Cyber Readiness Index 2.0
Click to download
Chris Demchak, Jason Kerben, Jennifer McArdle, and Francesca Spidalieri
No country is cyber ready.
The Cyber Readiness Index (CRI) 2.0 team developed a ground-breaking methodology, known as the CRI 2.0, to evaluate and measure a country’s preparedness levels for certain cybersecurity risks. The team of experts apply the CRI 2.0 to provide a compelling and actionable review of a country’s policies, plans, laws, standards, market levers (e.g., incentives and regulations), and other initiatives. The resulting actionable blueprint enables a country to better understand its Internet-infrastructure dependencies and vulnerabilities and assess its commitment and maturity to closing the gap between its current cyber security posture and the national cyber capabilities needed to support its digital future.
The CRI 2.0 uses over seventy unique indicators across seven essential elements to discern operationally ready activities and identify areas for improvement in the following elements: national strategy, incident response, e-crime and law enforcement, information sharing, investment in R&D, diplomacy and trade, and defense and crisis response. Each of these essential elements, if pursued in tandem, can help a country develop a stronger security posture to defend against economic erosion from cyber insecurity. Each area of inquiry is assessed across three cyber readiness levels: fully operational, partially operational, or insufficient evidence. The results are averaged to create an overall readiness assessment per country.
The threat to each country’s networked systems and infrastructures is real and growing. Data breaches, criminal activity, service disruptions, and property destruction are becoming commonplace. The resources available to increase the resilience of a country’s infrastructure and decrease the exposure of the countries to damage, however, are finite. The CRI 2.0 offers a comprehensive, comparative, experience-based methodology to help national leaders chart a path toward a safer, more resilient digital future in a deeply cybered, competitive, and conflict- prone world.
The CRI 2.0 is available in Arabic, Chinese, English, French, Russian, and Spanish and is being applied to 125 countries. While no country is cyber ready, there are countries that have developed effective mechanisms to achieve cyber readiness/preparedness and these programs and initiatives provide examples for other countries to learn from and possibly follow. As countries connect the next one to two billion people to the Internet and embrace next generation technologies, including the Internet of Things (IoT), the CRI 2.0 is a tool that can help identify and manage cybersecurity risks. The CRI 2.0 demonstrates how national security is closely intertwined with Internet connectivity and rapid adoption of ICT, which when secure, can lead to economic growth and prosperity.
The CRI 2.0 methodology is currently being applied to 125 countries. The resulting country reports are based on over seventy unique indicators across seven essential elements to discern operationally ready activities and identify areas for improvement in the following categories: national strategy, incident response, e-crime and law enforcement, information sharing, investment in research and development (R&D), diplomacy and trade, and defense and crisis response. The CRI country profiles of France, Germany, India, Italy, Japan, the Netherlands, the United Kingdom, the Kingdom of Saudi Arabia, and the United States can be found at the following link: http://www.potomacinstitute.org/academic-centers/cyber-readiness-index.