Skip to content
Institutional

11. Communication security

ICP-ANACOM's activities in the area of communications security had two main drivers in 2012, which will extend into 2013:

  • Changes to the civil emergency planning system, which is now coordinated with civil protection and integrated into existing public entities, abandoning the previously adopted committee system. In this area, the Organic Law of the Ministry of Economy and Employment assigned ICP-ANACOM the responsibilities and powers of the Comissão de Planeamento de Emergência das Comunicações (Emergency Communications Planning Committee), although other legislative changes are pending before this assignment is put into operation.
     
  • Developments in terms of privacy and personal data protection in electronic communications, stemming from the entry into force of Law no. 46/2012 of 29 August, republishing Law no. 41/2004 of 18 August, which clarified the powers and responsibilities of ICP-ANACOM and of the CNPD - Comissão Nacional de Proteção de Dados (National Data Protection Commission).

This results in new assignments for ICP-ANACOM, which determine a change in the processes developed and the need for resources to accomplish them, as well as developing ICP-ANACOM's relationship with ANPC - Autoridade Nacional de Proteção Civil (National Authority for Civil Protection), CNPD and ANS - Autoridade Nacional de Segurança (National Security Authority), incorporating this process into the context of the European Union Treaty and North Atlantic Treaty Organization (NATO).

In terms of technical standardization, an information security committee was set up in the context of information and communication technologies.

In 2012, ICP-ANACOM sat on the Installation Committee of the Centro Nacional de Cibersegurança (National Cybersecurity Centre), as established by Resolution of the Council of Ministers no. 12/2012 of 7 February.

11.1. Implementation of amendments to the regulatory framework

11.2. Single European emergency number - 112

11.3. Articulation with civil protection

11.4. Communications security exercise

11.5. Awareness and promotion of good security practices

11.6. ICP-ANACOM Sub-Register and internal security

11.1. Implementation of amendments to the regulatory framework

In implementing the changes arising from the new regulatory framework, in particular as regards technical implementation measures and security audits, ICP-ANACOM conducted an assessment of the current situation over the year, taking the technical guidelines published by the European Network and Information Security Agency (ENISA) as a reference.

ICP-ANACOM sent out a questionnaire, aimed at companies providing publicly available electronic communications networks or services, in order to compile information on: a) the adoption of appropriate technical and organizational measures to prevent, manage and reduce security risks in networks and services, in order to prevent or minimize the impact of security incidents on nationally and internationally interconnected networks and users; and b) the adoption of appropriate measures to ensure the integrity of the respective networks, ensuring continuity of services provided over these networks.

The compiled information is being used in the characterization and development of a set of measures and procedures that ICP-ANACOM intends to adopt with regard to technical and organisational measures and security audits.

The public consultation on the draft decision, related to the establishment of obligations for undertakings as regards notification of security breaches and losses of integrity with significant impact and respective public disclosure, concluded on 27 January 2012, whereas delays in the acquisition of knowledge meant that this process could not be concluded in 2012.

In the area of emergency communications, ICP-ANACOM gave priority to the accompaniment of solutions and systems already in existence and/or under development, to give effect to the measures provided for in article 51 of the Electronic Communications Law(ECL) as regards information about the location of people making 112 calls, and as regards accessibility to emergency services for end-users with disabilities on terms that are equivalent to those provided to other users.

11.2. Single European emergency number - 112

The European emergency number 112 is still pending conclusion of the new 112.pt infrastructure.

In 2012, in conjunction with the Ministry of Interior, ICP-ANACOM prepared the responses to the 6th EC questionnaire on the implementation of 112 in Portugal, and participated in the work of the Expert Group on Emergency Access (EGEA).

With a view to putting the harmonised and interoperable pan-European eCall service into operation - system to respond to 112 emergency calls made manually or automatically from motor vehicles, beginning on 1 January 2015 - ICP-ANACOM participated in meetings of the European eCall implementation platform and of its HeERO group (developing pilots), noting the EC's strong commitment to making implementation of this service mandatory.

11.3. Articulation with civil protection

ANPC requested a set of information from ICP-ANACOM, pursuant to the powers and responsibilities of this Authority, in respect of civil emergency planning, especially in terms of contact points. Legislative changes in this field, resulting both from the regulatory framework and from the merger of civil protection systems and civil emergency planning, will have profound consequences for the relationship between ANPC and ICP-ANACOM.

11.4. Communications security exercise

A highlight of ICP-ANACOM's work in this context was Portugal's participation in the second Pan-European Cyber Exercise, "Cyber Europe 2012", held on 4 October 2012 and organized by the Member States of the EU and the signatory countries of the European Free Trade Association (EFTA). More than 300 security professionals working in European cyberspace joined forces in the exercise to counteract a massive simulated cyber-attack on electronic communications networks and services, specifically targeting e-government websites and the websites of financial institutions. This exercise followed up on the exercise which took place in 2010, with the goal of increasing the resilience of critical information infrastructure. Pursuit of the goal was accomplished through strengthened cooperation, preparedness and capacity in Europe to respond to cyber attacks.

In Portugal, ICP-ANACOM established a national cell, ensured participation in the planning of the exercise and representation in the central cell, and also broadened the base of national participation by involving other national public and private organisations.

This exercise was facilitated by ENISA and supported by the internal scientific service of the European Commission - the Joint Research Centre (JRC). Cyber Europe 2012 was considerably larger in scope, scale and complexity, compared to the 2010 exercise.

The Cyber Europe 2012 exercise was prepared and executed in pursuit of three goals:

  • Testing the effectiveness and scalability of existing mechanisms, procedures and information flow as regards cooperation between public authorities in Europe in response to a cyber attack.
  • Exploring cooperation between public and private stakeholders in Europe during an attack;
  • Identifying gaps and challenges on how large scale cyber incidents could be handled more effectively in Europe.

11.5. Awareness and promotion of good security practices

Various public presentations were given on communications security at different national and international forums and conferences, with a view to raising awareness and promoting good security practices and also to publicise ICP-ANACOM's work in this area.

Finally a workshop was hosted at FPC - Fundação Portuguesa das Comunicações (Portuguese Communications Foundation) on 19 December, with constitution of the technical standardization committee for information technology security.

11.6. ICP-ANACOM Sub-Register and internal security

In terms of the ICP-ANACOM Sub-Register, the terminal information system was installed at ICP-ANACOM's head office.

In addition, preparation of the security manual was begun, in accordance with the rules and the decisions of the ANS.

ANACOM's consumer web portal (Portal do Consumidor)
Simulate and compare television, Internet and telephone tariffs.
NET.mede
Access our interactive map to view data on coverage, services and statistics.

Rua Ramalho Ortigão, 51

1099-099 Lisbon
SEE ON MAP
Email: info@anacom.pt
Call free: 800 206 665
Other contacts