The implementation of the Cybersecurity Strategy of the Republic of Cyprus began in the second quarter of 2013, under the coordination of the Office of the Commissioner of Electronic Communications and Postal Regulation (OCECPR), in collaboration with all the competent ministries and state services. Given the dynamic and fast-changing environment in the area of digital security and related technological developments, it is essential to review the Strategy at regular intervals. Within 2017, the Commissioner is promoting a number of actions towards this revision, through the assessment of the results of current Strategy actions, as well as the holistic evaluation of current and future needs of the government with regards to cybersecurity.
As part of these actions, the Global Cyber Security Capacity Centre of the University of Oxford, in collaboration with OCECPR, held a three day review of the state of cybersecurity maturity in Cyprus between 12 and 14 July, based on a scientific Capacity Maturity Model for Nations (CMM) developed by the Centre. This process will support the evaluation and review of the Cybersecurity Strategy of the Republic of Cyprus, providing an objective understanding of the areas where more emphasis should be given regarding cybersecurity. The University of Oxford researchers held roundtable discussions with representatives from a number of different stakeholder groups, including representatives from public sector entities, legislators and policy owners, criminal justice and law enforcement, armed forces, academia, civil society, telecommunications companies and internet service providers, the finance sector and the Cyber Strategy Working Group.
The review of the Strategy is being conducted at a timely period, considering that the Commissioner has recently received a mandate from the Council of Ministers for the creation and development of the “Digital Security Authority”, which will be the national network and information systems security authority, and which will include the operation of the National Computer Security Incident Response Team (CSIRT). The creation and operation of the National CSIRT, under the Commissioner, has been in progress since October 2016 on the basis of a special decision by the Council of Ministers. These two structures will form the foundation for a strong level of capacity in the area of cybersecurity, with the protection of critical information infrastructures being a key focus area.
The results of the evaluation by the University of Oxford will identify recommendations for the government in order to enhance existing capacity, and it will be useful for the government in policy-making and prioritisation of operations. The Commissioner will take into account the results presented in the report, to guide the development of the next version of the Cybersecurity Strategy of the Republic of Cyprus, as a matter of national security, and also as a medium for the development of the economy and of society through the development of trust, for all users of new technologies, as well as new investors in the Republic of Cyprus.