Speakers
Description
Croatia transposed the NIS2 Directive into national legislation. The new Cyber Security Act and the corresponding Cyber Security Regulation represent the legal framework. Croatia recognized that it is important to include the education sector as other critical sectors. The intention was not to include all entities from the sector, but only those which are very important at the national or regional level for carrying out educational work. The Croatian education sector has highly digitalized services compared to public services.
The education system's mission is manifested in raising cyber security awareness, creating well-skilled cyber security experts through establishing programs to maintain high standards of cyber resilience and promoting digital literacy for secure use of network and information systems. Educational institutions should be an example in the adoption of cybersecurity management measures, and they can act as a bridge that connects research centers, industry, and public bodies in the development of innovative solutions to strengthen resilience. The integration of cyber security into educational processes contributes to increasing the resilience of the sector itself and society.
The intention of CARNET – Croatian Academic and Research Network, as an institution established by the Government of Croatia for IT and information infrastructure activities in education and science, is to take advantage of the newly initiated importance of cyber security and encourage all higher education institutions to take measures that will strengthen their cyber security posture. This means the application of cyber security risk management measures prescribed by law - in particular: policies for risk analysis and security of information systems, dealing with incidents, including their monitoring, recording, and reporting, basic cyber hygiene practices and cyber security training, control policies access and management of program and structural assets, including regular updating of the asset list. CARNET plans, primarily now through the e-Universities project and later in its regular activities, to provide advisory support to universities related to information security management and compliance with cyber security regulations.
These activities are a part of National CERT’s role as one of the CARNET’s departments. National CERT plays a key role in the national cyber security environment by monitoring the network, providing expert support and incident response when the institution is attacked, and providing a vital source of advice and information, both for taking immediate action and monitoring emerging threats. Key activities for strengthening resilience are focused on the creation of educational materials: technical and functional documentation/tutorials/guidelines for monitoring system of local network traffic and detection of computer threats for HE institutions and educational materials (presentations and manuals) for the management, teaching, and IT staff on the following topics:
• NIS2 Directive
• Cyber hygiene and responsible use of the Internet
• Adoption and implementation of security policy at higher education institutions
• Basics of cyber protection and identification of cyber threats
• Support system in reporting and resolving cyber incidents
• Secure university infrastructure.
National CERT prepared and held one of two student competitions and education in cybersecurity – The Hackultet. CTF competition in the field of cyber security for students was successfully conducted to promote various areas of cyber security and encourage students to create a career and strengthen their expertise in this area.
CARNET, as a regulated entity under the Cyber Security Act, takes measures to strengthen the security of critical services and the services it offers to users in the education sector. We will present the types of categorized entities in the education system sector, their number, and the measures they must implement in their operations to comply with the requirements of cybersecurity regulation.