National Cyber and Information Security Agency

Prague Hosts the Sixth Edition of the International Prague Cyber Security Conference Organized by NÚKIB

The National Cyber and Information Security Agency (NÚKIB), in cooperation with the Ministry of Foreign Affairs of the Czech Republic, is hosting the sixth edition of the prestigious Prague Cyber Security Conference (PCSC) on March 18–19, 2025. The event, held at the Congress Center of the Czech National Bank, brings together experts, government officials, and private sector representatives from 46 countries worldwide.

PCSC has established itself as a key platform for dialogue on cybersecurity threats, emerging breakthrough technologies, and responsible approaches to supply chain security. “This conference continues the legacy of the groundbreaking Prague 5G Security Conference, which we organized in 2019. At that time, we succeeded in shifting the paradigm and the perspective of like-minded democratic nations regarding the construction and security of next-generation telecommunications networks. Since then, we have expanded the conference scope to include other strategic areas of cybersecurity,” said Lukáš Kintr, Director of NÚKIB.

This year’s PCSC carries the theme ‘Invisible Frontlines’, emphasizing that “cyberspace is not only a domain of everyday life but also the first battlefield where states and non-state actors confront each other. Cyber conflicts often begin invisibly, but their impact is very real – from disruptions to critical infrastructure and economic coercion by authoritarian regimes to attempts to destabilize our democratic societies. Our goal at this conference is to explore ways to effectively counter these threats in cooperation with other democratic states and strengthen our resilience,” Kintr added.

Conference panels focus on covert hybrid operations and new attack vectors that influence national security and geopolitical stability. Discussions also address the defensive and security strategies of democratic nations against these sophisticated yet subtle threats. Furthermore, the conference highlights specific security topics, such as challenges related to artificial intelligence development, the security of connected (electric) vehicles, satellite service security, and more.

For the second time in its history, PCSC opens its doors to the private sector, reflecting the increasing importance of public-private cooperation in cybersecurity. Key partners of this year’s edition include Amazon Web Services (AWS), MSD, APPSEC, CISCO, Mastercard, ICZ, Whalebone, and CETIN.

“We greatly appreciate the collaboration of all our partners. AWS will once again be one of the key partners for this year’s conference. To meet European data privacy and compliance requirements, the company continues to expand its portfolio of cloud solutions in Europe. This includes the AWS European Sovereign Cloud, a new independent cloud for Europe, designed to help public sector organizations and customers in highly regulated industries meet their evolving sovereignty needs,” said Tomáš Krejčí, First Deputy Director of NÚKIB.

Prague Cyber Security Conference 2025 provides a crucial platform for strategic discussions and collaboration between states and private companies, built on a shared approach, democratic values, and the rule of law.

“In an era where authoritarian regimes use technology to undermine security and destabilize democratic societies, it is essential for nations and companies that share common values to work closely together and seek effective defense strategies,” Kintr concluded. The conference will thus contribute to strengthening the cyber resilience of democratic states in an ever-evolving digital environment.

The National Cyber and Information Security Agency of the Czech Republic Co-Seals Publications on Cybersecurity of Edge Devices with the Australian Signals Directorate and International Partners

The National Cyber and Information Security Agency of the Czech Republic (NÚKIB) has joined an international initiative led by the Australian Signals Directorate (ASD), co-signing two key documents focused on improving the security of network edge devices: Mitigation Strategies for Edge Devices: Executive Guidance, and Mitigation Strategies for Edge Devices: Practitioner Guidance.

The initiative includes collaboration with international partners such as the United States’ Cybersecurity and Infrastructure Security Agency (CISA) and National Security Agency (NSA), the Canadian Centre for Cyber Security (CCCS), the National Cyber Security Centre of New Zealand (NCSC-NZ), the United Kingdom’s National Cyber Security Centre (NCSC-UK), Japan’s National Center of Incident Readiness and Strategy for Cybersecurity (NISC) and Japan Computer Emergency Response Team (JPCERT), the Republic of Korea’s National Cyber Security Centre (NCSC) and National Intelligence Service (NIS), and the Netherlands' General Intelligence and Security Service (AIVD) and Military Intelligence & Security Service (MIVD).

The documents summarize current findings on vulnerabilities in network edge devices, such as enterprise routers, firewalls, and VPN concentrators, and provide recommendations to mitigate these risks. Their goal is to enhance organizational resilience through a combination of strong security measures and international collaboration. Key recommendations in these publications include comprehensive management of network edge devices, procurement of securely designed technologies, regular updates, strong authentication protocols, and the securing of management interfaces.

“NÚKIB recognizes that vulnerabilities in network edge devices present a serious issue. Strengthening their security is not merely a choice but a necessity. The recommended principles align with long-term security standards that NÚKIB advocates for. By implementing robust measures, ensuring their timely deployment, and fostering international cooperation, we can effectively address these risks and enhance resilience across organizations and national borders,” said Lukáš Kintr, Director of NÚKIB.

These publications demonstrate the collective effort of global partners to strengthen cybersecurity and protect critical infrastructure from evolving cyber threats. Read the publications here.

EU Member States Warn of the Quantum Threat and Call for the Transition to Post-Quantum Cryptography

The National Cyber and Information Security Agency (NÚKIB) of the Czech Republic has joined the joint statement "Securing Tomorrow, Today: Transitioning to Post-Quantum Cryptography". Although the document is not legally binding, it expresses the common position of 18 European Union (EU) member states towards the transition to post-quantum cryptography (PQC).

The joint statement points out the danger of the quantum threat and urges entities from the public sector, critical infrastructure, IT providers as well as the private sector to make the transition to PQC their priority. NÚKIB agrees with the document's conclusions and supports the preparatory steps outlined in the document. These include, inter alia, performing an analysis to assess the quantum threat impact and preparing a risk-oriented implementation roadmap for the transition to PQC. General support for PQC research and standardisation in this area is also mentioned.

The joint statement emphasizes the quantum threat in the context of the "store now, decrypt later" scenario. This approach is used by attackers to collect encrypted data that they can decrypt in the future once there are cryptographically relevant quantum computers available. To ensure confidentiality protection, especially for the most sensitive use cases, it is recommended to migrate to PQC as soon as possible, ideally by 2030 at the latest. In addition, the document also highlights the risk stemming from the time required to move to PQC, especially for more complex systems. An example of such a system is the Public Key Infrastructure (PKI), which is used to distribute and manage public keys and digital certificates. If these systems do not make the transition to PQC in time, both the confidentiality and, above all, the authenticity of the data contained in them will be compromised. However, due to their complexity, the transition to PQC will take time – which is why it is recommended to start as soon as possible.

Finally, the joint statement mentions the establishment of a Workstream within the NIS Cooperation Group with a task to prepare an implementation roadmap for the transition to PQC following the recommendations of the European Commission. Together with France, Germany, the Netherlands and other EU member states, the Czech Republic is also involved in this work.

As part of its activities, the NÚKIB has long sought to increase resilience to the threat posed by quantum computers to secure communications. Recently, the Agency expressed its support for the "Position paper on Quantum Key Distribution". Last year, the NÚKIB implemented quantum-resistant (post-quantum) cryptography to ensure secure communication between a web browser and the NÚKIB Portal web application. Before that, it also prepared supporting materials that explain the nature of the quantum threat and the steps to be taken in the coming years to prevent it.

Information about the NIS2 transposition in the Czech Republic

The National Cyber and Information Security Agency (NÚKIB) issued an article in English about the proposal of the new Czech Act on Cyber security, which transposes the NIS2 Directive into Czech law.

The summary in the article contains basic information about the proposal together with the non-official translation of its latest version, the timetable of the legislative procedure, and the main questions and answers.

The article is available here: https://portal.nukib.gov.cz/informace/legislativa/english-new-czech-act-on-cybersecurity