The Verkhovna Rada has adopted in the second reading the law “On the basic principles of providing the cybersecurity of Ukraine.”
Some 257 people’s deputies voted for the adoption of this decision on Oct. 5.
The purpose of the document is to create a national cybersecurity system as an aggregate of political, social, economic and information relations along with organizational, administrative, technical and technological measures through an integrated approach in close interaction between the public and private sectors and civil society.
According to the explanatory note to the document, experts in the field of cybersecurity of the majority of the world’s leading countries note a steady trend towards a significant increase in the number and expansion of the spectrum of cyberattacks in order to violate the confidentiality, integrity and availability of government information resources, including critical information infrastructure facilities.
According to the text of the law, it defines a number of concepts, among them: cybersecurity, cyberattack, cyberthreat, cyberspace, cyberterrorism and others.
It is noted that the law does not apply, in particular, to: social networks, private electronic information resources on the Internet, if they do not carry information, the need for protection of which is established by law.
Objects of cybersecurity in the document are constitutional rights, society, development of the information community, the state, national interests and critical infrastructure facilities.
In turn, the objects of cyberdefense are communication systems and critical infrastructure facilities.
The order of formation of the list of critical infrastructure objects is approved by the Cabinet.
The objects of critical infrastructure can include enterprises and institutions that: conduct activities and provide services in the chemical industry, energy, transport, ICT, banking and financial sector, electronic communications; provide services in the sphere of life support of the population; are communal, emergency and rescue services; included in the list of enterprises that are of strategic importance for the economy.
The law also introduces the concept of the National Cyber Security System, which is a collection of subjects providing cybersecurity and interrelated measures of a different nature.
The main subjects of the National Cyber Security System are: State Service of Special Communication and Information Protection, National Police, Security Service of Ukraine, Ministry of Defense, General Staff of the Armed Forces, intelligence agencies, and the National Bank.
Among other things, the law regulates the functioning of the National Telecommunications Network, the tasks of the government response team to computer accidents CERT-UA.
In addition, the document defines the concept of public-private interaction in the field of cybersecurity, which is implemented, in particular, by: creating a system for the timely detection and neutralization of cyberthreats; increase digital literacy of citizens; exchange of information between state bodies and the private sector; partnership and coordination of teams responding to computer emergency; attraction of expert potential; the introduction of a mechanism for public control of the effectiveness of cybersecurity measures; creating a system for training special forces, etc.
It is noted that persons guilty of violating legislation in the field of national security, electronic communications, and information protection, if cyberspace is the place or method of crime, are liable in accordance with civil, administrative and criminal legislation.
This law will come into force in six months after its publication.
The Cabinet of Ministers is instructed to ensure, within a three-month period from the date of publication of the law, the adoption of regulatory and legal acts necessary for its implementation.
As previously noted, the implementation of the law will allow, under the auspices of the state and in close cooperation with the private sector and civil society, to introduce an integrated approach to defining the basic principles of state policy formation in the field of cybersecurity and to create conditions for ensuring cyberprotection of the country’s information infrastructure.
