criminal Hackers group. Its members stole more than 20 million U.S. dollars[41]from foreign banking institutions by forging credit cards.

Due to the differences in vision of information security by different state governments, it is necessary to look for common themes in order to reach a consensus to this problem at a global level.

Common themes

Comparing the U.S. and U.K. strategies on cyber-security it is possible to compare and contrast their approaches. Common themes can also be seen. Firstly, it should be noted that the vision of the future in cyber-space is considered in both strategies; both papers describe prospects and appropriate actions to be taken to combat cyber-threats. To achieve a better future in cyber-space, the strategic objectives are defined. A rule of law is a common objective among them.

Both strategies clearly identify the emergence of new challenges to national security, thereby complementing each other. Countering these challenges depends on the basic principles they adhere to in the implementation of their policy in this sphere, and which are common to both strategies. They are: the fundamental freedoms, the protection of citizens and their interests, and the free flow of information.

Technological development, partnership with the private sector, international cooperation and the expansion of knowledge are the priorities for both countries in policy conduction on cyber-security, as the Strategies outline[42].

Another common priority for the U.S. and U.K. is the Budapest Convention on Cyber-crime,[43] mentioned in both Strategies. According tothis, the document should be the base of all future developments in defining the norms of behavior in cyber-space. In particular the strategies indicate that both states are considering “further discussions on international norms” against cyber-crime, primarily as “spreading existing efforts such as the Budapest Convention” to all participants[44].

3. International experience in dealing with threats to information security. Lessons for the Ukraine.
The U.S. and U.K. policy

Until now the U.S. has remained as one of the leading countries in determining the prospects of cyber-space development and in policy shaping on this issue.

According to the United States International Strategy for Cyber-security, the priority of politicians within the U.S. government is to create and maintain open, interactive, secure and reliable networks for the entire international community. It focuses on seven areas. For each of them it is important to have cooperation between the U.S. government, international partners and the private sector.

§In economics, the U.S. finds it necessary to promote international standards and innovations, and open markets. By supporting a free market environment that encourages technological innovation through available, globally connected networks; by securing intellectual property and trade secrets from theft; by ensuring the rule of joint and secure technical standards as established by technical experts.

§In network security it is important to increase  security, reliability and stability. Through cooperation in cyber-space – in states norms of behavior in cyber-security, as well as through multilateral organizations and multinational partnership; reducing the number of intrusions into U.S. networks and disruption of their work; ensuring operational response to incidents, stability and the possibility of recovering information infrastructure; improving the reliability of a high-tech supply chain, and using advice in the industry.

§In U.S. law enforcement, it is necessary to expand cooperation and the rule of law. By participating in the shaping of international policy on cyber-crime; conforming laws on cyber-crime at an international level, by amending the Budapest Convention; by defining the purpose of the laws on cyber-crimes as combating illegal activities but not restricting access to the Internet; by depriving terrorists and other criminals of use of the Internet for operations-planning, financing and committing of attacks.

§In the armed forces the important issue is preparing for the security challenges of the 21st century. Paying special attention to the growing needs of the military in reliable and secure networks; through the establishment and improvement of existing military alliances to counter possible threats in cyber-space; expanding cooperation with allies and partners in cyber-space to increase security.

§In Internet governance it is necessary to improve effective structures of Internet governance. Focusing on openness and innovations on the Internet; by maintaining the security and stability of the global network, including the system of domain names (DNS); through the organization of conferences between parties on Internet governance issues.

§In international development, capacity, safety and welfare are important for the United States- which can be achieved by: ensuring countries [which wish to create technical capacity and cyber-security potential] with necessary knowledge, trainings and other resources; developing and continuously exchanging the best developments in the international cyber-security sphere; training of law enforcement units, judicial experts, lawyers and legislators to enable them to counter cyber-crime; providing consistent and long-term relationships with experts and their counterparts from the U.S. government in order to build technical capacity.

§In freedom of the Internet, the USA pays special attention to the promotion of fundamental freedoms and privacy. Supporting actors of civil society in developing reliable, reserved and secure platforms for freedom of expression and association; working with civil society and non-governmental organizations on protection of online activities against illegal digital invasions; providing international cooperation in order to effectively protect commercial data; ensuring continuous compatibility for cooperation on the Internet[45].

In comparison, the U.K. is the country with the most Internet-dependent economy. According to one recent study, the current U.K. digital market costs £82 billion a year and it continues to grow[46].

The U.K. Government policy on information security, which is described in British cyber-security strategy, fully meets its objectives and is based on strategic approaches, and thus its aim are:

1 Objective: To fight against cyber-crime and make Britain one of the safest places for business.

§Overcoming cyber-crime by reducing online vulnerability; limiting criminal activity on the Internet; ensuring the effectiveness of partnership.

§Make the country safer for business in cyber-space by increasing the awareness and visibility of threats; improving the response to incidents; providing information and service security; promoting a culture that manages risks; ensuring reliable cyber-space.

2 Objective: To build a cyber-space sustained against cyber-attacks and to be able to protect its own interests.

§Protection of the U.K. national infrastructure from cyber attacks by strengthening the defense in cyber-space; increasing stability and reducing the impact of cyber attacks; countering terrorist use of the Internet.

§Confirmation that the U.K. has the opportunity to defend their interests in cyber-space improving its ability to recognize threats in cyber-space; expanding opportunities to prevent and interfere with attacks committed on the United Kingdom.

3 Objective: To promote an open, stable and dynamic cyber-space that can be safely used by U.K. citizens and that supports open societies.

§Promotion of cyber-space formation and development by supporting fundamental rights and freedoms in an open and interactive cyber-space.

§Protection of its lifestyle by ensuring the U.K. its security without compromising its values.

4 Objective: To get transverse knowledge, skills and capabilities which are required by the U.K. according to all objectives on cyber-security.

§Expanding knowledge through the creation of a coherent inter-sector research program; improving understanding of threats, vulnerabilities and risks.

§Training by creating a culture that understands the risks and allows people to use cyber-space, and improving skills on information security at all levels.

§Expending capacity through the creation of technical capabilities; improving the ability to respond to incidents[47].

So, international cooperation, user-training, and the development of technical protection systems can help to reduce the risk of cyber-crime even in countries such as Ukraine. However, the optimal methods that can be taken depend largely on the resources and capabilities of each country. For example, the harmonization of national legislation and technology. The implementation of existing strategies and approaches of the different countries will allow Ukraine to use existing knowledge and experience in shaping its own policy in the information sphere.

Government actions on information security in Europe and around the World

According to the trends in the policies of leading states towards countering threats in cyber-space; and to the internal information policy change of these states, as well as to the increasing problem of cyber-security, most countries in the world are modernizing their security sectors in accordance with modern challenges, and, in particular, paying attention to the potential of the Internet for use in military purposes. This process is due to:

§The development and acceptance of regulatory documents [strategies] which will ensure the integrity of government policy in this sphere. Today, countries such as the U.S., France, Germany, Netherlands, United Kingdom, Estonia, Finland, Slovakia, Czech Republic, Lithuania, Luxembourg, India, Australia, New Zealand, Colombia, Canada and Japan have already developed them. Some EU countries are in the process of finalization. Others have informal strategies[48].

§Active management systems reformed by the relevant security sector [the creation of specialized units and management structures]: in the U.S. [U.S. Cyber Command][49], the U.K. [Cyber Security Operations Centre][50], Germany [Internet Crime Unit[51], Federal Office for Information Security][52], Australia [The Cyber Security Operations Centre][53] and in other countries. A leading international security organization – NATO [Cooperative Cyber Defense Centre of Excellence]actively works on cyber-threats.In 2008, the Cooperative Cyber Defense Centre of Excellence in Tallinn, Estonia, was accredited as a NATO center of excellence. It conducts research and training on cyber defense[54]. In January 2013 in Hague, the Netherlands, the European Centre for Cyber-crime was founded[55].

§Increase the number of units engaged in the cyber defense system. Three regional police cyber units [The Police Central e-Crime Unit] have been set up in the U.K. with HMRC establishing a new team on cyber-crime[56]. The U.S. announced an additional 1,000 employees to a special cyber-security Department of the National Security Office [Department of Homeland Security][57], which will deal exclusively with high-tech U.S. security systems.

§In addition, the leading states of the world actively participate in trainings on cyber attack prevention. The U.S. militaryexperience [Cyber Storm][58] and the EU [Cyber Europe 2010][59] and training in the special ground Northrop Grumman argues that such trainings have a significant effect in identifying problem spheres of infrastructure protection, modeling possible incidents and developing typical patterns of response, as well as improving interagency cooperation[60]. For example, in the U.K., a new virtual research institute [the Virtual Research Institute][61] was established to provide an understanding of the science according to the increasing number of threats to cyber-security. In 2011, the United States and the United Kingdom signed an agreement on the conducting of large-scale trainings and education programs for American and European IT experts to combat IT terrorist threats.The document says thatover the nextseveral years at least five thousandpeople workingin public security must passthe course[62].

§Actions for public awareness on the dangers of cyber-threats. Recently, the U.K.- with European, American and Canadian partners -held its first event called “Get Safe Online Week” to increase understanding of the threats to cyber-security among the general population[63]. On May 18, 2012 in Donetsk, Ukraine, an International Seminar “Cyber-security and new challenges for the information society” was held[64].

Taking into account international experience in dealing with information security threats, what are the key lessons for the implementation of these strategic approaches, and what is the possible position on them in Ukraine?

Lessons for Ukraine

In recent years, Ukraine has been paying increasing attention to the problems of state cyber-security and combating cyber-crime. The increasing number of crimes which are qualified under Article 361 – 363 of the Criminal Code of Ukraine[65] shows the relevance of this problem. According to the Unified State Register of court decisions on judicial decisions on section 16 of the Criminal Code of Ukraine,[66] over the last two years 342 judicial decisions [including 89 – penalty] were made.


At the end of 2010 [December 10, 2010 № 1119/2010] by the Decree of the President of Ukraine, the decision of the National Security and Defense Council of Ukraine- dated November 17, 2010 -“On the challenges and threats to the national security of Ukraine in 2011was enacted. According to this decision there was put forward the task of “developing and submitting to the National Security and Defense Council of Ukraine proposals for the creation of a unified national system for combating cyber-crime within two months,” and to “develop and approve the list of objects that are important for national security and the defense of Ukraine and which require priority protection against cyber attacks”[67].

To fulfill these tasks, the Act of Ukraine “On the cyber-security of Ukraine” is now in development. It has to note key terms in the cyber-security sphere, define the concepts of critical infrastructure object and mechanisms in order to protect such objects, create a single nationwide system structured to counter cyber-threats and its component elements, to solve the problem of inter-agency coordination and power entities on state cyber-security[68]. Confirmation of Ukraine’s commitments towards the development of the Act are reflected in the Annual National Program of Ukraine – NATO cooperation in 2012, which set aside a separate paragraph (4.7) on the issue of cyber-security.It describes theprioritiesfor the current yearoncyber-security which are:

§ensuring theexchange of experiencebetween Ukraineand the statesmembers ofNATO;

§working on thepossibility ofcooperationwith the GeneralCentreof Excellence forCyberSecurity [Tallinn, Estonia];

§promoting cooperationoncyber-security between theSecurity Service of Ukraine, Administration of State Service of SpecialCommunication and Information Protectionof Ukraine, aswell as the relevantNATO bodies;

§facilitatingthe implementation of activitiesand trainingsoncyber-securitywithin the NATO program on Sciencefor Peace and Security[69].

The enhancing of interstate cooperation in combating cyber-crime and cyber-threats also should be noted. In October 2010, the Security Service of Ukraine in cooperation with the FBI and nine intelligence services of other countries conducted the operation “Trident breach” to neutralize a criminal hacker international group that illegally intervened in the work of foreign banks from Ukraine resulting in losses worth about 70 million dollars USA[70]. This joint operation was noted in the annual report on the results of FBI activities in 2010. In June 2011, the Security Service of Ukraine, in cooperation with law enforcement agencies of the U.S., U.K., Netherlands, France, Germany, Cyprus, Lithuania [10 countries in total], stopped the illegal activities of international criminal hacker groups under the guise of business structures which  operating legally and coordinated by citizens of Ukraine. According to preliminary estimates, as a result of this criminal group activity, losses exceeded 72 million U.S. dollars[71].

Despite such actions by the government of Ukraine in the information sphere, international experience in combating information security threats is necessary for Ukraine as an example of appropriate policy shaping and in order to build its own cyber-security system.

Despite the fact that most developed countries in the world have adopted national cyber-security strategies which define the medium- and long-term priorities and state authorities objectives in this area, until recently, the position of Ukraine on the relevant international strategies has been uncertain. Undoubtedly, this is due to the nature of these strategies. Now Ukraine has to clearly decide on the admissibility of some of the proposed approaches and the direction of shaping of the country’s position on cyber-security and cyber-space development on the international level.

Considering the sustainability of certain international strategies by Ukraine, we should focus on two of them, which were discussed in the previous chapter of this thesis: the U.S. International Strategy for Cyber-space and the U.K. Strategy of cyber-security.

Some of the U.K. strategy features keep in line with the U.S. provisions. Thus, they are both quite appropriate and relevant to the Ukrainian side, but on different levels. Where, according to the U.S. strategy, cyber-security is built on international cooperation, business and society, the main purpose of the U.K. strategy is the safety of the country and representation and protection of its interests in cyber-space. Besides, the U.S. International Strategy for Cyber-security is more general and describes the problem as such on an international level. Meanwhile, the U.K. strategy focuses attention on overcoming this problem within the country, describing the procedure for system shaping in dealing with cyber-crime, but does not exclude cooperation with other governments to reduce international risks in this sphere, which is very important for Ukraine in the early stages of its own cyber-security policy shaping.

As for Ukrainian admissibility to the strategies, an important role is played by the structure of the document. In the U.K. strategy approach, goal priorities, principles, objectives, challenges, threats and government actions to provide security in this sphere are clearly and consistently formulated. The U.S. strategy is focused on creating single norms for all states on overcoming threats to national security in cyber-space. Both initiatives are important for Ukraine to fully understand the problem, its proportions, and to correct shape state policy in the sphere of cyber-security.


As these strategies have a number of common provisions which do not cause a conflict of parties, it is appropriate to focus on these themes as they could become the basis for a common initiative to cyber-space.

The Ukrainian government has not only signed [11/23/2001], but also ratified [07/09/2005] a Convention on Cyber-crime[72] [entered into force on 01.07.2006][73]. According to it, Ukraine is an active member of the Convention Committee on Cyber-crime, which holds annual meetings and identifies priorities for the further extension of the Convention, especially for country-members of the Council of Europe[74]. At present, a number of provisions of the Convention on Cyber-crime have already been implemented into domestic legislation [such as contact center 24/7], and there are projects for their further implementation.

According to international experience, in addition to creating its own strategy on cyber-security, Ukraine needs comprehensive exercises to combat serious crimes in the cyber sphere both for practical training of personnel in relevant agencies and cooperating between the institutions which are responsible for the cyber-security of the state. In addition to trainings at a national level, it is desirable that Ukraine will participate in European cyber-security exercises. It would be appropriate to initiate such studies by Ukraine within the program “Partnership for Peace”[75].

Ukraine should occupy a more active position in the international arena on cyber-security and cyber-weapons issues. To seek, at the international level [especially at the UN relevant resolutions], the definition of key terms on cyber-security problems:cyber-security”, “cyber-space”, “cyber-attack”, “cyber-war”,cyber-terrorism”. For example, the Doctrine on Information Security of Ukraine states that it has become an information developed state; a competent and influential member of European life, taking its right place in the globalized world[76].

In 2013, Ukraine will chair the OSCE[77], and it is appropriate that the problem of acceptable international agreement development on cyber-security can be one of the major initiatives proposed by Ukraine in the security sphere. It appears to be realistic during 2013 to attain such a version of the relevant document, which will generally satisfy all participants in the OSCE and those countries which are concerned with cyber-security issues.

An important point is the fact that the OSCE has already made some developments on cyber-security issues. In May 2011, in Vienna, a conference “Comprehensive approach to cyber-security: the role of the OSCE” was held, where cyber-security issues were discussed [military-political, cyber-crimes and terrorism, global responsibility, regional responsibility, and the potential role of the OSCE][78].

As the head of the OSCE, Ukraine should initiate in Kiev the holding of a relevant international conference on this subject, where existing international initiatives should be discussed and a draft of consensus document on international rules of cyber-space use should be proposed.

Ukraine initiative in the OSCE could also be, for example, the preparation of a draft treaty on the ensuring, by member countries, of the Budapest Convention on Cyber-crime; and the fundamental freedoms of information systems users in cyber-space; as well as protecting the interests of citizens from threats to their personal information and chance of cyber-crimes being committed against them.


Noting the high level of international community activity, and the interest in strategic dealing with problems of information space development; considering the definition of information security, which is complex and multi-valued; taking into account the differences and common themes of the U.S. and U.K. strategies for Secure Cyber-space; studying the experience of other countries in this field, which can become an example for Ukraine in shaping of its own policy in the information sphere, some lessons can be learned.

The U.S. and U.K. strategies on cyber-security offer their own views on the future of cyber-space and on what strategic objectives must be pursued in its development.
The strategic approaches proposed by both governments can be applied andadaptedto the development ofUkrainianstrategy to combatcyber-crime and so meaningfully affect an international consensus-building on the future of cyber-space.

Creating a real international consensus on this issue among the leaders-states is an objective necessity as it will prevent further rapid growth of cyber-threats both on a national and international level.

Certain features of the strategies have common themes and describe equally certain threats. Accordingly, these issues and the general approaches both for the U.S. and U.K., which include the increasing of thecountry's national security, economic and social development, and commitment to basicfreedomsof expression, could be the basis for a broad dialogue on consensus-building.

Today, Ukraine is influenced by cyber-crime. It is interested in being actively involved in these discussions. International experience in combating threats to information security is essential to Ukraine as an example of policy shaping and building of its own cyber-security system. Primarilythrough the creation ofthe Strategyasone of the guidingdocumentsof state policy of Ukraine, which define theactivitiesof authoritiesinthe information sphere, only security issues aredoctrinallydefined. Laws and guidelinesregulate onlythe issues related tothe latestinformation technologies.

The development of a consensus document on cyber-space could be the main issue during the presidency of Ukraine in the OSCE in 2013.


[1] Convention on cyber-crime, Council of Europe – Budapest, 23.XI.2001:

[2] Tableof signatures andratifications:;CM=&NT=185&DF=&VL=

[3] James A. Lewis, Katrina Timlin, Cybersecurity and Cyberwarfare, Preliminary Assessment of National Doctrine and Organization, Center for Strategic and International Studies – 2011: 

[4] Introducing the New Cybersecurity Coordinator:

[5] The National Strategy to secure cyber-space, U.S. government via Department of Homeland Security – February 14, 2003:

[6] National Strategy for homeland security, Office of Homeland security – July 2002:

[7] Alex Michael, Special Series, Cyber Probing: The Politicization of Virtual Attack – Defense Academy of the United Kingdom, October 2012:

[8] Cyber-security Strategy – Cyber-security strategy Committee, Ministry of Defense, Estonia – Tallinn, 2008:

[9] National Cyber-security Strategies: Setting the course for national efforts to strengthen security cyber-space, ENISA (European Network and Information Security Agency), May 2012:

[10] Cyber-security Strategy of the United Kingdom: safety, security and resilience in cyber-space – June 2009:

[11] Управління боротьби з кіберзлочинністю:

[12]Організаційно-методичні рекомендації щодо проведення оборонного огляду в Україні (вересень 2008 – грудень 2009 року):

[13] NATO and Ukrainian experts discuss cyber defense:

Експертні консультації Україна – НАТО з питань кібернетичного захисту:

[14] The views expressed in this study are the author’s views and do not represent the State Government point of view.

[15] Указ Президента України «Про рішення ради національної безпеки і оборони України» № 389/2012 від 8 червня 2012 року «Про нову редакцію стратегії національної безпеки України»:

[16] Cyber-security strategy for Germany, Federal Ministry of the Interior – Translation Service, February 2011:


Government of the Republic of Lithuania – Resolution No 796 of 29 June 2011, Vilnius:

[17] Закон України «Про основні засади розвитку інформаційного суспільства в Україні на 20072015 роки» від9 січня 2007 року № 537-V:

[18] Cyber-security Strategy of the United Kingdom: safety, security and resilience in cyber-space – June 2009:

[19] United States Computer Emergency Readiness Team, US-CERT:

[20] National Cyber-security Strategies: Setting the course for national efforts to strengthen security cyber-space, ENISA (European Network and Information Security Agency), May 2012:

[21] Stratégie de la France: Défense et sécurité des systèmes d’information – Février 2011 :

[22] The National Cyber-security Strategy (NCSS):Strength through cooperation, Ministry of Security and Justice – The Netherlands, June 2011:

[23] The National Cyber-security Strategy (NCSS):Strength through cooperation, Ministry of Security and Justice – The Netherlands, June 2011:

[24] Закон України «Про основні засади розвитку інформаційного суспільства в Україні на 20072015 роки» від9 січня 2007 року № 537-V:

[25] Доктрина інформаційної безпеки України № 514/2009 від 8 липня 2009 року:  

[26] Аналітична записка «Структура керівних документів державної політики в інформаційній сфері: нагальні проблеми та шляхи впорядкування»:

[27] International Strategy for Cyber-space: Prosperity, Security, and Openness in a Networked World – May 2011:   

[28] Cyber-security Strategy of the United Kingdom: protecting and promoting the UK in a digital world, Cabinet Office – 25 November 2011:

[29] International Strategy for Cyber-space: Prosperity, Security, and Openness in a Networked World – May 2011:

Cyber-security Strategy of the United Kingdom: protecting and promoting the UK in a digital world, Cabinet Office – 25 November 2011:

[30] Cyber-security Strategy of the United Kingdom: protecting and promoting the UK in a digital world, Cabinet Office – 25 November 2011:

[31] International Strategy for Cyber-space: Prosperity, Security, and Openness in a Networked World – May 2011:

[32] Cyber-security Strategy of the United Kingdom: protecting and promoting the UK in a digital world, Cabinet Office – 25 November 2011:

[33] Закон України «Про основні засади розвитку інформаційного суспільства в Україні на 2007-2015 роки» від9 січня 2007 року № 537-V:

[34] International Strategy for Cyber-space: Prosperity, Security, and Openness in a Networked World – May 2011:

Cyber-security Strategy of the United Kingdom: protecting and promoting the UK in a digital world, Cabinet Office – 25 November 2011:

[35] Cyber-security Strategy of the United Kingdom: protecting and promoting the UK in a digital world, Cabinet Office – 25 November 2011:

[36] The National Security Strategy of the United States of America, the White House, Barack Obama – May 2010:

[37] International Strategy for Cyber-space: Prosperity, Security, and Openness in a Networked World – May 2011:

[38] Cyber-security Strategy of the United Kingdom: protecting and promoting the UK in a digital world, Cabinet Office – 25 November 2011:

[39] Исследования «Лаборатории Касперского»: Украина – один из главных источников DDoS-атак в мире:

[40] Доктрина інформаційної безпеки України № 514/2009 від 8 липня 2009 року:  

[41] СБУ викрила угруповання хакерів, які викрадали кошти з банківських рахунків громадян різних країн:;cat_id=3957

[42] International Strategy for Cyber-space: Prosperity, Security, and Openness in a Networked World – May 2011:

Cyber-security Strategy of the United Kingdom: protecting and promoting the UK in a digital world, Cabinet Office – 25 November 2011:

[43] Convention on cyber-crime, Council of Europe – Budapest, 23.XI.2001:

[44] International Strategy for Cyber-space: Prosperity, Security, and Openness in a Networked World – May 2011:

Cyber-security Strategy of the United Kingdom: protecting and promoting the UK in a digital world, Cabinet Office – 25 November 2011:

[45] International Strategy for Cyber-space: Prosperity, Security, and Openness in a Networked World – May 2011:

[46] Minister for the Cabinet Office and Paymaster General: Progress on the UK Cyber-security Strategy: Protecting and Promoting the UK in a Digital World:

[47] Cyber-security Strategy of the United Kingdom: protecting and promoting the UK in a digital world, Cabinet Office – 25 November 2011: 

[48] National Cyber-security Strategies: Setting the course for national efforts to strengthen security cyber-space, ENISA (European Network and Information Security Agency), May 2012:

[49] U.S. Cyber Command:

Department of Defense Strategy for Operating in Cyber-space, the United States of America – July 2011:

[50] James A. Lewis, Katrina Timlin, Cybersecurity and Cyberwarfare, Preliminary Assessment of National Doctrine and Organization, Center for Strategic and International Studies – 2011: 

[51] Cyber-security strategy for Germany, Federal Ministry of the Interior – Translation Service, February 2011:


[52] Federal Office for Information Security:

[53] The Cyber-security operations centre:

[54] NATO Cooperative Cyber Defence Centre of Excellence Tallinn, Estonia: 

[55] European Cyber-crime Centre (EC3) at Europol:

[56] Minister for the Cabinet Office and Paymaster General: Progress on the UK Cyber-security Strategy: Protecting and Promoting the UK in a Digital World:

[57] Department of Homeland Security:

[58] Cyber Storm: Securing Cyber-space:

[59] Cyber Europe 2010 – Evaluation Report, ENISA:

ENISA facilitated the first ever pan European Cyber Exercise:

[60] Northrop Grumman – Cybersecurity:

[61]The Next Wave, Vol. 19 № 4 – 2012, UK’s new Research Institute investigates the science of cybersecurity, Government Communications Headquarters (GCHQ):

[62] No to Government Control of the Internet, Biden Says:

[63] Get Safe Online week:

[64] Семінар з питань кіберзахисту у Донецьку:

[65] Закон України «Про внесення змін до Кримінального та Кримінально-процесуального кодексів України» від23 грудня 2004 року № 2289-IV:

[66] Кримінальний Кодекс Українивід 5 квітня 2001 року № 2341-III:

[67]Указ Президента України № 1119/2010 Про рішення Ради національної безпеки і оборони України від 17 листопада 2010 року «Про виклики та загрози національній безпеці України у 2011 році»:

[68] Проект Закону про внесення змін до деяких законів України щодо забезпечення кібернетичної безпеки України № 11125 від 31.08.2012:

[69] Указ Президента Украины от 19 апреля 2012 года № 273/2012 «Об утверждении годовой национальной программы сотрудничества Украина – НАТО на 2012 год»:

[70] Alicia A. Caldwell:FBI says cyber-thieves stole $70 million, The Associated Press -Friday, October 1, 2010:

[71] Olzhas Auyezov, REUTERS, Ukraine says breaks up global hacker ring, banks targeted:

[72] Tableof signatures andratifications:;CM=&NT=185&DF=&VL=

[73] Convention on cyber-crime, Council of Europe – Budapest, 23.XI.2001:

[74] Council of Europe: 

[75] The Partnership for Peace programme:

[76] Доктрина інформаційної безпеки України № 514/2009 від 8 липня 2009 року: 

[77] Україна розпочинає головування в Організації з безпеки і співробітництва в Європі (ОБСЄ):

[78] OSCE Conference on a Comprehensive Approach to Cyber-security: Exploring the Future OSCE Role, 11 May 2011: