Preface
The purpose of this document is to define in more detil the activities set in the first National Cyber Security Strategy 2018-2022. Following a cyber security capacity
assesment, a working group has been created, tasked to develop strategic documents in the field of cyber securitym, consisting of representatives from the
institutions in charge of this Strategy - the Ministry of Information Society and Administration, the Ministry of Defence and the Ministry of Interior. The
responsibilities of this working group will be extended in order to include the implementation of the activities of the Body with operational cyber security
capacities.
This Action Plan outlines the major activities needed to strengthen our cyber secuirty capacities. However, it should be taken into account that most activities to be
done by the Body are subject to change, as they may be further asessed and defined.
The structure of this Action Plan consists of three activities with highest priority - the basis of this Action Plan. These activities set the ground for further
development of all other activiites, divided according to the 5C Goals defined in the Strategy. Activities with intermediate and low priority are listed under each of
these goals. Tasks, preconditions, priority, institution in charge, cooperation institutions, financial source and timeline are listed for every activity.
The Action Plan is developed for the period 2018-2022. However, it is envisioned that a yearly review of the activities will be conducted.
Implementation
National ICT Council - to be transformed into National ICT and Security Council
The ICT Council consists of Ministers, thereby ensuring compliance of strategic-level decisions across state institutions. Extending this Council to be in charge of
cyber security would result in systematic changes:
1. changing the name to a National Council for ICT and Security
2. changing the authority (IS would not fall under ICT, but coexist as an equally important field governed by this body).
3. adding new memebrs to the Council, among which the future Director of the Body with operational cyber security capacities.
The Body with operational cyber security capacities* (to be established within an existing state authority) will be in charge of the implementation of the activities
defined in this Action Plan, thereby establishing a cyber security operational plan.