Croatia adopted its national strategy on cybersecurity in October 2015.
Principles:
- Comprehensive nature of the approach to cyber security by covering cyberspace, infrastructure and users under the Croatian jurisdiction (citizenship, registration, domain, address).
- Integration of activities and measures arising from different cyber security areas and their interconnection and supplementation in order to create a safer cyberspace.
- Proactive approach through constant adjustment of activities and measures, and adequate periodic adaptation of the strategic framework they stem from.
- Strengthening resilience, reliability and adjustability by applying universal criteria of confidentiality, integrity and availability of certain groups of information and recognised social values, in addition to complying with the appropriate obligations related to the protection of privacy, as well as confidentiality, integrity and availability for certain groups of information, including the implementation of appropriate certification and accreditation of different kinds of devices and systems, and also business processes in which such information is used.
Main goals:
- Systematic approach in the application and enhancement of the national legal framework
- Pursuing activities and measures to increase the security, resilience and reliability of cyberspace
- Establishing a more efficient mechanism of information sharing
- Raising security awareness
- Stimulating the development of harmonised education programmes
- Stimulating the development of e-services
- Stimulating research and development
- Systematic approach to international cooperation
NATIONAL CYBERSECURITY STRATEGY - NIS Capacities
Year of adoption |
2015 NATIONAL CYBER SECURITY STRATEGY OF THE REPUBLIC OF CROATIA (ENGLISH VERSION), http://www.uvns.hr/UserDocsImages/en/dokumenti/Croatian%20National%20Cyb...(2015).pdf. |
---|---|
Updates and revisions | No updates have emerged from WISER desk research. |
Operational capacities building |
The Information Systems Security Bureau (ZSIS) (Croatian, https://www.zsis.hr/; English, https://www.zsis.hr/default.aspx?id=30) is the national competent authority for network and information security for Croatia, as stated in the Act on Information Security 2007. It operates under the Office for National Security. Croatia has two established computer emergency response teams (CERTs). CARNet, the National CERT (Croatian, http://www.cert.hr/ and English, http://www.cert.hr/en/start). ZSIS CERT, (English, https://www.zsis.hr/default.aspx?id=114) established in 2009 is responsible for coordinating security and incident response measures for parties that use a Croatian IP address or .hr domain. The Information Systems Security Bureau’s ZSIS CSI (English, https://www.zsis.hr/default.aspx?id=113) has jurisdiction over Croatian government institutions. Since 12 July 2009 CERT ZSIS is a full member of Trusted Introducer (https://www.trusted-introducer.org/), which gathers mostly European CERT/CSIRT teams and represents a platform for exchange of knowledge and experience in handling computer security incidents. Service Trusted Introducer is held by TF-CSIRT working group within a scope of the European academic and research network GÉANT. Since 27 June 2012 CERT ZSIS is a full member of FIRST organisation, a world's association of CERT/CSIRT teams which, as Trusted Introducer, represents a platform for promotion of knowledge on computer security incidents management in a wider international environment. |
Legal conditions |
National legislation: http://www.uvns.hr/UserDocsImages/en/dokumenti/info-security/Information.... Specific legislation on cybercrime has been enacted through the following instruments:
Specific legislation and regulation related to cybersecurity has been enacted through the following instruments:
|
Business and Public-private partnerships |
While Croatia has no formal public-private partnerships, several initiatives aim to strengthen links between different sectors of society or can serve as multipliers in reaching companies and other organisations on the importance of cybersecurity. CARNet, the National CERT, has jurisdiction over all parties that use a Croatian IP address and will liaise with private organisations for the purpose of cybersecurity incident prevention and incident response. The Croatian Regulatory Authority for Network Industries (HAKOM) (https://www.hakom.hr/default.aspx?id=7; English), itself an independently-run public authority, liaises with the private sector in its support role of the communication industry. RACVIAC — Centre for Security Cooperation (http://www.racviac.org/; English) is a representative body for the defence and security sectors in south-eastern Europe, based in Croatia. The Croatian Defense Industry Competitiveness Cluster (HKKOI; https://www.endr.eu/organisation/croatian-defense-industry-competitivene... English) brings together the country’s relevant SMEs in cooperation with Croatia’s Ministry of Defence to spin out commercial applications from military technologies. HKKOI’s members are active mainly in the fields of advanced materials, cyber security, electronics, energy, ICT, robotics and the land, maritime and naval sectors. HKKOI is focused on boosting the capacities of its SMEs by linking them to the value chains of larger enterprises to develop new products and services. The cluster is also expanding its international cooperation, and currently has contacts with the European Defence Agency and the region of Andalusia. Association of Croatian ICT clusters, cro.ict hppt://www.cro-ict.net. The Croatian Regulatory Authority for Network Industries (HAKOM; Croatian: https://www.hakom.hr/default.aspx; English: https://www.hakom.hr/default.aspx?id=7) is a public authority that supports the communication industry. HAKOM liaises with the private sector in the course of its duties. |
Other capacity-building measures: research and education |
Awareness and training is foreseen mostly for the public sector:
|
Implementation & Monitoring | For the purpose of reviewing and improving the implementation of the Strategy and Action plan for its implementation, the Government of the Republic of Croatia will establish the National Cyber Security Council, which, among other actions will monitor and coordinate the implementation; propose measures to improve it; propose the organisation of national exercieses, provide recommendations, reports and guidelines. It will also address issues for cyber crisis management based on the state of security. It will also issue programmes and action plans for the Operational and Technical Cyber Security Coordination Group and direct its work. |
Overall assessment/best practices: |
The Croatian Defense Industry Competitiveness Cluster (HKKOI) brings together the country’s relevant SMEs in co-operation with Croatia’s Ministry of Defence to spin out commercial applications from military technologies. HKKOI’s members are active mainly in the fields of advanced materials, cyber security, electronics, energy, ICT, robotics and the land, maritime and naval sectors. HKKOI is focused on boosting the capacities of its SMEs by linking them to the value chains of larger enterprises to develop new products and services. The cluster is also expanding its international co-operation, and currently has contacts with the European Defence Agency and the region of Andalusia. |
Date of last WISER analysis | October 2017 |
GDPR and NIS Directive: Compliance and Notification
National Computer Security Information Response Team (CSIRT) Computer Emergency Response Team (CERT) |
Notification obligations in the event of a cyber-attack/data breach |
---|---|
National contact |
CARNet
|
Languages | Croatian and English |
Date of last WISER analysis | October 2017 |