Recently, Pakistan got its first-ever and much-needed National Cyber Security Policy[1] (NCSP). The federal government is raring to kick off its implementation by the end of June next year.[2] Like any other policy in Pakistan, the NCSP 2021 appears almost perfect on paper. However, without timely and effective implementation, the NCSP 2021 will not achieve the desired results.
Public policy is defined as “a purposive course of action taken or adopted by those in power in pursuit of certain goals or objectives.”[3] According to Thomas Dye and Robert Lineberry, a public policy is “whatever government choose to do or not to do.” These definitions of public policy hint at the divergences that exist among what governments decide to do, what governments actually do, and what governments failed to do.[4] In order to identify these divergences, a well-known analytical model was proposed in 1997 in the field of policy studies. This model involves analysis of any public policy from three major aspects: context, text and consequences.[5] The same model is being used here to analyse the NCSP 2021.