Informace o projektu

Critical infrastructure in cyber security

Kód projektu
47603
Období řešení
4/2015 - 12/2015
Investor / Programový rámec / typ projektu
Nadace/fond - zahraniční
Fakulta / Pracoviště MU
Právnická fakulta
Spolupracující organizace
University of Haifa

Investor: The Minerva Center for the Rule of Law under Extreme Conditions

Description of the research topic
In August 2014 the Czech Republic becomes one of the first countries worldwide to enact comprehensive law on cyber security. The Act no. 181/2014 Sb., on Cyber Security and Change of Related Acts (further referred to as “Act”), comes in effect 1st January 2015. The Act follows minimalistic approach, therefore it does not subject natural persons to any specific duties and it does not subject most of the legal persons to any specific duties. It aims strictly to administrators of electronic communication service providers, entities operating electronic communication network, administrators of critical information infrastructure information system, administrators of critical information infrastructure communication system and administrators of important information systems. Every category contains different legal persons and membership to every category is determined based on different denominators (often arising from different legal instruments). The Act brings together knowledge from other field (regulation of electronic communication, regulation of critical infrastructure) and states certain measures that need to be implemented and duties towards the National Security Authority, which serves as a responsible public body in the field of cyber security. However, the Act was not the only piece of legislation enacted while defining the Czech cyber security policy and the Governmental Regulation no. 432/2010 Sb., on criteria for determining the element of critical infrastructure (further referred to as “Regulation”) is to be amended by the end of this year. The amended Regulation will stick to the object-based definition of the critical infrastructure – elements of critical infrastructure in the area of cyber security are to be information and communication systems influencing the critical infrastructure. The amended Regulation disregards the different nature of the cyber security compared to the general critical infrastructure security. Critical infrastructure security involves protected elements while the cyber security should protect processes. Although the object-based critical infrastructure might be considered a tradition, it is directly in contrary to the nature of information and communication systems.