Presentation by CERT-Hungary

1. From CERT-Hungary
to National Cybersecurity Centre
Ferenc Suba LLM, MA
Chairman of the Board
PTA CERT-Hungary
Vice-chair of the MB
ENISA

3. CERT-Hungary
- Started as a project by the Ministry of IT and
Communications, now under Prime Minister’s Office
- Partnership Agreements with: National Communications
Authority, Financial Regulatory Authority, Prime Minister’s
Office, National Bureau of Investigation
- Accredited member of FIRST, TI, EGC
- Operator of the National Alert Service of Communications as
contractor
- Responsible for information security of the e-gov backbone
network
- Trusted partner of the banking and energy sector (WGs) in
CIIP, regular exercises
-- International co-operations: FI-ISAC, Meridian, IWWN
-- CERT capacity building: Bulgaria, South Africa

4. Government Foundation
- Theodore Puskás Government Foundation
- Founded in 1993 by the Government of Hungary, academia,
business companies
- Governed by the Civil Code, Act on Public Benefit
Organisations
- Part of the yearly state budget
- Supervised by the Prime Minister’s Office
- Engaged in technology transfer, information security
- Entitled to have business activities (max. 20% of the yearly
income)
- Flexible organisation, staff motivation, survives government
changes
- Think tank, preparation of regulation, project management,
technical service

5. e-Commerce Act
- Only tool to motivate the ISPs
- Liability clauses: indirect liability for ISPs = ISP is liable for
any wrongdoing committed through its system if ISP does not
co-operate to make the wrongdoing impossible
- Reason: criminals are anonymous + attacks come through
the ISPs + only ISPs can effectively take measures against
them
- Liability forms vary according to the function: content
provider, storage provider, access provider, cache provider,
information location tool provider
- Principle: ISPs liability stands as of an e-mail about the
wrongdoing committed through its system has been received

6. Ministerial Decree on National Alert Service
for Communications
- Regulates CIIP in communications sector
- Defines critical infrastructures legally
- Defines incidents flexbily (list updated by the National
Communications Authority)
- Designates 8 communications providers (biggest ones)
- Reporting obligation of the designated providers
- Reports on incidents affecting at least 1000 users
- Reports received and distributed by the Alert Service Centre
- Distribution list: Ministries, Centre for Crisis Management,
Services
- Alert Service Centre outsourced to CERT-Hungary, under the
supervision of the National Communications Authority

7. Government Decree No 223/2009.
on the security of public electronic services
- Sections 8-10: National Cybersecurity Centre
- Tasks: crisis management, central governmental system,
National Alert Service for Communications, awareness
raising, preparation of policy, CIIP collaboration, international
representation
- Control: Prime Minister’s Office, IT Security Supervisor
- Framework: Theodore Puskás Government Foundation, by a
public service agreement
- Basic services free for the government, value-added services
for payment

8. The Hungarian model
- Bottom-up approach, 5 years of evolution
- Establish a flexible organisation
- Be close to central government
-- Use ENISA and partner MSs as leverage
-- Have very strong international background
-- Build up PPPs with interested private sectors
-- Be not only technical (crisis management,
awareness raising, policy making, national and
international collaboration)
-- Distribute your financial resources (state
budget, state project contracts, service
contracts, EU and national research projects)

9. Thank you for your attention and patience!
PTA CERT-Hungary
www.cert-hungary.hu
Puskás Tivadar Közalapítvány
www.neti.hu
ENISA
www.enisa.europa.eu