Prague, March 12, 2013

Meeting of the Cyber Security Council (hereinafter referred to as “CSC”)was held today in the premises of the National Security Authority (hereinafter referred to as “NSA”), state entity responsible for cyber security. The meeting was called to order extraordinarily by the NSA Director, Mr. Dušan Navrátil, because of the last week's DDoS attacks.

The meeting was attended by permanent representatives of the public sector and representatives of commercial and academic sphere. The main agenda of the meeting was to analyze the DDoS attacks, which hit some of the entities in the Czech Republic during the last week and to propose further steps to enhance cyber security in the country.

After the opening speech of the NSA director, Mr. Dušan Navrátil, the word was given to the Director of the National Cyber Security Centre (hereinafter referred to as NCSC), Mr. Vladimír Rohel. The CSC was informed about the findings and current results, elaborated by the NCSC workers. The NSA Legislative Department informed that due to the passed attacks new information was obtained, which shall be incorporated before the inter-ministerial consultation procedure into to the draft of the Act on Cyber Security.

Later, Mr. Ondřej Filip from CZ.NIC held his speech on recapitulation of passed attacks from the commercial sector side. According to his speech, the attacks were not extremely massive, did not come from the Czech Republic; came primarily from foreign networks. The attacker was sophisticated and the one who “ordered” the attacks possessed a good knowledge of the Czech environment. The attacker did not dispose of a special technique, he used more or less standard "farms of enslaved computers". Among other speakers, there were representatives of the Military CIRC, Seznam company, Telefonica CR, GTS and others.

At the end of the meeting, the NSA Director decided to create his advisory body - the Director's Cyber Security Commission. This Commission will be convened as necessary as a professional operative body of the NSA Director.

The Commission's task will be to collect data on cyber security incidents, analyze them and propose operational measures in the field of cyber security. The Commission will be composed of selected state experts, private entities and academic sector.

Relevant information from the CSC:

  • The attacks were not extremely massive.
  • The attacker is still unknown - it was a sophisticated attacker with a good knowledge of the Czech environment.
  • The Czech Republic has generally a good level of security, though, these attacks revealed some imperfections and weaknesses.
  • One of them is a slight modification of the Act on Cyber Security, or the Law on Electronic Communications amendment.
  • It confirmed the willingness of all entities to cooperate on the basis of "community" principle - public administration, commercial sector and academic sphere.
  • Creation of NSA Director's Cyber Security Commission - technical, operational authority, composed according to the actual needs - usually representatives of the state, private sector and academic sector.

The CSC was attended by:

NSA (Governmental CERT), CZ.NIC (National CSIRT), Military CIRC, Ministry of Interior, Ministry of Defence, Ministry of Finance, Ministry of Industry and Trade, Ministry of Foreign Affairs, Czech National Bank, Police of the Czech Republic, Armed Forces of the Czech Republic, BIS – Intelligence Services, ÚZSI, Military Intelligence, Czech Telecommunication Office, CESNET, GTS, Telefónica O2, ČEZ, CSOB, Seznam