My Authors
Read all threads
[THREAD] ICYMI, Czech National Cyber & Information Security Agency @NUKIB_CZ published annual Report on the state of #cybersecurity in the Czech Republic in 2018. This thread gives the main takeaways from the report, which you can find here: nukib.cz/cs/informacni-… 1/15
(1) Unsurprisingly, state actors are the most severe threat to cyber security of entities that are part of @NUKIB_CZ's constituency (government agencies, government & private sector-operated crititical information infrastrcuture (CII), providers of essential services etc) 2/15
State actors (government or government-linked) possess financial & human resources & w/ intentions that sets them apart from cybercrime groups or hactivists. People's Republic of China and Russian Federation are the most active cyber threat actors for the Czech Republic 3/15
(2) In 2018, @NUKIB_CZ responded to, and investigated, attack on strategically important govt institution. Investigation revealed that the actor was almost certainly (90-100%) a state actor who is likely (55-70%) Chinese 4/15
(3) Report also points to a rising threat of supply chain attacks, particularly attacks on managed services providers (MSP). In the case of Czech Republic, a contributing factor is a widespread application of Public Procurement Act (PPA) that prioritizes lowest bidder 5/15
Accepting the lowest price as the single most important criterion for public procurement means that potentially hazardous components may enter the systems of obligated entities. 6/15
(4) Public sector is facing great challenges to strengthen cyber security, including lack of qualified personnel, insufficient personnel qualification, or slow implementation of new security standards and weak authentification 7/15
(5) Education sector is also attractive target for cyber threat actors. In 2018, ten Czech universities were targetted by relatively sophisticated spear-phishing campaign (lot of language errors but proven knowledge of university environment) 8/15
(6) @NUKIB_CZ's primary task is CII protection. Report notes that while Czech CIIs were not affected by sophisticated attacks, there were instances of serious attacks on CII systems worldwide, including attacks on energy sector, banking sector and eHealth 9/15
(7) @NUKIB_CZ is authorized to take preventative measures to protect CII & other systems within NUKIB's constituency. In this regard, on 17 Dec 2018 NUKIB issued warning (legal tool per Cyber Security Act) against use of Huawei & ZTE technologies govcert.cz/en/info/events… 10/15
The warning refers to legal and political environment in the PRC that require CN companies to cooperate with Chinese state on intelligence activities & close links b/w private companies & government as factors that prioritize interest of Chinese state over Huawei & ZTE customers
That cybersecurity is not just technical issue and trust is a key principle in choosing suppliers for critical information systems is a major Czech contribution to ongoing discussion on the security of 5G networks (see Prague Proposals: vlada.cz/en/media-centr… 12/15
(8) Report also points to the importance of cyber security exercises, be they red v. blue team technical exercises or non-tech strategic tabletops. Czech Republic is active participant and a provider of cybersec exercises. @GOVCERT_CZ-led team placed 3rd in 2018 in Locked Shields
In 2018, NUKIB arranged or participated in bilateral exercises with partners in the #US, #Korea and #Taiwan, and provided training to 320 individuals from 77 countries. 14/15
Perhaps the key takeaway: Czech Republic is not just passive consumer of cyber security provided by others. We are active partners and providers. Ready to reach out and forge new partnerships. 15/15
Missing some Tweet in this thread? You can try to force a refresh.

Enjoying this thread?

Keep Current with Michal Thim (廷米賀)

Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Follow Us on Twitter!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3.00/month or $30.00/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!