Is you company affected too? If the answer is yes, then this is a mandatory measure.
Decision about selection – operator safety plan – organization of defense – risk management practice – vulnerability testing – data traffic monitoring
We will help. We provide expert services to the holders of critical system elements.
In 2012, the Parliament adopted a law on the protection of critical infrastructures. The legislation lists ten critical sectors of vital system elements, which mainly affects the energy and transport sectors from March 1, 2013. Organizations that own or operate a critical system element/critical infrastructure are required to organize and maintain the continuity of the operation of critical infrastructure under their control. Using its extensive experience, KÜRT can provide effective assistance for the planning and implementation of necessary activities.
About the law
The defense concept and legal approach connected to critical infrastructure goes back to a history of more than a decade. This phase was concluded when on 12 November 2012 the National Assembly adopted Act CLXVI of 2012 on the identification, designation and protection of critical systems and facilities.
In accordance with the relevant EU directive 2008/114/EC, the regulation will first enter into force for the energy and transport sectors. In the case of energy installations, the law considers all communication and information technology systems as a component of the critical system element in question. The legislation has entered into force for other sectors as well.
When studying the law and the government decree, representatives of the affected sectors may be faced with a number of questions:
- What is considered a critical system or facility – critical infrastructure, in short?
- Does our company deal with critical infrastructure/key system elements?
- What is our duty if we hold a vital system element?
Written by our specialists and available for download on KÜRT’s website, the article entitled “Kritikus infrastruktúra-üzemeltetés a jövőben – törvénytől a megoldásig” (Critical Infrastructure Operation in the Future – from From the Law to Solutions) provides detailed answer to these and other critical questions.
After the law and the government decree are interpreted, the representatives of the sectors concerned must work on meeting legislative expectations, while complying with the requirements.
KÜRT undertakes to assist the designated companies in the preparation of their operator security plan and the implementation of network security activities.
Prevention, preparation and post-disaster recovery is an important duty of the operator. Business continuity plans (BCP) and disaster recovery plans (DRP) devised for corporate IT systems can provide a good starting point for an operator security plan aiming at IT security (network security).
Compliance with official obligations and expectations as well as with statutory or regulatory requirements with respect to network security is facilitated by the following:
- recording and processing a large number of log files generated in the IT systems with an appropriate log analysis application (LogDrill);
- testing the vulnerability of systems through legal hacking and penetration testing;
- the implementation of context-sensitive changes in the configuration for hardening systems.
- implementing resources with adequate level of security;
- adequate risk and operational continuity management supported with software (SeCube).
Performing these tasks will, on the one hand, ensure legal compliance and protect against fines and other possible sanctions and, on the other hand, will have the following additional benefits:
- the infrastructures used by citizens will become safer, their availability will be improved, bringing about better service quality and boosting client confidence and satisfaction;
- the optimum allocation of security costs, the simultaneous increase of IT and operational security, the reduction of the number of vulnerabilities while increasing resilience and the implementation of realistic solutions represent added value;
- rationalization is not impossible if effective preventive methods are introduced (prevention is cheaper than damage control);
- more effective, mutually beneficial partnerships are facilitated between emergency planners, intervention teams and the owners and operators of critical infrastructure.