/ Senate’s committee approves cybersecurity and critical information infrastructure framework bill
October 12, 2022Maria Ignacia Ormeño Sarralde
Associate Attorney
Alessandri Abogados
On September 28, the Senate National Defense Committee unanimously approved in general Bulletin 14,847-06, which establishes a Framework Law on Cybersecurity and Critical Information Infrastructure. The bill was presented to the National Congress in March 2022, by former President Sebastián Piñera.
This project has become more important in recent weeks due to the cyberattacks in which the State of Chile has been affected. What has become more relevant is the need to create a National Cybersecurity Agency (institutionalism addressed in the project) to protect the goods and assets of the digital society.
This institutional framework is urgently required in Chile, to coordinate efforts to meet the new challenges of public safety, given by the massive and extensive use of technologies in our country and the world.
The main functions of the agency shall be the following:
· Advise the president on cybersecurity matters.
· Collaborate in the protection of national interests in cyberspace.
· Coordinate the actions of the institutions with competence in cybersecurity matters.
· To regulate and supervise the actions of the State and private administration bodies that are not subject to the competence of a sector regulator or supervisor and that have information infrastructure classified as critical.
The other most relevant issues of the project are:
1. To establish the principles and general regulations that allow structuring, regulating and coordinating the cybersecurity actions of the State administration bodies and between these and private individuals.
2. Creation of the concept of cyberspace, understood as the global and dynamic domain within the information environment that corresponds to the environment composed of technological infrastructures, the logical components of information and data that encompass the physical, virtual and cognitive domains and the social interactions that take place within it.
3. Creation of a National Registry of Security Incidents, in which the technical and necessary data to describe the occurrence of a security incident shall be entered.
4. Determination of critical information infrastructure. The project assumes that all State bodies have this type of infrastructure, including municipalities, autonomous fiscal entities, State-owned companies or those in which the Treasury shall be involved through capital contributions. Likewise, the Ministry of the Interior and Public Security must periodically determine those sectors or institutions that constitute essential services and have this type of infrastructure.
5. Establish the minimum requirements for the prevention, containment, resolution and response to cybersecurity incidents.
6. To establish the authorities and obligations of the State bodies, as well as the duties of private institutions that possess information infrastructure qualified as critical and, in both cases, the mechanisms of control, supervision and responsibility for the infringement of the regulations.