Austria (AT)

The Austrian national cybersecurity strategy (Österreichische Strategie für Cyber Sicherheit - ÖSCS; Austrian Cyber Security Strategy) was launched in 2013 as a comprehensive and proactive concept for protecting cyberspace and the people in the virtual space while guaranteeing human rights by enhancing the security and resilience of Austrian infrastructures and services. It also builds awareness and confidence in the Austrian society.
It covers 11 out of the 15 strategic goals in the ENISA self-assessment classification. These goals are: Cybercrime; critical information infrastructure protection; national cyber contingency plans;  international cooperation; public private partnership; incident response capability; international cooperation between public agencies; baseline security requirements; incident response reporting mechanisms; R&D; cybersecurity exercises; cross-sectoral cyber exercises for SMEs; training and educational programmes.

The Bundeskanzleramt (corresponding to the National Government Offices) has established a strategic cooperation with the authorities of Sweden during the annual Austrian-Swedish Cyber Security Program. The program links together leading Swedish and Austrian operators of critical infrastructure in telecom, finance, energy and transportation with selected cutting edge technology providers with solutions to meet future cyber security needs. The network includes Raiffeisen Bank Group, Erste Bank Group, A1 Austria Telecom Group, Drei Hutchinson, Vienna Airport, Energy Company EVN, Energie AG, Wiener Energie, Post and Telecom Regulator RTI, Ministry of the Interior, Ministry of Defense, IAEA & UNOD.



Cybersecurity education in the national strategy

The strategy is to fully incorporate ICT, cybersecurity and media competence into the school curriculum in all types of schools. 

ICT security issues and cyber security become an integral part of a model for “digital competence” – adjusted to the curriculum of the respective type of school – so as to create awareness for security issues and to help children learn a responsible use of ICT and new media.
ICT (security) competence is included in the training programmes of pedagogical universities and other pedagogical institutions at tertiary level as a prerequisite for teaching these skills at school as well as in adult education centres.
The training of experts in the public sector responsible for improving cyber security is intensified in cooperation with national and international training facilities.
The ICT system administrators of the operators of critical infrastructures should receive cyber security training to enable them to recognise cyber incidents, to detect anomalies in their ICT systems and to report them to their security officers (Human Sensor Programme).


Cybersecurity research in the national strategy

Cyber security issues must increasingly be taken into account in applied cyber research as well as in security research programmes such as KIRAS. Efforts should be made to achieve active thematic leadership in EU security research programmes.

Measures to strengthen Austria’s research in the area of cyber security are:

-  Making cybersecurity a key research priority in the framework of national and EU security research programmes.

- Tasking relevant stakeholders in administration, economy and research will develop the conceptual framework and technological instruments to enhance Austria’s cyber security standards in joint projects. 

- Prioritising measures that help to turn research and development findings speedily into marketable products and further develop research projects under A-SIT.

Austria should strive for an active thematic leadership in EU security research programmes and contribute themes which it considers important to international
research programmes. 

Higher Education Courses on Cybersecurity
  • University of Applied Sciences Upper Austria (FHOÖ) – Bachelor Degree in Security of Information Systems. Year established: 2000. Student intake: 48. European Credit Transfer System (ECTS): 180.
  • Sankt Pölten University of Applied Science – Bachelor Degree in IT Security. Year established: 2006. Student intake: 50. European Credit Transfer System (ECTS): 180. Focus: System security, network security, component security, SW security.
  • FH Joanneum – Bachelor Degree in IT and Mobile Security. Year established:  2006.  Student intake: 25. European Credit Transfer System (ECTS): 120. Focus: System security, network security, component security, SW security with other course components not specified. 
  • FH OÖ – Master in Security of Information Systems. Year established: 2004. Student intake: 20. European Credit Transfer System (ECTS): 120. Focus: System security, network security, component security, SW security with other course components not specified. 
  • Sankt Pölten University of Applied Science – Master in Cybersecurity and Resilience. Year established: 2020. Student intake: 30. European Credit Transfer System (ECTS): 120. Focus: System security, network security, component security, SW security; organisational, risk management, business, compliance disciplines.
  • Sankt Pölten University of Applied Science – Master in Information Security. Year established: 2009. Student intake: 36. European Credit Transfer System (ECTS): 120. 
  • FH Campus Wien – Master in IT security. European Credit Transfer System (ECTS): 120. Focus: System security, network security, component security, SW security. 
  • Alpen-Adria University of Klagenfurt – Master in Artificial Intelligence and Cybersecurity. European Credit Transfer System (ECTS): 120. Focus: System security, network security, component security, SW security. 
  • TU Wien - MSc Software Engineering and Internet Computing - Specialization in Security and Privacy. Year established: 2020. European Credit Transfer System (ECTS): 120. Focus: System security, network security, component security, SW security. 
  • TU Wien - Doctoral College for Secure and Intelligent Human-Centric Digital Technologies. Year established: 2020. Student intake: 10. Research focus: Interdisciplinary by establishing synergies between different research fields (security and privacy, machine learning, and formal methods). The research programme includes: Design of machine learning algorithms resistant to adversarial attacks; design of machine learning algorithms for security and privacy analysis; security analysis of personal medical devices; design of secure and privacy- preserving contact tracing apps; enforcement of safety for dynamic robots.

Business and Public Private Partnerships

Co-operation with private operators of critical infrastructures and other economic sectors is considered a crucial part of the 2013 national strategy.

The Austrian Cyber Security Platform acts as an umbrella for various forms of cooperation between the Austrian Trust Circle, which is an initiative between, the government and GovCERT Austria, Cyber Security Austria and Kuratorium sicheres Österreich. The platform is in charge of the institutional framework for the permanent exchange of information in public administration and with representatives of the economy, science and research with all stakeholders taking part on an equal footing. The Platform also has the remit to advise and support the national Cyber Security Steering Group.

IT/Cybersecurity Clusters

Silicon Alps Cluster GmbH has a broad remit in ensuring the supply of qualified people to work in business, industry verticals and new technologies. In terms of cybersecurity, it supports dedicated exercises, such as nationwide cross-sectoral cyber exercises, including SMEs and sector-specific small companies. operating in will be organised and held at periodic intervals.

Professional Cyber  Registers

The CyPR is all about boosting opportunities in the cybersecurity marketplace. 

This European Cybersecurity Professional Register is the place where professionals of any age can promote their specific skill sets and experiences in cybersecurity, courses taken and qualifications.
Organisations of any size or sector (from SMEs to large companies and public institutions can find and contact the right skills and experiences they need to improve their IT security posture.

Latest  updates & Disclaimer

January 2021

The information contained here is based on desk research carried out by CYBERWISER, including the ENISA interactive maps on national strategies and educational courses. 



Cybersecurity Response Teams: GDPR and NIS Directive Compliance and Notification

Notification obligations in the event of a cyber-attack/data breach

NIS Directive (operators of essential services and digital service providers): actual, adverse and significant impact on the continuity of essential services. Actual, adverse and substantial impact on the provision of enumerated digital services.

GDPR (any organisation dealing with the data of EU citizens): accidental or unlawful destruction, loss, altercation, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed.

National Computer Security Information Response Team (CSIRT)

Computer Emergency Response Team (CERT)

GovCERT Austria

Guidance and Updates

The most detailed and up-to-date website on cybersecurity in Austria is the Cyber Security Platform (CSP; German), which provides information also on upcoming events and training.

Languages German and English
Latest update & Disclaimer

January 2021

The information contained here is the result of desk research. 


Contact us for more info


Austria (AT) | Cyber Range & Capacity Building in Cybersecurity


The website encountered an unexpected error. Please try again later.