Blog

Back to Blogs

Cyber security

Top privacy, s.r.o., aktualizácia 02.11.2020 | Autor: Top privacy, s.r.o.
5

Whether we realize it or not, communication technologies affect many aspects of human existence. They have expanded the ability of individuals from different areas of our society to interact with one another. However, the ever-increasing number of users in the internet space is also causing a growing dependence on communication technologies in both the public and private sectors. Our lives are in the hands of the online sphere, where cyber attacks are becoming increasingly frequent, making cyber security one of the most important challenges of our time. The growing gap between methods of misuse and damage to electronic information, communication, and control systems in cyberspace requires the attention of society as a whole. Inadequate protection against security incidents creates vulnerabilities for the security of the functioning of the state. Security measures, the protection of information systems, the organization, powers, and responsibilities of public authorities, as well as the cyber security system are all covered by Act No. 69/2018 Coll. on cyber security and on amendments to certain acts.

Cyber security

 

The aim of the law is not only to protect information systems and networks from disruption, but also to protect customers themselves. The law imposes several obligations on operators of essential services, but also on digital service providers.

Who is an operator of essential services?

First, it is necessary to clarify who falls under the term "operator of essential services." An operator of essential services is a public authority or other entity that provides at least one essential service listed in the list of essential services maintained by the National Security Authority ("NSA"). Essential services include, for example, the provision of banking products and services, postal services, healthcare, etc.

What are the obligations of an essential service provider?

  • within six months of the date of notification and inclusion in the register of basic service operators adopt and comply with security measures to the extent specified by the Cyber Security Act,
  • when concluding a contract with a supplier for the performance of activities directly related to the operation of networks and information systems for the operator of an essential service (hereinafter referred to as a "third party"), conclude a contract on the implementation of security measures and notification obligations under this Act for the entire duration of the contract,
  • is obliged to inform the electronic communications service provider or network operator under a special regulation to which the network or information system of the essential service is connected of this fact on the date of inclusion in the register of operators of essential services,
  • is obliged to inform a third party to the extent necessary about a reported cyber security incident, provided that the performance of the contract under paragraph 2 would become impossible, unless the authority decides otherwise. The obligation to maintain confidentiality shall not be affected thereby,
  • if the operator of an essential service also provides this service in another Member State of the European Union, the authority shall, in cooperation with the competent authority of that Member State, decide on the criteria of which Member State the operator of the essential service will be identified so that it is clearly identified as the operator of an essential service in at least one of those Member States.

The obligations imposed by law are extensive and include the obligation of the operator to cooperate with the competent authorities in resolving cyber security incidents, providing important information, securing evidence for criminal proceedings, and reporting cyber security-related crimes.

Who is a digital service provider?

A digital service provider is a legal entity or natural person-entrepreneur who provides a digital service (online marketplace, internet search engine, and cloud computing) and employs more than 50 employees and has an annual turnover or total annual balance sheet of more than EUR 10,000,000.

What are the obligations of a digital service provider?

  • Within six months of being notified of their inclusion in the register of digital service providers, they are required to adopt and comply with appropriate and proportionate security measures in accordance with specific regulations for the purpose of managing risks related to the continuity of digital services and the process of resolving cyber security incidents. To this end, the digital service provider is required to allocate sufficient human, material, technical, time and financial resources to ensure the continuity of the digital service,
  • report any cyber security incident if it has information enabling it to identify whether the cyber security incident has a significant impact in accordance with specific regulations, without delay after its detection,
  • resolve reported cyber security incidents,
  • cooperate with the authority in resolving reported cyber security incidents.

What penalties can be expected for violating the obligations arising from the Cyber Security Act?

Compliance with the Cyber Security Act is monitored by the National Security Authority. Violations of the obligations set out in the Act are punishable by fines ranging from EUR 300 to EUR 300,000. The amount of the fine is determined based on the severity of the administrative offense, in particular the manner in which it was committed, its duration, consequences, and the circumstances under which it was committed.

Conclusion

Cyber threats are not generally considered to be a sufficiently urgent problem. It is essential to constantly draw attention to the vulnerabilities to which today's society is exposed. It is important that we raise awareness among the general public and take steps to eliminate threats in the field of information and communication technologies.

Our country is also fighting for the security of the online space. In 2015, the Slovak Republic adopted a concept setting out various visions and priorities for ensuring cyber security in the country. The aim of the Cyber Security Concept of the Slovak Republic for 2015-2020 is to build an open, secure and protected national cyber space, i.e. to build trust in the reliability and security of critical information and communication infrastructure in particular.

 

Appendix

Meaning of selected terms:

  • Cyber security is a complex field that encompasses technologies and processes designed to protect systems, networks, and data from cyber attacks. Given its global nature, cyber security is a phenomenon that affects society as a whole. Its effectiveness depends on a comprehensive approach involving activities at both the national and international levels.
  • Cyberspace is a virtual space without borders, consisting of globally interconnected networks of hardware, software, and data.
  • Cyber defense is a set of active and passive measures aimed at preventing cyber attacks and mitigating their consequences.
  • A cyber attack is an attack on ICT (information and communication technology) infrastructure with the aim of damaging or destroying it or obtaining sensitive information
  • Cyber security incident: any event that, due to a breach of network and information system security, has a negative impact on cyber security or results in the loss of confidentiality, destruction of data, or limitation or denial of access to a basic service or digital service
Top privacy, s.r.o.

Top privacy, s.r.o.

"Quality content is not created by copywriters, but by experts."