ŠAVŠ/TAČR Digital Czechia in a Digital Europe

147

Another factor is ensuring that suppliers of ICT products for public administrations themselves adhere to strict security measures. This aspect is very often mentioned in the cyber-security strategies of key European countries, as there is a (legitimate) concern that the compromise of purchased ICT products could already take place at the supplier. The United Kingdom has even purposefully increased the security requirements it places on its suppliers in recent years – especially when it comes to ICT products for the military-security sections of the public administration. 22 The public administration should not only require a higher level of security for suppliers of ICT products but also actively carry out its control, while the responsibility for possible failure must be clearly defined. Finally, public administration must also focus on the continuous retention of talented individuals in the field of cyber security. Simultaneously, it must be able to ensure and provide such financial rewards and benefits so that work in the public sector is attractive also with regard to the acquisition of new ICT specialists. 23 For example, linking key positions for cyber security with table salaries (including the possibility for the public administration of traditional remuneration) is not sufficient to ensure sufficiently qualified staff due to the inability of such an award to compete with wages in the private sector. If the state aims to increase the supply of ICT expertise at the national level in the long term, it must significantly strengthen 1) the level of ICT research and 2) education, especially of bachelor’s and master’s degrees. Sweden has gone up to the level of the Government Bill Collaborating for Knowledge to support research and higher education. In order to strengthen the partnership between the country’s industrial base, the state and research institutions, an action group was also set up to propose solutions to cyber threats. One of the main points was the coordination of investments in education, both from public and private sources – in order to avoid unnecessary duplication. 24 On the other hand, Estonia has long sought, for example, to link university education focused on cyber security with institutions that actually deal with this issue at the state level in practice (e.g. cybercrime authorities or digital forensic analysis). 25 In all cases, there is a significant effort not only to support educational programs focused on cyber security but above all to connect them either with current state institutions dealing with cybercrime or directly with the private sector, which deals with this issue in the country. The Czech Republic should follow this example and try to integrate university programs more into

22 The UK Cyber Security Strategy Protecting and promoting the UK in a digital world. 23 Charlet Katherine, Government in the Crosshairs.

24 A national cyber security strategy, Government Offices of Sweden Ministry of Justice, 22/06/2017, see https://www.government.se/4ac8ff/contentassets/d87287e088834d9e8c08f28d0b9dda5b/a-national- cyber-security-strategy-skr.-201617213. 25 Cyber Security Strategy [Estonia] 2014-2017, Ministry of Economic Affairs and Communication 2014.

Made with FlippingBook Publishing Software