National Cyber Security Strategy
Cyprus has adopted the national cyber security strategy in 2012.
The national strategy has the following aims and objectives:
- the development and preservation of a safe and secure electronic business environment in Cyprus,
- support of the targets of the government that have been identified in the ‘Digital Cyprus’ strategy programme to develop conditions for an Information Society,
- the development of trust, on behalf of citizens and organisations/businesses, in e-government services, including the preservation of information and data in transit, processing and storage,
- the establishment of a safe electronic environment in the Republic of Cyprus for all of its citizens, including children,
- the mitigation of the effects of threats in cyberspace and the effective response to emergencies,
- the support of a future coordinated national response plan for the protection of critical infrastructures (beyond ICT) in the Republic of Cyprus.
Current status: National Cyber Security Strategy
|Year of adoption||2012 CYBERSECURITY STRATEGY OF THE REPUBLIC OF CYPRUS|
|Updates and revisions||
In 2006, the Ministry of Communications and Works (MCW) approved a policy document3, through which a number of specific actions in the area of network and information security are promoted, via OCECPR: the formation of Computer Emergency Response Teams (CERTs / CSIRTs), the creating of an institutional framework for the security and integrity of information infrastructures, and the raising of awareness of all stakeholders and Cypriot society about relevant security matters.
|Implementation and monitoring||
The competent/related authorities that are involved at this stage are the following:
The following authorities of the Republic of Cyprus are to be kept informed of the activities described herein and are observers at this stage:
It is noted that the competent authority of the Republic of Cyprus that has responsibilities relating to Classified Information (CI) and European Union Classified Information (EU CI) is the National Security Authority.
The main laws in the field of cybercrime in Cyprus are:
The Office of the Commissioner of Electronic Communications and Postal Regulation (OCECPR) is an independent regulatory authority of the Republic of Cyprus in matters of electronic communications and postal services, with additional responsibilities in the areas of terminal equipment, network and information security and protection of critical information infrastructures. It has been designated as the body responsible for coordinating the implementation of the National Cybersecurity Strategy of the Republic of Cyprus, which concerns the pillars of network and information security (cybersecurity), cybercrime, cyberdefence and related external affairs.
OCECPR is responsible for the creation and coordination of a body or bodies for response to incidents related to Network and Information Security (CSIRTs - Computer Security Incident Response Teams or CERTs - Computer Emergency Response Teams) in Cyprus. It also supervises and regulates the activity of the above CSIRT / CERT entities.
OCECPR, with secondary legislation, sets minimum standards for the security of public networks and networks that offer electronic communications services to third parties, and monitors the level of implementation of relevant organisational, procedural and technical measures. It is also responsible for receiving security breach notifications, related to the networks and personal data of the consumers, and disseminating them as deemed necessary for national level cooperation, but also to other Member States of the European Union, ENISA and the European Commission.
|Public private partnerships||
At the moment, there is public-private cooperation in the fields of awareness for cybersecurity and in the creation of a cybercrime centre of excellence. A biennial CYpBER conferece is providing a liason between Cyprus government and private sector representatives dealing with cybersecurity concerns (mostly related to oil and gas industry).
|Sector specific cyber security plans||There is no legislation or policy in place in Cyprus that requires the establishment of a written information security plan.|
|Risk assessment plan||No information provided.|
No information currently available.
|Date of last analysis||
Current status: NIS Directive and national CERTs/CSIRTs
|Computer security incident response teams (CSIRTs)||
There is not a clear incident reporting platform for the collection of cybersecurity incident data in Cyprus. The lack of a CERT or similar authority means cybersecurity incident data is not centrally logged.
Office of the Commissioner of Electronic Communications and Postal Regulation (OCECPR): http://www.ocecpr.org.cy/
Department of Information Technology Services (DITS)
National Security Authority
Central Intelligence Service
Department of Electronic Communications (DEC)
No information currently available.
|Report an incident|
|Date inserted||October 2016|