Main Page

National Cyber and Information Security Agency

Logo NÚKIB


Relevant and clear information on the new NIS2 Directive can be found at nis2.nukib.gov.cz/en.

For information on the National Coordination Centre (NCC) in the Czech Republic, visit nkc.nukib.gov.cz/en.

 

Selected News

The National Cyber and Information Security Agency will help with cybersecurity during the IIHF Ice Hockey World Championship

The National Cyber and Information Security Agency (NÚKIB) will cooperate with the IIHF Ice Hockey World Championship 2024 to ensure cybersecurity. This comes from a memorandum signed by the Director of NÚKIB, Lukáš Kintr, and President of the Czech Ice Hockey Association (from now on CIHA), Alois Hadamczik. The championship will be hosted by Prague and Ostrava this May.

The memorandum outlines the principles of activity and cooperation between NÚKIB and the CIHA during the IIHF Ice Hockey World Championship 2024. In practice, this will mean that the ice hockey federation will determine the group of services necessary to ensure the running of the championship, and NÚKIB will then provide support and cooperation. If a cyber incident occurs during the Championships, NÚKIB will actively assist in dealing with it.

"Several great athletes and their supporters will descend on the Czech Republic, and the event will attract much attention. It needs to be consistently guarded, even in cyberspace. That is why we are glad we can participate in such an important sporting event and contribute our expertise to its successful course," says Lukáš Kintr, the Director of NÚKIB.

CIHA President Alois Hadamczik also welcomes the cooperation: “Safety for all participants of the IIHF Ice Hockey World Championship 2024 - from teams and management to fans in individual arenas - is one of the priorities of the Organizing Committee. I am delighted that we could cooperate with the National Cyber and Information Security Agency. Together, we will do our utmost to ensure the cybersecurity of the championships in Prague and Ostrava."

The IIHF Ice Hockey World Championship will be held in the Czech Republic for the third time. It will follow the 2004 and 2015 championships. Moreover, the 2015 event has a historical record for attendance (741,690 people). According to some estimates, this year's attendance may also approach or surpass the 700,000 spectators supporting their national teams from sixteen countries. This is the first time for NÚKIB to collaborate on such a large-scale sporting event.

NÚKIB was established in 2017 by separating from the National Security Authority. It currently employs approximately 350 people. NÚKIB is responsible for the cybersecurity of the Czech Republic, including protecting classified information in the field of information and communication systems and cryptographic protection. In addition to setting the conditions for the mandatory entities covered by the Act on Cyber Security, it also educates the public in the field of cyber security. It cooperates in the development of legislation within the European Union.

Twelve Key Governmental Entities Convened to Tackle the Threat of Ransomware in the Czech Republic

At the end of January, the inaugural meeting of the inter-agency working group to combat ransomware took place, initiated by the National Cyber and Information Security Agency (NÚKIB) in collaboration with the National Center Against Terrorism, Extremism, and Cybercrime (NCTEKK) of the Czech Police.

Representatives from 12 governmental authorities crucial to the fight against ransomware, both within and outside the security community, participated in the initial meeting of the working group. A representative from an entity that had previously faced a ransomware attack presented their experiences to the participants.

The newly formed working group draws on insights from the International Counter Ransomware Initiative, of which the Czech Republic has been a part since 2021. It will closely collaborate in overcoming challenges related to effectively combating ransomware. These challenges encompass not only technical aspects but also criminal, financial, organizational, and international facets that need to be addressed. "One of the goals of this working group is to fully leverage the competencies of relevant governmental stakeholders, strengthen mutual cooperation, and establish a unified strategic approach to the ransomware threat," stated Pavel Štěpáník, Deputy Director of NÚKIB who also represented the Czech Republic during the third International Counter Ransomware Summit in Washington DC (see here).

Ransomware generally refers to a type of attack where attackers typically encrypt and exfiltrate data from the targeted entity, demanding ransom for decryption or the return of stolen data. Often, attackers may publicly disclose or sell some of this data. Ransomware has long been considered one of the most serious cyber threats in the Czech Republic and abroad, with the expectation that this trend will continue. "In recent years, the state has been introducing new technologies into a significant part of its services, and one of the most serious consequences of ransomware attacks could be undermining public trust in these new digital services," noted Jiří Nový, Deputy Director for Cybercrime at NCTEKK, adding, "In the fight against the ransomware threat, emphasis is now necessary on prevention rather than punitive measures."

It is a fact that attackers often conduct their attacks from abroad, utilizing sophisticated tools to ensure a high level of anonymity. Therefore, it is essential to establish a national platform where conceptual solutions for combating the ransomware threat, including strengthening collaboration with international partners, can be developed. For this purpose, the working group plans to meet regularly several times a year.

New Memorandum to Strengthen Cyber Security Cooperation between the Czech Republic and Israel

The Director of the National Cyber and Information Security Agency (NUKIB) Lukáš Kintr, and the Director General of the Israel National Cyber Directorate (INCD) Gaby Portnoy, met in the "cyber capital of Israel" Beer Sheva. Lukáš Kintr visited Israel as a member of the delegation of Czech President Petr Pavel.

Besides the two directors, the signature of the Memorandum was attended by Czech President Petr Pavel. The document represents a further step towards strengthening relations between the two countries in cybersecurity. Initially, the Memorandum was planned to be signed in October 2023 in Prague on the occasion of the intergovernmental meeting between the Czech Republic and Israel. However, this did not take place due to the unprecedented attack by the terrorist organization Hamas on the State of Israel on 7 October 2023 and the subsequent war. The signing of this document at this time further symbolizes the mutual support and willingness to cooperate. Lukáš Kintr and Gaby Portnoy discussed among others, current threats in the cyber space caused by the war and related challenges for cyber security. Furthermore, both directors appreciated the level of cooperation and stressed the importance of working tightly together to increase cyber resilience and expand capabilities.

"The signing of the Memorandum is a natural development of the long-standing cooperation between the two institutions. Israel is one of the first countries where a Czech cyber attaché was sent. Thanks to his presence, we have been able to maximize the long-term benefits of cooperation with INCD, an internationally respected institution and leader in the field, which is behind the building of a unique, comprehensive system to ensure cybersecurity in Israel,” said Lukáš Kintr, director of NÚKIB, and added: “It was interesting to hear today what challenges the INCD faces in times of war and how it is trying to prevent cyberspace from becoming its next full-fledged battleground. The signature of the Memorandum will enable even closer cooperation between experts from both institutions, including effective sharing of information and experience, for example internships. I appreciate the professional approach of my colleagues from INCD and all the cooperation so far, and I look forward to its further development."

„Our collaboration, particularly during times of conflict, has not only strengthened our mutual relationship but also showcased the resilience of our partnership. In the face of shared threats, this Memorandum of Cooperation reaffirms our commitment to standing together, leveraging technology, and fostering cybersecurity awareness as we navigate the evolving landscape of the digital world. This alliance is not just a testament to diplomatic ties; it is a strategic alliance for safeguarding our collective security and embracing a future of technological resilience,“ said Gaby Portnoy, director general of INCD.

The cooperation in the field of cyber security dates back to 2013, when the contact between two agencies was established. Since then, cyber security has been a crucial part in the relations between the Czech Republic and the State of Israel. In addition, strategic dialogue and expert discussion are taking place between the two agencies. That provides an opportunity for both sides to exchange best practices in all areas of cyber security and, last but not least, to share important information.

NÚKIB sent a draft proposal of the new law on cyber security to the Government Legislative Council

The National Cyber and Information Security Agency (NÚKIB) sent the draft proposal of the new Act on Cyber Security to the Government Legislative Council at the end of December 2023. The postponement of the original deadline – which was expected to be at the end of November - was due to our efforts to minimize the number of conflicting comments we have received from relevant stakeholders during the consultation procedure.

The new law aims primarily to strengthen the Czech Republic's cyber security. The draft proposal also introduces new processes and tools while simplifying and clarifying the legislation. "The Czech Republic will not be able to cope in the future without high-quality and modern legislation in the field of cyber security. The work associated with the preparation of the new law was demanding. We have raised the standard to ensure higher protection for our state and its citizens," explains Lukáš Kintr, Director of NÚKIB.

Global developments in cyber security have shown the necessity of creating a new law. The European Union, therefore, approved a new security directive, the so-called NIS2, in December 2022. Its incorporation into the Czech legal system is one of the main tasks of the forthcoming law. The proposal assumes that the number of regulated entities will expanded significantly.  This number is expected to rise from the current 400 to more than 6,000 entities (providers). These entities will then be divided into two categories - providers under the higher obligation regime and providers under the lower obligation regime. This division will also affect, for example, the obligation to report cyber incidents. The conditions will be softened for providers in the lower obligation regime, while for the higher ones, they will remain as they are now.

The law also includes a new supply chain security mechanism for assessment of suppliers into the strategic infrastructure of State in the field of information and communication technologies. NÚKIB was tasked to prepare such mechanism by the National Security Council. The new legislation allows the state to reduce its dependence on suppliers which pose a strategic threat. "The screening of supply chains will affect only a limited group of providers under the regime of higher obligations, the so-called providers of strategically important services. In fact about 150 entities," adds Lukáš Kintr.

NÚKIB will also create new portal as the primary communication tool between providers and NÚKIB. Thanks to its self-service and automation, it will contribute to a large extent to the elimination of the administrative burden for both regulated entities and NÚKIB.

The inter-ministerial consultation procedure

Regarding the new proposed law on cybersecurity, 886 comments were received from 51 commenting parties. Such higher number of comments is not entirely unusual in the case of similar proposals with a societal impact and broad scope. Approximately one-third of comments were not accepted. Around two-thirds were either accepted, partially accepted, or clarified. Those not accepted were mostly comments on the new supply chain security mechanism. The proposed and suggested modifications would make the mechanism non-functional. The background information on the inter-ministerial consultation procedure can be found here.

"Apart from some of the disagreements with the Ministries of Finance and Transport and the Czech Telecommunication Office, which concern partial issues within the framework of setting up a supply chain security mechanism, we have managed to resolve all the comments from the state administration. Indeed, we conducted the negotiations until the last moment. Even though this caused a delay in the deadline for sending the material to the Government Legislative Council, we managed to resolve a large part of the initial discrepancies," said Kintr, Director of the NÚKIB, about the inter-ministerial comment procedure.

According to EU requirements, the NIS2 Directive should be incorporated into Czech legislation by October 2024 at the latest. Since the beginning of the drafting of the new law, NÚKIB has been doing everything possible to meet this transposition deadline. Although the deadline has not been within its control since a certain stage of the legislative process, particularly regarding the length of the discussion of the law in the Chamber of Deputies of the Czech Republic, NÚKIB is still doing everything possible to meet the deadline. All information regarding the pending legislation can be found on the website nis2.nukib.gov.cz, which has been set up in English as well and is continuously updated.