From the 5th of April 2018, and according to Law 17(Ι)/2018 on the Security of Network and Information Systems (available only in Greek), the Digital Security Authority is supervised by the Commissioner of Electronic Communications and Postal Regulation Mr. George Michaelides and the Deputy Commissioner Mr. Petros Galides.  The organisational structure of the DSA is presented below, with an indicative list of its competences.

 

organisational structure

 

 

Network and Information Systems Security Section, Cybersecurity Coordination – Regulatory Section

The Network and Information Systems Security Section is the regulatory and operational arm of the DSA, with regard to the operational continuity of information system networks of the vital and critical information infrastructures of the country.

The aim of the Regulatory Section is to promote the attainment of a high level of network and information systems security, including all of the operators of essential services, critical information infrastructure operators and digital service providers which are established in the Republic of Cyprus, as well as the safe and secure operation of their communications and information systems, for the benefit of all citizens, the economy and the country in general.  This Section is also responsible for coordinating the implementation of the National Cybersecurity Strategy.

The operation of the Network and Information Systems Security Section includes, among others, the following services:

  • preparation of primary and secondary legislation and the formation of the regulatory framework for network and information systems security,
  • criticality analysis and updates to the list of critical information infrastructures,
  • national level cybersecurity risk assessment,
  • implementation of recommended measures from the national risk assessment,
  • definition of the security measures framework and compliance audits,
  • definition of security incident notification processes,
  • supervision of the implementation of the cybersecurity framework by operators of essential services, critical information infrastructure operators, operators of electronic communications and digital service providers,
  • crisis management in relation to network and information security and cybersecurity,
  • development and management of the implementation of the Cybersecurity Strategy of the Republic of Cyprus,
  • ensuring adequate staffing,
  • participation in European and international bodies, commitees and communities,
  • participation in European co-funded programmes.

 

National CSIRT Section – Operational Section

The National CSIRT (Computer Security Incident Response Team) is the technical and operational arm of the Digital Security Authority, with regard to cybersecurity incident managment for critical information infrastructures in the Republic of Cyprus.

The National CSIRT began its operations in November 2017.  In June 2018, the National CSIRT was officially inaugurated by the Minister of Transport, Communications and Works Mrs. Vasiliki Anastasiadou and the Director of the Telecommunication Development Bureau of International Telecommunication Union (ITU) Mr. Brahima Sanou.

The aim of the National CSIRT is the prevention and readiness for internal security, as well as the effective response to incidents that have the potential to affect the operation of vital infrastructures both in the public and private sectors, as well as the the social and economic life of citizens.  It coordinates and offers assistance to operators of essential services and critical information infrastructure operators to achieve (at least) a minimum level of security, by implementing proactive and reactive services that aim to mitigate risks and minimise cybersecurity incidents, as well as responding to such incidents when they occur.  The National CSIRT is also active in awareness actions towards the local population and national stakeholders, regarding the negative impacts of cyber threats.  In a short period of time, the National CSIRT managed to become a full member of the CSIRTs community at the European and international levels (FIRST[1]TI[2]).

The operations of the National CSIRT include, among others, the following services:

  • disaster recovery services for incidents where there is loss of service or information,
  • disaster prevention services,
  • artifact handling/management services after disaster incidents,
  • network and information security quality management services.

[1] FIRST: Forum of Incident Response and Security Teams

[2] TI: Trusted Introducer