Government of the Republic of Armenia decision – on determining a cyber security strategy

CYBERSECURITY STRATEGY

 I. INTRODUCTION

1. Along with the development of the information society, both in the world and in Armenia, active processes are unfolding in the direction of the development of information systems and telecommunication networks. Information systems, information services, electronic communication networks are widely spread among society. In government agencies and critical information infrastructures, the creation and operation of information and telecommunication systems, through which both publicly available and restricted electronic data subject to legal protection, are collected and processed.

2. Automatic management systems of production processes (processes) through information telecommunication networks are also widely used in the infrastructures of banking and finance, energy resources, transport, water supply, industry and telecommunications sectors, the operation of which directly depends on the work of these systems. Ensuring their security and reliability are key to the functioning of the economy and other areas of the state.

3. In parallel with the development of information technologies, along with positive trends, new challenges arise due to the increase in the volume of cyber incidents, their impact on the information systems of the Republic of Armenia, possible cyber attacks of the enemy on important information infrastructures, information systems, and electronic services to disable them. to disrupt normal operation and/or significantly reduce availability.

4. The cyber security strategy (hereinafter referred to as the Strategy) is a set of state approaches in the field of cyber security of the Republic of Armenia, which is the basis for developing and implementing the main directions and principles of the state policy in the field of cyber security, improving the legal and normative base and increasing the level of cyber security of users.

5. The concepts used in this concept are defined in the Decree of the President of the Republic of Armenia “On Approving the Concept of Information Security and Information Policy of the Republic of Armenia” NK-146-A.

 II. OBJECTIVE OF THE STRATEGY

6. The need for a cyber security strategy stems from the need for safe and reliable operation of infrastructure in physical and virtual spaces. Ensuring the safety of cyberspace results in the provision of reliable services in all sectors, including telecommunications, emergency services, energy, the financial system, food security, public administration, local self-government, health care, transportation and water supply. Therefore, to achieve the goals of economic security and democracy of the country, it is necessary to have reliable physical and digital infrastructures, ensuring the same degree of reliability of cyberspace in accordance with modern requirements. In this regard, it is important to keep in mind that the performance of physical infrastructures is highly dependent on the reliability of digital infrastructures and critical information infrastructures in order to deliver services and ensure normal operation. Therefore, any disruption of critical information infrastructure can have an immediate and debilitating effect on the state, disrupting vital functions in many areas. Thus, the protection of critical information infrastructures is the responsibility of various organizations.

7. This document confirms the “Cyber ​​Security Strategy” of the Republic of Armenia. It is a long-term plan designed to protect the country from cyber threats, governance risks and challenges.

8. This Strategy derives from the requirements of the Decree of the President of the Republic of Armenia “On the Approval of the Concept of Information Security and Information Policy of the Republic of Armenia” NK-146-A, the purpose of which is to form a comprehensive vision by coordinating cyberspace, state, private sector, society and international efforts, ensuring Armenia The security and well-being of the Republic.

9. The National Cyber ​​Security Strategy outlines the system for organizing and prioritizing risk management activities for the country’s cyberspace or critical information infrastructure.

10. To achieve the above objectives, the Strategy significantly enhances the role of cyber security in the public administration system and defines clear roles and responsibilities.

11. Given the pervasive nature of cyber vulnerabilities, the Strategy also calls for public-private sector cooperation, which will enable the protection of private sector-owned critical information infrastructure from cyber-attacks, including the banking sector, public services and telecommunications.

12. Cyber ​​security is cross-border in nature and, as such, needs international solutions. Therefore, the Republic of Armenia undertakes to become a part of local and international cooperation, developing solutions to face cyber security challenges, regardless of the threat.

 III. JUSTIFICATION OF THE NEED FOR STRATEGY

13. In recent years, the Republic of Armenia has carried out extensive works in the direction of the development of electronic online services. These works have a more development trend, considering the current direction of transformation towards “Digital Armenia”. It should be noted that the development of “Digital Armenia” and the spread of electronic services will not be possible if they are not combined with increasing the reliability of the Internet and cyberspace.

14. Current threats in cyberspace are many and varied. Their influence is felt in almost all spheres of daily activities, both in government activities, as well as in business circles and citizens. Threats can range from political and economic espionage to phishing, which extorts information from citizens about their bank accounts and other personal data. The structure of the Internet promotes the spread of some cyber threats. However, a reliable Internet is the basis for the provision of many public and private services.

15. The protection of information infrastructures is of great importance. Due to developments in cyberspace, new infrastructures are managed electronically, and threats to these management systems can compromise critical information infrastructures such as public services, smart grids, standards, etc.

 IV. STRATEGY VISION

16. As a result of joint work, prevention of threats of cyber threats affecting the country, elimination of consequences and improvement of security level, regardless of their origin and type, resulting in the creation of effective public administration, developing economy, national security, inclusive society and forming national values, safe, secure and resilient critical information infrastructures.

17. Recognizing the impact of cyber threats, risks and challenges on the country’s national values ​​and interests, the Strategy highlights the need for public-private sector collaboration to address these rapidly evolving threats. This comprehensive approach will leverage the capabilities of government, cross-sector organizations, citizens, and international partners to reduce cyber threats. The strategy also describes the organizational structure that will ensure the effective neutralization and protection of risks to the well-being and national security of state and local governments, private organizations and individuals.

18. Identify existing challenges and risks through public-private sector cooperation, develop educational programs accordingly and provide them to interested structures.

 V. ESTABLISHMENT OF CYBER SECURITY CENTER

19. Along with the development of information technologies, new challenges arise. The most important of these challenges is the protection of information systems from cyber-attacks, regardless of the nature of the collection and processing of available and limited access information.

20. Over the years, certain activities have been carried out by various departments in this field, conceptual and legal documents regulating individual areas of information security have been adopted, however, the field of cyber security requires clear regulation. In order to prevent, prevent, and develop countermeasures against cyber threats, to form an effective cyber security system, it is necessary to implement a unified state policy in the field of cyber security, and to achieve this, it is necessary to create a cyber security center.

21. The cyber risk center will be a separate structure.

22. The main functions of the cyber risk center are the development and coordination of unified and individual cyber security strategies and policies according to the sectoral significance, auditing and coordination of cyber security prevention processes, ensuring coordination of work with state bodies and providing professional advice, organizing educational processes, studying international experience and localization works. implementation.

23. The Cyber ​​Security Center can be established in 2 ways.

1) The center is established in the form of a body attached to the Government of the Republic of Armenia, with its staff, property, charter and allocations provided by the state budget.

2) The center is established within the framework of the reunification of an already existing state body or an organization (foundation) created by a state body.

 VI. APPROACHES TO STRATEGY

24. Legislation

1) In order to regulate the field of cyber security, to implement a unified policy, to fight against challenges, it is necessary to develop, update and improve the legislation of the Republic of Armenia on the field of cyber security and ensure its implementation on the basis of best international experience.

25. Cyber ​​Security Infrastructure

1) One of the important circumstances of the organization of digitization processes is its security, protection of telecommunications and information resources from unauthorized access, confidentiality of transmitted information and reliable operation of information systems in emergency situations.

2) For this purpose, it is necessary to increase professional capacities, introduce internationally recognized standards and form a rapid response center for computer accidents.

26. Management system design

1) Create a Cyber ​​Security Center for the purpose of developing and coordinating a unified cyber security policy, coordinating cyber security prevention processes, organizing educational processes, studying international experience and organizing the localization process.

2) The Cyber ​​Security Center will also ensure international cooperation in the field of cyber security and secure information transfer processes.

27. Education, research, professional development, public awareness

1) The fight against cyber security is a challenge both in Armenia and around the world. The struggle cannot be effectively organized without the presence of a qualified and knowledgeable society. The best solution for the latter is the development and implementation of educational programs in line with the development of the sector, as well as conducting public awareness events.

Appendix N 1 

of the Republic of Armenia

of the government

2017 N decision

H A M A N A K A C U Y C

MEASURES ARISING FROM THE CYBER SECURITY STRATEGY