Governmental Regulation of Cybersecurity in the EU and Hungary after 2000
The term information security evolved to cybersecurity nowadays, which emphasises the interdependence of information assets and the importance of cyber-physical systems. Parallel to this, the need for appropriate management of the EU and government strategies and new public administration tasks also appeared.
In the European Union, the first measure concerning this issue was the establishment of the European Union Agency for Network and Information Security (ENISA) in 2004, mostly with consultative tasks. The first official cybersecurity strategy in the EU, called the Open, Safe and Secure Cyberspace, was accepted in 2013. Afterwards, ENISA’s role has been strengthened as well as its range of tasks were broadened. Beside the critical infrastructure protection efforts, the Network Information Security (NIS) directive and related legislation were a giant leap towards a common level of cybersecurity in the community. The formation of an EU Cybersecurity Act and filling NIS with more practical guidance is an ongoing process nowadays.
Despite being a post-socialist country, Hungary is in the first line of legislation on cybersecurity in the community. Since 2005 there were several government decrees, from 2009 the first act-level rules on the information security of some governmental services. Based on the National Security Strategy, the National Cybersecurity Strategy was formed in 2013. The same year the first information security act applicable to all government, local government, governmental data processing and critical infrastructure service providers has come into force. The alignment of the National Cybersecurity Strategy to NIS directive happens these days.
Thus, the regulation of cybersecurity in the EU and in Hungary are heading in the right direction, but the practical implementation today is far away from the strategic objectives. The community is lagging far behind the United States of America and China, just to mention the most important players in the field.