Yesterday, the draft law on cybersecurity was discussed publicly. The draft law is scheduled to be discussed at the Parliament Session within 2021. S.Tengis, Head of the Secretariat of the National Committee for e-Development, B.Bilegdemberel, Head of the Information Security Division of CITA and other officials from General Intelligence Agency, State Registration Agency, National Data Center, National Statistics Office, Information Technology Center of Education, Association of Mongolian Banks, Information and Communication Network Company, Horiult LLC, Huawei Technology LLC, Security Solutions, Service, Consulting LLC, ICT Training Center, Zero Day LLC, And Systems LLC, Tridium and Security LLC, NUM, MUST have participated in the discussion.
The draft law provides for an information security audit, which is a new regulation. Because cybersecurity measures include information, databases that contain it, accessible information systems, human resources, technical and technological measures, and policies, regulations, plans, organizational activities, and interdependencies that govern their interrelationships. The drafters of the law explained that this relationship was introduced in accordance with international standards, which require auditing with non-supervisory functions.
The law defines the activities of an organization with critical information infrastructure and its specific rights and responsibilities to ensure cybersecurity, such as public health and vital facilities equipped with modern information technology-based integrated management devices are the main targets of cyber terrorism.
The draft law is based on the laws on the protection of ICT infrastructure of some of the world’s leading countries in terms of cybersecurity index / the Republic of Korea, Germany and Estonia/ and made a comparative study of legal environments and taking into account the practical situation in their countries.
Although the “National Security Concept of Mongolia” defines information security as a component of national security, the legal environment, which is a key indicator of the cybersecurity index, has not been created and there is no organization is responsible for preventing and responding to national cyber attacks and violations. Mongolia was ranked 104th in 2017 and 85th in 2018 due to a lack of the above-mentioned issues.