Following the adoption of the NIS 2 Directive, each Member State is required to adopt a national cybersecurity strategy that sets out strategic objectives, resources, and policy and regulatory measures aimed at achieving and maintaining a high level of cybersecurity.
STAY UPDATED
Subscribe to stay current on ILP Insights
We also present the collaboration in video format in case you prefer this option:
What Should the National Cybersecurity Strategy Include?
The strategy must include:
First: It shall establish objectives and priorities for specific critical sectors.
Second: It shall set forth a mechanism for identifying relevant assets and assessing cybersecurity risks.
Third: It shall provide for measures to ensure preparedness, response capabilities, and recovery from incidents, including public-private cooperation.
Fourth: It shall include a plan to raise public awareness regarding cybersecurity.
In addition, policies shall be adopted to:
(1) Address cybersecurity within the supply chain of ICT products and services;
(2) Incorporate cybersecurity requirements in public procurement;
(3) Manage vulnerabilities, including coordinated vulnerability disclosure;
(4) Maintain the availability, integrity, and confidentiality of the open Internet;
(5) Promote advanced technologies for cybersecurity risk management;
(6) Encourage cybersecurity education, training, and research;
(7) Support the voluntary sharing of cybersecurity information among entities;
(8) Strengthen the cyber resilience of small and medium-sized enterprises (SMEs); and
(9) Promote active cyber protection.
Si te ha interesado este artículo no dudes en leer:
Joining Forces Against Cyber Threats: The Key Role of Information Sharing in the Financial Sector under the DORA Framework
Fifth: Competent authorities shall be designated or established for cybersecurity oversight and supervision.
Sixth: Single points of contact shall be designated to coordinate security matters and cross-border cooperation.
Seventh: Computer Security Incident Response Teams (CSIRTs) shall be established to handle security incidents. A network of CSIRTs is established to enhance cooperation among Member States.
Eighth: The European Cyber Crisis Liaison Organisation Network (EU-CyCLONe) is created to coordinate the management of large-scale cybersecurity incidents and crises.
Ninth: Risk Management and Incident Reporting:
- Essential and important entities shall implement measures to manage cybersecurity risks. These measures shall be proportionate to the risks and the potential impact of incidents.
- Significant incidents must be reported to the competent authorities. Coordinated vulnerability disclosure is encouraged, and a European vulnerability database is established.
Tenth: Cooperation and Information Sharing:
- A Cooperation Group is established to facilitate collaboration among Member States.
- Mechanisms for information sharing on cybersecurity between entities are promoted.
- Peer reviews are introduced to foster learning from shared experiences and to enhance cybersecurity capabilities.
If you enjoyed this article, you might also find the following one interesting:
