ICT Security

Attacks from cyberspace pose a direct risk to our security and the functioning of the government, business, science and society.

It is thus one of the utmost priorities for Austria to work on protecting cyberspace at national as well as international level.

Government CERT (GovCERT)

GovCERT – the CERT of the public administration Response Team – as a central, operational body for cyber security supports the public administration as well as critical infrastructures with operational and technical expertise and the provision of a national and international network to exchange experiences and information. In addition, GovCERT is as a strategic, national point-of-contact (POC) for international CERT partnerships. The GovCERT also promotes the development of industry-specific CERTs. Please find more information about the tasks, structure and the range of services here.  

CERT.at – the national CERT

The Austrian national CERT was put into operation in 2008 in cooperation with the Federal Chancellery and nic.at, the Austrian domain register.
The most important task of the national CERT is the first point of contact for all concerns of IT security related to Austria. CERT.at does not guarantee the solution to a specific problem, as there are no rights of intervention or other entitlements against operators. However, it does ensure a suitable form of disclosing important information.
Security warnings can be subscribed to on cert.at. Moreover, reports and requests are accepted by e-mail via reports@cert.at or from Monday to Friday between 8:00 am and 6:00 pm by telephone on +43  505 64 16 78. The customer group "public administration and critical infrastructure" can be contacted via post@govcert.gv.at.

Austrian Strategy for Cyber Security

The "Austrian Strategy for Cyber Security (ÖSCS)" forms the basis for national collaboration in the respective matter. The majority of the population use the Internet on a regular basis. Moreover, the economy is heavily dependent on a well-functioning digital infrastructure. The Internet is an indispensable foundation for the public administration to make their services accessible. Cyber security means security of the infrastructure of cyber space, of the data exchange in cyber space and primarily of the people who use cyber space. Read more on Cyber Security.

National ICT Security Strategy

In collaboration of 130 representatives of Austrian stakeholders, a concept for the protection of the "Austrian cyberspace" and people in virtual space was developed. The key foundation for the development of the Austrian Strategy for Cyber Security (ÖSCS) was the "National ICT Security Strategy of Austria". Matters addressed as part of the ICT security strategy range from education, research, awareness, legislation, technical and organisational concerns of Austrian companies, to the protection of strategic infrastructures in Austria. Please read more under the Austrian Security Policy.

onlinesicherheit.at

Attacks against computers, smartphones and other devices are becoming increasingly more complex and professional. For this reason, the ICT security portal www.onlinesicherheit.at went online. The ICT Security Portal is a strategic measure of the National ICT Security Strategy and the Austrian Cyber Security Strategy to promote and sustainably strengthen the ICT and cyber security culture in Austria. Cybercrime already ranks as one of the five fields of crime with the largest impact on society's perception of security. In order to counter this trend, greater safety awareness, digital training of target groups as well as technical and organisational measures are necessary.

The ICT security portal, as a central Internet portal, was created in February 2013 in close collaboration between administration and economy with a total of 40 cooperation partners. The portal deals with topics related to security in the digital world and it is unique in this form. The extensive range of services is aimed at both beginners and experts. It includes information on Internet risks, advice and help on the secure use of computers, smartphones, inter alia, information on security standards, security manuals and legal regulations, etc. as well as further information and contact details of hotlines and reporting points for emergencies – guaranteed independent and well-founded.

Cybersecurity and Data Protection

According to a study carried out by the Centre for Strategic and International Studies (CSIS), the damage caused by cybercrime to the global economy is now 600 billion $ (490 billion €) per year. The crime statistics of the Federal Criminal Police Office confirm the trend towards cybercrime. It is now one of the five crime areas with the greatest impact on the sense of security of society.

The comprehensive new provisions on data protection is based on the General Data Protection Regulation (GDPR, in Austria called "Datenschutzgrundverordnung or DSGVO"), which created a uniform data protection law for all EU Member States. The EU regulation gives the legislators of the individual Member States a degree of latitude.

In Austria, this was applied by the resolution of the "Data Protection Adaptation Act 2018". From 25 May 2018, the EU General Data Protection Regulation (GDPR-Regulation (EU) 2016/679) and the Austrian Data Protection Act (DSG – as amended by the Data Protection Amendment Act 2018) will apply in Austria. The regulation means more protection for citizens' personal data.

The GDPR (or DSGVO) is not applied when generally available, i.e. public data, are concerned. Nor is it applicable when completely anonymous or anonymised data is in use without the ability to relate to a data subject. Similarly, it does not apply to the processing of data for a purely private or family purpose. In addition, it is not applicable when processing data outside the European Union, except where a processor or service provider is not established in the EU and offers goods or services (regardless of payment) in the EU.

Special category data are:

• Racial and ethnic origin
• Political opinion
• Religious or ideological beliefs
• Union membership
• Genetic, biometric data
• Health data
• Data concerning sexual activity or sexual orientation
• Data on criminal convictions and offenses

Additional Information

• CERT.at
• GovCERT
• Reports from GovCert und Cert.at (in German)
• ENISA - Inventory of CERT activities in Europe
• Forum for Incident Response and Security Teams (FIRST)
• Trusted Introducer
• IKT-Sicherheitsportal
• oesterreich.gv.at (in German)
• General information about data protection (USP.gv.at in German)