CYBER SECURITY Ministry of Trade, Tourism and Telecommunication Nebojsa Vasiljevic

Slides:



Advertisements
Similar presentations
A strategy for a Secure Information Society –
Advertisements

UN Comprehensive Study on Cybercrime
Regional Workshop Warsaw, January 2006 STATE UNION OF SERBIA AND MONTENEGRO Basel Protocol on Liability and Compensation Questionnaire No. 2 Ratification.
Ministry of Interior of Montenegro,,The Fight against corruption and organized crime in Montenegro Ministry of Interior of Montenegro,,The Fight against.
Public Procurement in Albania in the framework of recent reforms PUBLIC PROCUREMENT AGENCY 1.
The judicial system in Albania The judicial power is exercised by the courts of first instance, the courts of appeal and the High Court. Courts may be.
Government of the Republic of Serbia Presentation of the Work Programme for the year 2008 Dušan Petrović, Minister of Justice Ministry of Justice December.
AGENCY FOR PREVENTION OF CORRUPTION AND COORDINATION OF FIGHT AGAINST CORRUPTION mr.sci. Vladica Babić - Assisstent.
Eneken Tikk // EST. Importance of Legal Framework  Law takes the principle of territoriality as point of departure;  Cyber security tools and targets.
Judicial reform in Montenegro in the scope of the European Union integration process The road forward and the steps taken Ms. Branka Lakočević Deputy Minister.
EU: Bilateral Agreements of Member States
EU: Bilateral Agreements of Member States. Formerly concluded international agreements of Member States with third countries Article 351 TFEU The rights.
MINISTRY OF FINANCE Counsellor, docent, Dr Tuomas Pöysti1 The Constitutionalisation and Evolution of Penal Law and Control Policy in the European.
FIGHT AGAINST CORRUPTION November 2008.
National CIRT - Montenegro “Regional Development Forum” Bucharest, April 2015 Ministry for Information Society and Telecommunications.
Republic of Serbia Road Traffic Safety Agency RTSA – Belgrade.
Integration of Regulatory Impact Assessment into the decision making process in the Czech Republic Aleš Pecka Department of Regulatory Reform and Public.
AfDB - EBRD Joint conference in procurement reform in North Africa and SEMED Countries Marrakech 22 and 23 April 2013 Jordan Delegation 22-23/4/2013.
EU Criminal Law Introduction, Lisbon Treaty. EU criminal legislation EU cannot adopt a general EU criminal code EU cannot adopt a general EU criminal.
Rule of Law: Implementing a comprehensive and integrated approach in prevention and fight against corruption in the Danube region”, November 2013.
IT security seminar Copenhagen, April 4th 2002 M. Jean-Michel HUBERT Chairman of the French Regulation Authority IRG Chairman.
COMMISSION FOR PERSONAL DATA PROTECTION 14 TH Meeting, CEEDPA may, Kyiv LEGAL FRAMEWORK FOR DATA PROTECTION, COMPETENCES AND PRIORITIES OF THE COMMISSION.
Legal Framework on Information Security Ministry of Trade, Tourism and Telecommunication Nebojša Vasiljević.
IT Security Policy in Japan 23 September 2002 Office of IT Security Policy Ministry of Economy, Trade and Industry JAPAN.
1 ENISA’s contribution to the development of Network and Information Security within the Community By Andrea PIROTTI Executive Director ENISA Cyprus, 28.
WORLD MEETING OF CUSTOMS LAW BRUSSELS , September “ Studies on Harmonization of Customs Law and Contributions of the Academy for updating and.
Municipal Drug Policy Legislation, institutions and programs Assoc. Prof. Hristo Bozov, MD, PhD Deputy-Mayor of Municipality of Varna Chairman of Municipal.
Course: European Criminal Law SS 2009 Hubert Hinterhofer.
Tackling IT crime in a global context: the Convention on Cybercrime 3 years after Julio Pérez Gil University of Burgos, Spain.
1 Photo PAMECA IV TEAM Design of PAMECA IV PAMECA IV started in July 2013 and is scheduled to run until October Its overall objective.
IAEA International Atomic Energy Agency Overview of legal framework Regional Workshop - School for Drafting Regulations 3-14 November 2014 Abdelmadjid.
Programming of International Development Assistance Donor Sectoral Meeting Ministry of Interior September 17, 2007.
Towards a European network for digital preservation Ideas for a proposal Mariella Guercio, University of Urbino.
Ministry of Waters and Environmental Protection, ROMANIA 1 BERCEN 1 st Exchange program – November 2002 Croatia PROBLEMS AND SOLUTIONS IN COOPERATION.
Media Projects Marija Gaćeša and Violeta Ćorić Belgrade, 1 st October Ministry of Finance.
The 3rd package for the internal energy market Key proposals EUROPEAN COMMISSION Heinz Hilbrecht Directorate C - Security of supply and energy markets.
Confidence Building Measures Anatoly A.Streltsov D.Tech., D.J., prof. deputy director of the IPII MSU named by M.V.Lomonosov.
Europe's work in progress: quality of mHealth Pēteris Zilgalvis, J.D., Head of Unit, Health and Well-Being, DG CONNECT Voka Health Community 29 September.
1 Building the Privacy culture, starts with the youngsters and their education 20 th and 21 st June 2013 Zagreb, Croatia.
1 Sibiu, Romania June 2008 Development of National IP Strategies Sibiu, Romania June 2012.
Environmental Management System Definitions
Anti-Fraud Strategies
International Relations Department Belgrade, September 28 TH, 2007 NBS PROJECT PROPOSALS.
The Principles Governing EU Environmental Law. 2 The importance of EU Environmental Law at the European and globallevel The importance of EU Environmental.
EU activities against cyber crime Radomír Janský Unit - Fight against Organised Crime Directorate-General Justice, Freedom and Security (DG JLS) European.
EU Cybersecurity Strategy and Proposal for Directive on network and information security (NIS) {JOIN(2013) 1 final} {COM(2013) 48 final} Digital Enlightenment.
New approach in EU Accession Negotiations: Rule of Law Brussels, May 2013 Sandra Pernar Government of the Republic of Croatia Office for Cooperation.
REPUBLIC OF ALBANIA PUBLIC PROCUREMENT AGENCY Eighth Regional Public Procurement Forum May, 22-25, 2012 Tirana
Reforms in the Albanian Public Procurement System 7 th Regional Public Procurement Forum Tbilisi, Georgia May 16-19, 2011 PUBLIC PROCUREMENT AGENCY 1.
Information and Network security: Lithuania Tomas Lamanauskas Deputy Director Communications Regulatory Authority (RRT) Republic of Lithuania; ENISA Liaison.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 31 – Common Foreign, Security and.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 6 – Company Law Bilateral screening:
1 M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 17 – Economic and Monetary Policy.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 1 – Free movement of goods Bilateral.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 31 – Common Foreign and Security Policy.
T Mr.Willy Musinguzi, EAC. .Overview of EAC SQMT Infrastructure How EAC standards are Harmonized and Implemented How EAC Quality Infrastructure relates.
M O N T E N E G R O Negotiating Team for the Accession of Montenegro to the European Union Working Group for Chapter 10 – Information society and media.
Project: EaP countries cooperation for promoting quality assurance in higher education Maria Stratan European Institute for Political Studies of Moldova.
Johannesburg, South Africa
The 3rd package for the internal energy market
Public-private cooperation
MDTFJSS RESULTS IN 2016 Ministry of Justice.
PRESENTATION OF MONTENEGRO
Nuclear and Treaty Law Section Office of Legal Affairs
Cybersecurity in Belarus a general overview of support areas
PRESENTATION OF MONTENEGRO
Dan Tofan | Expert in NIS 21st Art. 13a WG| LISBON |
PRESENTATION OF MONTENEGRO
UNODC and CYBERCRIME October 2009.
Presentation transcript:

CYBER SECURITY Ministry of Trade, Tourism and Telecommunication Nebojsa Vasiljevic

Relevant Acquis (1) Regulation No 460/2004 of the European Parliament and of the Council of 10 March 2004 establishing the European Network and Information Security Agency 32004R0460 Council decision 2004/541/EC of 5 July 2004 on the three stakeholders’ representatives and their alternates to the Management Board of the European Network and Information Security Agency 32004D0541 Council Decision 92/242/EEC of 31 March 1992 in the field of security of information systems(OJ L 123, , p. 19–25) 31992D0242 Council Resolution of 28 January 2002 on a common approach and specific actions in the area of network and information security (OJ C 43, , p. 2–4) 32002G0216(02) Council Resolution of 18 February 2003 on a European approach towards a culture of network and information security (OJ C 48, , p. 1–2) 32003G0228(01) Council Resolution of 22 March 2007 on a Strategy for a Secure Information Society in Europe (OJ C 68, , p. 1–4) 32007G0324(01)

Relevant Acquis (2) Commission Communication /* COM/2006/0251 final */A strategy for a Secure Information Society - “Dialogue, partnership and empowerment” Commission Communication {SEC(2006) 656} 52006DC0251 Commission Communication on Critical Information Infrastructure Protection -/* COM/2009/0149 final */ "Protecting Europe from large scale cyber-attacks and disruptions: enhancing preparedness, security and resilience" {SEC(2009) 399} {SEC(2009) 400} 52009DC0149 Commission Communication on Critical Information Infrastructure Protection Commission Communication on Critical Information Infrastructure Protection ‘Achievements and next steps: towards global cyber-security’* COM/2011/0163 final */ Commission Communication on Critical Information Infrastructure Protection Directive 2002/21/EC of the European Parliament and of the Council on a common regulatory framework for electronic communications networks and services (Framework Directive) 02002L Amended by Directive 2009/140/EC 32009L0140 Amended by Regulation (EC) No 544/ R0544 Consolidated text 32002L0021 – articles 13a and b Directive 2002/21/EC Commission Communication COM(2001) 298 final on Network and Information Security: A proposal for A European Policy Approach 52001DC0298 Commission Communication Regulation (EC) No 1007/2008 of the European Parliament and of the Council of 24 September 2008 amending Regulation (EC) No 460/2004 establishing the European Network and Information Security Agency as regards its duration 32008R1007 Regulation (EC) No 1007/2008 Regulation (EU) No 580/2011 of the European Parliament and of the Council of 8 June 2011 amending Regulation (EC) No 460/2004 establishing the European Network and Information Security Agency as regards its duration 32011R0580 Regulation (EU) No 580/2011

National Legislation (1) Development Strategy for Information Society in the Republic of Serbia by 2020 National Security Strategy of the Republic of Serbia Strategy on Development of Electronic Communications in the Republic of Serbia for period Defense Strategy of the Republic of Serbia Action Plan ( ) on Implementation of the Development Strategy for Information Society in the Republic of Serbia by 2020 Action Plan ( ) on Implementation of the Strategy on Development of Electronic Communications in the Republic of Serbia for period

National Legislation (2) Law on Electronic Communications Law on Personal Data Protection Law on Electronic Signature Law on Electronic Document Law on the organization and competences of the state authorities for the fight against cybercrime Criminal Code Criminal Procedure Code Law on Defense The Decision on the determination of large technical systems important for defense Law on Ratification of the Convention on Cybercrime Law on ratification of the CoE Convention on Cybercrime and Law on ratification of its Additional Protocol concerning the criminalization of acts of a racist and xenophobic nature committed through computer system Regulation on Specific Measures for Protection of Classified Information in Information-communications Systems

Institutional Framework Ministry of Trade, Tourism and Telecommunications Ministry of Interior Ministry of Defense Ministry of Public Administration and Local Self-Government Ministry of Justice Administrative Agency for Joint Services of Government Authorities The Academic Network of the Republic of Serbia Regulatory agency for electronic communications and postal service Higher Court in Belgrade Commissioner for Information of Public Importance and Personal Data Protection Special Prosecutor’s Office for Fight Against High-Tech Crime Office of the Council on National Security and Classified Information Protection Intelligence agencies (Security-Information Agency, Military Security Agency and Military Intelligence Agency)

Development Strategy for Information Society in the Republic of Serbia by 2020 In order to round off the ICT area in line with the EU standards, Serbia adopted Development Strategy for Information Society in the Republic of Serbia by 2020, defining: ICT society’s objectives principles and priorities activities for its implementation information security issues From the security aspect of the Republic of Serbia, special importance is given to the priorities in the field of Information Security, which is to define: the protection of systems, data and infrastructure aimed to maintain confidentiality, integrity and availability of information Presently, Serbia does not have national strategy dedicated to information security.

Development Strategy for Information Society in the Republic of Serbia by 2020 INFORMATION SECURITY PRIORITY FIELDS LEGAL AND INSTITUTIONAL FRAMEWORK CRITICAL INFRASTRUCTURE PROTECTION FIGHT AGAINST CYBERCRIME SCIENTIFIC, RESEARCH AND DEVELOPMENT WORK

Improvement of legal and institutional framework The existing legal framework needs to be improved in these matters: Legislation – adopting relevant laws, setting out standards and areas of Information Security, as well as functions of some institutions Institutions – responsible for tasks relating to verification and certification methods, software application, devices and systems, R&D and oversight of the IS standards implementation by state authorities National CERT – Computer Emergency Response Team

Legal institutional framework Regulations Main priority is implementation of activities set out in the Strategy Implementation Action Plan Activities relating to adoption of Law on Information Security : An interdepartmental work group has been set up Its task is to draft Law on Information Security Defining a national authority responsible for regulating Information Security area, its activities and competences Setting out standards and procedures at the national level and determine role of other state authorities Establishing CERT at national level.

Legal institutional framework Institutions (1) Currently there is no estabilished national CERT in Serbia. There are many institutions which have departments which tasks are connected to CERT functions: Administrative Agency for Joint Service of Government Authorities – the main datacenter, network backbone and Internet gateway for State Authorities are managed by AAJS, which has department which performs the tasks of managing security risks in information-communication systems of public administration bodies, protecting the public administration network and data, cooperation and coordination related to information security; Institution`s ICT departments – many institutions have their own ICT departments, datacenters and/or computer network (for example: Ministry of Defense, Ministry of Foreign Affairs, Ministry of Finance, National Tax Agency, Ministry of Interior, Ministry of Justice, Security Information Agency etc.)

Legal institutional framework Institutions (2) The Academic Network of the Republic of Serbia (AMRES) performs the CERT activities for the educational and scientific-research institutions in the Republic of Serbia. AMRES CERT team has been listed in TERENA “Trusted Introducer” Service since May AMRES team has a status of listed team, which provides basic information about the team itself as well as shows endorsement of the team by the TI community. AMRES-CERT team members participated in the TERENA’s TRANSITS-I and TRANSITS-II trainings in 2012 which are held with the financial support of ENISA and gained relevant knowledge to work in the efficient CERT environment.

The National Interoperability Framework The Government adopted the National Interoperability Framework (NIF), which sets out guidelines for the establishment and implementation of interoperability in public administration in Serbia. NIF is harmonized with the European Interoperability Framework and set up in accordance with European best practices in providing public services, respecting the security policy, privacy, storage and public services archives and electronic records. NIF also states that the interaction with the electronic administration system is performed in a safe environment and in full compliance with the relevant regulations, such as regulations on privacy and personal data protection.

Legal institutional framework Obligations of operators Obligations of operators in accordance with the Law on Electronic Communications: At the request of the regulatory body (RATEL), the operator shall supply all necessary data and information of relevance for ensuring the protection of personal data and privacy of users, and assessment of security and integrity of electronic communications networks and services, including the implementation of policies on security, continuity of work and data protection Operators are obligated to implement the adequate technical and organizational security measures In case of a particular risk related to violation of the security and integrity of public communication networks and services, the operator should inform subscribers of such risks and, in case the risk lies outside the scope of measures to be taken by the operator, of possible means of protection and costs related to the implementation of these measures

Legal institutional framework Obligations of operators Ariticle 125. of Law on Electronic Communications: operator shall inform Regulatory agency for electronic communications and postal service (RATEL) of any violations of security and integrity of public communications networks and services, that significantly affected their operation, and particularly on violations that caused infringement of the personal data protection or privacy of subscribers or users RATEL shall be authorized to inform the public on the infringement of security and integrity or to require from the operator to do it himself, when it assesses that publication of such information is in the public interest.

Fight against cybercrime Criminal Code In the Criminal Code are included criminal offences against information systems: damaging computer data and programs (art. 298) computer sabotage (art. 299) creating and introducing computer viruses (art. 300) computer fraud (art. 301) unauthorized access (art. 302) preventing or restricting access to a public computer network (art. 303) unauthorized use of a computer (art. 304) Making, purchasing and giving for use tools for committing criminal offences against security of computer data (art.304 a) child pornography (art. 185) grooming (art. 185b) criminal offences against intellectual property (art. 198 to 202)

Fight against cybercrime Institutional framework Ministry of Interior - Department for Cyber Crime Higher Court in Belgrade Special Prosecutor’s Office for Fight Against High-Tech Crime

Critical Infrastructure Protection (1) Critical Information Infrastructure Protection is covered by different strategies and laws. Development Strategy for Information Society: It is necessary to develop and improve protection from assaults that arise from the use of information technologies on critical infrastructure systems, in addition to the ICT systems themselves, it could be also the other infrastructure systems that are managed by relying on ICTs, such as the electrical and energetic system The National Security Strategy: identifies risks from cyber crime emphasizes importance of building ICT security system through a system of national security emphasizes capacity building, education, timely collection and sharing of data and information, coordination of security services and strengthen their organizational, human and material resources Safety culture of citizens

Critical Infrastructure Protection (2) Law on Defense: defines that large technical systems in telecommunications and information technology are required to comply with the defense requirements of the country The Decision on the determination of large technical systems important for defense: defines large telecommunication systems important for defense purpose Liaison officer in European Defense Agency and programs regarding Cyber security and Critical information infrastructure protection

Scientific, Research & Development Work Development Strategy for Information Society in the Republic of Serbia by 2020: The dynamic changes linked to the challenges in the area of information safety, which leads to the necessity to constantly introduce new protection methods and measures in this area The necessity to follow the latest achievements in the area of information safety internationally, through the international cooperation Cryptographic techniques are the basis for establishing information safety and the weaknesses of these techniques are directly violating the information safety mechanisms. The safety levels of cryptographic techniques is, as a rule, wearing off with the passage of time due to the constant progress made in the methods for compromising practically all the cryptographic techniques. This is why it is important to constantly maintain research and development of new cryptographic techniques, as well as to constantly re-examine the existing ones.

Safer Internet Centre Serbia The objective of the Safer Internet Centre (SIC) is to provide awareness raising activities (discussions, workshops, training for peer educators, quizzes and educational games, etc.) for Serbian primary and secondary school children, their parents, teachers and to provide relevant information about safer Internet and ICT use for the general public in Serbia Net Patrola Hotline ( - reporting online illicit contents and harmful behavior (actively participating in the work of the INHOPE international Hotline network) European Commission revised the Safer Internet project in February 2014 and concluded that it had acceptable progress.

International cooperation SEENSA workgroup On the second conference of Southeastern Europe National Security Authorities, it is established the cyber defense thematic workgroup SEENSA It is defined that the goal of workgroup is to form common concept of cyber defense and to product relevant documents with the instructions for regulating the cyber defense area Serbian NSA participated on the third conference about information security and cybernetic defense “ISCD 2013” in Hungary

International cooperation Serbia is a member of ITU and IMPACT AMRES CERT team has been listed in TERENA “Trusted Introducer” Service since May 2011

Thank you for your attention Belgrade, 13 October 2014