Ukrainian govt adopts cyberincident response plan with 6 levels of criticality
Ukraine's Cabinet of Ministers has approved a national response plan for cyberincidents, cyberattacks and cyberthreats that applies to state bodies, local governments, critical infrastructure operators and other organizations involved in ensuring cyber security, the government said in Resolution No. 1533 dated November 26, published on the Cabinet's website.
"In effect, these are the implementation mechanisms for Law No. 4336 (on the protection of information and cyber defense of state information resources and critical information infrastructure, adopted March 27 of this year). This is a state regulatory document of Ukraine that sets out the rules, stages and mechanisms for responding to cyberincidents, cyberattacks and cyberthreats," commented Oleksandr Fediyenko, chairman of the parliamentary subcommittee on cybersecurity, government communications and cryptographic protection of information, which is part of the Verkhovna Rada committee on national security, defense and intelligence.
In a Facebook post, Fediyenko noted that the response plan defines six incident criticality levels, from non-critical (0, white) to emergency (5, black). Each level specifies the urgency, scale of response and the mandatory involvement of the national computer emergency response team (CERT-UA) and the Security Service of Ukraine.
Under the resolution, notification requirements are mandatory for state systems and critical infrastructure objects. Specifically, an incident must be reported within one hour; a preliminary report is due within 24 hours; an interim report within 72 hours; and a final report within a month, Fediyenko said.
The response plan also states that CERT-UA and CSIRTs can issue technical recommendations that are mandatory to implement, conduct technical investigations, require reports on measures taken, and initiate responses in the case of highly critical incidents. Public communications in crisis situations will be governed by a separate government resolution.
"The plan provides a unified coordination system, fast information flow and mandatory implementation of technical recommendations, enabling state institutions and critical infrastructure to act coherently and effectively during cyberthreats," Fediyenko summed up.
