Austria Last Updated: July 2021

CYBERSECURITY POLICY

Strategy Documents

Austrian Cyber Security Strategy Federal Chancellery of Austria; Federal Ministry of the Interior; Federal Ministry for Europe, Integration and Foreign Affairs; Federal Ministry for National Defence and Sport

Developed on the basis of the Security Strategy and guided by the principles of the Austrian Programme for Critical Infrastructure Protection, with seven field of actions:

1. Structures and processes; 2. Governance; 3. Cooperation between the government, economy and society; 4. Protection of critical infrastructures; 5. Awareness raising and training; 6. Research and development; 7. International cooperation.

Source Source 2 20 March 2013

National ICT Security Strategy Austria Federal Chancellery, Digital Austria

Five key strategic objectives and measures for implementation:

1. Stakeholders and structures; 2. Critical infrastructures; 3. Risk management and status quo; 4. Education and research; 5. Awareness.

The key foundation for the development of the Austrian Strategy for Cyber Security.

Source Source 2 2012

Austrian Security Strategy Federal Chancellery of Austria; Federal Ministry of the Interior; Federal Ministry for Europe, Integration and Foreign Affairs; Federal Ministry for National Defence and Sport

Cyber attacks included among the most important challenges, risks and threats; Includes recommendations on cybersecurity.

Source 2013

STRUCTURE

National Centre or Responsible Agency

(Cyber Sicherheit Steuerungsgruppe) (CSS) Cyber Security Steering Group

Responsible for coordinating measures relating to cyber security at a political-strategic level, monitoring and supporting the implementation of the Austrian Cyber Security Strategy. Austria Last Updated: July 2021

Source Source 2 11 May 2012 (decision of the Council of Ministers)

Key Positions

Cyber Security Officer Austrian Federal Chancellery Source

Dedicated Agencies and Departments

Military CERT (MilCERT) Austrian Armed Forces Builds up the operational capabilities to counter cyber attacks. Source May 2013

Cyber Crime Competence Center (C4) Federal Ministry of the Interior Austria's central body in charge of exercising security and criminal police duties in the area of cyber security. Source

National CERT or CSIRT

GovCERT Austria Federal Chancellery

Constituency consists of Austria's public administration; Cooperates with CERT.at to handle and prevent security-relevant incidents in the area of information and communication technologies.

Source April 2008

Computer Emergency Response Team Austria Austrian Domain Registry; Federal Chancellery

Primary contact point for IT-security in a national context; Coordinates other CERTs operating in the area of critical infrastructure or communication infrastructure.

Source 2008

In Progress or Proposed

Cyber Crisis Management Federal Ministry of the Interior; Federal Ministry of Defence and Sports

Proposed in Austrian Cyber Security Strategy; Tasked with the preparation of crisis management and continuity plans on a regular basis, on the basis of risk analyses for sector-specific and Austria Last Updated: July 2021

cross-sectoral cyber threats.

Source

Operational Coordination Structure (Operative Koordinierungsstruktur) Federal Ministry of the Interior; Federal Ministry of Defence and Sports

Proposed in Austrian Cyber Security Strategy; Will serve as a platform for preparing a periodic and incident-related Cyber Security Picture and for deliberations on measures to be taken at operational level.

Source

LEGAL FRAMEWORK

Legislation

Austrian Penal Code

Section 118a: Illegal access; Section 119 and 119a: Illegal interception; Section 126a: Data interference; Section 126b: System interference; Section 126c: Misuse of devices; Section 148a: Computer-related fraud; Section 207a: Offences related to child pornography; Section 225a: Computer-related forgery.

Source Source 2

E-Government Act (Bundesgesetz über Regelungen zur Erleichterung des elektronischen Verkehrs mit öffentlichen Stellen, E- Government-Gesetz)

Aims to promote legally relevant electronic communications, facilitate electronic communication with public bodies; Creation of specific technical means to counter the risks associated with an increased use of automated data processing.

Source Source 2 1 March 2004 (entry into force)

Data Protection Law of 2000 (Datenschutzgesetz 2000)

Contains provisions on use of data, data security, publicity of data applications, rights of the data subject, legal remedies, control bodies, special purposes of data use, special uses of data, penal provisions, transitional and final provisions.

Source Source 2 2000

COOPERATION

Multilateral Agreements

Budapest Convention PARTY Austria Last Updated: July 2021

Source 1 October 2012 (entry into force)

UN Processes

Expressed views to the Annual Report of the UN Secretary-General on Developments in the Field of Information and Telecommunications in the Context of International Security

Source 2011, 2014, 2016

Expressed Views at the Open-Ended Working Group on Developments in the Field of Information and Telecommunications in the Context of International Security

Source Source 2 2019/2020/2021

Bilateral and Multilateral Cooperation

Memorandum of Understanding - Austria, Belgium, Estonia, Finland, Germany and Latvia European Defence Agency Memorandum of Understanding on the pooling and sharing of their respective cyber ranges capabilities;

Part of the Cyber Ranges Federation Project launched in May 2018: Cyber Defence Pooling & Sharing Project.

Source Source 2 28 June 2018

Permanent Structured Cooperation on security and defence (PESCO) European Union

Member; Comprises two projects on cybersecurity out of 17 projects: (1) cyber threats and incident response information sharing platform; and (2) cyber rapid response teams and mutual assistance in cyber security.

Source Source 2 11 December 2017 (decision adopted by the European Council)

Joint Statement, Visegrad (V4)-Austria, Croatia, Slovenia Ministry of Foreign Affairs Identified cyber security as one of the issues to take action on- Source 10 July 2017

Memorandum of Understanding Austria-Hong Kong Federal Ministry of Science, Research and Economy of Austria

Memorandum of Understanding on the pooling and sharing of their respective cyber ranges capabilities; Part of the Cyber Ranges Federation Project launched in May 2018: Cyber Defence Pooling & Sharing Project.

Source 24 May 2016 Austria Last Updated: July 2021

Global Forum on Cyber Expertise, Member

A global platform for countries, international organizations and private companies to exchange best practices and expertise on cyber capacity building

Source Source 2 2015 (established)

Memorandum of Understanding, Austria-Estonia

Source

Select Activities

Austrian OSCE Chairmanship, Conference on Cyber Security Themes to be addressed include co-operative measures to 1) address terrorist and criminal use of ICTs in line with OSCE commitments; 2) protecting critical infrastructure from malicious ICT activities; and 3) protection of human rights on the Internet. Source 3 November 2017

Central European Cyber Security Platform (CECSP) Ministry of Foreign Affairs

Founding member of the Central European Cyber Security Platform (in May 2013), along with the Czech Republic. Together with Poland, Slovakia, and Hungary, the platform seeks to strengthen cyber security cooperation in the unique Central European environment.

Source November 2017

Austrian Cybersecurity Platform Federal Ministry of Finance; Federal Chancellery; Secure Information Technology Center - Austria (A-SIT, nonprofit association)

Public-private partnership launched by the Federal Chancellery; A strategic measure of the National ICT Security Strategy and the Austrian Strategy for Cyber Security to promote and strengthen in the long term the ICT and cyber security culture

Source 2013

Membership

European Union (EU)

International Telecommunications Union (ITU)

Organization for Security and Co- operation in Europe (OSCE)

United Nations (UN)