/ Bill on cybersecurity enters parliamentary procedure
April 26, 2022On the last day of President Piñera’s administration, the framework bill on cybersecurity and infrastructure was presented. This initiative aims to establish the necessary institutional framework to strengthen cybersecurity and create a public culture of digital security.
Macarena Gatica
Partner
Alessandri Abogados
On the last day of President Piñera’s administration, the framework bill on cybersecurity and infrastructure (Bill No. 14,847-06) was presented.
This initiative, in line with the national cybersecurity policy, aims to establish the necessary institutional framework to strengthen cybersecurity, expand and strengthen the work, create public culture in digital security and protect people’s safety in cyberspace.
To this end, the bill creates the National Cybersecurity Agency and the following cybersecurity incident response teams “C-Sirt” (Computer emergency response team), National C-Sirt, Government C-Sirt, Defense C-Sirt, sectorial C-Sirt and the Interministerial Cybersecurity Committee.
A Technical Council will be created within the Agency, which will be in charge of annually determining the sectors or institutions that have critical information infrastructure. Accordingly, these institutions will have to implement a risk management system, a record of the actions taken, an operational continuity and cybersecurity plan (updated at least annually), review operations, simulations and measures to reduce the impact.
The bill highlights the coordination between the sectorial C-Sirt and the regulatory body of that sector, both in case of incidents and definition of standards and with the Agency in case of the application of fines.
This initiative is a major step forward in cybersecurity risk management. However, it only establishes obligations with respect to industries with critical information infrastructure. Thus, it ceases to be a framework law and becomes a critical infrastructure law. In addition, the risk presented by non-regulated industries is omitted, since most of these institutions already have regulations issued by their regulators, such as banks and financial institutions, telecommunications, insurance companies, the electricity sector, among others.