Cyprus’ proactive approach to cybersecurity: Συνέντευξη με Γιώργο Μιχαηλίδη
Η πιο κάτω συνέντευξη αναπαράγεται από την ιστοσελίδα της ITU:
Cyprus recently established a National Computer Security Incident Response Team (CSIRT) with assistance from ITU. ITU News spoke with George Michaelides, Commissioner of Electronic Communications and Postal Regulations, about how the Team will address cybersecurity issues in the country.
With the vast majority of the economy of Cyprus based on services, the need to create a secure and resilient environment for businesses operating within the republic has always been a key element of the economy. Therefore, ensuring a safe digital environment is essential.
‘The National CSIRT provides, among others, awareness to the public as well as preventive measures by enhancing the security of systems and responding to incidents.’ – George Michaelides, Commissioner of Electronic Communications and Postal Regulations
The establishment of the National CSIRT was one of the most important steps to help create a safe and reliable space for businesses to operate in.
A CSIRT team’s role is to help its constituency in the event of a cybersecurity incident by assisting with response, analysis and support actions to contain the damage, help them recover from an attack and take the necessary actions to prevent similar incidents in the future.
An equally important aspect of their job is to provide proactive services like awareness raising, intrusion detection services and penetration testing. In 2016, the National CSIRT was established in Cyprus by a governmental decision (Action No.81/477), in line with the first European Union-wide legislation on cybersecurity, the Network and Information Security Directive (NIS Directive).
In March 2017, ITU took on the project to empower the National CSIRT of Cyprus with essential capabilities and supporting infrastructure and resources to identify and to respond to various forms of cyber-threats at a national level in a bid to enhance the cybersecurity posture of the country.
The project assisted Cyprus in establishing its National Computer Incident Response Team to serve as a trusted central coordination point of contact for cybersecurity, aimed at identifying, defending, responding and managing cyberattacks.
In addition, training and customization services have also been provided to ensure good functioning of the CSIRT, thus improving the overall capacity of the nation against cyberthreats.
The National CSIRT provides, among others, awareness to the public as well as preventive measures by enhancing the security of systems and responding to incidents in order to safeguard the provision of essential services within the country.
The constituency can be assured that vital information is not only protected, but methods are also in place to handle different situations putting at risk the information and the systems, should they arise. Financial benefits to the economy in general also arise, as prevention and recovery from cyber-attacks ensures business continuity.
With the expansion of the National CSIRT, over the next few years, we are aiming to provide support and recovery services to each and every citizen of the Republic.
- Enhancement of the National Cybersecurity Framework to promote the protection of critical information infrastructures in the Republic of Cyprus, both in the private and public sector. For that reason, the National CSIRT was set up using an innovative approach following ICT best practices, which is more holistic way with dealing with quality in services, maybe the only CSIRT worldwide set up in this way.
- Strengthening the governmental CSIRT and facilitating the creation of sectorial CSIRTs to cover the needs of the public and private sector respectively, as well as the general business community.
- Enhancement of the National Awareness Program for cybersecurity, covering all users of electronic equipment, including every citizen of the Republic.
- Enhancement of the National Contingency Plan, which will contain detailed processes and measures to be taken when a large-scale crisis affects the operations of critical information infrastructures in the Republic of Cyprus.