UNIDIR Cyber Policy Portal Database

Preface The purpose of this document is to define in more detil the activities set in the first National Cyber Security Strategy 2018-2022. Following a cyber security capacity assesment, a working group has been created, tasked to develop strategic documents in the field of cyber securitym, consisting of representatives from the institutions in charge of this Strategy - the Ministry of Information Society and Administration, the Ministry of Defence and the Ministry of Interior. The responsibilities of this working group will be extended in order to include the implementation of the activities of the Body with operational cyber security capacities. This Action Plan outlines the major activities needed to strengthen our cyber secuirty capacities. However, it should be taken into account that most activities to be done by the Body are subject to change, as they may be further asessed and defined. The structure of this Action Plan consists of three activities with highest priority - the basis of this Action Plan. These activities set the ground for further development of all other activiites, divided according to the 5C Goals defined in the Strategy. Activities with intermediate and low priority are listed under each of these goals. Tasks, preconditions, priority, institution in charge, cooperation institutions, financial source and timeline are listed for every activity. The Action Plan is developed for the period 2018-2022. However, it is envisioned that a yearly review of the activities will be conducted. Implementation National ICT Council - to be transformed into National ICT and Security Council The ICT Council consists of Ministers, thereby ensuring compliance of strategic-level decisions across state institutions. Extending this Council to be in charge of cyber security would result in systematic changes: 1. changing the name to a National Council for ICT and Security 2. changing the authority (IS would not fall under ICT, but coexist as an equally important field governed by this body). 3. adding new memebrs to the Council, among which the future Director of the Body with operational cyber security capacities. The Body with operational cyber security capacities* (to be established within an existing state authority) will be in charge of the implementation of the activities defined in this Action Plan, thereby establishing a cyber security operational plan.