Country: Cyprus
QUESTION
RESPONSE EXPLANATORY TEXT
12. Are requirements for public
and private procurement of
cybersecurity solutions based
on international accreditation or
certification schemes, without
additional local requirements?
Not
applicable
There are no specific cybersecurity standards or certification requirements for
procurement in Cyprus, as of August 2014.
OPERATIONAL ENTITIES
1. Is there a national computer
emergency response team (CERT)
or computer security incident
response team (CSIRT)?
6
2. What year was the computer
emergency response team (CERT)
established?
–
Cyprus does not have an operational national CERT in place.
However, the Department of Information Technologies of the Ministry of Finance is
currently financing a project that will enable a government CERT to become fully
functional by early 2015. The Cybersecurity Strategy provides for further work in
evaluating a national CERT.
3. Is there a national competent
authority for network and
information security (NIS)?
There is no clear national competent authority for network and information security
in Cyprus.
The Office of the Commissioner of Electronic Communications and Postal Regulation
(OCECPR) <www.ocecpr.org.cy> is the regulatory authority for postal and electronic
communications and, according to the European Union Agency for Network and
Information Security, is the agency responsible for the implementation of a national
CERT. <www.enisa.europa.eu/media/news-items/cyprus-cert-delegation-visitto-enisa> The OCECPR does not have a national responsibility for network and
information security.
The current structure and the wider scope of the NIS authority will be evaluated
under a specific action of the cybersecurity strategy in 2015.
4. Is there an incident reporting
platform for collecting
cybersecurity incident data?
6
The lack of a CERT or similar authority means cybersecurity incident data is not
centrally logged.
5. Are national cybersecurity exercises
conducted?
6. Is there a national incident
management structure (NIMS)
for responding to cybersecurity
incidents?
As of August 2014, there is not a clear incident reporting platform for the collection
of cybersecurity incident data in Cyprus.
Cyprus has participated in multi-national cybersecurity exercises organised by the
European Union.
6
There is not a clear national incident management structure (NIMS) for responding to
cybersecurity incidents in Cyprus.
PUBLIC-PRIVATE PARTNERSHIPS
The biennial CYpBER conference <www.cypber.com> provides a platform for Cyprus
government and private sector representatives to liaise and exchange ideas relating
to cybersecurity concerns, particularly those effecting the oil and gas industry. The
conference produces significant, and publicly available, documentation covering
topics addressed by the representatives.
1. Is there a defined public-private
partnership for cybersecurity?
The national Cyber Security Strategy provides for a framework of a public-private
partnership for cybersecurity, and also requires that any project should consider
and follow the general policy of the public-private partnership framework of the
government. Currently there is public-private cooperation in the fields of awareness
for cybersecurity and in the creation of a cybercrime centre of excellence.
2. Is industry organised (i.e. business
or industry cybersecurity councils)?
6
Apart from the biennial CYpBER conference <www.cypber.com>, there is no
significant industry-led platform for cybersecurity in Cyprus.
3. Are new public-private partnerships
in planning or underway (if so,
which focus area)?
6
There are no new public-private partnerships being planned in Cyprus.
EU Cybersecurity Dashboard
www.bsa.org/EUcybersecurity
|
2