web counter
LEXO PA REKLAMA!

SHKARKO APP

App Store
Google Play

E fundit!

x

Cyber ​​Crisis Manual/New Rules Approved

2026-01-05 20:44:00, Aktualitet CNA

Cyber ??Crisis Manual/New Rules Approved

The government has approved and published in the Official Gazette a set of rules that establishes for the first time a detailed framework for how a cyber crisis is identified, escalated and managed at a national level. In essence, the document defines the moment when an incident in networks or systems is no longer treated as an ordinary technical problem, but as a situation that seriously endangers the public interest and the normal functioning of important services.

Cyber ??Crisis Manual/New Rules Approved

The new procedures place the National Cyber ??Security Authority at the center of response coordination. When an incident is deemed to have a wide-ranging impact, the Authority requests the transition to high alert of the incident response teams of the operators and activates the relevant structures at the national level, including the National CSIRT and the ad-hoc CERT team. Real-time data is collected, technical and operational analysis of the extent of the attack is carried out and the situation report is updated periodically, with the aim of limiting the impact and restoring systems to normal operation.

An important element of this procedure is also the decision-making chain for declaring a state of cyber crisis. According to the document, after a coordinated assessment, the Authority forwards to the Prime Minister the proposal for declaring a crisis and measures to resolve the situation, while the declaration is made by decision of the Council of Ministers. It is envisaged that the state of crisis will be established for an initial period and extended, when necessary, up to the limits set by the procedure.

The rules also include the manner of inter-institutional coordination in a crisis situation, involving security and law enforcement structures, sectoral and operator-based CSIRTs, as well as cooperation with international partners. A separate chapter is dedicated to public communication, requiring coordinated statements and accurate information, without sensitive technical details, to avoid panic and disinformation.

In parallel with the crisis management procedures, detailed rules have also been defined for the cybersecurity certification of products and protection profiles in the field of information technology. The document specifies what a certificate should contain, from the identification of the product and the owner, to the security level, the standards used, the validity period and the accompanying certification marks.

A crucial part is related to the criteria that conformity assessment bodies must meet to be authorized as certification bodies and technical evaluation laboratories (ITSEF). Legal, financial and technical requirements are foreseen, mandatory accreditation, a special structure with qualified experts and full capacities for advanced testing, including risk assessments, penetration testing and specialized analyses. It also defines the documents to be submitted and the review deadlines, with clear rules for filling deficiencies, decision-making on authorization, suspension and the right of appeal.

With these decisions, the government aims to establish a more structured response to wide-ranging cyberattacks and, at the same time, raise control and certification standards for digital products and services, strengthening the security chain from prevention, to crisis management and service restoration./CNA





Lajmet e fundit nga