Iceland Last Updated: June 2021
CYBERSECURITY POLICY
Strategy Documents
Icelandic National Cyber Security Strategy 2015-2026 Ministry of the Interior (dissolved)
Stipulates 4 main objectives:
1. Increased capacity to prevent and respond to cyber security threats; 2. Increased resilience; 3. Improved legislation in line with international commitments; 4. Reliable law enforcement as regards cyber security.
Source Source 2 June 2015
Iceland's National Security Policy Ministry for Foreign Affairs
Includes one point dedicated to cyber security: "To ensure increased cyber security through continued development of Iceland’s internal capacity and cooperation with other countries."
Source Source 2 18 April 2016
Cybersecurity Capacity Review Ministry of Transport and Local Government
Undertaken by the Global Cyber Security Capacity Centre, University of Oxford; provides 6 recommendations related to the 2015-2026 National Cyber Security Strategy:
1. Explicit links to national risks, priorities, objectives, business development, raising awareness, mitigating cybercrime, and protecting critical infrastructure; 2. Encourage promotion and implementation of the strategy across government and other sectors; 3. Discrete cybersecurity line item in the budget to allocate/manage resources; 4. Conduct regular simulations and exercises that provide picture of national cyber resilience; 5. Collect and evaluate relevant metrics, monitoring processes, and data; 6. Include provision for protection against insider threats.
Source November 2017 (published April 2018)
Implementation Frameworks
Plan of Action 2015-2018 Ministry of the Interior (dissolved); Ministry of Transport and Local Government
Proposes the appointment of a cyber security council, consisting of representatives of the government bodies involved in the implementation of the National Cyber Security Strategy; Orders setting up a cyber security forum, a collaborative venue for representatives of public and private bodies, to coordinate projects involving stakeholders addressing cyber security.
Source Source 2 June 2015 Iceland Last Updated: June 2021
STRUCTURE
National Centre or Responsible Agency
(proposed) Cyber Security Council Government of Iceland
Responsible for supervising the implementation of the Strategy; Will coordinate measures, particularly those involving government bodies; Will review the action plan at least once a year and make proposals on the prioritisation and funding of measures taken.
Source June 2015
Key Positions
Head CERT-ÍS Source
Dedicated Agencies and Departments
National Cyber Security Forum
Collaborative venue for representatives of public bodies and of private entities; Coordinates projects involving stakeholders, and creates a basis for collaboration on specific projects, addressing cyber security in demarcated areas.
Source Source 2 20 February 2017
Department of Digital Communication Ministry of Transport and Local Government
Objective is to link people, settlements and communities through secure electronic communications giving optimal personal data protection Functions and principal tasks include telecommunications and cyber security
Source
National CERT or CSIRT
CERT-IS Post and Telecom Administration
National point of contact for Iceland; Covers telecommunication sector and certain critical information infrastructure as constitutiencies; Tasked with the analysis of cyber security threats and to give assistance to its primary constituency members using both proactive and reactive measures to prevent cyber security incidents and to minimize their impact; Contributes to the overall cyber security in Iceland by providing alerts and contributing to publicly available educational materials.
Source Source 2 2013 Iceland Last Updated: June 2021
LEGAL FRAMEWORK
Legislation
Electronic Communications Act No. 81
Aims to ensure cost-efficient and secure electronic communications, and encourage effective competition in the electronic communications market; Applies to electronic communications, electronic communications service, and electronic communications network.
Source 26 March 2003 (Adoption); 25 July 2003 (entry into force)
Penal Code
Article 158: Misrepresentation and use of information and data stored in machine-readable form; Article 228: Unlawfully obtaining access to other persons' data or programs stored in a machine-readable format; Article 249a: Unlawfully modifying, adding to or destroying computer software, or data or programs stored in machine-readable form, or taking other measures designed to influence the outcome of computer processing; Article 257; Sending, altering, adding to, deleting or destroying in some other way, without authorisation, data or programs that are stored in machine-readable form and are intended for use in computer processing.
Source 12 August 1940 (entry into force); 2 July 2015 (amended)
COOPERATION
Multilateral Agreements
Budapest Convention PARTY Source 1 May 2007 (entry into force)
Bilateral and Multilateral Cooperation
Memorandum of Understanding (MoU) on Defence and Security, Iceland - UK Minister for Foreign Affairs
The aim of the MoU is to enhance defence and security cooperation between the countries; The MoU will help to enhance security cooperation in new areas such as policing, counter-terrorism, search and rescue, risk and crisis management, and cyber security.
Source 26 March 2019
Discussions, Estonia-Iceland Foreign Minister Discussions on cyber security and opportunities for cooperation in this area. Source 20 June 2017 Iceland Last Updated: June 2021
Statement on Cooperation, UK-Iceland National Cyber Security Forum
Statement made by the British Ambassador to Iceland at the first meeting of the Iceland National Cyber Security Forum; Expression of interest to develop a UK partnership with Iceland on cyber issues, both between and with the public and private sector.
Source 20 February 2017
Memorandum of Understanding, Iceland-NATO Permanent Representative of Iceland to NATO Memorandum of Understanding on cyber defence cooperation. Source 18 October 2016
Nordic-Baltic Cooperation (Nordic-Baltic Eight) (NB8)
Regional cooperation format which as of 1992 brought together five Nordic countries and three Baltic countries (Finland, Sweden, Norway, Iceland, Denmark, Estonia, Latvia and Lithuania) to discuss important regional and international issues in an informal atmosphere; Regional cyber cooperation set as priority issue in 2014; In 2020 Estonia was charging two Nordic-Baltic cooperation formats.
Source 2014
Membership
International Telecommunications Union (ITU)
North Atlantic Treaty Organization (NATO)
Organization for Security and Co- operation in Europe (OSCE)
United Nations (UN)