National Cybersecurity Policy 2023-2028
On December 4, 2023, the updated National Cybersecurity Policy (hereinafter referred to as the “NCSP”) has been published, which extends to the period 2023-2028, replacing the previous one published in April 2017. This NCCP focuses on multiple dimensions of cybersecurity, ranging from national infrastructure improvement to international coordination.
The NCSP establishes the following 5 objectives:
1. Resilient Infrastructure:
The State has to promote a robust infrastructure to resist and recover from cybersecurity incidents in the country, both at the level of private and public institutions, under a risk management perspective.
To this end, among others, the processing of the Framework Law on Cybersecurity and Critical Information Infrastructure will be promoted, which establishes the creation of the National Cybersecurity Agency, and the forthcoming creation of the National Computer Security Incident Response Team has been established, which will aim to address the needs and requirements for protection and recovery from incidents in the public and private sector affecting organizations considered of vital importance.
2. People’s Rights:
Emphasis has been placed on the protection of people’s rights in relation to the Internet, with special attention to its use in an environment of equity, inclusion justice and protection of diversity.
The PNCS thus seeks to strengthen the regulatory framework, train public officials in digital security and prevent cybercrime as a means of promoting the rights of individuals.
3. Cybersecurity Culture:
The aim is to develop a cybersecurity culture around education, good practices, responsibility in the handling of digital technologies, and promotion and guarantee of people’s rights.
To this end, cybersecurity education is to be promoted at the national level through the implementation of a national cybersecurity and privacy awareness plan and a matrix plan for the introduction and improvement of cybersecurity and cybersecurity education for education systems at different levels.
4. National and International Coordination:
The importance of cooperation between public and private sectors is highlighted, with emphasis on communication and dissemination of efforts.
At the international level, the State will coordinate with countries, organizations, institutions and other international actors to enable our country to better confront malicious activities and incidents in cyberspace.
5. Promotion of Industry and Scientific Research:
The promotion and development of a cybersecurity industry, fostered by funds and stimuli, is proposed. The focus on applied research, technological entrepreneurship and gender inclusion are set as specific objectives.
Finally, although the PNCS does not establish any legal norm, it should be noted that throughout the same it has been clearly established as a major objective to achieve the publication of the Framework Law on Cybersecurity and Critical Information Infrastructure, which is currently in its second stage before the Chamber of Deputies and will be a breakthrough in cybersecurity and information care in the country, both nationally and internationally, by establishing standards, obligations and fiscal oversight.
We hope this information is useful for you, and we remain at your disposal to clarify and/or complement any aspect of it.