National Cyber and Information Security Agency

EU Member States Warn of the Quantum Threat and Call for the Transition to Post-Quantum Cryptography

The National Cyber and Information Security Agency (NÚKIB) of the Czech Republic has joined the joint statement "Securing Tomorrow, Today: Transitioning to Post-Quantum Cryptography". Although the document is not legally binding, it expresses the common position of 18 European Union (EU) member states towards the transition to post-quantum cryptography (PQC).

The joint statement points out the danger of the quantum threat and urges entities from the public sector, critical infrastructure, IT providers as well as the private sector to make the transition to PQC their priority. NÚKIB agrees with the document's conclusions and supports the preparatory steps outlined in the document. These include, inter alia, performing an analysis to assess the quantum threat impact and preparing a risk-oriented implementation roadmap for the transition to PQC. General support for PQC research and standardisation in this area is also mentioned.

The joint statement emphasizes the quantum threat in the context of the "store now, decrypt later" scenario. This approach is used by attackers to collect encrypted data that they can decrypt in the future once there are cryptographically relevant quantum computers available. To ensure confidentiality protection, especially for the most sensitive use cases, it is recommended to migrate to PQC as soon as possible, ideally by 2030 at the latest. In addition, the document also highlights the risk stemming from the time required to move to PQC, especially for more complex systems. An example of such a system is the Public Key Infrastructure (PKI), which is used to distribute and manage public keys and digital certificates. If these systems do not make the transition to PQC in time, both the confidentiality and, above all, the authenticity of the data contained in them will be compromised. However, due to their complexity, the transition to PQC will take time – which is why it is recommended to start as soon as possible.

Finally, the joint statement mentions the establishment of a Workstream within the NIS Cooperation Group with a task to prepare an implementation roadmap for the transition to PQC following the recommendations of the European Commission. Together with France, Germany, the Netherlands and other EU member states, the Czech Republic is also involved in this work.

As part of its activities, the NÚKIB has long sought to increase resilience to the threat posed by quantum computers to secure communications. Recently, the Agency expressed its support for the "Position paper on Quantum Key Distribution". Last year, the NÚKIB implemented quantum-resistant (post-quantum) cryptography to ensure secure communication between a web browser and the NÚKIB Portal web application. Before that, it also prepared supporting materials that explain the nature of the quantum threat and the steps to be taken in the coming years to prevent it.

Information about the NIS2 transposition in the Czech Republic

The National Cyber and Information Security Agency (NÚKIB) issued an article in English about the proposal of the new Czech Act on Cyber security, which transposes the NIS2 Directive into Czech law.

The summary in the article contains basic information about the proposal together with the non-official translation of its latest version, the timetable of the legislative procedure, and the main questions and answers.

The article is available here: https://portal.nukib.gov.cz/informace/legislativa/english-new-czech-act-on-cybersecurity

National Cyber and Information Security Agency Strengthens Cooperation with Canada

From October 27 to November 1, Tomáš Krejčí, Deputy Director of the National Cyber and Information Security Agency (NÚKIB), accompanied by Cyber Attachée Berta Jarošová, visited Canada. During the visit, representatives of NÚKIB met with experts from the federal government, private sector, and academia. This visit took place within the framework of the Economic Diplomacy Projects (PROPED) program of the Czech Ministry of Foreign Affairs, organized by the Czech Embassy in Ottawa and the Consulate General in Toronto with support from NÚKIB. Selected Czech companies in the field of cybersecurity interested in exploring opportunities in Canada also participated in this mission.

In Ottawa, NÚKIB representatives met with federal government partners to discuss ways to strengthen collaboration in countering cyber threats and protecting critical infrastructure. They met with Bridget Walshe, Director of the Canadian Centre for Cyber Security, as well as representatives from Public Safety Canada and Global Affairs Canada. “Our discussions with Canadian counterparts confirmed that both the Czech Republic and Canada are currently facing very similar challenges in terms of cyber threats and regulation. Operational cooperation, especially timely information sharing, therefore remains key for us. In the past, thanks to warnings from Canadian partners, we were able to detect potentially malicious activities in the Czech Republic in a timely manner. I’m pleased that we are able to continue to develop and deepen this cooperation,” added Deputy Head Tomáš Krejčí.

During the visit, the Deputy Director also spoke at the InCyber Forum international conference in Montreal, where he discussed the implementation of the NIS2 directive and the preparation of Canada’s federal Bill C-26 on cybersecurity alongside representatives from Canada, Luxembourg, and the Netherlands. On the sidelines, the delegation also met with officials from Quebec’s Ministry for Cybersecurity to explore potential areas for sharing expertise between Czech and Quebec experts.

In Toronto, the Deputy Director launched the second annual Czech Cyber Security Forum, attended by representatives from Czech companies as well as Ontario’s Ministry of Economic Development, universities, and technology companies. The trip also aimed to discuss topics resonating on both sides of the Atlantic that are critical to national security. For this reason, NÚKIB representatives visited the labs of BlackBerry, Canada’s largest software company, where they discussed securing electronic communications and the growing importance of security of connected vehicles.

Another crucial topic was the exchange of experiences in science and research. Strengthening international cooperation in cyber security research and development has long been a priority for NÚKIB. The Czech delegation held numerous meetings with representatives from key research institutions, including CyberEco, the Multidisciplinary Institute for Cybersecurity and Resilience, Canada’s cybersecurity cluster In-Sec-M, and the University of Toronto. “Canada has top research institutions dedicated to the impact of artificial intelligence on cybersecurity and post-quantum cryptography, which are not only priorities for NÚKIB but are also vital for transatlantic relations in general. In the future, we hope to foster connections between Czech and Canadian academic institutions. Potential joint projects could also benefit from the Horizon Europe program, which Canada joined in July 2024,” concluded Cyber Attachée Berta Jarošová.

Czech Experts Support Bhutan in Boosting Cyber Security

The growing number of cyber security incidents poses a significant challenge national governments' efforts to safeguard citizens and critical infrastructure. To address this pressing issue, the Embassy of the Czech Republic in New Delhi in collaboration with National Cyber and Information Security Agency (NÚKIB), GovTech Agency Bhutan, and the Honorary Consulate of the Czech Republic in Thimphu organises a three-day seminar from October 9 to 11, 2024, in Thimphu, Bhutan. The seminar aims to strengthen the preparedness and resilience of Bhutanese state institutions through professional training and the sharing of best practices. The program, organized under the auspices of the Agenda 2030 and CyberVac of the Ministry of Foreign Affairs of the Czech Republic, features discussions on the latest legal approaches and strategies in cyber security, an assessment of current challenges within various institutions, and exploration of ways to attract new talent in the cyber security field.

Her Excellency Eliska Zigova, Ambassador of the Czech Republic to India and Bhutan, during her last official visit to Bhutan in May 2024, confirmed the Czech Republic´s readiness to provide cyber security experts during a courtesy call with Prime Minister Tshering Tobgay. In her opening remarks the Czech Ambassador talked about the importance of strengthening the Czech-Bhutanese relations: “As our daily lives become increasingly digitalized, understanding how to safeguard against potential threats is as crucial as developing robust infrastructure that enhance our quality of life. Czechia is honoured to collaborate with Bhutan and support national authorities in their pursuit of a safer and more resilient future. “

In 2014, Czechia became one of the first nations to implement a comprehensive cybersecurity legislative framework. Recognizing the growing complexity of cyber threats, the Czech government consolidated its technical and personnel resources under NUKIB to strengthen its national response. Veronika Kolek Netolicka, Cyber Attachée for Indo-Pacific at NÚKIB, emphasizes the importance of a solid legal foundation: “Establishing a robust cyber framework wasn't without its challenges, but the experience has shaped our approach today. We’re excited to share our expertise and empower a trusted democratic partner in Asia to navigate the evolving cyber landscape.”

With the rapid adoption of digital technologies and the ongoing digital transformation, Bhutan is facing a growing number of cyber security threats. In response, Bhutan has developed a National Cybersecurity Strategy as part of its 13th Five-Year Plan, led by the GovTech Agency, Bhutan. The plan aims to strengthen the nation's digital infrastructure and cybersecurity resilience.  GovTech Agency Bhutan welcomes the opportunity to host the expert seminar in collaboration with Czechia. Jigme Tenzing, Secretary of GovTech, emphasized in his opening remarks that “the experience sharing through this seminar will help in implementing the action plans outlined in our National Cybersecurity Strategy (NCS). By understanding Czechia's journey, we can strengthen our own cybersecurity capabilities and contribute to a more secure digital Bhutan”.