The law establishes legal and organizational bases for ensuring cybersecurity of Ukraine, as well as directions and principles of state policy in the field of cybersecurity, powers of state bodies, enterprises, institutions, organizations and individuals in this sphere, basic principles of coordination of their activities.
In particular, the law defines the terms “cybersecurity”, “cyber defense”, “cybercrime”, “cyber defense”, “cyberspace”, etc.
The law provides that the objects of cyber defense are:
– communication systems of all forms of ownership in which national information resources are processed and / or used in the interests of state authorities, local governments, law enforcement bodies and military formations established in accordance with the law;
– objects of critical information infrastructure;
– communication systems used to meet public needs and / or to implement legal relations in the areas of e-government, e-government services, e-commerce, e-document management.
Also, the Law stipulates that enterprises, institutions and organizations (regardless of the form of ownership) may be classified as critical infrastructure objects, provided that they:
– carry out activities and provide services in the field of energy, chemical industry, transport, information and communication technologies, electronic communications, banking and financial sector;
– provide services in the areas of life support for the population, in particular, in the areas of centralized water supply, drainage, supply of electricity and gas, food production, agriculture, healthcare;
– are municipal, emergency and rescue services;
– included in the list of enterprises being of strategic importance for the economy and security of the state;
– are the objects of potentially dangerous technologies and industries.
The procedure for the formation of a list of critical information infrastructure objects and their entry into the state register should be approved by the Cabinet of Ministers of Ukraine.
The government response team for the computer emergency issues of Ukraine CERT-UA has also been created. Its main tasks are:
– the accumulation and analysis of data on cyber incidents, maintenance of the state registry of cyber incidents;
– the provision of practical assistance to the owners of cyber defense facilities for the prevention, detection and elimination of the consequences of cyber incidents;
– preparation and placement on its official website of recommendations on countermeasures against modern forms of cyberattacks and cyberthreats;
– interaction with law enforcement agencies, ensuring that they are timely informed of cyberattacks, etc.
The functioning of CERT-UA is carried out by the State Service for Special Communications and Information Protection of Ukraine.
The Law of Ukraine “On the Basic Principles of Cyber Security of Ukraine” was adopted on 5 October 2017 and will enter into force in May 2018.