Iceland Last Updated: June 2021

CYBERSECURITY POLICY

Strategy Documents

Icelandic National Cyber Security Strategy 2015-2026 Ministry of the Interior (dissolved)

Stipulates 4 main objectives:

1. Increased capacity to prevent and respond to cyber security threats; 2. Increased resilience; 3. Improved legislation in line with international commitments; 4. Reliable law enforcement as regards cyber security.

Source Source 2 June 2015

Iceland's National Security Policy Ministry for Foreign Affairs

Includes one point dedicated to cyber security: "To ensure increased cyber security through continued development of Iceland’s internal capacity and cooperation with other countries."

Source Source 2 18 April 2016

Cybersecurity Capacity Review Ministry of Transport and Local Government

Undertaken by the Global Cyber Security Capacity Centre, University of Oxford; provides 6 recommendations related to the 2015-2026 National Cyber Security Strategy:

1. Explicit links to national risks, priorities, objectives, business development, raising awareness, mitigating cybercrime, and protecting critical infrastructure; 2. Encourage promotion and implementation of the strategy across government and other sectors; 3. Discrete cybersecurity line item in the budget to allocate/manage resources; 4. Conduct regular simulations and exercises that provide picture of national cyber resilience; 5. Collect and evaluate relevant metrics, monitoring processes, and data; 6. Include provision for protection against insider threats.

Source November 2017 (published April 2018)

Implementation Frameworks

Plan of Action 2015-2018 Ministry of the Interior (dissolved); Ministry of Transport and Local Government

Proposes the appointment of a cyber security council, consisting of representatives of the government bodies involved in the implementation of the National Cyber Security Strategy; Orders setting up a cyber security forum, a collaborative venue for representatives of public and private bodies, to coordinate projects involving stakeholders addressing cyber security.

Source Source 2 June 2015 Iceland Last Updated: June 2021

STRUCTURE

National Centre or Responsible Agency

(proposed) Cyber Security Council Government of Iceland

Responsible for supervising the implementation of the Strategy; Will coordinate measures, particularly those involving government bodies; Will review the action plan at least once a year and make proposals on the prioritisation and funding of measures taken.

Source June 2015

Key Positions

Head CERT-ÍS Source

Dedicated Agencies and Departments

National Cyber Security Forum

Collaborative venue for representatives of public bodies and of private entities; Coordinates projects involving stakeholders, and creates a basis for collaboration on specific projects, addressing cyber security in demarcated areas.

Source Source 2 20 February 2017

Department of Digital Communication Ministry of Transport and Local Government

Objective is to link people, settlements and communities through secure electronic communications giving optimal personal data protection Functions and principal tasks include telecommunications and cyber security

Source

National CERT or CSIRT

CERT-IS Post and Telecom Administration

National point of contact for Iceland; Covers telecommunication sector and certain critical information infrastructure as constitutiencies; Tasked with the analysis of cyber security threats and to give assistance to its primary constituency members using both proactive and reactive measures to prevent cyber security incidents and to minimize their impact; Contributes to the overall cyber security in Iceland by providing alerts and contributing to publicly available educational materials.

Source Source 2 2013 Iceland Last Updated: June 2021

LEGAL FRAMEWORK

Legislation

Electronic Communications Act No. 81

Aims to ensure cost-efficient and secure electronic communications, and encourage effective competition in the electronic communications market; Applies to electronic communications, electronic communications service, and electronic communications network.

Source 26 March 2003 (Adoption); 25 July 2003 (entry into force)

Penal Code

Article 158: Misrepresentation and use of information and data stored in machine-readable form; Article 228: Unlawfully obtaining access to other persons' data or programs stored in a machine-readable format; Article 249a: Unlawfully modifying, adding to or destroying computer software, or data or programs stored in machine-readable form, or taking other measures designed to influence the outcome of computer processing; Article 257; Sending, altering, adding to, deleting or destroying in some other way, without authorisation, data or programs that are stored in machine-readable form and are intended for use in computer processing.

Source 12 August 1940 (entry into force); 2 July 2015 (amended)

COOPERATION

Multilateral Agreements

Budapest Convention PARTY Source 1 May 2007 (entry into force)

Bilateral and Multilateral Cooperation

Memorandum of Understanding (MoU) on Defence and Security, Iceland - UK Minister for Foreign Affairs

The aim of the MoU is to enhance defence and security cooperation between the countries; The MoU will help to enhance security cooperation in new areas such as policing, counter-terrorism, search and rescue, risk and crisis management, and cyber security.

Source 26 March 2019

Discussions, Estonia-Iceland Foreign Minister Discussions on cyber security and opportunities for cooperation in this area. Source 20 June 2017 Iceland Last Updated: June 2021

Statement on Cooperation, UK-Iceland National Cyber Security Forum

Statement made by the British Ambassador to Iceland at the first meeting of the Iceland National Cyber Security Forum; Expression of interest to develop a UK partnership with Iceland on cyber issues, both between and with the public and private sector.

Source 20 February 2017

Memorandum of Understanding, Iceland-NATO Permanent Representative of Iceland to NATO Memorandum of Understanding on cyber defence cooperation. Source 18 October 2016

Nordic-Baltic Cooperation (Nordic-Baltic Eight) (NB8)

Regional cooperation format which as of 1992 brought together five Nordic countries and three Baltic countries (Finland, Sweden, Norway, Iceland, Denmark, Estonia, Latvia and Lithuania) to discuss important regional and international issues in an informal atmosphere; Regional cyber cooperation set as priority issue in 2014; In 2020 Estonia was charging two Nordic-Baltic cooperation formats.

Source 2014

Membership

International Telecommunications Union (ITU)

North Atlantic Treaty Organization (NATO)

Organization for Security and Co- operation in Europe (OSCE)

United Nations (UN)