Communication and information systems and technologies are today one of the most important factors in economic and social development, and undoubtedly constitute the necessary tools within the functional and social structures of each country. In parallel with the development of the cyberspace, the need to protect the electronic systems of organizations of all kinds is becoming more and more essential, so that any activity through these technologies is safe. A basic security system must cover the confidentiality, integrity and uninterrupted availability of the infrastructure and information, and must make the operation of the infrastructure reliable, flexible and controlled. This Strategy aims to establish a secure electronic environment in the Republic of Cyprus, with special provisions and actions for the protection of critical Information infrastructures, where their disruption or destruction could have a serious impact on the vital social functions of the country. The elaboration of this Strategy has followed a holistic approach to responding to cyber threats, with the recognition that a proper strategy must contain multiple layers of security. The main purpose of the Cybersecurity Strategy of the Republic of Cyprus is the protection of critical information infrastructures of the state and the operation of the country's communication and information technologies with the required levels of security, for the benefit of each user, the economy and the country. The implementation of the strategy's actions aims to make Cyprus one of the leading countries in the region in cybersecurity issues, in order to protect the critical information infrastructures of the state, businesses and society at large, and to create an appropriate and attractive environment for economic development and promotion of services in which Cyprus holds a high position worldwide such as, inter alia, merchant shipping and financial services. This document revises and replaces the first Cybersecurity Strategy of the Republic of Cyprus and its main objective is to confront the threats that appear in cyberspace, at national level. Priority areas for achieving this objective that have been identified are as follows:
- the organization of the competent bodies of the State,
- the creation of an integrated legislative and regulatory framework,
- the creation or adaptation of the necessary structures and mechanisms within the Republic of Cyprus,
- the formulation of technical and organisational measures and procedures (in relation to the preparation, protection, detection and response to incidents),
- the development of the necessary competences and related training,
- the efficient cooperation of the state with competent bodies of the public and private sector,
- the development of research and innovation.
Therefore, this document contains a number of actions to achieve the above-mentioned objectives, in the following areas (thematic areas):
- Structures and Governance
- Institutionalisation of cooperation between competent public bodies
- Legal and Regulatory Framework
- National Government Security Framework
- Risk Assessment and Management – Criticality Assessment
- Incident Response and Crisis Management
- Capability Development – Organization and participation in Exercises
- Information Exchange – Situational Awareness
- Awareness – Creation of a Security Culture • Education and training
- Research and innovation
- Cooperation with the private sector
- Security for All
- International Cooperation