New EU-wide legislation on cybersecurity will increase critical infrastructures in Cyprus to 700 from the current 70, Communications Commissioner George Michaelides said on Friday.
Within 2024, new legislation will be ready to adopt the new European directive aiming to improve the cybersecurity of networks and information systems which will see a huge rise on the number of critical and important infrastructures in the island, Michaelides told CNA.
To date, Cyprus implements the NIS1 directive concerning the implementation of the security framework for critical infrastructure in European countries. But this will be replaced next year with the NIS2 directive.
He added that with the new directive, security now extends to other infrastructures, such as, for example, supermarkets, among others, which in case their operation is affected by a cyber attack, the consumer will in turn be affected.
According to the European Commission, the NIS2 Directive, which came into force in 2023, modernises the existing legal framework to keep pace with increased digitisation and an evolving cyber threat landscape. By extending the scope of cybersecurity rules to new sectors and entities, it further improves the resilience and incident response capabilities of public and private entities, competent authorities and the EU as a whole.
Asked how shielded Cyprus is against cyber-attacks, Michaelides said Cyprus has made a tremendous difference from 2018 to date in terms of cyber-attacks, and “has made a difference in the last two months”.
Furthermore, the commissioner said that the 13 Pillars of the Cybersecurity Action Plan are “important measures that help to further strengthen cybersecurity in Cyprus”.
He added that strengthening on cybersecurity issues should be a continuous effort and that “no one and nowhere can say that they are completely shielded” against cyber-attacks.
Michaelides said that his office has an excellent cooperation with the deputy ministry of research, innovation and digital policy and added that the 13 Pillars of the Cybersecurity Action Plan have been developed after cooperation with the Digital Security Authority.
He also referred to the hiring of an additional 18 permanent staff members in the digital security authority, a move he described as very important as there will no longer be a constant turnover of staff.
This year, cyber attacks have been recorded at the state land registry and Open University of Cyprus with the institution deciding to hire a private company to deal with the issue. In response, a cybersecurity plan set to operate 24 hours a day has been drawn up by the deputy ministry of research, innovation, and digital policy and the digital security authority.