Asters acted as a legal counsel within the USAID Project “Cybersecurity for Critical Infrastructure in Ukraine” (Project) on developing a Legal Concept for increasing the possibilities of information exchange between cybersecurity actors in terms of cyber incidents, cyberattacks and cyber threats.
As part of its work on the Project, Asters' team prepared a legal review of the relevant current legal regulation in Ukraine, identified shortcomings and gaps in the national legislation, elaborated recommendations for a new legal model of regulation, developed the Legal Concept itself, and prepared a plan for its regulatory implementation.
The proposed Legal Concept took into account the existing shortcomings and gaps and is based both on the results of a preliminary legal review of the national legislation and on generally accepted international standards and guidelines, best practices of the EU countries, the USA and international organizations, and relevant EU legislation.
The Concept applies to all entities that will be identified as critical infrastructure facilities, to qualified providers of electronic trust services, and to owners of systems processing state information resources.
The initiatives of the Concept concern defining the exchange object, establishing the exchange procedure, delimitating obligatory and voluntary exchange, introducing the national taxonomy of cyber incidents, etc.
The Concept includes a transparent definition of the competence of public authorities, the roles of national and sectoral SCIRTs, the list of essential response services and requirements to them in terms of exchanging information on cyber incidents, cyberattacks and cyber threats, and provides for the introduction of a "coordinated vulnerability disclosure" model and the tailoring of criminal legislation in terms of decriminalizing "ethical" hackers.
Asters’ team has cooperated with leading cybersecurity experts and consulted with representatives of the National Coordination Center for Cybersecurity at the National Security and Defence Council of Ukraine, the State Service for Special Communications and Information Protection of Ukraine, the National Bank of Ukraine and other cybersecurity actors.
The team working on the Project consisted of partner Yuriy Kotliarov, counsel Sergiy Tsyba and associate Victoria Kurylina of technology, electronic communications and cybersecurity practice.