Cybersecurity Regulatory Outlook in EU and Slovakia
•Download as PPTX, PDF•
0 likes•182 views
Cybersecurity is topic for? Challenges during process Different EU REGULATIONS Cybersecurity governance in Slovakia
Recommended
Recommended
More Related Content
Similar to Cybersecurity Regulatory Outlook in EU and Slovakia
Similar to Cybersecurity Regulatory Outlook in EU and Slovakia (20)
Recently uploaded
Recently uploaded (20)
Cybersecurity Regulatory Outlook in EU and Slovakia
- 1. Cybersecurity Regulatory Outlook in EU and Slovakia BEST PRACTICES FROM SLOVAKIA Rastislav Janota Chairman Cyber Security Committee Security Council of the Slovak Republic National Security Authority
- 2. CYBERSECURITY IS TOPIC FOR? Who should take care on Cybersecurity? WE ALL! Everyone is responsible for own data and own services...
- 3. CHALLENGES DURING PROCESS • Alignment with other regulations and their regulators • Defining balance between minimum regulation and comprehensive regulation approach • Creating national CSIRT network structure, accreditation of CSIRTs incl. private one’s • Alignment with Critical Infrastructure Protection legislation • Definitions of sectors and subsectors for OES incl. managing authorities and their duties • Mandatory government CSIRTs for sectorial managing authorities, government outsourcing and last-resort option • Defining areas for future voluntary ‘win-win’ cooperation with the market instead of mandatory duties
- 4. DIFFERENT EU REGULATIONS • General Data Protection Regulation (GDPR) – 2016/679 – To strengthen and unify data protection for all individuals within the European Union (EU) – Regulator – Office for Personal Data Protection of the Slovak Republic • Payment Services Directive (PSD2) – 2015/2366 – To regulate payment services and payment service providers throughout the European Union (EU) – Regulator – National Bank of Slovakia • Regulatory framework for electronic communications – Telecoms Package (2009) – To create a common set of regulations for the telecoms industry across all 27 EU states – Regulator –Regulatory Authority for Electronic Communication and Postal Services • Network and Information Security Directive 2016/1148 – To force companies and organizations to protect their systems/data from cyber-attacks – Regulator – National Security Authority
- 5. BASIC CYBERSPACE ACTIVITIES • Cyber Crime – Responsible Ministry of Interior (police, crime investigators), prosecutors, courts • Cyber Defense – Ministry of Defense • Cyber Intelligence – Intelligence services • Cyber Security – NIS transposition, – Cybersecurity regulation – Regulation of sectors/subsectors – Security standards, risk management, auditing, regulation, enforcement work – Incident reporting and handling – National Cybersecurity Centre and National CSIRT (SK-CERT) – Security Operation Centre
- 6. Cyber Security Committee CYBERSECURITY GOVERNANCE IN SLOVAKIA Parliament National Cybersecurity Centre / SK-CERT Security Council Government Managing authority Sector/Subsector n National Security Authority Managing authority Sector/Subsector 2 Managing authority Sector/Subsector 1 CSIRT Sector 1 and 2 CSIRT Sector n CSIRT Commercial
- 7. CYBERSECURITY LAW IN SLOVAKIA Content of law • Definitions • Cybersecurity governance in Slovak republic, • National Cybersecurity Centre (and SK-CERT), • Integrated Cybersecurity Information System, • Duties and capacities of Operator of essential services and Digital service provider • CSIRT units and their accreditation, • Security requirements and incident notification and handling • Implementation and enforcement • Other procedures and bylaws • Update (alignment) of Critical Infrastructure Law with Cybersecurity Law • Definition of sectors and subsectors for OES
- 8. CYBERSECURITY LAW IN SLOVAKIA Key duties from NIS and law • establishes security requirements for operators of essential services and for digital service providers • establishes notification requirements for operators of essential services and for digital service providers Tools • identification and impact criteria of the operated service • contents of security measures, contents and structure of the security documentation and scope of the general security measures • identification criteria for respective categories of cybersecurity incidents and details of cybersecurity incidents reporting
- 9. DEFINITION OF SECTORS AND SUBSECTORS FOR OES Sector Subsector Managing authority CIP NIS CiiP Banking Ministry of Finance ☑️ ☑️ Transport Air transport Ministry of transport and construction ☑️ ☑️ ☑️ Rail transport ☑️ ☑️ ☑️ Water transport ☑️ ☑️ ☑️ Road transport ☑️ ☑️ ☑️ Digital Infrastructure National Security Authority ☑️ ☑️ Electronic Communication Satellite communication Ministry of transport and construction ☑️ ☑️ Electronic communications networks and electronic communications services ☑️ ☑️ Financial market infrastructures Ministry of Finance ☑️ ☑️
- 10. DEFINITION OF SECTORS AND SUBSECTORS FOR OES Sector Subsector Managing authority CIP NIS CIIP Postal services Ministry of transport and construction ☑️ ☑️ Energy Mining Ministry of Economy ☑️ ☑️ Electricity ☑️ ☑️ ☑️ Oil ☑️ ☑️ ☑️ Gas ☑️ ☑️ ☑️ Heat-power ☑️ Other Industries Pharmaceutical Ministry of Economy ☑️ ☑️ Metallurgical ☑️ ☑️ Chemical ☑️ ☑️ Health All medical facilities (incl. Hospitals and private clinics) Ministry of Health ☑️ ☑️ ☑️
- 11. DEFINITION OF SECTORS AND SUBSECTORS FOR OES Sector Subsector Managing authority CIP NIS CIIP Water and Atmosphere Weather service Ministry of the environment ☑️ ☑️ Water works ☑️ ☑️ Drinking water supply and distribution ☑️ ☑️ ☑️ Public Administration Public order and security Ministry of interior ☑️ Information systems of public administration Deputy Prime Minister’s Office for Investments and Informatization ☑️ ☑️ Defense Ministry of defense ☑️ Intelligence services Intelligence services ☑️ Classified Information Protection National Security Authority ☑️
- 12. NIS TRANSPOSITION TIMELINE • July 2016 - NIS approval July • September 2016 - first internal draft • October 2016 - NIS Implementation international workshop, Bratislava • December 2016 – first round of public consultation • End of January, February 2017 – second round of public consultation • February 2017 – public workshop after second public consultation • March – May 2017 – third round of public consutations • Jun 2017 – official intra-ministerial commenting procedure • July – September 2017 – preparation of final version • October 2017 – approval by Slovak government • November 2017 – parliament procedure • January 2018 - approval of the law by parliament • March 1st, 2018 – entry into force