AUSTRIA CYBER SECURITY STRATEGY (ACSS)

sterreichische Strategie fr Cyber Sicherheit (SCS)

Asyifa Mahardika 14010414120046

Stephanie Elisa 14010414130048
Granithio Karya Nugraha 14010414140081
Aichel Miranda S. 14010414140082
Wakhidah Hasna K 14010415130054
Fatimatuh Zahrah 14010415140055
Fathin Nisa Muthia Harahap 14010416120009
Wira Fadhil Satwika 14010416130046
 CYBER SECURITY stands for

1. to make cyber space sufficiently safe and secure at

national and international level
2. the security of infrastructures in cyber space, of the data
exchanged in cyber space and above all of the people
using cyber space
Information and
communication
space

Space for social Economic and

interaction trade space
The citizen and society
Bussines and Economic Sector
digital infrastructures, such as energy, water and transport
services

Space for
political Control space
participation
 Vulnerability

Vulnerability of IT-infrastructure
"The better something works, the more serious the
consequences are if there is a disruption."
Lack of security awareness
Lack of experts
Flawed and incompatible software
Incomplete Cyber Governance
 AUSTRIAS CYBER THREATS & RISKS

Cyber-terrorism/cyber-war against states infrastucture

Cyber espionage against state

Manipulation of transportation IT systems
Attack against communication & satellite connections
Manipulation of GPS-time signal
Public Sector
Manipulation OF energy generation and supply IT system
. Lack of cyber awareness
Identity-theft & manipulation of citizens ID
data
Cyber-fraud

Governmental Section
1. Incomplete Cyber Governance
Lack of experts
Lack of incentives for security investment
Flawed & incompatible codes/software
Missing focus on regulations for IT Security
Unclear responsibility across governmental institutions
 As listed in ICT
Universal Security for a
Digital Austria.
Principles
Especially for
Fundamental cyber security.
 The universal Principles of ICT Security for
a Digital Austria

Confidentiality
Integrity
Authenticity
Availability
Privacy
Data protection
Mandatory Application
 Fundamental Principles

The Rule of
Subsidiarity
Law

Self- Proportio-
regulation nality
 STRATEGIC GOALS

1. Availability, Reliability and confidentialy of data exchange as well as the integrity of data themselves are
Guaranteed only in a secure, resilent and reliable cyber space.
2. Austria will ensure that its ICT infrastructure are secure and resilient to threats. The governmental bodies
will cooperate closely and as partners with the private sector
3. The legal asset cyber security is protected by the Austrian authorities in cooperation non-governmental
partners.
4. By taking number of awareness measures, Austria is builiding a culture of cyber security
5. Austria acting as a pioneer in implementing measures to secure the digital society.
6. Austria will play an active role in international cooperation at European and Global level
7. The Austrian administrations e-government is secure and continuously furthur developed
8. All Austrian enterprises will protect the integrity of their own applications as well as the identitiy and
privacy of their customers
9. The Austrian population should be aware of the individuals personal responsibility in cyber space.
 Fields of Action and Measures

First Field of action is Structures and Processes

The measures are:
-Establishing a Cyber Security Steering Group
-Creating a structure for coordination at operational level
-Establishing a Cyber Crisis Management
consists of representatives of the state and of operators of
Field of action and measures Governance are:
critical infrastructures
Crisis management and continuity plans
Cyber Exercises
-Strengthening existing cyber structures
Establishing a modern regulatory framework Austrian Government Computer Emergency Response Team
Defining minimum standards (GovCERT)
Preparing an annual report on cyber security Cyber Crime Competence Center (C4)
Millitary Computer Emergency Readiness Team (MilCERT )
Austrian CERT Association
 Field of action 3 - cooperation between the government, economy
and society

Austria Cyber Security Strategy

Establishing a Cyber Security Platform
The Austrian Cyber Security Platform shall bee established as a public private
partnership to facilitate ongoing communication with all stakeholders of the
administration, economy and academia.
Strengthening support for SMEs
Priority programmes on cyber security will be launched to raise the awareness of
SMEs and to prepare them for hazardous situations.
Preparing a Cyber Security Communication Strategy
With a view to optimising communication between stakeholders in the administration,
economy, academia and society, all websites set up or planned by governmental bodies
have to be coordinated in the framework of a Cyber Security Communication
Strategy.
 Protecting of Critical Infrastructures

Objective:
Almost all infrastructure depend on ICT systems as a a top priority to improve the
resilience of these information systems against threats.
Under the Austrian Programme for Critical Infrastructure Protection (Programm zum
Schutz kritischer Infrastrukturen / APCIP), enterprises operating critical
infrastructures are encouraged to implement comprehensive security architectures.
Measures:
Improving the resilience of critical infrastructures
- These strategic enterprises should set up a comprehensive
security architecture risk and crisis management), update it according to
the threats arising and appoint a security officer.
- Duty to report severe cyber incidents by the operators of critical
infrastructures.
- Existing arrangements for The Protection of Critical
Infrastructures (APCIP) and the Governmental Crisis and Civil Protection
Management should be reviewed.
 Field of action Awareness raising and training

Objective: Incorporating cyber security and media competence into

all levels of education and training
By sensitising all target groups, the necessary
awareness of, personal interest in and attention paid
- Stronger integration of ICT, cyber security and media
to cyber security will be increased.
competence into the school curriculum
An adequate ICT competence level should be ensured
- ICT security competence should be taken into account in
by intensifying training in the field of cyber security
the training programmes of pedagogical universities and
and media competence in schools and other
other pedagogical institutions at tertiary level.
educational facilities.
- The training of experts in the public sector related to cyber
Measures: security will be intensified in cooperation with national
Strengthening a cyber security culture and international training facilities.
- Developing, coordinating and implementing - The ICT system administrators of the operators of critical
awareness-raising initiatives infrastructures should receive cyber security training to
- The existing consulting programmes should be further enable them to recognise cyber incidents.
strengthened and expanded.
- An ICT Security Internet Portal will be set up in the
form of a web platform.
- Cyber crime prevention programmes will be further
developed.
 Fields of Actions and Measures Research and
International Cooperation:

Reaserch and Development

Dalam rangka penelitian terhadap keamanan nasional, keamanan dunia siber sendiri HARUS menjadi
prioritas utama
Austria harus menjadi pemimpin utama yang aktif dalam Uni Eropa terkatik program penelitian
keamanan dunia siber

International Coorporation
Kementerian akan melakukan langkah maksimal untuk memanfaatkan dan
menerapkan sepenuhnya Convention on Cybercrime of the Council Europe
Austria akan memberikan implementasi dan kontribusi yang besar terhadap Strategi
Keamanan Siber di Uni Eropa
Austria menganjurkan penggunaan internet gratis secara global
Austria memulai lagi kerjasama yang diinisiasi oleh NATO
Partisipasi aktif Austria dalam pelatihan dan perencanaan cyber security
 Implementation

Implementation
Implementation
Plan
Cyber Security Report
&
Steering Group &
Implementation
ACSS Review
of Measures
 Cyber Security Steering Group

Responsibility:
Coordinating measures relating to cyber security at a political-strategic level
Monitoring and supporting the implementation of the ACSS
Preparing an annual Cyber Security Report
Advising the federal government in all matters relating to cyber security

Member:
Liaison officers for the National Security Council
Cyber security experts of the ministries represented in the National Security Council
Chief Information Officer of the Federal Republic of Austria
Representatives of other ministries and of the Austrian federal provinces (Conditional)
Representatives of relevant enterprises (Conditional)
 Implementation Plan &
Implementation of Measures

The Steering Group develops an Implementation Plan and carry it out the horizontal measures
within three months after adoption of the ACSS by the federal government
Implementation Plan adopted in June 2013
The competent bodies are responsible for implementing these measures within their respective
mandate
Competent ministries will develop sub-strategies for their sphere of responsibilities
Ministries represented in the Cyber Security Steering Group will submit an Implementation Report
to the federal government every two years

In the process of adopting this plan, agreement was reached on four prioritized projects:
Development of permanent coordination procedures and structures at the operational Level
Cyber security experts of the ministries represented in the National Security Council
Report on the regulatory framework
Development of a concept and rules of procedure for a Cyber Security Platform
Cyber Security Communication Strategy
Implementation Report &
ACSS Review
 Cyber Security Report 2014

The most important development observed in 2013 was the significant increase in cyber
espionage and cyber-criminal activities.
As cyber attacks will be geared to specific types of data processing and storage, they will
concentrate mainly on cloud services and social networks in the next years
Adequate protection and cooperation on information and communication technology as
well as the data processed with ICT systems is of growing importance

Comprehensive approaches involving state and non-state actors are becoming Indispensable
Coordinated, large-scale technical as well as organisational measures play a vital role in detecting
processing anomalies and developing appropriate countermeasures
Governments are expected to show a growing interest in cyber security issues, which will be
reflected in the publication of new national strategy documents as well as the establishment of
relevant control and coordination structures
 Cyber Security Report 2017 (2016)

In 2016, the trend observed in the previous years towards a significant increase in
security-related activities / incidents in the cyber sector continued.
DoS and DDoS attacks, are currently among the most common and effective cyberattacks.
Ransomware, CEO fraud and phishing attacks are responsible for a significant number of
incidents.
Crime as a Service business models are increasing
Security budget remain the same with 2015

Increasing awareness of cyber threats

Increased involvement of the private sector in cyber security
Issues of cyber security continue to be addressed in the framework of the EU, UN, OSCE, NATO,
OECD and Council of Europe, as well as in multilateral forums with the active participation of
Austria