The Cyber Security Strategy of the Czech Republic for the period from 2015 to 2020 was led by the National Security Authority (NSA) and implemented by the government in 2015.
Updating the 2012 strategy, it covers 9 of the 15 strategic goals in the ENISA self-assessment classification. These strategic goals are: Security and privacy balance; citizen awareness; critical Information Infrastructure protection; international cooperation; public-private partnership; incident response capability; institutionalised form of cooperation between public agencies; R&D; cyber security exercises.
The National Cyber and Information Security Agency (NCISA) plays a key role in the implementation of the strategy, priorities of which include:
- Prompt & reliable assistance to NCSC's constituency – administrators of the strategic ICT networks defined by the Cyber Security Act.
- Continue to invest in NCSC's human capital through employees training.
- Further develop the ICS-SCADA & forensics lab.
Annual reports and progress checks are part of the Action Plan.
EDUCATION AND TRAINING IN NATIONAL STRATEGY
|Roles of Education and Research in the national strategy||
NCISA , the national cybersecurity centre, has the remit to cover both education and research.
Education, awareness raising and information society development:
Research and development; consumer trust:
|Education on cybersecurity||
The NCISA education department targets civil servants and employees of public administrations, including security forces, as well as pupils and students of all age groups and levels of education. Cooperation with universities includes lectures and seminars and the preparation of cybersecurity experts. At citizen level, there are activities mainly for parents to support the uptake of digital technologies amongst children.
|Research on cybersecurity||
As the national contact centre for the research and development of cybersecurity and the protection of classified information, NCISA creates informational and analytical materials for the security community and supports the coordination of research activities, including research needs, challenges and priorities in the field of internet security through its dedicated Research Department.
It also cooperates with the private sector, including cooperation on national and international research projects and developing and implementing security technologies used by state and public institutions.
Higher Education Courses on Cybersecurity
|Public Private Partnerships||
NCISA cooperates with private sector and it also raises general awareness of NCISA’s activities and cooperation possibilities through regular meetings and mutual information sharing. NCISA has also established close cooperation with selected private companies (non-EU grown companies like Microsoft and Cisco) to exchange information about cyber security threats, trends and proven practices.
Within its constituency there are only businesses of stategic importance regulated by the Cyber Security Act, helping them safeguard their critical information infrastructure, providing them with security information and assistance, and enhancing their knowledge about internet security. Most of the Czech businesses, including internet service providers, deal with the National CSIRT Team of the Czech Republic (CSIRT.CZ).
The NSA has an ‘agreement on the government's security programme’ with Microsoft, under which the parties are able to share and exchange cyber security information, which means that the NSA has access to Microsoft products’ source codes and documentation. A similar information exchange agreement has been concluded between NSA and Cisco. Based on this memorandum of understanding, these two entities share cyberthreat information and exchange information on current cyber security trends and best practices.
A private cooperative industrial cybersecurity cluster operates through the Network Security Monitoring Cluster (NSM Cluster) focusing on network and IT security. Its activities include networking and know-how sharing; education and training about network security monitoring; and information sharing on network security trends. It also interacts with other associations and international organisations on network security monitoring and IT security topics, for example, with ENISA and IT Security in Germany.
|EU Cyber Professional Register for national stakeholders||
The CYBERWISER.eu CyPR is all about boosting opportunities in the cybersecurity marketplace.
This European Cybersecurity Professional Register is the place where professionals, junior or senior, can promote their specific skill sets and experiences in cybersecurity, courses taken and qualifications.
Organisations of any size or sector (from SMEs to large companies and public institutions can find and contact the right skills and experiences they need to improve their IT security posture.
The information contained here is based on desk research carried out by CYBERWISER.eu, including the ENISA interactive maps on national strategies and educational courses.
CYBERSECURITY RESPONSE TEAMS: GDPR and NIS Directive: Compliance and Notification
National Computer Security Information Response Team (CSIRT)
Computer Emergency Response Team (CERT)
Notification obligations in the event of a data breach
NIS Directive (operators of essential services and digital service providers): actual, adverse and significant impact on the continuity of essential services. Actual, adverse and substantial impact on the provision of enumerated digital services.
GDPR (any organisation dealing with the data of EU citizens): accidental or unlawful destruction, loss, altercation, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.
The Regulation on Cyber Security also specifies the procedures for the reporting of cyber incidents, both to GovCERT.CZ (website in Czech/ English) and to CSIRT.CZ (website in Czech only). A report is to follow a predefined form and can be submitted via an e-form on the respective website, via e-mail, data mailbox, specified interface, or on paper.
For the non-incident related messages, use the firstname.lastname@example.org
If it is not possible (or not advisable for security reasons) to use e-mail, the GovCERT can be reached by telephone at +420 725 875 205.
The GovCERT's hours of operation are generally restricted to regular business hours (09:00-17:00 Monday to Friday except holidays).
|Guidance and updates||
Information about the threat landscape and related services can be found here: https://www.govcert.cz/en/government-cert/provided-services/. Most of the other updates on GovCert CZ are on events and announcements: https://www.govcert.cz/en/info/events/.
|Languages||Czech and English|
|Latest update & Disclaimer||
The information contained here is the result of desk research carried out by CYBERWISER.eu.