This document summarizes a presentation on developing a policy and legal framework for digital security in Moldova. It discusses the need for such a framework to coordinate security efforts, define roles and responsibilities, and better protect information systems. The presentation outlines Estonia's cyber security strategy as an example and explains how Moldova's framework could include establishing security measures, increasing training, and developing applicable laws. International cooperation on cyber security through the EU, UN, and other organizations is also addressed.

1. e-Government Centre Moldova
Digital security for better governance
and public services
Digital information security trainings
2013
Chisinau
Presentation Title 12.03.2013

2. e-Government Centre Moldova
Policy and legal framework
development for Digital Security
Hannes Astok
Senior Expert
eGovernmance Academy
Presentation Title 12.03.2013

3. Why policy framework?
 Growing threats and security concerns
 Vulnerability of the critical information systems
 Need for coordinated activities
 Clear roles and responsibilities between the
institutions
 Better protection of information systems and critical
infrastructure
 Estonian Cyber Security Strategy 2008-2013

4. Goals of the strategy
Establishment of a multilevel system of security
measures
Expanding Estonia’s expertise in and awareness of
information security
Adopting an appropriate regulatory framework to
support the secure and extensive use of information
systems

5. Goals of the strategy: more specifically
1. Development and implementation of a system of
security measures
1. Protection of the Critical Information
Infrastructure (CII)
2. Development and Implementation of a System
of Security Measures
3. Strengthening of Organisational Co-operation

6. Goals of the strategy: more specifically
2. Increasing competence in information security
1. Organisation of Training in Cyber Security
2. Enhancing Research and Development
3. Development of a legal framework for cyber
security
4. Development of international co-operation
5. Raising awareness of cyber security

7. Relations to the other national
development plans
Information Security Interoperability Framework
(2007)
Information Society Strategy 2013
Knowledge-Based Estonia: R&D Development
Strategy 2007-2013
Criminal policy development strategy
Education and health development plans

8. Legal framework -International law
Council of Europe
Convention on Cybercrime 2004

9. EU legal framework
Attacks against information systems: Council
Framework Decision 222/2005/JHA
Protection of personal data (95/46/EC and
2002/58/EC);
Electronic communications (2002/58/EC);
Retention of data (2006/24/EC);
Re-use of public sector information (2003/98/EC;
under revision) ;
Information society services (2000/31/EC).

10. National legal framework
Penal Code: responsibility and penalties about
various types of crime and attacks
Electronic Communications Act: requirements for
publicly available electronic communications
networks and communications services

11. National legal framework 2
Personal Data Protection Act: clear legal basis for
processing any kind of personal data
Public Information Act: regulates the basis and
procedures for the accessing of public information

12. National legal framework 3
Information Society Services Act: limits the liability
of Internet service providers for the content of their
service, spam related issues and general
requirements for the provision of information society
services.

13. International Cooperation
United Nations: issues of cyber security are
addressed by a high-level expert group of the
Internet Governance Forum (IGF) and the
International Telecommunication Union (ITU).

14. International Cooperation: EU
European Commission
The European Network and Information
Security Agency (ENISA) provides support to
EU member states, institutions and
entrepreneurs in the prevention and
management of breaches in information security.

15. International Cooperation: EU 2
European Programme for Critical
Infrastructure Protection – EU reseach
network realted to cyber security

16. Q&A
Thank You!
Hannes Astok
www.ega.ee | hannes@astok.ee| +372 5091366 | hannesastok
E-Governance Academy | Tõnismägi 2, 10112 Tallinn, Estonia
Presentation Title 12.03.2013