Cybersecurity: overview of relevant institutions

Introduction

Information technologies are increasingly being exposed to the potentially malicious intentions of various interest groups and individuals. Therefore, a systematic and coordinated effort to improve cybersecurity abilities is key for a safe digital society.

The Croatian cybersecurity system is a complex cross-sectorial network of institutions and regulations in constant development but aligned with the requirements acquired through the country's membership of the European Union and the North Atlantic Treaty Organisation (NATO).

This article is the second in a series on the regulation of cybersecurity in Croatia.(1)

Information Security Act institutions

The first legal act to regulate cybersecurity matters in Croatia was the Information Security Act (Official Gazette 79/2007), which was passed in 2007. This act laid the foundations for cybersecurity in the public cybersphere and established three bodies which have key roles in Croatia's cybersecurity policy:

the Office of the National Security Council (ONSC);
the Information Systems Security Bureau (ISSB); and
the Computer Emergency Response Team (CERT).

ONSC

Under the Information Security Act, the ONSC became the national security authority responsible for coordinating national, EU and NATO measurements and standards for the protection of classified and non-classified information in the government sector. The ONSC is the main body of the Croatian security and intelligence system. It performs tasks for the National Security Council and the Council for the Coordination of Security and Intelligence Services and informs the president and prime minister about security and intelligence agency work.

ISSB

The Information Security Act tasked the ISSB with the coordination of prevention and response measures regarding information system security threats in the government sector. The ISSB is the central state authority responsible for the technical side of state body information security. This includes the management of:

information security standards;
security accreditations; and
encrypted material used during exchanges of classified information and similar tasks.

ISSB directors are appointed by the government, based on the Council for Coordination of Security Intelligence Agencies' proposals.

CERT

The Information Security Act established the CERT as a department within the Croatian Academic and Research Network. The CERT is responsible for the prevention of security threats and the protection of all public information systems in Croatia. Its main task is to handle computer security incidents in which one of the parties is in Croatia (ie, parties that have a '.hr' domain or are within the Croatian internet protocol address range).

Additional functions of ONSC, ISSB and CERT

The Act on Cybersecurity of Operators of Essential Services and Digital Service Providers 2018 (Official Gazette 64/2018), which was transposed from the EU Network and Information Security Directive (2016/1148/EU), gave the three bodies additional national functions. The ONSC became the national single point of contact, while the ISSB and the CERT became national Computer Security Incident Response Team bodies with similar prevention and response tasks.

National Cybersecurity Strategy institutions

The 2015 adoption of the National Cybersecurity Strategy necessitated the introduction of a cross-institutional body to monitor its implementation and connect the competent institutions in the government and public sectors. In 2016 two cross-institutional bodies were established to manage the implementation of the National Cybersecurity Strategy's goals and measurements and to resolve all relevant national cybersecurity issues:

the National Cybersecurity Council; and
the Operational and Technical Cybersecurity Coordination Group.

National Cybersecurity Council

The National Cybersecurity Council comprises 16 representatives of the following government institutions:

the ONSC;
the Central State Office for Development of the Digital Society;
the Security and Intelligence Agency;
the ISSB;
the Operational-Technical Centre for Telecommunications Surveillance;
the Croatian Academic and Research Network;
the CERT;
the Croatian Regulatory Authority for Network Industry;
the Croatian National Bank; and
the Croatian Personal Data Protection Agency.

The ONSC representative acts as the president. The National Cybersecurity Council reports to the government and is responsible for the implementation of three cyber crisis management measures.

Operational and Technical Cybersecurity Coordination Group

The Operational and Technical Cybersecurity Coordination Group supports the National Cybersecurity Council's operations by:

monitoring national cyberspace to detect threats which may lead to a cyber crisis;
reporting on the status of cybersecurity measures;
suggesting action plans for cyber crises; and
performing other tasks in accordance with established programmes.

The Operational and Technical Cybersecurity Coordination Group comprises eight members, some of whom are representatives of organisations that are also represented in the National Cybersecurity Council. The Ministry of the Interior representative acts as the coordinator. The Operational and Technical Cybersecurity Coordination Group reports to the National Cybersecurity Council and participates in the implementation of the measures for which the council is responsible.

Endnotes

(1) For the first article in the series, please see "Cybersecurity: overview of relevant legislation".

Register now for your free, tailored, daily legal newsfeed service.

Cybersecurity: overview of relevant institutions

Filed under

Topics

Popular articles from this firm

First-step analysis: gas regulation in Croatia *

In brief: natural gas production in Croatia *

Navigating VASP regulations: Croatian perspective *

Development of sustainable financing in Croatia *

Electricity Regulation in Croatia *

Related practical resources PRO

Related research hubs