Cyprus Last Updated: January 2021

CYBERSECURITY POLICY

Strategy Documents

Cybersecurity Strategy of the Republic of Cyprus Oﬃce of the Commissioner of Electronic Communications & Postal Regulation

The goal of the strategy is to establish a secure electronic environment in the Republic of Cyprus through:

The protection of critical information infrastructure; A holistic approach to networks, defense, crime, international partnerships; and A focus on network protection.

The document also identiﬁes several priorities:

Coordination of governmental stakeholders; Development of a complete legal framework; Technical and procedural measures; Capacity building; Public/private collaboration; and Creation or adaptation of necessary technology and systems.

Source Source 2 23 April 2012

STRUCTURE

National Centre or Responsible Agency

Oﬃce of the Commissioner of Electronic Communications and Postal Regulation (OCECPR) Independent Regulatory Authority

Indepednent regulatory authority in matters of electronic communications and postal services; Designated for coordinating the implementation of the National Cybersecurity Strategy.

Source 2002 (founded)

Key Positions

Commissioner Oﬃce of the Commissioner of Electronic Communications and Postal Regulation (OCECPR) Source Source 2

Dedicated Agencies and Departments

Department of Information Technology Services (DITS) Cyprus Last Updated: January 2021

Ministry of Finance

Responsible for matters concerning the promotion and application of Information Technology and e-Government in the Public Sector.

Source Source 2

Department of Electronic Communications Ministry of Transport, Communications and Works (MCW)

Its mission is to support and promote the ICT and the digital innovation for the provision of high quality and secure electronic communications services.

Source 2003

National CERT or CSIRT

CSIRT-CY Oﬃce of the Commissioner of Electronic Communications and Postal Regulation (OCECPR)

The National CSIRT-CY envisions the increase of the security posture of The Republic of Cyprus by enhancing cyber protection of its National Critical Information Infrastructures (CII), banks and ISPs.

Source Source 2 2018

LEGAL FRAMEWORK

Legislation

The Regulation of Electronic Communications and Postal Services Law of 2004 (112(I)2004) Constitute the framework for the regulation of electronic communications networks and services and postal services that are provided by persons within the territory of the Republic of Cyprus Source 2004; 2016 (amended)

Subsidiary Administrative Act Number 371/2013

Obligation on public network providers or providers of public electronic communication services to report security breaches In line with Directive 2009/140/EC and ENISA on "Technical Guidelines on Incident Reporting"

Source October 2013

COOPERATION

Multilateral Agreements

Budapest Convention

PARTY Cyprus Last Updated: January 2021

Source Source 2 21 September 2020 (Ratiﬁed)

Bilateral and Multilateral Cooperation

Permanent Structured Cooperation on Security and Defence (PESCO), member European Union

Comprises of two projects on cybersecurity out of 17 projects: (1) cyber threats and incident response information sharing platform; and (2) cyber rapid response teams and mutual assistance in cyber security.

Source 11 December 2017 (decision adopted by the European Council)

Cooperation discussions, Greece-Cyprus Justice Minister Discussions with Greece's Ministry of Public Order and Citizen Protection, including on cyber security and the need for more specialised knowledge and ways to address these challenges. Source 26 July 2017

Select Activities

CYpBer 2020 Ministry of Transport, Communications and Works (MCW)

Conference for maritime, oil, and gas cyber security (3rd Int'l Conference).

Source Source 2 11 April 2016

Membership

Commonwealth

European Union (EU)

International Telecommunications Union (ITU)

Organization for Security and Co- operation in Europe (OSCE)

United Nations (UN)