National Cyber and Information Security Agency

The Sixth Edition of the International Prague Cyber Security Conference 2025 took place in the Czech capital

On March 18–19, 2025, the sixth edition of the international Prague Cyber Security Conference (PCSC) took place in Prague. The event was organized by the National Cyber and Information Security Agency (NÚKIB) in cooperation with the Ministry of Foreign Affairs of the Czech Republic. The conference bore the subtitle "Invisible Frontlines". Participants, including experts, government officials, and representatives of the private sector, gathered at the Czech National Bank’s Congress Center from 46 countries worldwide.

This year’s subtitle refers to the idea that "cyberspace is not only an environment for everyday life but also the first battleground where conflicts arise between state and non-state actors. Cyber conflicts often begin invisibly, but their impacts become more than real – ranging from disruptions of critical infrastructure to economic coercion by authoritarian states and attempts to destabilize our democratic society," explained NÚKIB Director Lukáš Kintr. The importance of cooperation and resilience in cyberspace was also emphasized by Minister of Foreign Affairs Jan Lipavský in his closing remarks: "Cyberattacks happen long before tanks roll and missiles strike. That’s why improving resilience is crucial. It’s not just a technical issue – it’s a matter of national security, economic stability, and the survival of democracy."

Experts discussed evolving strategies on the invisible frontlines of cybersecurity warfare – through cooperation between governments, law enforcement, and private entities. Discussions also covered responses to cyberattacks from China, Russia, and Iran, as well as hidden cyber tactics and so-called shadow operations carried out by China in Western countries.

During a meeting between representatives of Ukraine and its allies, key cybersecurity lessons learned from the ongoing conflict in Ukraine were shared. Ukraine has strengthened its cyber resilience in response to constant threats, and participants discussed how non-directly involved states, affected by the cyber consequences of the conflict, are adapting their security strategies.

The conference also focused on the energy sector, as energy infrastructure is increasingly targeted by state-sponsored cybercriminal groups. Panel discussions addressed specific policies and regulations related to energy security, including the new EU Network Code for Cybersecurity in the Electricity Sector, the G7 Framework for Cybersecurity of Operational Technologies in Energy Systems, and the U.S. Department of Energy’s supply chain cybersecurity principles. Cyber threats also extend to the telecommunications sector, endangering global communication networks. On these "invisible frontlines", cybersecurity professionals face the challenge of securing complex infrastructure against increasingly sophisticated and persistent attacks. Participants explored strategies for risk identification and mitigation, supply chain security, and strengthening cyber resilience in telecommunications systems. Other topics included the role of artificial intelligence in cybersecurity and defence, satellite systems and the growing reliance on satellite networks for military, financial, and civil operations, and connected vehicles, which significantly impact everyday life.

Parallel to the main conference program, bilateral meetings between NÚKIB representatives and international partners took place. Strengthening international cooperation was one of the key goals of the event. "Cybersecurity is a global challenge that demands global solutions. The active participation of Indo-Pacific partners at the Prague Cyber Security Conference underscores the essential role of regional cooperation in shaping resilient and forward-thinking cybersecurity policies. It was an honour to have Lt. Gen. Michelle McGuinness open the conference. A testament to the strength of our partnership and the mutual commitment to cybersecurity. This collaboration is not one-sided; it was reaffirmed a year and a half ago when we established the position of Cyber Attaché for the region, recognizing the strategic importance of sustained engagement," concluded Veronika Kolek Netolická, the Czech Republic’s Cyber Attaché for the Indo-Pacific.

For the second time in its history, the conference was open to the private sector, recognizing the growing importance of public-private cooperation in cybersecurity. Key partners of this year’s edition included Amazon Web Services (AWS), MSD, APPSEC, CISCO, Mastercard, ICZ, Whalebone, and CETIN. The Prague Cyber Security Conference 2025 once again provided a vital platform for strategic discussions and deepening cooperation between states and the private sector.

The conference was first held under the name Prague 5G Security Conference in 2019.

Prague Hosts the Sixth Edition of the International Prague Cyber Security Conference Organized by NÚKIB

The National Cyber and Information Security Agency (NÚKIB), in cooperation with the Ministry of Foreign Affairs of the Czech Republic, is hosting the sixth edition of the prestigious Prague Cyber Security Conference (PCSC) on March 18–19, 2025. The event, held at the Congress Center of the Czech National Bank, brings together experts, government officials, and private sector representatives from 46 countries worldwide.

PCSC has established itself as a key platform for dialogue on cybersecurity threats, emerging breakthrough technologies, and responsible approaches to supply chain security. “This conference continues the legacy of the groundbreaking Prague 5G Security Conference, which we organized in 2019. At that time, we succeeded in shifting the paradigm and the perspective of like-minded democratic nations regarding the construction and security of next-generation telecommunications networks. Since then, we have expanded the conference scope to include other strategic areas of cybersecurity,” said Lukáš Kintr, Director of NÚKIB.

This year’s PCSC carries the theme ‘Invisible Frontlines’, emphasizing that “cyberspace is not only a domain of everyday life but also the first battlefield where states and non-state actors confront each other. Cyber conflicts often begin invisibly, but their impact is very real – from disruptions to critical infrastructure and economic coercion by authoritarian regimes to attempts to destabilize our democratic societies. Our goal at this conference is to explore ways to effectively counter these threats in cooperation with other democratic states and strengthen our resilience,” Kintr added.

Conference panels focus on covert hybrid operations and new attack vectors that influence national security and geopolitical stability. Discussions also address the defensive and security strategies of democratic nations against these sophisticated yet subtle threats. Furthermore, the conference highlights specific security topics, such as challenges related to artificial intelligence development, the security of connected (electric) vehicles, satellite service security, and more.

For the second time in its history, PCSC opens its doors to the private sector, reflecting the increasing importance of public-private cooperation in cybersecurity. Key partners of this year’s edition include Amazon Web Services (AWS), MSD, APPSEC, CISCO, Mastercard, ICZ, Whalebone, and CETIN.

“We greatly appreciate the collaboration of all our partners. AWS will once again be one of the key partners for this year’s conference. To meet European data privacy and compliance requirements, the company continues to expand its portfolio of cloud solutions in Europe. This includes the AWS European Sovereign Cloud, a new independent cloud for Europe, designed to help public sector organizations and customers in highly regulated industries meet their evolving sovereignty needs,” said Tomáš Krejčí, First Deputy Director of NÚKIB.

Prague Cyber Security Conference 2025 provides a crucial platform for strategic discussions and collaboration between states and private companies, built on a shared approach, democratic values, and the rule of law.

“In an era where authoritarian regimes use technology to undermine security and destabilize democratic societies, it is essential for nations and companies that share common values to work closely together and seek effective defense strategies,” Kintr concluded. The conference will thus contribute to strengthening the cyber resilience of democratic states in an ever-evolving digital environment.

The National Cyber and Information Security Agency of the Czech Republic Co-Seals Publications on Cybersecurity of Edge Devices with the Australian Signals Directorate and International Partners

The National Cyber and Information Security Agency of the Czech Republic (NÚKIB) has joined an international initiative led by the Australian Signals Directorate (ASD), co-signing two key documents focused on improving the security of network edge devices: Mitigation Strategies for Edge Devices: Executive Guidance, and Mitigation Strategies for Edge Devices: Practitioner Guidance.

The initiative includes collaboration with international partners such as the United States’ Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), the Canadian Centre for Cyber Security (CCCS), the National Cyber Security Centre of New Zealand (NCSC-NZ), the United Kingdom’s National Cyber Security Centre (NCSC-UK), Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and Japan Computer Emergency Response Team (JPCERT), the Republic of Korea’s National Cyber Security Centre (NCSC) and National Intelligence Service (NIS), and the Netherlands' General Intelligence and Security Service (AIVD) and Military Intelligence & Security Service (MIVD).

The documents summarize current findings on vulnerabilities in network edge devices, such as enterprise routers, firewalls, and VPN concentrators, and provide recommendations to mitigate these risks. Their goal is to enhance organizational resilience through a combination of strong security measures and international collaboration. Key recommendations in these publications include comprehensive management of network edge devices, procurement of securely designed technologies, regular updates, strong authentication protocols, and the securing of management interfaces.

“NÚKIB recognizes that vulnerabilities in network edge devices present a serious issue. Strengthening their security is not merely a choice but a necessity. The recommended principles align with long-term security standards that NÚKIB advocates for. By implementing robust measures, ensuring their timely deployment, and fostering international cooperation, we can effectively address these risks and enhance resilience across organizations and national borders,” said Lukáš Kintr, Director of NÚKIB.

These publications demonstrate the collective effort of global partners to strengthen cybersecurity and protect critical infrastructure from evolving cyber threats. Read the publications here.

EU Member States Warn of the Quantum Threat and Call for the Transition to Post-Quantum Cryptography

The National Cyber and Information Security Agency (NÚKIB) of the Czech Republic has joined the joint statement "Securing Tomorrow, Today: Transitioning to Post-Quantum Cryptography". Although the document is not legally binding, it expresses the common position of 18 European Union (EU) member states towards the transition to post-quantum cryptography (PQC).

The joint statement points out the danger of the quantum threat and urges entities from the public sector, critical infrastructure, IT providers as well as the private sector to make the transition to PQC their priority. NÚKIB agrees with the document's conclusions and supports the preparatory steps outlined in the document. These include, inter alia, performing an analysis to assess the quantum threat impact and preparing a risk-oriented implementation roadmap for the transition to PQC. General support for PQC research and standardisation in this area is also mentioned.

The joint statement emphasizes the quantum threat in the context of the "store now, decrypt later" scenario. This approach is used by attackers to collect encrypted data that they can decrypt in the future once there are cryptographically relevant quantum computers available. To ensure confidentiality protection, especially for the most sensitive use cases, it is recommended to migrate to PQC as soon as possible, ideally by 2030 at the latest. In addition, the document also highlights the risk stemming from the time required to move to PQC, especially for more complex systems. An example of such a system is the Public Key Infrastructure (PKI), which is used to distribute and manage public keys and digital certificates. If these systems do not make the transition to PQC in time, both the confidentiality and, above all, the authenticity of the data contained in them will be compromised. However, due to their complexity, the transition to PQC will take time – which is why it is recommended to start as soon as possible.

Finally, the joint statement mentions the establishment of a Workstream within the NIS Cooperation Group with a task to prepare an implementation roadmap for the transition to PQC following the recommendations of the European Commission. Together with France, Germany, the Netherlands and other EU member states, the Czech Republic is also involved in this work.

As part of its activities, the NÚKIB has long sought to increase resilience to the threat posed by quantum computers to secure communications. Recently, the Agency expressed its support for the "Position paper on Quantum Key Distribution". Last year, the NÚKIB implemented quantum-resistant (post-quantum) cryptography to ensure secure communication between a web browser and the NÚKIB Portal web application. Before that, it also prepared supporting materials that explain the nature of the quantum threat and the steps to be taken in the coming years to prevent it.