Security incidents in which signal loss lasts more than 15 minutes, during which people are no longer able to call the single emergency number 112, are considered high-impact incidents and must be reported to telephone operators, according to a new decision by the Authority. in a message published on Friday in the Official Gazette.
Former vice president of ANCOM, Eduard Lovin, announced the changes in the legislation on security incident reporting on his LinkedIn account.
- “The new regulation of ANCOM also imposes obligations on provision of temporary back-up power supply for large communication operators.
- Other changes concern the technical and organizational measures that providers must take to properly manage risks to the security of communications networks and services.
- Regarding reporting of security incidents, the changes provide for the definition of significant impact not only by quantitative thresholds (number of affected users and duration of the incident), but also by a number of qualitative thresholds, such as incidents affecting the routing of emergency messages to 112 emergency services or the provision of critical communications services,” Eduard Lovin, now ANCOM’s director of regulation, wrote on LinkedIn on Monday.
Which security incidents are considered to have a significant impact
Under the new rules, a security incident with a significant impact is one that meets at least one of the following quantitative or qualitative thresholds:
a) quantitative thresholds:
- (i) availability means the effect, in terms of the availability of public electronic communications networks, of electronic communications services intended for the public, including stored, transmitted or processed data or related services offered by or accessible through the relevant electronic communications networks or services, in the case of 5,000 users, for at least 60 minutes or if the threshold of 500,000 “user hours” is exceeded;
- (ii) authenticity, integrity, or privacy—at least 5,000 users were affected, regardless of the duration of the incident;
b) qualitative thresholds:
- (i) incidents affecting, directly or indirectly, for at least 15 minutes the routing of emergency messages to the emergency service 112;
- (ii) incidents with transboundary impact;
- (iii) incidents that affect the security of networks and services of another provider of public electronic communications networks or electronic communications services intended for the public, and cause an incident
In the event of such security incidents, electronic communications providers must inform the public in at least one of the following ways:
- a) through a special section on the main page of its own website, keeping this information under these conditions at least until the resolution of a security incident that has a significant impact;
- b) through its own TV channel;
- c) by e-mail;
- d) through the short message service;
- e) through mass media.
SEE ANCOM’S DECISION IN THE OFFICIAL NOTICE
Photo credit: Jose Maria Ruiz / Dreamstime.com
Source: Hot News
Lori Barajas is an accomplished journalist, known for her insightful and thought-provoking writing on economy. She currently works as a writer at 247 news reel. With a passion for understanding the economy, Lori’s writing delves deep into the financial issues that matter most, providing readers with a unique perspective on current events.