The dynamic nature of cybercrime and the constantly evolving cyberthreat landscape pose challenges for states to develop effective strategies that are, and remain, fit for purpose. To address these challenges, it is crucial for countries to tailor their responses to their unique contexts and priorities, rather than replicating solutions from other contexts without proper adaptation. Equally important is ensuring that their responses are holistic, which means that they consider all stages of a cybercrime response. It is common for countries – particularly those with limited resources – to focus on certain aspects of the response, such as the provision of capabilities and equipment, while neglecting other critical areas. This approach often leads to a partial impact and falls short of addressing the full scope of cybercrime challenges.
As articulated in this paper, addressing cybercrime effectively requires a comprehensive approach that includes different stages revolving around: 1) strategy development: 2) establishing enablers; 3) establishing operational capability; 4) tasking and prioritization; and 5) evaluation.
The Strategic Approach to Countering Cybercrime (SACC) framework adds to existing guidance for countries aimed at helping them tackle cybercrime and enhance their responses to it. The framework facilitates structured dialogues among policymakers and practitioners, enabling comprehensive and strategic approaches to cybercrime that can adapt to their specific contexts and strategic perspectives. By incorporating the importance of context, the framework ensures that strategies are not only robust but also relevant to the challenges faced by individual nations. As such, the SACC framework supports the ongoing refinement of strategies through regular assessments, adjustments to existing plans and the identification of gaps in current strategies.
By incorporating the importance of context, the framework ensures that strategies are not only robust but also relevant to the challenges faced by individual nations.
Because of the unique nature of each context, the SACC framework is designed to help practitioners ask the right questions. It does not seek to give prescriptive answers or assume that solutions will look similar in all countries. What is crucial is that implementation aligns with the approach outlined in the previous chapter – one that is inclusive, informed, realistic and connected. The paper has identified a set of three implementation methods of the SACC framework, while noting that others may exist that can be deployed instead or in combination.
The SACC framework has already been deployed, using the focus group methodology, as part of the Cybersecurity Maturity Model (CMM) for Fiji, delivered by the Oceania Cyber Security Centre (OCSC) in February 2024. The OCSC used the framework to redesign their question sets and develop a more comprehensive research agenda, leading to a holistic data-collection process that will inform Fiji’s national cyber strategy. Furthermore, the framework was used in a simulation exercise in Singapore to explore ASEAN responses to cybercrime, the gaps and successes. Overall, the rigorous scope of the framework enables a more thorough exploration of the context in which it is implemented. This enhanced understanding will serve for a vital role in refining national cybercrime strategies and help foster national resilience against evolving cyber threats.
Importantly, the SACC framework remains open-source, allowing for flexible use by interested parties. The authors are keenly interested in further understanding how the framework is used in practice, and are actively monitoring its implementation for insights into how the framework can be enhanced further.