Cybersecurity | National reference framework for cybersecurity
As part of the growing regulation of cybersecurity in Europe, and also in Portugal, the EU Cybersecurity Act [Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification] came into force on 27 June. The aforementioned EU Cybersecurity Act arises in the aftermath of Directive (EU) 2016/1148 of the European Parliament and of the Council of 6 July, regarding security measures for networks and information systems in the European Union, as well as Law no. 46/2018 of 13 August, which transposed this Directive into the Portuguese legal system.
We are currently facing an increasingly pressing tendency towards regulation and concern about the state of cybersecurity, which is why the "National Reference Framework for Cybersecurity" has recently been published by the National Center for Cybersecurity, a public organization that operates before the National Office of Security with the aim of contributing to Portugal's free, reliable and safe use of cyberspace through the continuous improvement of national cybersecurity and international cooperation.
The National Reference Framework for Cybersecurity was created as a consequence of the increasing regulation of cybersecurity at national and international levels, aiming to offer a practical approach that allows users to comply with the norms related to Cybersecurity, as well as the National Cyberspace Security Strategy defined in May 2019 for Portugal.
It does not refer to a mere compilation of mandatory rules in this area, rather pointing to a range of practices, advice and recommendations that may be applicable, and above all, that can be useful, so that there is a responsible and secure application, that transmits confidence to its users, as well as assist the organizations to comply with the current legislation and also so to manage the risk and mitigate the impact of incidents that may eventually affect them.
The practices and recommendations in question are intended for the safe and reliable maintenance of cyberspace, but also for the protection and safety of its users, as the omission of such suggested good practices can lead to possible risks, not only to the reputation and image of the company, through the loss of confidence of its partners, but also in legal and financial terms, since users may be subject to compensation payments or to incur misconduct if they fail to comply with the obligations arising from Law No. 46/2018, of 13 August or the General Regulation on Data Protection, especially the obligations of notification regarding the breach of security or personal data.
Following the publication of this document, the National Cybersecurity Center and the Association DNS.PT, manager of the top level domain .pt, provides, starting from from July 8, the webcheck.pt online platform, which allows users to verify, in real time, the level of compliance of an Internet and e-mail domain regarding the latest standards for secure communication between systems (available through the following link https://lnkd.in/dRt8fgD).