The Austrian national cybersecurity strategy (Österreichische Strategie für Cyber Sicherheit - ÖSCS; Austrian Cyber Security Strategy) was launched in 2013 as a comprehensive and proactive concept for protecting cyberspace and the people in the virtual space while guaranteeing human rights by enhancing the security and resilience of Austrian infrastructures and services. It also builds awareness and confidence in the Austrian society.
It covers 11 out of the 15 strategic goals in the ENISA self-assessment classification. These goals are: Cybercrime; critical information infrastructure protection; national cyber contingency plans; international cooperation; public private partnership; incident response capability; international cooperation between public agencies; baseline security requirements; incident response reporting mechanisms; R&D; cybersecurity exercises; cross-sectoral cyber exercises for SMEs; training and educational programmes.
The Bundeskanzleramt (corresponding to the National Government Offices) has established a strategic cooperation with the authorities of Sweden during the annual Austrian-Swedish Cyber Security Program. The program links together leading Swedish and Austrian operators of critical infrastructure in telecom, finance, energy and transportation with selected cutting edge technology providers with solutions to meet future cyber security needs. The network includes Raiffeisen Bank Group, Erste Bank Group, A1 Austria Telecom Group, Drei Hutchinson, Vienna Airport, Energy Company EVN, Energie AG, Wiener Energie, Post and Telecom Regulator RTI, Ministry of the Interior, Ministry of Defense, IAEA & UNOD.
EDUCATION AND TRAINING IN NATIONAL STRATEGY
|Cybersecurity education in the national strategy||
The strategy is to fully incorporate ICT, cybersecurity and media competence into the school curriculum in all types of schools.
ICT security issues and cyber security become an integral part of a model for “digital competence” – adjusted to the curriculum of the respective type of school – so as to create awareness for security issues and to help children learn a responsible use of ICT and new media.
|Cybersecurity research in the national strategy||
Cyber security issues must increasingly be taken into account in applied cyber research as well as in security research programmes such as KIRAS. Efforts should be made to achieve active thematic leadership in EU security research programmes.
Measures to strengthen Austria’s research in the area of cyber security are:
- Making cybersecurity a key research priority in the framework of national and EU security research programmes.
- Tasking relevant stakeholders in administration, economy and research will develop the conceptual framework and technological instruments to enhance Austria’s cyber security standards in joint projects.
- Prioritising measures that help to turn research and development findings speedily into marketable products and further develop research projects under A-SIT.
Austria should strive for an active thematic leadership in EU security research programmes and contribute themes which it considers important to international
|Higher Education Courses on Cybersecurity||
Business and Public Private Partnerships
Co-operation with private operators of critical infrastructures and other economic sectors is considered a crucial part of the 2013 national strategy.
The Austrian Cyber Security Platform acts as an umbrella for various forms of cooperation between the Austrian Trust Circle, which is an initiative between CERT.au, the government and GovCERT Austria, Cyber Security Austria and Kuratorium sicheres Österreich. The platform is in charge of the institutional framework for the permanent exchange of information in public administration and with representatives of the economy, science and research with all stakeholders taking part on an equal footing. The Platform also has the remit to advise and support the national Cyber Security Steering Group.
Silicon Alps Cluster GmbH has a broad remit in ensuring the supply of qualified people to work in business, industry verticals and new technologies. In terms of cybersecurity, it supports dedicated exercises, such as nationwide cross-sectoral cyber exercises, including SMEs and sector-specific small companies. operating in will be organised and held at periodic intervals.
|Professional Cyber Registers||
The CYBERWISER.eu CyPR is all about boosting opportunities in the cybersecurity marketplace.
This European Cybersecurity Professional Register is the place where professionals of any age can promote their specific skill sets and experiences in cybersecurity, courses taken and qualifications.
|Latest updates & Disclaimer||
The information contained here is based on desk research carried out by CYBERWISER, including the ENISA interactive maps on national strategies and educational courses.
Cybersecurity Response Teams: GDPR and NIS Directive Compliance and Notification
|Notification obligations in the event of a cyber-attack/data breach||
NIS Directive (operators of essential services and digital service providers): actual, adverse and significant impact on the continuity of essential services. Actual, adverse and substantial impact on the provision of enumerated digital services.
GDPR (any organisation dealing with the data of EU citizens): accidental or unlawful destruction, loss, altercation, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
National Computer Security Information Response Team (CSIRT)
Computer Emergency Response Team (CERT)
|Guidance and Updates||
The most detailed and up-to-date website on cybersecurity in Austria is the Cyber Security Platform (CSP; German) https://www.digitales.oesterreich.gv.at/cyber-sicherheit-plattform, which provides information also on upcoming events and training.
|Languages||German and English|
|Latest update & Disclaimer||
The information contained here is the result of desk research.