Cybersecurity: overview of relevant institutions – Newsletters – Digitalmunition

Featured no image

Published on April 4th, 2021 📆 | 8244 Views ⚑


Cybersecurity: overview of relevant institutions – Newsletters

Information Security Act institutions
National Cybersecurity Strategy institutions


Information technologies are increasingly being exposed to the potentially malicious intentions of various interest groups and individuals. Therefore, a systematic and coordinated effort to improve cybersecurity abilities is key for a safe digital society.

The Croatian cybersecurity system is a complex cross-sectorial network of institutions and regulations in constant development but aligned with the requirements acquired through the country’s membership of the European Union and the North Atlantic Treaty Organisation (NATO).

This article is the second in a series on the regulation of cybersecurity in Croatia.(1)

Information Security Act institutions

The first legal act to regulate cybersecurity matters in Croatia was the Information Security Act (Official Gazette 79/2007), which was passed in 2007. This act laid the foundations for cybersecurity in the public cybersphere and established three bodies which have key roles in Croatia’s cybersecurity policy:

the Office of the National Security Council (ONSC);
the Information Systems Security Bureau (ISSB); and
the Computer Emergency Response Team (CERT).

Under the Information Security Act, the ONSC became the national security authority responsible for coordinating national, EU and NATO measurements and standards for the protection of classified and non-classified information in the government sector. The ONSC is the main body of the Croatian security and intelligence system. It performs tasks for the National Security Council and the Council for the Coordination of Security and Intelligence Services and informs the president and prime minister about security and intelligence agency work.

The Information Security Act tasked the ISSB with the coordination of prevention and response measures regarding information system security threats in the government sector. The ISSB is the central state authority responsible for the technical side of state body information security. This includes the management of:

information security standards;
security accreditations; and
encrypted material used during exchanges of classified information and similar tasks.

ISSB directors are appointed by the government, based on the Council for Coordination of Security Intelligence Agencies’ proposals.

The Information Security Act established the CERT as a department within the Croatian Academic and Research Network. The CERT is responsible for the prevention of security threats and the protection of all public information systems in Croatia. Its main task is to handle computer security incidents in which one of the parties is in Croatia (ie, parties that have a ‘.hr’ domain or are within the Croatian internet protocol address range).

Additional functions of ONSC, ISSB and CERT
The Act on Cybersecurity of Operators of Essential Services and Digital Service Providers 2018 (Official Gazette 64/2018), which was transposed from the EU Network and Information Security Directive (2016/1148/EU), gave the three bodies additional national functions. The ONSC became the national single point of contact, while the ISSB and the CERT became national Computer Security Incident Response Team bodies with similar prevention and response tasks.

National Cybersecurity Strategy institutions

The 2015 adoption of the National Cybersecurity Strategy necessitated the introduction of a cross-institutional body to monitor its implementation and connect the competent institutions in the government and public sectors. In 2016 two cross-institutional bodies were established to manage the implementation of the National Cybersecurity Strategy’s goals and measurements and to resolve all relevant national cybersecurity issues:

the National Cybersecurity Council; and
the Operational and Technical Cybersecurity Coordination Group.

National Cybersecurity Council
The National Cybersecurity Council comprises 16 representatives of the following government institutions:

the ONSC;
the Central State Office for Development of the Digital Society;
the Security and Intelligence Agency;
the ISSB;
the Operational-Technical Centre for Telecommunications Surveillance;
the Croatian Academic and Research Network;
the CERT;
the Croatian Regulatory Authority for Network Industry;
the Croatian National Bank; and
the Croatian Personal Data Protection Agency.

The ONSC representative acts as the president. The National Cybersecurity Council reports to the government and is responsible for the implementation of three cyber crisis management measures.

Operational and Technical Cybersecurity Coordination Group
The Operational and Technical Cybersecurity Coordination Group supports the National Cybersecurity Council’s operations by:

monitoring national cyberspace to detect threats which may lead to a cyber crisis;
reporting on the status of cybersecurity measures;
suggesting action plans for cyber crises; and
performing other tasks in accordance with established programmes.

The Operational and Technical Cybersecurity Coordination Group comprises eight members, some of whom are representatives of organisations that are also represented in the National Cybersecurity Council. The Ministry of the Interior representative acts as the coordinator. The Operational and Technical Cybersecurity Coordination Group reports to the National Cybersecurity Council and participates in the implementation of the measures for which the council is responsible.

For further information on this topic please contact Ivana Manovelo at Maćešić & Partners by telephone (+385 51 215 010) or email ([email protected]). The Maćešić & Partners website can be accessed at


(1) For the first article in the series, please see “Cybersecurity: overview of relevant legislation”.

The materials contained on this website are for general information purposes only and are subject to the disclaimer.
ILO is a premium online legal update service for major companies and law firms worldwide. In-house corporate counsel and other users of legal services, as well as law firm partners, qualify for a free subscription.

originally appeared on Source link

Tagged with:

Leave a Reply