The President of Ukraine has enacted the NSDC decision “On the Plan for Implementing the Cybersecurity Strategy of Ukraine”

President of Ukraine Volodymyr Zelenskyy has enacted the decision of the National Security and Defense Council of Ukraine “On the Plan for Implementing the Cybersecurity Strategy of Ukraine”.

Relevant decree №37/2022 of February 1, this year, was published on the website of the Head of State (https://www.president.gov.ua/documents/372022-41289).

According to the decision to implement the Plan, the Cabinet of Ministers of Ukraine approves a set of measures and indicators of their implementation aligned with the Cybersecurity Strategy of Ukraine, provides for expenditures to finance the relevant tasks.

Every six months, in order to monitor the implementation of the Plan, the National Cybersecurity Coordination Center is provided with information on the status of its implementation in order to summarize and further inform the NSDC.

Among the main goals of the Strategy are: developing deterrence potential, national cyber resilience, improvement of interaction between all stakeholders. The Strategy Implementation Plan stipulates that the NCSCC, together with the relevant cybersecurity actors, shall:

• develop a National Cyber Contingency Plan, which will identify mechanisms for responding, with subsequent recovery, to large-scale cyber attacks and cyber incidents on critical information infrastructure;
• introduce a national incident management system, develop and implement standard operating procedures for responding to different types of events in cyberspace, defining criteria for assessing the criticality of events and the priority of response depending on the defined level of criticality;
• develop basic cybersecurity requirements and recommendations for the public and private sectors, taking into account the best world practices;
• establish, on the basis of mutual trust, systematic information sharing on cyber attacks, cyber incidents, and cyber threat indicators between all cybersecurity actors;
• conduct strategic-level command and staff cyber exercises, as well as thematic cyber exercises and trainings with the participation of representatives of the public and private sectors;
• ensure coordination of the scientific community during research and development in the field of cybersecurity and its involvement in the implementation of state cybersecurity policy;
• develop a methodology of communication between the state and society to counter large-scale cyber attacks and cyber incidents, to create the necessary conditions for its practical implementation;
• ensure the annual publication by the main actors of the national cybersecurity system of public reports on the state of cybersecurity by areas of responsibility;
• conduct joint activities with the EU and NATO aimed at increasing resilience in cyberspace and the ability to investigate, prosecute cybercrime and respond to cyber threats;
• strengthen cooperation with leading IT companies, global digital service providers, social networks in order to counter hybrid threats, disinformation spread, and examine the possibility of sanctions in accordance with the laws of Ukraine;
• identify and approve a list of priority areas for attracting international technical assistance in the field of cybersecurity of Ukraine.