Στο νομικό έντυπο της Δικηγορικής Εταιρίας Θ. Κωνσταντακόπουλου μίλησε ο Διοικητής ΕΑΚ Μιχάλης Μπλέτσας. Σύμφωνα με όσα δήλωσε:

Η Εθνική Αρχή Κυβερνοασφάλειας συνεργάζεται στενά με την ΕΕ για την ενίσχυση της κυβερνοασφάλειας, εφαρμόζοντας την Οδηγία NIS2 και θέτοντας το ρυθμιστικό πλαίσιο για κρίσιμες υποδομές. Αντιμετωπίζει προκλήσεις με έμφαση στην ασφάλεια της εφοδιαστικής αλυσίδας, ενώ παράλληλα ενισχύει τη διεθνή συνεργασία μέσω του ENISA και άλλων φορέων. Επενδύει στην εκπαίδευση και την ανάπτυξη δεξιοτήτων στον τομέα της κυβερνοασφάλειας, καλύπτοντας το έλλειμμα εξειδικευμένων επαγγελματιών. Με όραμα τη συνεχή εξέλιξη, η Αρχή στοχεύει στην προστασία του ψηφιακού οικοσυστήματος και την αντιμετώπιση υβριδικών απειλών.

Οι ερωτήσεις και οι απαντήσεις δόθηκαν στα αγγλικά

1.Private Sector & Regulation How is the Authority working with businesses, especially in critical infrastructure sectors, to strengthen cybersecurity and support NIS2 compliance?

The National Cybersecurity Authority defines the national strategy to ensure the integrity, confidentiality, and availability of the country’s information systems, aligning with the regulatory framework set by the NIS2 Directive. The Authority organizes, coordinates, and implements a comprehensive framework of strategic measures and actions that ensure a high level of prevention, protection, deterrence, response, recovery, and resilience of information systems against cyberattacks. It establishes the regulatory framework for operations and imposes fines in cases of non-compliance.

Cybersecurity is a team sport and that is reflected in the Authority’s attitude towards the private sector. The Authority strongly believes that the only way to raise cybersecurity levels in Greece is with close cooperation between the public and private sectors and is committed to facilitate that.

2. Geopolitical Challenges How do recent geopolitical shifts impact Greece’s cybersecurity strategy, and what measures are being taken to protect national interests?

The NIS2 Directive focuses on the protection of critical networks and information systems against cyber threats, ensuring a cohesive approach to cybersecurity across the European Union. In this context, as the National Cybersecurity Authority, we align our actions with the EU directive, aiming for a high level of security for the country’s information systems while operating within the framework set by NIS2.

Supply chain assurance becomes critical in this environment, and we expect vendors to step up their efforts to open their platforms and products to independent certification, code inspections and verified software builds.

3. EU & Global Cooperation What role does Greece play in shaping EU and international cybersecurity efforts?

The National Cybersecurity Authority strengthens the security of information infrastructures at the national level and actively participates in the development and implementation of common cybersecurity strategies at the European Union level. The Authority collaborates with the European Union Agency for Cybersecurity (ENISA) and other European bodies to promote the shared security of networks and information, facilitate information exchange, and implement best practices. The National Cybersecurity Authority encourages the exchange of knowledge and experiences with other countries and international organizations, contributing to the development of a secure and resilient digital environment on a global scale.

By actively participating in all relevant European and many International forums the Authority is at the forefront of developments in the field and an active promoter of new cybersecurity measures across Europe.

4. Digital Sovereignty vs. Global Ties In light of growing global cyber competition, how does Greece balance its digital sovereignty ambitions with international cooperation, particularly concerning supply chain security and foreign technology dependencies?

Greece is one of the first countries, specifically the 7th, to incorporate the NIS2 Directive into national law with Law 5160/2024, aiming to digitally fortify the country’s information systems and recognizing the need for the highest levels of cybersecurity. At the same time, it acknowledges and seeks international cooperation, exchanging expertise and aligning with international practices to enhance cybersecurity levels.

When it comes to digital sovereignty, the Authority recognizes that the current situation is far from satisfactory and that significant steps need to be taken by cloud and infrastructure vendors to ensure that more meaningful control can be exerted by nation states as well as from the EU level to the digital infrastructures that we use.

5. Cyber Talent & Skills Gap With a shortage of cybersecurity professionals, what steps are being taken to build Greece’s cybersecurity workforce?

The shortage of cybersecurity professionals is one of the greatest challenges for the National Cybersecurity Authority, as it is tasked with addressing significant issues with limited specialized staff. The general lack of expertise in this field intensifies the problem, and professionals with cybersecurity skills gain a valuable professional advantage.

To address this challenge, initiatives such as training programs, partnerships with universities and the private sector, and encouraging young people to pursue careers in cybersecurity should be developed. Continuous education and certification of professionals are also essential to keep them updated on evolving threats.

NCSA has already been awarded a European EDIC project to create a cybersecurity skills Academy with other member states and we are moving towards its implementation. We are also working closely with our universities to intensify our R&D and training efforts and promote academic excellence in the field.

6. The Future of Cybersecurity in Greece What is your vision for the future of cybersecurity in Greece, and how will the Authority evolve?

As the Director of the National Cybersecurity Authority, I can say that we will strive for continuous evolution and adaptation to the new challenges of cyberspace, integrating innovative technologies and remaining in a constant state of alert. We aim to operate in a targeted manner, in close cooperation with the European Union, to protect the digital ecosystem and ensure a secure digital environment in both the public and private sectors. Furthermore, we are adopting a broad view of cybersecurity including Hybrid threats and disinformation monitoring.

A personal commitment for me is in education and the development of cybersecurity skills, as well as encouraging young people to join the cybersecurity field. My vision for the Authority is to maintain effectiveness combined with flexibility and extroversion and make Greece a positive example for other to follow.