Ecuador’s national cybersecurity strategy

The agenda outlined in Ecuador’s Estrategia Nacional de Ciberseguridad (National Cybersecurity Strategy) is built around six strategic pillars, each supported by specific objectives. The strategy was developed through a collaborative, multistakeholder process involving more than 170 participants across the public and private sectors, academia, civil society, and international organisations. The final version was approved on 3 August 2022.

Strategic pillars and objectives

1. Governance and national coordination
This pillar focuses on establishing a solid institutional framework for managing cybersecurity.

• Objective 1.1: Create an integrated cybersecurity governance framework.
• Objective 1.2: Promote an expert-based community with participation from multiple stakeholders.
• Objective 1.3: Develop comprehensive legal and regulatory frameworks to support national cybersecurity and cyberdefense governance.

2. Cyber resilience
This area addresses the country’s ability to anticipate, respond to, and recover from cyber incidents.

• Objective 2.1: Develop a national risk management and crisis preparedness process.
• Objective 2.2: Implement a framework to identify and supervise operators of critical digital infrastructure.
• Objective 2.3: Strengthen national incident response capabilities, especially the national CERT.
• Objective 2.4: Use advanced technologies and innovation to support agile policymaking and cyber intelligence.

3. Prevention and combat of cybercrime
This pillar is aimed at improving legal tools and operational capacities to handle cybercrime.

• Objective 3.1: Update Ecuador’s legal framework on cybercrime to safeguard digital rights.
• Objective 3.2: Enhance investigative and judicial capabilities to ensure timely responses to cybercrime.

4. Cyber defense
This area relates to the protection of national digital infrastructure and services against cyber threats.

• Objective 4.1: Strengthen state capabilities for cyber defense in line with the National Defense Policy.

5. Cybersecurity skills and capabilities
This pillar supports awareness, training, and education in cybersecurity.

• Objective 5.1: Expand public awareness of cybersecurity at all levels of society.
• Objective 5.2: Enhance the skills of all relevant stakeholders.
• Objective 5.3: Ensure cybersecurity is integrated into the educational system.

6. International cooperation
Recognizing the transnational nature of cyber threats, this pillar emphasizes global and regional collaboration.

• Objective 6.1: Define Ecuador’s international priorities in cyber diplomacy.
• Objective 6.2: Strengthen bilateral, regional, and multilateral cooperation to address cybersecurity threats.

Guiding principles

The strategy is built around four key principles:

• Shared leadership and responsibility
• Protection of digital rights
• Risk management and resilience
• Inclusive and collaborative vision

Implementation and monitoring

• A National Cybersecurity Coordinator will oversee the implementation.
• Progress will be tracked through quarterly monitoring and annual reporting to the National Cybersecurity Committee.
• A strategic communication plan, resource allocation, and performance indicators are integrated into the implementation roadmap.
• Key performance indicators will evolve in line with progress, as approved by the National Cybersecurity Committee.

Context and motivation

Ecuador ranked 119th out of 182 countries in the 2020 ITU Global Cybersecurity Index. The strategy is part of broader efforts to address the country’s vulnerabilities and to strengthen national capacities in a rapidly evolving digital environment.