Latvia (LV)

Current status: National Cyber Security Strategy

The Latvian Cybersecurity Strategy 2014-2018 sets five priority areas of action:

  1. Governance and Resources of Cyber Security.
  2. Rule of Law in cyber space and reduction of Cyber Crime.
  3. Crisis management.
  4. Awareness raising, education and research.
  5. International cooperation.

The strategy is set to quarterly implementation deadlines.

At the moment, cyber security governance is organised in a partially centralised model, where the leading institutions (according to the respective authority) perform the function of handling the strategy, methodology and coordination of cyber security, whereas supervisors of speciic ICT solutions and services constantly ensure practical implementation and execution of the established requirements.

National Cyber Security Strategy

Year of adoption 2014 for the period 2014-2018.
Updates and revisions

No updates by now.

Implementation and monitoring

National cyber security is based on mutual cooperation, where each state authority performs its functions, including in cyber space, and cooperates with other involved parties directly or through the National Information Technology Security Council.

The Council has been established by the Law on the Security of Information Technology, which determines the development of cyber security policy at a national level. According to the Law the Council coordinates the development of cyber security policy and planning and implementation of objectives and measures. he Council is the central national authority for the exchange of information and cooperation between the public and private sector, and its operation is ensured by the National Cyber Security Policy Coordination Section of the Ministry of Defence.

Legal conditions

Specific legislation and regulation related to cybersecurity has been enacted through the following instruments:

Law On the Security of Information Technologies - 2010 (English language)

Sustainable Development Strategy of Latvia until 2030 - 2010 (English language)

Guidelines for the Development of Information Society in 2014–2020 - 2013 (English language)

Guidelines for the Electronic Communication Policy in 2011–2016 - 2011 (English language)

Concept of the National Armed Forces Cyber Defence Unit of the Ministry of Defence - 2013 (English language)

Operational entities

National cyber security policy is developed by:

1.Ministry of Defence (MOD) – coordinates development and implementation of information technology security and protection policy, as well as cooperates in the provision of international cooperation. he National
Cyber Security Policy Coordination Section of the MOD organises and provides support for the implementation of cyber security policy.
2. Ministry of Foreign Afairs (MFA) – coordinates international cooperation and Latvia’s participation in various international initiatives related to the cyber security.
3. Financial and Capital Market Commission (FCMC) – regulates and supervises activities in cyber space of members of the inancial and capital market cyber space; the Bank of Latvia (BoL) promotes secure and
smooth operation of payment systems, while credit institutions are responsible for secure availability of electronic services in their sector.
4. Ministry of Economics (MoE) – develops economic policy and promotes the development of competitiveness and innovation.
5. Ministry of the Interior (MoI), State Police (SP) and Security Police (SeP) – implement the policies for combating crime, public order, security protection, and theprotection of rights and legal interests of individuals, as
well as coordinates the settlement of crisis situations.
6. Information Technology Security Incident Response Institution CERT.LV – monitors and analyses developments in cyber space, reacts to incidents and coordinates their prevention, carries out research, organises educational events and training, as well as supervises the implementation of obligations specified in the Law on the Security of Information
Technology. CERT.LV provides support for Latvian and foreign state and municipal institutions, entrepreneurs, and individuals.
7. Ministry of Education and Science (MoES) – promotes knowledge and understanding of cyber space and its secure use.
8. Ministry of Welfare (MoW) – implements the social policy and the policy for the protection of children’s rights.
9. Operation of the Safer Internet Centre of Latvia Net-Safe Latvia is ensured by the Latvian Internet Association, educates society about possible risks and threats online, and promotes the use of secure internet content.
10. National Armed Forces (NAF) and Cyber Defence Unit (CDU) – provide support in crisis situations.
11. Non-governmental organisations in the IT sector – provide support, consult and cooperate with the Council in developing and implementing the cyber security policy.
12. Ministry of Transport (MoT) – organises the implementation of communication policy.
13. Constitution Protection Bureau (CPB) – oversees the critical infrastructure.
14. Ministry of Justice (MoJ) and Data State Inspectorate (DSI) – develop, organise and coordinate the policy on rights in the field of personal data protection, freedom of information and supervision of
electronic documents.
15. State Joint Stock Company “Latvian State Radio and Television Centre” (LSRTC) – the only provider of reliable certiication services, which ensures the infrastructure of electronic identity cards and electronic
signatures.
16. Ministry of Environmental Protection and Regional Development (MEPRD) – organises the governance of state ICT and coordinates the electrisation of public services, whereas State Regional Development Agency (SRDA) ensures the operation and development of solutions for shared use of state ICT.

Public Private Partnerships

In 2013 the Ministry of Defence has invited the private sector to develop closer co-operation by forming a dedicated Cyber Defence Unit in the National Guard.
The main function of the unit is to provide a support to the institution dealing with information technology security incident response CERT.LV and the units of Armed Forces to prevent information technology security incidents in conflict situations in case the resources of CERT.LV are insufficient.

Date of last WISER analysis October 2016

 

Current status: NIS Directive and national CERTs/CSIRTs

Computer security incident response teams

CERT.LV main tasks are to maintain and update information on IT security threats, provide support in the case of IT security incident, advise governmental institutions, organize informative and educational activities for the government employees, IT security professionals and general public

Report an incident

CERT.LV Contact Information

Overall assessment & best practices

CERT.LV has developed information technology security recommendations for state and local government authorities; it also has produced some activity reports which suffice as the officially recognized national or sector-specific research and development (R&D) programs/projecst for cybersecurity standards, best practices and guidelines to be applied in either the private or the public sector.

Languages English
Date of last WISER analysis October 2016

 

Contact us for more info