Czech Republic (CZ)

The Cyber Security Strategy of the Czech Republic for the period from 2015 to 2020 was led by the National Security Authority (NSA) and implemented by the government in 2015. 

Updating the 2012 strategy, it covers 9 of the 15 strategic goals in the ENISA self-assessment classification. These strategic goals are: Security and privacy balance; citizen awareness; critical Information Infrastructure protection; international cooperation; public-private partnership; incident response capability; institutionalised form of cooperation between public agencies; R&D; cyber security exercises.

The National Cyber and Information Security Agency (NCISA) plays a key role in the implementation of the strategy, priorities of which include:

  • Prompt & reliable assistance to NCSC's constituency – administrators of the strategic ICT networks defined by the Cyber Security Act.
  • Continue to invest in NCSC's human capital through employees training.
  • Further develop the ICS-SCADA & forensics lab. 

Annual reports and progress checks are part of the Action Plan.

 

 

EDUCATION AND TRAINING IN NATIONAL STRATEGY

Roles of Education and Research in the national strategy

NCISA , the national cybersecurity centre, has the remit to cover both education and research. 

Education, awareness raising and information society development:

  • Raising cybersecurity awareness and literacy of primary and secondary school students, as well as among the large public, i.e. end-users, through the intermediary of supporting initiatives, awareness campaigns, organizing public conferences etc. 
  • Modernising the existing primary and secondary school curricula and support new university study programmes designed to produce cybersecurity experts. 
  • Providing relevant education and training to public administration staff involved, but not exclusively, in the field of cyber security and cybercrime.

Research and development; consumer trust:

  • Taking part in national and European research projects and activities concerning cyber security.
  • Designating the NSA as the main point of contact for cyber security research, where the NSA will contribute to the coordination of research activities in this field. The focus of cybersecurity research should be on substantive problems and on the transfer of research outputs into practice. 
  • Cooperating with the private sector and academia on the development and implementation of state used technologies to ensure their maximum protection and transparency. Testing and evaluating the level of security of the technologies used.
  • Working with the private sector and academia on research projects (including primary and experimental research) and on activities in technical disciplines and social sciences, at the national, as well as European and international, transatlantic levels.
  • Making research and development a national priority and thereby actively stimulating investments in this field. 
Education on cybersecurity

The NCISA education department targets civil servants and employees of public administrations, including security forces, as well as pupils and students of all age groups and levels of education. Cooperation with universities includes lectures and seminars and the preparation of cybersecurity experts. At citizen level, there are activities mainly for parents to support the uptake of digital technologies amongst children.
Most activities are organised as e-learning courses in the national language, including:

Research on cybersecurity

As  the national contact centre for the research and development of cybersecurity and the protection of classified information, NCISA creates informational and analytical materials for the security community and supports the coordination of research activities, including research needs, challenges and priorities in the field of internet security through its dedicated Research Department

It also cooperates with the private sector, including cooperation on national and international research projects and developing and implementing security technologies used by state and public institutions.
National cybersecurity exercises are aimed at testing technical knowledge and tools, verifying communication channels, decision-making authorities and internal procedures for tackling cybersecurity incidents. 

Higher Education Courses on Cybersecurity

  • Brno University of Technology – Bachelor degree in Information Security. Year established: 2015. Student intake: 100. European Credit Transfer System (ECTS): 180. Focus: Includes coverage of system security, network security, component security, SW security and preparation for professional certification: CISCO CCNA, CCNP, Security, Palo Alto Academy.
  • Masaryk University – Master in Computer Systems, Communication and Security (Information Security Specialization). Year established: 2019. Student intake: 200. European Credit Transfer System (ECTS): 120. Focus: system security, network security, component security, SW security. 
  • Brno University of Technology – Master in Cybersecurity. Year established: 2020. Student intake: 60. European Credit Transfer System (ECTS): 120. Focus: Includes coverage of system security, network security, component security, SW security. 
  • Masaryk University, Software Systems and Services Management – Master in Management of Cybersecurity. Year established: 2019. Student intake: 50. European Credit Transfer System (ECTS): 120. Focus: system security, network security, component security, SW security.
Public Private Partnerships

NCISA cooperates with private sector and it also raises general awareness of NCISA’s activities and cooperation possibilities through regular meetings and mutual information sharing. NCISA has also established close cooperation with selected private companies (non-EU grown companies like Microsoft and Cisco) to exchange information about cyber security threats, trends and proven practices.

Within its constituency there are only businesses of stategic importance regulated by the Cyber Security Act, helping them safeguard their critical information infrastructure, providing them with security information and assistance, and enhancing their knowledge about internet security. Most of the Czech businesses, including internet service providers, deal with the National CSIRT Team of the Czech Republic (CSIRT.CZ). 

The NSA has an ‘agreement on the government's security programme’ with Microsoft, under which the parties are able to share and exchange cyber security information, which means that the NSA has access to Microsoft products’ source codes and documentation. A similar information exchange agreement has been concluded between NSA and Cisco. Based on this memorandum of understanding, these two entities share cyberthreat information and exchange information on current cyber security trends and best practices. 

IT/Cybersecurity Clusters

A private cooperative industrial cybersecurity cluster operates through the Network Security Monitoring Cluster (NSM Cluster) focusing on network and IT security. Its activities include networking and know-how sharing; education and training about network security monitoring; and information sharing on network security trends. It also interacts with other associations and international organisations on network security monitoring and IT security topics, for example, with ENISA and IT Security in Germany. 

EU Cyber Professional Register for national stakeholders

The CYBERWISER.eu CyPR is all about boosting opportunities in the cybersecurity marketplace. 

This European Cybersecurity Professional Register is the place where professionals, junior or senior, can promote their specific skill sets and experiences in cybersecurity, courses taken and qualifications.

Organisations of any size or sector (from SMEs to large companies and public institutions can find and contact the right skills and experiences they need to improve their IT security posture.

Latest update

January 2021

The information contained here is based on desk research carried out by CYBERWISER.eu, including the ENISA interactive maps on national strategies and educational courses. 

 

CYBERSECURITY RESPONSE TEAMS: GDPR and NIS Directive: Compliance and Notification

National Computer Security Information Response Team (CSIRT)
Computer Emergency Response Team (CERT)
Notification obligations in the event of a data breach
NIS Directive (operators of essential services and digital service providers): actual, adverse and significant impact on the continuity of essential services. Actual, adverse and substantial impact on the provision of enumerated digital services.
GDPR (any organisation dealing with the data of EU citizens): accidental or unlawful destruction, loss, altercation, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
National contacts

The Regulation on Cyber Security also specifies the procedures for the reporting of cyber incidents, both to GovCERT.CZ (website in Czech/ English) and to CSIRT.CZ (website in Czech only). A report is to follow a predefined form and can be submitted via an e-form on the respective website, via e-mail, data mailbox, specified interface, or on paper.

GovCERT.CZ
For the incident reports, use the address: cert.incident@nbu.cz

For the non-incident related messages, use the cert@nbu.cz

If it is not possible (or not advisable for security reasons) to use e-mail, the GovCERT can be reached by telephone at +420 725 875 205.

The GovCERT's hours of operation are generally restricted to regular business hours (09:00-17:00 Monday to Friday except holidays).

Guidance and updates 

Information about the threat landscape and related services can be found here: https://www.govcert.cz/en/government-cert/provided-services/. Most of the other updates on GovCert CZ are on events and announcements: https://www.govcert.cz/en/info/events/.

CSIRT.CZ provides information on incident reporting and guidance: https://csirt.cz/page/3399/incident-reporting/, as well as security alerts and updates: https://csirt.cz/news/security/.

Languages Czech and English
Latest update & Disclaimer

January 2021

The information contained here is the result of desk research carried out by CYBERWISER.eu. 

 

Contact us for more info

 

Czech Republic (CZ) | CYBERWISER.eu

CYBERWISER.eu Cyber Range & Capacity Building in Cybersecurity

Error

The website encountered an unexpected error. Please try again later.