The overall objective of the Project is to increase the security and resilience of Information Communication Technologies networks in the beneficiary countries by building and training local capacities to adequately prevent, respond to and address cyber attacks and/or accidental failures and by establishing an appropriate legal framework where applicable. The geographical scope of the project expands over selected countries in South East Europe and Western Balkans, namely namely the Former Yugoslav Republic of Macedonia (FYROM), Kosovo and Moldova.
Project consists of three main components that are as follows:
COMPONENT 1: Cyber security strategies and awareness raising
COMPONENT 2: C.E.R.T Capacity Building
COMPONENT 3: Enhancing Cooperation: PPPs and International cooperation
Where the main project results are:
- -Creation of a trans-regional cyber security coordination framework to increase the resilience of critical IT infrastructures, and the harmonisation of national legislation with the relevant EU standards in the field
- -Development of cyber threat analysis capacities of national authorities, and the creation of national specialised cyber security units;
- -Creation and/or the development of national Computer Emergency Response Teams (CERTs) and 24/7 Contact Points;
- -Introduction and/or the development of technical and organisational mechanisms ensuring resilience and preparedness, and first of all the creation of a National Cyber Security Strategy (NCSS);
- -Development of effective international cooperation in the field and national and regional network building between law enforcement, private sector, and CERTs.
Indeed, concerning the development of NCSS, Europe lacks a common/agreed definition of Cyber Security and this has historically brought to the definition of different NCSS across the EU member states. Cyber Security has also been recently the subject of many EC directives and communications.
At the heart of the project work on supporting NCSS developments in the targeted countries lies the ENISA NCSS Good Practice Guide.
According to ENISA, “Cyber Security is increasingly regarded as a horizontal and strategic national issue affecting all levels of society. A national cyber security strategy is a tool to improve the security and resilience of national infrastructures and services. It is a high-level, top-down approach to cyber security that establishes a range of national objectives and priorities that should be achieved in a specific timeframe. As such it provides a strategic framework for a nation’s approach to cyber security. (…)
The ENISA Guidelines present good practices and recommendations on how to develop implement and maintain a cyber-security strategy. Their structure follows the Deming ‘Plan-Do-Check-Act’ (PDCA) model used to control and continuously improve strategies, policies, processes and products. Four phases, each corresponding to the model steps, are proposed for the strategy lifecycle: development, execution, evaluation and adjustment.”
Guidebook states clearly the main steps of the NCSS process. They are as follows:
- -Set the vision, scope, objectives and priorities
- -Follow a national risk assessment approach
- -Take stock of existing policies, regulations and capabilities
- -Develop a clear governance structure
- -Identify and engage stakeholders
- -Establish trusted information-sharing mechanisms
- -Develop cyber-security contingency plans
- -Organise cyber-security exercises
- -Establish baseline security requirements
- -Establish incident-reporting mechanisms
- -Make citizens aware
- -Foster R&D
- -Strengthen training and educational programmes
- -Establish an incident response capability
- -Address cybercrime
- -Engage in international cooperation
- -Establish a public–private partnership
- -Balance security with privacy
- -Adjust the national cyber security strategy
They are clear benefits for countries willing to join the EU to consider the ENISA Guidelines has a useful tool for their NCSS (from sharing concepts/principles to shape NCSS accordingly to those developed in the Union).
However, local circumstances and country specific needs must be taken into account especially in the legal, regulatory and technical domains. The involvement of all main stakeholders is also mandatory as much as the identification of local NCSS “champions” who will advocate the need for such a development.
Current situation on Cyber Security (NCSS) / Cyber Crime (Legal Framework) domain in the Partner Countries of the Project is as follows:
The amended Law on Criminal Procedures that tackles Cyber Crime as well, entered into force in December 2013. A working group has been formed regarding the National Cyber Security Strategy. It consists of eight members from different Ministries as Ministry of Interior, Ministry of Information, Ministry of Health, Ministry of Defence and Ministry of Education.
FYROM took part in the EU/CoE joint project on cooperation against cyber crime in EU pre-accession countries (the so called “CyberCrime@IPA” project), launched by the European Union In November 2010 The project ended in 2013 with a closing conference held in Budva (Montenegro) on the 29 – 30 April.
Kosovo has approved the Law No.03/L –166 – “Law on prevention and fight of the Cyber Crime” with the support of the Council of Europe experts and in cooperation with the Ministry of Justice and Ministry of Transport and Communication. The Law is aligned and based upon the definitions and structure of the Budapest Convention.
As FYROM, Kosovo took part as well in the EU/CoE joint project on cooperation against cyber crime in EU pre-accession countries (the so called “CyberCrime@IPA” project), launched by the European Union In November 2010 The project ended in 2013 with a closing conference held in Budva (Montenegro) on the 29 – 30 April 2013.
Initial support on preparation of the National Cyber Security Strategy has been provided by the Roadmap project implemented by the e-Governance Academy of Estonia.
Digital Moldova National Strategy has been approved on 31st November 2013. An inter-ministry working group on Cyber Security has been established and their first meeting was held on 5th of February, 2014. Drafting of the National Cyber Security Strategy and revision of the Cyber Security Legislation are the key tasks of the working group. Cyber crimes are registered by prosecutors only when the crime is above 50,000 Lei (2725.00 Euro).
Moldova takes part in the EU/CoE joint Eastern Partnership regional project (CyberCrime@EAP), launched by the European Union in April 2011. The project will last 30 months and will end on the 31st August, 2013. It applies to Armenia, Azerbaijan, Belarus, Georgia, Moldova and Ukraine and it provides advice and assesses measures taken with regard to cyber crime legislation, specialised institutions, judicial and law enforcement training, law enforcement/service provider cooperation, financial investigations, international cooperation.
During the inception phase, the project team has identified the following related programmes and other donor activities as:
- -Council of Europe various projects as:
- -CyberCrime@IPA (Participating Countries: Albania, Bosnia and Herzegovina, Croatia, Montenegro, Serbia, “the former Yugoslav Republic of Macedonia”, Turkey and Kosovo.)
- -CyberCrime@EAP (Participating countries: Armenia, Azerbaijan, Belarus, Georgia, Moldova and Ukraine.)
- -MK-Skopje: IPA — Further institution and capacity building of the police service in the area of border management, community policing and fight against organised crime.
- -The overall objective of the project is further strengthening of the police capacities for border management, community policing and fight against organised crime. Within the project a specific component is related to our project called “Enhancing the capacities in the fight against cyber crime” with specific activities as:
- -Development of methodology for conducting of investigations in the area of cyber crime;
- -Preparation of training needs assessment report on investigative techniques for cyber crime;
- -Conducting trainings for trainers.
- -2013, Roadmap project – The e-Governance Academy of Estonia and the e-Government Center of the Republic of Moldova implemented a cyber security project.
- -NATO Science for Peace and Security Programme (SPS) organised an ‘Information Days’ in Chisinau on 5 and 6 June, 2013. The SPS visit boosted Moldovan experts understanding on how to respond to challenges to information networks and enhances the resilience of national capacities to address these threats.
CYBER SECURITY STRATEGY
Advice on creation and adoption of national cyber security strategies for the Partner Countries (FYROM, Kosovo and Moldova)
The ICTs and Internet are essential for economic and social development and form a vital infrastructure. Cyber threats are evolving and growing at a fast pace. As a consequence, the scope of almost all new Cyber Security strategies has evolved from solely protecting individuals and organisations as distinct actors, to also protecting society as a whole. The aim of this component is to advice partner countries in developing cyber security strategies in order to increase the global resilience and security of national ICT assets, which support critical functions of the state or of the society as a whole.
In order to achieve the result, the following steps have been planned:
- -Distribute to the partner countries Guidelines based on ENISA Good Practice Guide on National Cyber Security Strategies.
- -Involve the right stakeholders from the very beginning of the process to gain early ‘buy in’.
- -Define the vision and scope that set the high-level objectives to be accomplished in a specific time frame (usually 5-10 years).
- -Perform a comprehensive national risk assessment for determining the objectives and scope of the strategy.
- -Prioritise objectives in terms of impact to the society, economy and citizens.
- -Take stock of the current situation (e.g. policy, regulatory, operational, etc.).
- -Define a roadmap for the implementation of the strategy, which may involve the following steps:
- -Define concrete activities that would meet the objectives of the strategy.
- -Develop a master plan for the implementation of the strategy.
- -Develop concrete action plans for each activity.
LIST OF DOCUMENTS COLLECTED & REVIEWED
|1||Strategy||Cyber Security Strategy of European Union||EU|
|2||Strategy||French Cyber Security Strategy||France|
|3||Strategy||National Cyber Security Strategy||Hungary|
|4||Strategy||Czech National Cyber Security Strategy||Czech Republic|
|5||Strategy||National Cyber Security Strategy – Lithuania||Lithuania|
|6||Strategy||National Cyber Security Strategy||Romania|
|7||Law||Electronic Communications Law||FYROM|
|8||Law||Law on Personal Data Protection||FYROM|
|9||Strategy||STRATEGY FOR PERSONAL DATA PROTECTION IN REPUBLIC OF MACEDONIA||FYROM|
|10||Report||CoE / IPA – Country Profile||FYROM|
|11||Law||Kosovo Law on Prevention and Fight against CyberCrime – 2010-166||Kosovo|
|13||Law||Kosovo Law on Protection of Personal Data – 2010-172-eng||Kosovo|
|14||Law||Law on Electronic Communications||Kosovo|
|16||Report||Cyber Security in Moldova: Challenges, Trends and Responses||Moldova|
|17||Report||CoE Cybercrime Legislation – Country Moldova||Moldova|
|18||Report||CoE Cybercrime Legislation – Country FYROM||FYROM|
|19||Report||CoE Cybercrime Legislation – Country Kosovo||Kosovo|
|20||Presentation||CyberCrime legislation in Republic of Azerbaijan||Azerbaijan|
|21||Report||ITU: Understanding cybercrime: Phenomena, challenges and legal response||UN|
|22||Convention||Convention – 185 on Cyber Crime||CoE|
|23||Protocol||Protocol – 189 on Xenophobia and Racism (ETS 189)||Coe|
|25||Statement||EU statement on amendments to the criminal code in Azerbaijan||EU|
|26||Report||CoE Cyber@IPA Final Report||CoE|
|27||Guidelines||Guidelines for the cooperation between law enforcement and internet service providers against cybercrime||CoE|
|28||Guidelines||Human rights guidelines for Internet service providers||CoE|
|29||Strategy||Law Enforcement Training Strategy||CoE|
|30||Report||Internet Security Awareness Program in Georgia – Final Report||Georgia|
|31||Manual||A STEP-BY-STEP APPROACH ON HOW TO SET UP A CSIRT||ENISA|
|32||Manual||Steps for Creating National CSIRTs||Carnegie Melon Institute|
|33||Manual||Good Practice Guide for Incident Management||ENISA|
|34||Presentation||European Network for Cyber Security||ENISA|
|35||Handbook||CERT Exercises – Handbook||ENISA|
|36||Roadmap||Roadmap to provide more proactive and efficient Computer Emergency Response Team training||ENISA|
|37||Toolset||CERT Exercises – Toolset||ENISA|
|38||Report||Inventory of CERT activities in Europe||ENISA|
|39||Guide||A basic collection of good practices for running a CSIRT||ENISA|
|40||Guide||Computer Security Incident Handling Guide||
|41||Guide||Best Practices for National Cyber Security: Building a National Computer Security Incident Management Capability||Software Engineering Institute|
|42||Report||Assessment Report CyberCrime@IPA||CoE|
|44||Report||Cyber Europe 2012 – Key Findings Report||ENISA|
|45||Report||Cyber Europe – Evaluation Report||ENISA|
|46||Report||IMPACT – International Multilateral Partnership against Cyber Threats||ITU|
|47||Report||Addressing Cyber Security Through Public-Private Partnership||INSA|
|48||EC Digital Agenda||European Commission Digital Agenda||EC|
|49||EU Standards Recommendations||Cyber Security Coordination Group Recommendations on Cyber Security EU standards||Cyber Security Coordination Group|
Adetef & Civi.pol Conseil Consortium.
 ENISA Guidebook on National Cyber Security Strategies_Final document” it should be in ” ” and also put a source document with Page nr. 7 (Introduction)
 ENISA Guidebook on National Cyber Security Strategies_Final document (attached here), Page 39. Under 5. Conclusions.