Main Page

Logo NÚKIB

Organizational Structure

The National Cyber and Information Security Agency (NÚKIB)
Director
Ing. Lukáš Kintr

  • Legal and Administrative Division
    • Legal Department
      Provides complete legal services for the Agency’s operations and secures the fulfilment of various obligations stemming from the Agency’s position as a central administrative body. The Legal Section is also the administrator of selection processes and public orders, which includes the creation and maintenance of contractual documentation. Furthermore, the Legal Section is responsible for dealing with transgressions under the jurisdiction entrusted to the Agency and oversees further proceedings led by the Agency.
      • Legal Unit 
      • Public Procurement Unit
    • Operational Department
      • Accounting Unit
      • Budget Unit
      • Operational and Service Unit
        Coordinates and provides material and technical provisioning for the Agency except for information and communication technologies and keeps an inventory of all the Agency’s property. It also coordinates and provides services associated with real estate administration and participates in the operation of the Agency’s facilities; establishes relations with outside building administration organizations (supplies of energy, water, gas, heating, etc.); and inspects technological equipment. It oversees the maintenance of all property and assures the operation and service of the Agency’s vehicles.
        • Vehicle Fleet Working Group
      • Investments Unit
        Assigns and leads the creation of investment projects and assures their completion. It submits proposals for construction and repairs to the Agency’s property of an investment nature and proposes these for the relevant year’s budget. It prepares and maintains project documentation including discussion of individual projects as part of pre-project, project, and execution activities. Submits zoning and construction permit requests on behalf of the Agency as well as other permits necessary to complete projects. It prepares and builds construction projects and repairs to the Agency’s property of an investment nature that will be performed on the basis of a construction permit. It acts as the investor in construction projects of all kinds that it prepares and executes. It provides all necessary pre-requisites associated with putting a facility into operation.
    • Human Resource and Education Unit
      Performs activities in human relations, education, wages, and social policies in accordance with the Labour Code and all associated regulations. It oversees the observance of all employment regulations and keeps employee records. It organizes recruitment and offers internships to university students. It participates on the creation of labour regulations and internal management.
  • Security Department
    • Physical Service Unit
    • Personnel Security and Crisis Management Unit
    • Information Security Unit
    • Cyber Security Manager
    • Records and Archive Service Unit
    • Cyber Security Architect
  • National Cyber Security Centre (NCSC)
    • Government CERT Department (GovCERT)
      • Reactive Unit
        The department’s main task is the initial coordination, evaluation, and resolution of cyber security incidents and managing communication channels with other entities.
      • Operational Technology Security Unit
        Department deals with cyber security threats to industry-orienatated technologies and control systems that are part of the Czech infrastructure. Department also contributes to the process of regulations and controls of subjects that runs operational technologies.
      • Network Traffic Analysis Unit
        The unit deals with cyber security related to computer networks. The department’s main task is (forensic) investigation of cyber attacks, identifying malicious activities in network logs and close cooperation with incident handling while investigating active incidents. The department also operates its own detection systems, where it proactively searches for attackers in order to prevent greater damage.
      • Analytical Unit
        Examines data and forensically analyses computers, mobile devices, and artefacts created in association with security incidents. It also analyses malware and performs reverse engineering.
      • SecOps Unit
        The SecOps (Security Operations) Department develops, deploys, and secures applications that are on the bleeding edge of technology. These activities are performed for the internal needs of the GovCert section, and for the needs of cooperating external entities. The projects the department works on includes the Cyber Czech exercises, which are the largest cyber exercises in the country. SecOps experts also significantly contribute to the oversight of entities so mandated according to the Cyber Security Law.
      • Penetration Testing Unit
        Performs penetration tests to asses security. It currently offers external and internal penetration tests, testing of mobile apps, WIFI networks, denial of service, as well as tests to specific devices or implementing new technologies upon agreement.
        • Network Services Testing Working Group
    • Regulation Department 
      The Regulation Department deals with issues regulated by Act No 181/2014 Coll. on Cyber Security. It communicates with regulated entities, whether in relation to their regulation or in providing methodological support. It participates in the preparation of legislation on cyber security and plays a crucial role in identifying and protecting critical information infrastructure, important information systems, and essential services’ information systems within the Czech Republic.
      • Private Sector Regulation Unit
        Ensures the identification of operators of essential services. Applies, preserves and interprets Decree No 437/2017 Coll., on the Criteria for the Determination of an Operator of Essential Service. Ensures the identification of critical information infrastructures in the private sector. Provides interpretation and support in private sector regulation. Communicates with the relevant controllers.
      • Public Sector Regulation Unit
        Ensures the identification of important information systems. Applies, preserves and interprets Decree No 317/2014 Coll., on Important Information Systems and their Determination Criteria. Ensures the identification of critical information infrastructures in the public sector. Provides interpretation and support in public sector regulation. Communicates with the relevant controllers.
      • Information Technology Supplier Regulation Unit
        • Supply Chain Security Working Group
      • European Certification Working Group
    • Audit Department
      Oversees the adherence of regulated entities to the Cyber Security Law. Together with the Regulation Department, it contributes to creating cyber security legislation and offers methodological support to regulated entities. It also cooperates with other oversight bodies when their jurisdiction overlaps into cyber security.
      •  Audit Unit 1
      •  Audit Unit 2
      •  Audit Unit 3
  • Information Security Division
    • ICT Security Department
      • Cryptographic Resource Development Unit
        Undertakes and provides basic and applied research and development in cryptology, crypto-analysis, and cryptologic resources; develops and approves national encryption algorithms; and creates the national cryptographic security policy. It also provides the development of cryptologic patterns for use in cryptologic resources to protect classified information (CI); analyses and evaluates encryption systems and cryptologic algorithms designated to protect CI; and contributes to the Agency’s public orders in the area of research, development, and production of cryptographic resources.
      • Information and Communication System Certification Unit
        Fulfils tasks issued by the National Security Communication Centre; certifies information systems used to handle classified information (CI); approves security projects for communication systems used to handle CI; fulfils the Agency’s tasks as the body charged with certifying information systems that handle CI for NATO and the EU and other international organizations; evaluates information systems that handle CI from NATO, the EU, and other international organizations; maintains communication with NATO, EU, and other international organizations to certify information systems and maintain continuous oversight of certified systems according to the demands of NATO, the EU, and other international organizations.
      • Cryptography Resources and Facility Certification Unit
        Secures and provides certification of cryptographic resources (CR) and sets security standards in the certification of CR; certifies cryptographic facilities (CF) and sets security standards for CF. It approves the qualifications of materials to assure CR; approves projects that add CR into mobile and temporary systems. It communicates with the NATO, the EU, and other international organizations to assure international certification (approval) of CR by these organizations. It participates in oversight of selected areas in the protection of classified information within the Czech Republic. It secures and oversees the qualifications of cryptographic protection workers (specialized tests).
      • TEMPEST Unit
        Fulfils tasks issued by the National Centre for Measuring Compromising Electromagnetic Radiation from the point of view of classified information (CI) leaks through electromagnetic radiation; undertakes zonal evaluation of CI procession spaces; the certification of shielded chamber that protect CI; analyses and evaluates cryptographic resources from the point of view of protection from compromising radiation; and preventing the use of information-gathering resources in areas where negotiations take place.
      • National Distribution Centre Unit
        Assures and fulfils tasks from the National Centre for the Distribution of Cryptographic Material (NCDCM); assures and performs oversight of the qualifications of cryptologic protection workers (tests of qualifications); assures and undertakes the production of key materials to operate cryptographic resources; distributes key materials and cryptographic resources; assures the maintenance and service of specialized devices for the production of key materials and cryptographic resources.
        •  CDA Working Group
      • Technical Support Unit
      • Cryptologic Analysis Unit
    • Information Technology Department (ITD)
      • Network Infrastructure and Supervision Unit
        Systemically supports the ERP application, HR, wages, and the case service. Installs systems, supports users, administration, optimization, and maintenance of databases for the above-listed systems. Deals with strategic and development intents in information systems (JIS, new locations, GDPR, etc.). Operates the Registration Certification Authority for x509 employee certificates. Issues server x509 certificates (CESNET) and certificates for FW (probes). Creates and updates the DRP plan for key applications.
        • Operational Supervision Working Group
      • Server Infrastructure Unit
        Installs, prepares, administers, and optimizes server infrastructure. It also administers the virtualization environment, mail services, data repositories, and physical servers. It also maintains the operation of internally developed tools for secure communication. It maintains all the Agency’s communication channels.
      • Client Support Unit
        Supports IT users. It deals with hardware and software problems at user workstations and devices. It procures necessary IT acquisitions. Transfers documents to inventory.
        • Special Means Working Group
      • Application Support and Development Unit
      • IT Planning, Economics and Logistics Unit
    •  Satellite Services Security Unit
      Responsible for the implementation and operation of the publicly regulated services of the Galileo system in the Czech Republic and coordinates all activities associated with access to PRS information and technology. In accordance with valid European legislation (1104/2011/EU), it fulfils the role of a Competent PRS Authority while specifically taking responsibility for organizating access and granting access rights to authorized users; protection and distribution of classified PRS information; processing of operational and security regulations to use the PRS; and evaluate the potential risks to the PRS, including defining appropriate resolutions and preventive measures. It is a contact point for a permanent connection to the PRS security centre, to which all security violations and incidents, as well as disruptive electromagnetic interference on frequencies reserved for the PRS, are reported.
  • Strategic Affairs and Engagement Division
    • Central Analytics Department
      • Strategic Analysis Unit
        The unit analyses and monitors cyber threats, risks, and actual trends in the field of cyber security. It evaluates their political and security context as well as the impact of incidents. In connection with those, it provides the analytical support within NÚKIB and externally to Czech officials and stakeholders and foreign partners. In the cooperation with CERT, it develops an advanced analytical capacity known as Cyber Threat Intelligence (CTI).
      • Information Investigation Unit 
        Based on open-source intelligence (OSINT), the unit provides analytical support to relevant units and departments within NÚKIB. It also provides analytical support to external partners in specific areas.
      • Data Management and Analysis Working Group
        The working group provides data analysis and development/management of data and analytical tools to other units and departments within NÚKIB.
    • Department of International Cooperation and the European Union
      • Multilateral Cooperation Unit 1 and 2
        These units are responsible for handling a range of issues within the scope of the Agency, including the agendas of the EU and NATO, as well as those of other international organizations like the UN, OECD, OSCE, and ITU. The units also focus on capacity building and public international law. They prepare and coordinate positions of the Czech Republic on proposals for EU legislation and participates in key negotiations within the EU. Additionally, the units are responsible for coordinating the negotiation and implementation of international agreements and non-legally binding documents related to cooperation.
      • Bilateral Cooperation Unit
        The unit is responsible for fostering and strengthening bilateral cooperation with the partners of the National Cyber and Information Security Agency. It sets priorities for negotiations and keeps records of negotiations with foreign partners, evaluating their outcomes. The unit assists the Director in preparing for and participating in negotiations and provides support during these negotiations. In addition, the unit collaborates with other units in preparing and organizing international events.
    • Exercise and Education Department
      • Exercise Unit
        The unit coordinates and prepares a diverse range of technical and non-technical cyber security exercises at the national and international levels, such as Cyber Czech, Cyber Coalition, Locked Shields, and CMX. In addition, it is responsible for creating and executing cyber security exercises targeting primarily regulated entities and other partners, as well as consulting on exercises prepared by these organizations. The unit also shares its expertise and best practices through lectures to the expert community.
      • Education Unit
        The unit is responsible for organizing educational and awareness activities, conferences, and trainings related to cyber security. These activities target public servants and other individuals with roles specified in the Cyber Security Act, as well as "vulnerable" groups such as children, students, and senior citizens. In addition, the unit develops and delivers e-learning courses on relevant topics. It also collaborates with other organizations and stakeholders in the field of cyber security education and awareness. It also fulfills the role of an authorising body for professions in the field of cyber security (in accordance with Act no. 179/2006 Coll., on Verification and Recognition of Further Education Results and on the Amendment to Some Other Acts).
    • National Strategy and Policy Unit
      The unit is responsible for preparing long-term strategies and providing expert analysis and recommendations to ensure that the NUKIB and the Czech Republic achieve their cyber security goals effectively. This includes providing material and legal support and participating in the development of cyber security policies. The unit also coordinates and harmonizes cyber security efforts across public administration, and works to foster a cohesive national cyber security community within the Czech Republic. In addition, it engages in intensive cooperation with partners from both the public and private sectors, both nationally and internationally.
    • Research, Development, and Innovations Unit
      The unit coordinates research and innovation activities in cyber and information security. It is responsible for preparing National Plan for Research and Development in Cyber and Information Security and for fulfilling its goals. The unit also runs the National Coordination Centre in accordance with the Regulation (EU) 2021/887 of the European Parliament and of the Council establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres. Furthermore, it supports NÚKIB and Czech research community to engage in research and development projects.
  • Director’s Cabinet
    • Communication Unit
    • Planning and Management Unit
    • Project Office Unit
      Ensures efficient management of a wide portfolio of NÚKIB projects throughout their entire life cycle. It fulfills these functions: participates directly in the implementation and management of projects, or assists projects methodologically. It issues binding guidelines and methodological materials for the organization, helps to verify the quality of project management. It ensures and supports education in the field of project management. Participates in the creation of the Czech Republic's policy in the area of co-financing of the cyber security from EU funds. It also assists in utilizing opportunities for drawing resources from the EU – for its own organization and beyond its borders
    • Government Agenda and Legislation Unit
      Coordinates and realizes the agency’s powers in the legislative process and offers opinions on legal regulations in the Agency’s area of expertise. It oversees the preparation of non-legislative materials presented to the Cabinet, National Security Council, the Committee for Cyber Security, or other state bodies, or it creates these materials itself. It also oversees the cabinet’s agenda and strategic communication with ministries and other state institutions.
  • Strategic Communication and Development Unit
  • Security Director
  • Cyber Security Auditor
  • Internal Auditor
  • Data Protection Officer (DPO)