The legislation, registered as draft law No. 11290, was approved in its second reading on March 25 with 240 votes in favor. This marks a significant step toward creating a national cyberattack response system aligned with European cybersecurity standards.
1. Key Provisions of the Cybersecurity Law
-
Establishment of a National Cyberattack Response System
-
The law calls for the creation of a comprehensive incident response structure tasked with identifying, countering, and mitigating cyberattacks on government data and critical networks.
-
The State Service for Special Communications and Information Protection will oversee this system, ensuring uniform standards across all governmental tiers.
-
-
Integration of Specialized Cyber Teams
-
The legislation provides for CERT-UA (Computer Emergency Response Team of Ukraine) to coordinate with newly formed regional and sectoral teams.
-
These teams will respond to cybersecurity incidents, cyberattacks, and emerging cyberthreats, leveraging resources from both public and private sector experts.
-
-
Professional Cybersecurity Network
-
Each state institution that handles sensitive data must employ a network of trained cybersecurity specialists.
-
This ensures active monitoring and protection of governmental databases, networks, and electronic communication systems.
-
2. Enhanced Cyberdefense Powers and Responsibilities
-
Expanded Authority for Specialized Agencies
-
The law broadens the powers of agencies like the State Service for Special Communications, allowing them to rapidly respond to emerging threats.
-
Private sector professionals can also be enlisted for high-level security tasks.
-
-
Coordination with European Standards
-
The new framework aligns Ukraine’s cyberdefense measures with EU standards, emphasizing incident reporting, data protection, and robust countermeasures against cyber espionage.
-
-
Standardization of Cryptographic and Technical Security
-
The law harmonizes cryptographic and technical information protection methods, ensuring consistency in defense strategies across ministries and departments.
-
3. Protection of State Resources and Critical Infrastructure
-
Targets of Protection
-
The main focus is on information, electronic communications, and IT systems that handle state resources or data with restricted access, as well as critical information infrastructure (energy grids, transport networks, banking systems, etc.).
-
-
Countering Technical Intelligence
-
Beyond repelling cyberattacks, authorities must thwart technical intelligence efforts—i.e., preventing unauthorized signals interception and safeguarding classified information.
-
-
Cyber Protection Assessment System
-
An integrated assessment mechanism will measure the readiness and resilience of government agencies, enabling periodic audits and improvements in cybersecurity tactics.
-
4. Timeline and Legislative Progress
-
Initial Approval
-
On January 8, the Verkhovna Rada adopted No. 11290 in its first reading, focusing on the need for heightened security after an increase in cyber incidents.
-
-
Second Reading and Passage
-
March 25 saw the final passage with 240 parliamentary votes, marking the final legislative hurdle.
-
-
Implementation
-
Government agencies now face strict compliance deadlines to form new teams and implement advanced security protocols.
-
The law calls for rapid rollout to fortify Ukraine’s digital ecosystem against state-level cyber threats.
-
Conclusion
With the adoption of draft law No. 11290, Ukraine is set to revolutionize its defense of state data and critical infrastructure. The creation of a national cyberattack response system—coordinated by CERT-UA, specialized regional teams, and private-sector experts—positions Ukraine to confront escalating cyber threats more effectively. By aligning with European standards and empowering dedicated cybersecurity networks, the country fortifies its national security and global standing in the rapidly evolving digital battlefield.
