Prague, July 26 (CTK) – The Czech civil service has a sensible shortage of cyber security experts and the arrangement of the relations between IT suppliers and administrators of the critical IT systems is insufficient, the National Security Office (NBU) says in its analysis of “blank spots” of Czech cyber security.
The problems must be systematically solved, the NBU writes in the report it submits to the government.
According to the report the National Security Council (BRS) analysed last week, the number of the experts is insufficient in almost all necessary spheres, the NBU warns.
The civil service cannot remunerate specialists sufficiently, the NBU says.
“Most experts who have finished their university studies join the private sphere,” the report said.
Due to this, the NBU has proposed that measures be passed which would increase the number of Czech cyber security experts.
It is also wrong that under the law, some sectors are remaining outside the “critical infrastructure set,” which is a set of the systems whose damage would considerably affect national security, the public health and economy, the report says.
These are the chemical industry, the health facilities and gas manufacture, it adds.
It should be considered whether to include water management and large transport projects in the warning system and the coping with cyber security incidents, the report says.
The NBU also warns of the current situation in which a number of administrators of the critical infrastructure use the services of external suppliers of IT technologies and services.
Due to this, the administrators do not have the systems and networks under technological control, it adds.
Some legislation, too, poses security risks. If rigid interpretation is applied, this may include the directive on free access to information. Under it, providing information on the protection of critical infrastructure is possible, the NBU said.
The cyber security directive was passed in the legislative process in the mid-2014 and it has been applied since the beginning of 2015.
The legislation, drafted by the NBU, pursues the objective of a more efficient and rapid response to cyber threats that might pose a danger to national interests.