Strengthening Cybersecurity: New Legislation Requires Businesses to Implement Backup Servers

In response to the escalating threat of cyberattacks, governments worldwide are taking proactive measures to safeguard sensitive information and critical infrastructure. The latest initiative comes in the form of a new draft law on cybersecurity introduced in parliament, outlining a comprehensive set of obligations for private companies. Among the pivotal requirements is the establishment of backup server systems, ensuring the continuity of data and operations in the face of cyber threats.

The draft law envisions an expansion of the competencies of the Cybersecurity Authority. It seeks to provide a clear definition of structures responsible for security against cyberattacks, specifying their roles and competencies. This move aims to centralize efforts in tackling cyber threats and streamline the response mechanisms across various sectors.

The proposed legislation places a heightened emphasis on information infrastructure operators, enhancing their obligations and cybersecurity measures. It addresses the handling of emergency situations and cyber crises, establishing specific structures for their management. The law also introduces regulations for the certification of cybersecurity, ensuring a standardized and robust approach to safeguarding digital assets.

Building upon the 2023 Law on Electronic Governance, the draft law mandates that all system developers in the Information and Communication Technology (ICT) field, whether public or private entities, prioritize the efficiency of service delivery through secure information systems. Developers must identify critical systems or components responsible for continuous service delivery and implement documented plans for risk management, technical oversight, and performance assessment techniques.

To uphold the efficacy of risk management techniques, institutions are required to conduct internal audits, identifying primary and other relevant data crucial for their information technology systems. Simultaneously, businesses must be vigilant about the specific hardware dependencies that their systems, data, and services rely on. This proactive approach aims to prevent the failure of any devices from disrupting the operation of information technology systems and the services they provide.

A key change introduced by the legislation is the requirement for entities to implement measures securing data in physically separate locations. This measure ensures that, in the event of a cyber incident, data necessary for restoring systems and services remains unaffected, stored in a location distinct from the institution's normal operation.

As cyber threats continue to evolve, governments are stepping up their efforts to protect critical infrastructure and sensitive information. The proposed cybersecurity legislation reflects a comprehensive approach, not only mandating the establishment of backup servers but also outlining a broader framework for addressing cyber threats across various sectors. By enhancing the role of the Cybersecurity Authority, strengthening obligations for information infrastructure operators, and promoting robust risk management practices, the draft law aims to fortify the nation's digital defenses in an increasingly interconnected world.