Cyber security

With the entry into force of the Cybersecurity Act (Official Gazette 14/24), the Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union was transposed into national legislation. This directive amends Regulation (EU) No. 910/2014 and Directive (EU) 2018/1972, and repeals Directive (EU) 2016/1148 (the NIS2 Directive).
 

The Cybersecurity Act established the functionality of a central state authority for cybersecurity, whose responsibilities are carried out by the Security and Intelligence Agency (SOA). For this purpose, the SOA’s Cybersecurity Center was transformed into the National Cyber Security Center (NCSC-HR).
 

Relevant information on cybersecurity, the work and tasks of the NCSC-HR, and the implementation of the Cybersecurity Act can be found on the official website of the National Cyber Security Center: https://www.ncsc.hr/.
 

Global cybersecurity threats are continuously increasing, and the growing number of sophisticated cyberattacks, alongside society’s increasing dependence on cyber technology, requires new approaches to cybersecurity.
 

As a member of NATO and the EU, the Republic of Croatia is a target of state-sponsored cyberattacks that are thoroughly planned, advanced, and persistent (APT - Advanced Persistent Threat). These attacks are characterized by a high level of expertise and long-term concealment by the attackers. State-sponsored APT attacks are directed at carefully selected and well-researched targets, carried out by organized hacker groups linked to the intelligence systems of certain countries.
 

There is also a growing trend of organized criminal groups using APT tactics, techniques, and procedures in cyberspace for financial extortion (ransomware) or manipulation in the financial sector.
 

In response to the rising challenges in cyberspace, SOA established the Cybersecurity Center in 2019 to protect the national cyberspace.
 

Furthermore, to strengthen national capabilities for early detection and defense against cyberattacks, the SK@UT system was developed (https://ncsc.hr/en/skaut-15).
 

SK@UT is a national system for detection, early warning, and protection against state-sponsored cyberattacks, APT campaigns, and other cyber threats. It consists of a distributed network of sensors deployed across key government bodies and legal entities.
 

The SK@UT system enables detection of sophisticated cyberattacks in their earliest stages and in any segment of cyberspace covered by the sensor network. This approach integrates highly complex technical systems for cyber defense with intelligence capabilities, significantly reducing the risk of compromising critical national information resources.