Iceland (IS)

Current Status:
The Minister of the Interior has released the Icelandic National Cyber Security Strategy for Iceland - for 2015–2026 and a 3 year Action Plan (2015-2018).

Principles:

The social aims of the strategy are:

  • To enhance the security of individuals and groups in society by increasing cyber security
  • To promote the integrated functioning of important elements of the infrastructure of society by increasing the resilience of cyber systems to cope with hazards.
  • To establish closer collaboration and coordination on cyber security between Icelandic and international authorities.

Main goals:

  • Increased capacity to prevent and respond to cyber security threats
  • Increased resilience 
  • Improved legislation in line with international commitments
  • Reliable law enforcement as regards cyber security.

National Cyber Security Strategy

Year of adoption The Icelandic National Cyber Security Strategy (English) was approved by the Minister of the Interior in April 2015 together with the action plan for 2015-2018.
Updates and revisions

The strategy will be reviewed as necessary, at minimum every four years, and measures based will be designed to cover shorter periods.

Past:

In June 2013, the MOI appointed a task force to address its strategy on cyber security. Its main task was to formulate government strategy in order to protect IT infrastructure elements relevant to Icelandic national security.  
Implementation and monitoring

In order to put the cyber security strategy into action, it is proposed that a special Cyber Security Council shall be appointed, consisting of representatives of the government bodies involved in the implementation of the strategy. Moreover, a Cyber Security Forum should be set up, representing stakeholders both public and private entities.

Supervision of implementation of the strategy is to be the responsibility of the Cyber Security Council, which will be appointed by the Minister of the Interior.

The Cyber Security Forum will be able to coordinate projects involving stakeholders, in part or in their entirety, and create a basis for collaboration on specific projects, addressing cyber security in demarcated areas.

Legal conditions

The legal provisions for CERT-IS are stated in the Telecommunication Act no. 81/2003, art. 47 and regulation no. 475/2013.

Operational capacities

The following organizations are responsible for cybersecurity in Iceland:

  • Ministry of Interior
  • The Post
  • Telecom Administration
  • The Icelandic Police
  • The Data Protection Authority
Progress measures

No information currently available.

Date of last WISER analysis October 2016

 

Current status: NIS Directive and national CERTs/CSIRTs

Computer security incident response teams (CSIRTs)

Iceland has an officially recognized national CIRT known as CERT-IS (English).

CERT-IS is the National CSIRT (Computer Security Incident Response Team) with the telecommunication sector as its primary constituency. The constituency also includes certain critical information infrastructure (CII) entities that have signed contracts with CERT-IS. Other entities outside the primary constituency are served on best-effort terms.

CERT-IS´s role is the analysis of cyber security threats and to give assistance to its primary constituency members using both proactive and reactive measures to prevent cyber security incidents and to minimize their impact.

CERT-IS gives advice regarding threats and responses to its primary constituency members and publishes public warnings when needed.

In the event of a cyber crisis CERT-IS´s role is to coordinate responses.

As a National CSIRT, CERT-IS is the National Point of Contact (NPoC) for Iceland.

To facilitate sharing of cybersecurity assets across borders or with other nation states, Iceland participates in the Nordic defense cooperation (NORDEFCO)
Best practices:

N.A.

Monitoring system

Not currently known.

Report an incident

Address: CERT-IS

Sudurlandsbraut 4

108 Reykjavik / Iceland

 

Office hours: 9-17 (GMT) mon-fri

Telephone +354 5101500 (answering hours 10-14 GMT)

E-mail cert@cert.is

Languages Icelandic/English
Date of last WISER analysis October 2016

 

Contact us for more info