Informace o projektu
Critical infrastructure in cyber security
- Kód projektu
- 47603
- Období řešení
- 4/2015 - 12/2015
- Investor / Programový rámec / typ projektu
-
Ostatní - zahraniční
- Ostatní nadace/fondy zahraniční
- Fakulta / Pracoviště MU
- Právnická fakulta
- Spolupracující organizace
-
University of Haifa
Investor: The Minerva Center for the Rule of Law under Extreme Conditions
Description of the research topic
In August 2014 the Czech Republic becomes one of the first countries worldwide to enact comprehensive law on cyber security. The Act no. 181/2014 Sb., on Cyber Security and Change of Related Acts (further referred to as “Act”), comes in effect 1st January 2015. The Act follows minimalistic approach, therefore it does not subject natural persons to any specific duties and it does not subject most of the legal persons to any specific duties. It aims strictly to administrators of electronic communication service providers, entities operating electronic communication network, administrators of critical information infrastructure information system, administrators of critical information infrastructure communication system and administrators of important information systems. Every category contains different legal persons and membership to every category is determined based on different denominators (often arising from different legal instruments). The Act brings together knowledge from other field (regulation of electronic communication, regulation of critical infrastructure) and states certain measures that need to be implemented and duties towards the National Security Authority, which serves as a responsible public body in the field of cyber security. However, the Act was not the only piece of legislation enacted while defining the Czech cyber security policy and the Governmental Regulation no. 432/2010 Sb., on criteria for determining the element of critical infrastructure (further referred to as “Regulation”) is to be amended by the end of this year. The amended Regulation will stick to the object-based definition of the critical infrastructure – elements of critical infrastructure in the area of cyber security are to be information and communication systems influencing the critical infrastructure. The amended Regulation disregards the different nature of the cyber security compared to the general critical infrastructure security. Critical infrastructure security involves protected elements while the cyber security should protect processes. Although the object-based critical infrastructure might be considered a tradition, it is directly in contrary to the nature of information and communication systems.