ŠAVŠ/TAČR Digital Czechia in a Digital Europe

150

FOCUSING ON PROCESSES

In the process of ensuring cyber security, especially with regard to public institutions and ministries, it is necessary to proceed primarily in the form of protection of key functions. In an effort to identify potential threats and vulnerabilities, there is often a strong emphasis on securing the systems and assets (data, information) they contain. Undoubtedly, it is necessary to protect ministries and public institutions from the leakage of key data and information. It is even more important, however, for these institutions to maintain the ability to perform their basic functions during and immediately after a cyberattack. Restricting or completely ceasing the functions of strategic state institutions in segments such as health care, social assistance, security, etc. would have very disruptive and far-reaching effects on the functioning and running of society. Furthermore, such attacks could fundamentally undermine the general confidence in these institutions and the functioning of the state. In defining and ensuring cyber security, state institutions must, in the first phase, primarily identify the basic functions that are key to the functioning of society and which these institutions must be able to perform under any conditions. In the second phase, it is necessary to identify the infrastructure and processes that are necessary to perform such functions. Only in the third phase is it essential to propose measures that will primarily focus on the protection of this infrastructure. 33 The protection of the processes and functions of state institutions, rather than the mere protection of internal systems as such, should be the basic building block of the cyber security of the Czech Republic. Estonia has chosen a similar cyber security strategy. The country also adds the requirement that key institutions and bodies have a system of alternative solutions in case of disruption of the basic functions of ICT infrastructure and public administration services. 34 When digitalizing public services, especially with regard to key ministries, a strategy should always be created at the same time to ensure, in the event of a major disruption of the ICT infrastructure, the smooth continuation of strategic functions and services.

33 Charlet Katherine, Government in the Crosshairs: Recommendations for Federal Cybersecurity. 34 Cyber Security Strategy [Estonia] 2014-2017, Ministry of Economic Affairs and Communication 2014.

Made with FlippingBook Publishing Software