Shortwave: Cyber ​​Security Action Plan, blocked mojeID and twilight and dawn of net neutrality

Before the August government holidays, the government had yet to approve Action Plan for the National Cyber ​​Security Strategy of the Czech Republic for the period from 2021 to 2025. In the document we will find a “timetable” of concrete steps to fulfill the strategy itself, which includes “a vision of creating a resilient society and infrastructure against cyber threats, the state’s self-confidence in cyberspace and with reliable alliances actively confronting the full spectrum of cyber threats.”

The action plan contains 105 ongoing or term tasks and is divided into parts in the same structure as the national strategies, so the specific tasks are divided into parts:

A – Confidently in cyberspace,

B – Strong and reliable alliances,

C – Durable company 4.0.

Among the planned continuously fulfilled tasks, which are mostly about cooperation at the national and international level, between the private and public sector, education and use of EU funds in the EU 2021 programming period, it is worth mentioning the following tasks of NÚKIB:

• Expand and strengthen cooperation with the private sector; to raise awareness of the activities of NÚKIB and the possibilities of mutual cooperation.
• Create and operate a secure platform at the national level for communicating and sharing information on cyber threats and vulnerabilities.
• Under pre-agreed conditions, continue to perform penetration testing in order to detect errors and vulnerabilities in information systems and networks of mandatory authorities and persons under the Cyber ​​Security Act.
• Involve national partners in solving scenarios of international cyber security exercises and thus contribute to strengthening cooperation, setting up and coordinating procedures during the solution of real cyber threats.
• Continue to strengthen the cyber defense system by building the capabilities of NCKO as part of the General Assembly, focusing on logistical, personnel and financial security, as well as other aspects important for its effective functioning.
• Enforce existing international law and non-binding standards of responsible behavior in cyberspace through active cyber diplomacy.
• Participate in an international discussion on Internet governance, incl. Internet Governance Forum, and promote the participation of both the private and academic sectors.
• Directly participate in the teaching of fields, programs and subjects of cyber security and related topics, especially at universities, but also at selected higher vocational and secondary schools.

Of the term tasks, it is definitely worth mentioning two activities that NÚKIB wants to complete by the end of this year, namely:

• Develop a draft national policy for the coordinated disclosure of vulnerabilities.
• Develop a secure code methodology for government to support the development of secure software.

By the end of the third quarter of 2022, NÚKIB should create and set up a framework for ensuring the confidentiality of information in e-mail communication by means of encryption, across the state administration. Unfortunately, until the third quarter of 2023, the Office set itself the task of creating a platform involving volunteers from the ranks of cyber experts and institutionalizing their use in ensuring cyber security.

In the second quarter, a proposal should be made to assess the risk profile of suppliers and to apply restrictions on high-risk suppliers at the national level for the safe deployment and implementation of next-generation telecommunications networks. NÚKIB cleverly avoided “5G” networks by using the connection of “telecommunications networks of the next generation”, whatever technically and legally it means.

Except for minor criticisms, I’m very glad that the documentary was created. And I see the emphasis on cooperation with the private sector as one of the cornerstones of ensuring cybersecurity in the Czech Republic. Projects like FENIX, operation of the national CSIRT.CZ The workplaces or development concepts of the National Cyber ​​Defense Center show that without an effective exchange of information between all the entities concerned, it is not possible to ensure effective cyber security. And personally, I’m glad that NÚKIB, although a young office, is trying to maintain the standard of expertise and is not creating a PR documentary full of sexy catchy words without substance. Now just keep and attract experts who can complete the tasks.

The telecommunications amendment did not pass the Senate

The transposition amendment to the Electronic Communications Act stumbled in the Senate. He’s already written about it David Slížek and nicely summed it up on Twitter as well Ondřej Malý, so just a short note. If it had not been before the elections, repayment would not have been a big problem, but now, if the amendment to the law does not reach one of the extraordinary meetings that the Chamber has yet scheduled, the last chance to discuss is the September meeting.

Given the broad support for approving the proposal in the Chamber of Deputies, I assume that Members will make time for the amendment. You can form your own opinion about the discussion itself and the quality of the arguments wall recording. In this particular case, unfortunately, the Senate gave free ammunition to its critics, who are fighting for its abolition. So maybe next time he will listen more to the arguments of the submitter.

How to block myID

MyID service it brings me completely positive experiences. After installation application myID key I don’t even have to look for a token anymore, and the electronic identification of my person in the state administration systems is even easier. And thanks to my boundless enthusiasm and selfless help in setting up the service, my whole family uses my ID.

However, the problem occurs when a family member forgets the PIN for the myID key application. Do you know that too? You can help, explain to family members who are not friends with technology, and the only thing you want from them is for them to remember the password, PIN, username. Error. Sometimes it just happens that it goes there with one ear and out with the other. After three attempts (“wait, I probably already know, this will be this PIN”) myID key was blocked.

Fortunately, there is no need to panic. The user will not lose the profile. The user can go through a “recovery process” or insure himself and have more keys registered. A small disadvantage in the recovery process is that in order to use the services of the state administration, the user must again undergo the verification process, for example at Czech POINT. But I tell myself that the family member in question will at least realize that he should remember the PIN. “What you don’t have in your head, you have to have in your legs,” Grandma said, and she was right. See, Grandpa.

Where network neutrality goes

In early July, a court in Seoul at first instance confirmed Netflix’s obligation pay mobile operators network usage fees. Netflix refused to pay SK Broadband (a subsidiary of SK Telecom) fees for the use of the network and the operator turned to the regulator, who confirmed the obligation by a decision.

The contested decision has now been upheld by the court, stating, inter alia, that “Netflix is ​​obliged to pay fees to SK Broadband as it receives network services, including network quality management”. If the decision were upheld by the Court of Appeal, it would be a severe blow to net neutrality in South Korea. And it will also be interesting to see how SK Broadband’s competitors will react to the situation.