National Cyber and Information Security Agency

Public authorities and legal or natural persons that are bound by obligations in the cyber security field are as follows:

a) An electronic communication service provider and an entity operating an electronic communications network, unless they are public authorities or legal or natural persons specified in letter b)
b) A public authority or legal or natural person administrating an important network, unless they are the operator or the administrator of a communication system according to letter d)
c) An operator and an administrator of a critical information infrastructure information system
d) An operator and an administrator of a critical information infrastructure communication system
e) An operator and an administrator of an important information system
f) An operator and an administrator of an information system of essential service, unless they are the operator or the administrator specified in letters c) or d)
g) An operator of an essential service, unless they are the operator or the administrator specified in letter f)
h) A digital service provider

Obligations given by the Act on cyber security
Four main obligations:

introduce and implement security measures to the extent necessary for ensuring cyber security of the information or communication system of critical information infrastructure (security measures based on ISO 27001 and ISO 27002)
- Security measures are a set of activities with the purpose of ensuring the security of information in information systems and the availability and reliability of services and electronic communication networks in cyberspace. Security measures are organisational measures and technical measures. Extent of security measures for obliged public authorities and legal or natural persons is set by implementing legal regulation (The Decree No 82/2018 Coll. on Security Measures, Cybersecurity Incidents, Reactive Measures, Cybersecurity Reporting Requirements, and Data Disposal (the Cybersecurity Decree).
announce contact details
- Contact details mean the following:
  1. For a legal person, the trading company or the name, registered office address, identification number of the person or similar number assigned abroad.
  2. For a natural person pursuing business, the trading company or the name including a differentiating amendment or other designation, registered office address and identification number of the person.
  3. For a public authority, its name, registered office address, identification number of a person, if assigned, or an identifier of the public authority if an identification number was not assigned.
  4. Also including information about a natural person that is entitled to act on behalf of the public authority or the legal or natural person specified in Section 3 in issues governed by this act, i.e. his/her name, surname, phone number and email address.
report cyber security incidents
- Obliged persons are obliged to report cyber security incidents in their important network, in their information or communication system of critical information infrastructure, or in their important information system immediately after their detection; this shall not affect their obligation to provide information according to another legal regulation or directly applicable European Union regulation governing personal data protection. If the cyber security incident has a significant impact on the continuity of the provision of an essential service, the essential service operator shall inform the Agency of this fact.
apply the warnings and reactive or protective measures imposed by the National Cyber and Information Security Agency
- Measures are actions that are needed to protect information systems or services and electronic communication networks from a threat in the field of cyber security or from a cyber security incident, or to resolve an already occurred cyber security incident. Obliged persons are obliged to apply the measures.

News

NÚKIB Representatives Co-Organized a Cyber Security Exercise in Albania

On 3 April 2024, a cyber exercise was held in Tirana, Albania, which was designed as an interactive, non-technical tabletop exercise aimed at high-level decision-makers, including security and strategic communication experts. The National Cyber and Information Security Agency (NÚKIB) was represented by Irena Adler Pavelková and Miroslava Čavojská from the Exercise Unit, who were directly involved in the preparation of the exercise scenario, its presentation, and moderation of the discussion among the participants. The exercise was organized within the framework of the EU Cybersecurity Capacity Building in the Western Balkans, which the Estonian governmental organization e-Governance Academy led in cooperation with the Dutch non-profit organization CILC.

In collaboration with colleagues from the Albanian National Authority for Electronic Certification and Cyber Security (AKCESK), a scenario was prepared for participants from various government institutions and bank representatives, including the Bank of Albania. The scenario focused on the escalating cyber crisis in the banking sector and highlighted the multidimensional nature of cyber threats. One of the objectives of the simulation was to discuss Albania's new cybersecurity legislation and to focus on cooperation and crisis communication between the institutions involved. The cyber exercise was also attended by the Deputy Prime Minister of Albania, Bellinda Balluku, who expressed her support for the project while emphasizing the importance of cyber security and increasing the resilience of the whole society in cyberspace.

Celá zpráva 2024-04-09

Obliged persons