2888
Resolution of the Council of Ministers No. 92/2019
The Resolution of the Council of Ministers No. 36/2015, of
12 June, approved the first National Strategy for Cyberspace
Security, aimed at deepening the security of network and
information systems and potentiate a free, safe and efficient
use of cyberspace by all citizens and by public and private
entities. Given the rapid intrinsic development of cyberspace
and consequently, the increasing evolution of threats,
vulnerabilities, processes and infrastructures, as well as the
economic, social and cultural models based on their use, it was
defined that this strategy would be revised in a term limit of
three years.
By the Resolution of the Council of Ministers No. 115/2017,
of 24 of August, a project group was created, designated
National Cybersecurity Council, having as one of its
objectives to propose the revision and elaborate the new
National Strategy for Cyberspace Security (NSCS). As part of
this project group, a draft was prepared which formed the basis
of the new NSCS that is now approved.
For its part, Law 46/2018 of 13 August established the legal
framework for cybersecurity, transposing Directive (EU)
2016/1148 of the European Parliament and of the Council of 6
July concerning measures for a high common level of security
of network and information systems across the Union.
Through this law, the Superior Council for Cyberspace
Security was created as the specific entity for consultation of
the Prime Minister on cyberspace security issues.
The Superior Council for Cyberspace Security has as
competences, namely, to verify the implementation of the
NSCS, through the monitoring and evaluation of its execution,
and, having to be consulted, under the terms of paragraph 2 of
article 4 of Law No. 46/2018, of 13 August, in the frame of the
NSCS approval process.
The NSCS 2019-2023 had a favourable opinion from the
Superior Council for Cyberspace Security, pursuant to Article
6 (1) (c) of Law 46/2018 of 13 August.
Thus, considering the digital evolution since the approval of
the NSCS 2015, the conditions for approving the NSCS 20192023 are met, as a structuring instrument for national capacitybuilding in this area, defining the framework, the objectives,
and the lines of action of the State on the security of
cyberspace, in accordance with the national interest.
NSCS 2019-2023 is based on three strategic objectives:
maximizing resilience, promoting innovation and generating
and securing resources. The implications and needs associated
with each of the strategic objectives allow us to define a
general and specific orientation, translated into six
intervention axes, which form concrete lines of action aimed
to reinforcing the national strategic potential in cyberspace.
The success of NSCS 2019-2023 will allow Portugal to
become a safer and more prosperous country through
innovative, inclusive and resilient action that preserves the
fundamental values of the democratic rule of law and ensures
the regular functioning of institutions corresponding to the
digital evolution of society.
It´s also determined that the NSCS 2019-2023 Action Plan,
which is an essential instrument for monitoring and evaluating
its execution, will be prepared in the term limit of 120 days
and should be articulated with the National Strategy for
Counter-Terrorism , and include, namely, measures to protect
against those threats to cyberspace security, with the ICT 2020
Portuguese Official Journal, Series 1 — No. 108 — 5 June,
2019
Strategy — the Public Administration Strategy for Digital
Transformation , as well as the Strategy for Technological and
Business Innovation for Portugal 2018-2030.
Therefore:
Pursuant to Article 4 (2) of Law No. 46/2018 of 13 August
and pursuant to Article 199 (d), (f) and (g) and 200 (1) (a) of
the Constitution, the Council of Ministers decides to:
1 — Approve the National Strategy for Cyberspace
Security 2019-2023, which is annexed to this resolution and of
which it forms an integral part.
2 — Determine the preparation of an Action Plan for the
National Strategy for Cyberspace Security 2019-2023, to be
approved in the term limit of 120 days after the entry into force
of this resolution.
3 — Instruct the National Cybersecurity Centre, as the
National Cybersecurity Authority, to coordinate the
elaboration, monitoring of the execution and revision of the
Action Plan referred to in the previous paragraph, in
articulation and close cooperation with all entities responsible
for the security of cyberspace.
4 — Determine that the coordinator of the National
Cybersecurity Centre consults with the Superior Council for
Cyberspace Security on the Action Plan for the National
Strategy for Cyberspace Security 2019-2023 before its
approval by the Government member responsible for
cybersecurity.
5 — Determine that the commitment on the execution of the
National Strategy for Cyberspace Security 2019-2023 depends
on the existence of funds available from the competent public
entities.
6 — Determine the annual revision, or any time as
necessary, of the Action Plan for the National Strategy for
Cyberspace Security 2019-2023.
7 — Revoke the Resolution of the Council of Ministers No.
36/2015, of 12 June.
8 — Determine that this resolution shall enter into force on
the day following its publication.
Presidency of the Council of Ministers, 23 May 2019. —
The Prime Minister, António Luís Santos da Costa.
ANNEX
(referred to in paragraph 1)
NATIONAL STRATEGY FOR CYBERSPACE
SECURITY 2019-2023
1 — Values, definitions and principles
The, National Strategy for Cyberspace Security 2019-2023
hereafter referred to as the Strategy, is based on a commitment
to deepen the security of network and information systems as
a way to guarantee the protection and defence of the
cyberspace of national interest and promoting its free, safe and
efficient use for all citizens, companies and other public and
private entities.
For an effective understanding of this Strategy, it is
necessary to explain some of the most relevant concepts in this,
allowing simultaneously the establishment of a conceptual
basis that can be used by all.
Cyberspace is the complex environment of values and
interests materialized in an area of collective responsibility