National Cyber Security Strategy of the Czech Republic for the years 2015 - 2020
- Czech Republic
- Start Date: 2015
- End Date: 2020
This National Cyber Security Strategy of the Czech Republic for the period from 2015 – 2020 (hereinafter “Strategy”) constitutes a fundamental conceptual document of the Czech Government for the given field, reflecting security interests and principles as defined in the Security Strategy of the Czech Republic. It shall serve as a base document for development of legislation, policies or standards, guidelines, and other recommendations related to cyberspace protection and security.
? Efficiency and enhancement of all relevant structures, processes, and of cooperation in ensuring cyber security
? Active international cooperation
? Protection of national Critical Information Infrastructure and Important Information System
? Cooperation with private sector
? Research and development / Consumer trust
? Education, awareness raising and information society development
? Support to the Czech Police capabilities for cybercrime investigation and prosecution
? Cyber security legislation (development of legislative framework). Participation in creation and implementation of European and international regulations.
Cyber security is continuously gaining on importance and already represents one of the determinative factors of the Czech Republic’s security environment. Cyber security comprises a sum of organizational, political, legal, technical, and educational measures and tools aiming to provide a secure, protected, and resilient cyberspace in the Czech Republic for the benefit of both public and private sectors, as well as for the general public. Cyber security helps to identify, evaluate, and resolve cyber threats, to reduce cyber risks and to eliminate impacts of cyber-attacks, cyber-crime, cyber terrorism and cyber espionage by enhancing confidentiality, integrity, and availability of data, information systems and other elements of information and communication infrastructure. The main purpose of cyber security is protection of cyberspace to allow the individual's’ right to informational self-determination to be realized
The Strategy follows the principle of indivisible security; the Czech Republic’s cyber security is thus indivisible from global, namely Euro-Atlantic cyber security. The Czech Republic therefore addresses its cyber security in a complex manner as a closely inter-related phenomenon.
The NSA is the primary national authority for cyber security; as such it coordinates cyber security related activities and provides guidance to other entities concerned. The NSA decides on proposals and guidelines for prevention and solution measures in respect of cyber security incidents and ongoing cyber-attacks.
Taking into account the complexity of cyber security and defence and with the aim of facilitating the stakeholders’ cooperation, promoting synergies of their efforts and avoiding unnecessary duplications, the Czech Republic shall apply the subsidiarity principle and coordinate activities at the national level.
To reach all the goals and objectives of the National Cyber Security Strategy of the Czech Republic for the Period from 2015 to 2020 successfully, shall be implemented and fulfilled in a set time frame the tasks defined by the Action Plan for the National Cyber Security Strategy of the Czech Republic for the Period from 2015 to 2020.
Tasks defined by the Action Plan shall be fulfilled in deep cooperation and interoperability among the entities relevant within the meaning of the Act no. 181/2014 and other public administration institutions, and shall be coordinated with regards to requirements and needs of the entity responsible for the task.
Cooperative Cyber Defence Centre of Excellence
Central European Cyber Security Platform
Computer Emergency Response Team
Computer Security Incident Response Team
Czech Telecommunication Office
European Union Agency for Network and Information Security
European Union
International Telecommunication Union
Ministry of Education, Youth and Sport
Military Intelligence
Malware Information Sharing Platform
Ministry of Defence
Ministry of Finance
Ministry of Foreign Affairs
Ministry of the Interior
Ministry of Industry and Trade
Ministry of Justice
Ministry of Labour and Social Affairs
Military Police
North Atlantic Treaty Organization
National Cyber Forces Centre
National Security Authority / National Cyber Security Centre
Office for Foreign Relations and Information
Organization for Security and Cooperation in Europe
Security Information Service
Technology Agency of the Czech Republic
Visegrad Group
There are only data provided by the National Security Authority (NSA) for 2015 available.
Main source of the office's total incomes for the year 2015 are mainly transfers received from EU Structural Funds, administrative fees and fines imposed by the Office.
The specific amount that was draw in 2015 by The National Cyber and Information Security Agency (part of the NSA, responsible for the development and implementation of the cyber security policy of the Czech Republic) amounts to 56,420,765.66 CZK.
NATIONAL CYBER SECURITY STRATEGY OF THE CZECH REPUBLIC FOR THE PERIOD FROM 2015 TO 2020. National Cyber and Information Security Agency [online]. Praha: National Cyber and Information Security Agency, 2015 [cit. 2017-10-24]. Dostupné z: https://www.govcert.cz/download/gov-cert/container-nodeid-1067/ncss-15-20-150216-en.pdf
Action Plan for the National Cyber Security Strategy of the Czech Republic for the Period from 2015 to 2020. National Cyber and Information Security Agency [online]. Praha: National Cyber and Information Security Agency, 2015 [cit. 2017-10-24]. Dostupné z: https://www.govcert.cz/download/gov-cert/container-nodeid-578/ap-cs-2015-2020-en.pdf
Záv?re?ný ú?et za rok 2015. Národní bezpe?nostní ú?ad [online]. Praha: Národní bezpe?nostní ú?ad, 2016 [cit. 2017-10-24]. Dostupné z: https://www.nbu.cz/download/navrh-zaverecneho-uctu/container-nodeid-1236/nbu-zu-2015-160504.pdf
| Intended Time Scale | permanent |
| Scales | |
| Areas | |
| Target Audience | |
| Types | |
| Point of intervention | |
| Costs | |
| Evaluation Relevance | |
| Evaluation Impact | |
| Evaluation Effectiveness | |
| Evaluation Efficiency | |
| Evaluation Inclusiveness | |
| Evaluation Sustainability |
Ensuring cyber security of a state constitutes one of the key challenges of the present day. The public and private sectors' dependence on information and communication technologies becomes ever more obvious. Information sharing and protection are crucial for the protection of security and economic interests of the state and its citizens. Whilst the general public is mostly concerned about their personal data abuse or afraid of losing money and data, cyber security as such encompasses much more. Major risks include cyber espionage (industrial, military, political, or other), ever more often carried out directly by governments or their security agencies, organized crime in cyberspace, hacktivism, intentional disinformation campaigns with political or military objectives, and even – in the future – cyber terrorism. Beside cyber-attacks, frequently motivated by financial benefit, cyber security can also be compromised by unintended disruptions of network security and integrity due to, for instance, human factor failures or natural disasters.
The state must be able to effectively react to all current and future challenges posed by the always changing threats originating in the dynamically evolving cyberspace, and thereby guarantee the latter’s security and reliability.
Based on the main goals of the Strategy and in coordination with all stakeholders involved, an Action Plan is prepared to define specific steps, responsibilities and deadlines for their fulfilment and auditing.
The NSA and the NCSC as its specialized department shall continuously monitor, discuss, and evaluate, in cooperation with other stakeholders, the levels of achievement of individual goals. It shall submit an annual “Report on the State of Cyber Security in the Czech Republic” to which information on fulfilment of the Action Plan shall be annexed.
The report shall inform the government and the general public on effectiveness of measures adopted and on progress in fulfilment of tasks defined by the Strategy.
The Strategy is divided into eight major strategic objectives, which are specified in 141 tasks.
Since 2011, the National Security Authority has been operating as the coordinator and national authority in the field of cyber security in the Czech Republic. During that period, it was achieved, inter alia, two important milestones identified by the previous “Cyber Security Strategy of the Czech Republic for the period of 2012 to 2015”: adoption of the Act on Cyber Security and opening, in May 2014, of the National Cyber Security Centre including a fully operational Government Computer Emergency Response Team for cyber security incidents handling.
Other objectives set out in the above strategy can also be considered to have been met. The Czech Republic regularly participates in several international cyber security exercises, has successfully launched the mapping of critical information infrastructure and of important information systems, and established cooperation with stakeholders at both the national and international levels. It can therefore be concluded that the previous strategy has been successfully implemented and the level of cyber security in the Czech Republic has significantly increased since 2012.
Publishing this national strategy, is defined the Czech Republic's visions and priorities in the field of ensuring cyber security. The Czech Republic will face many cyber security threats and risks in the years to come and the networks and systems must always remain stable and secure. This strategy therefore determines how to achieve such condition and identifies the ways and tools the Czech Republic shall use to reduce the risks and to mitigate threats arising from cyberspace without any limitation to the benefits derived from its use.
The specific involvement of the partners (who are named in point 13) is described in the Action Plan for the National Cyber Security Strategy of the Czech Republic for the Period from 2015 to 2020.
Here are also described the individual responsibilities for fulfilling tasks in well-defined deadlines.