cybersecurity
Cybersecurity framework law enacted: these are the new rules for essential companies
The regulation creates the National Cybersecurity Agency that will dictate protocols and standards to prevent, report and resolve cybersecurity incidents or cyberattacks.
President Gabriel Boric promulgated this Tuesday [March 26] the new Framework Law on Cybersecurity, together with the Minister of the Interior, Carolina Tohá, and highlighted that with this regulation "Chile becomes the first country in Latin America and the Caribbean to have a National Cybersecurity Agency and a concrete regulatory framework".
The President also pointed out that the regulation "will serve to have better tools to protect people's rights in cyberspace, to prevent and deal with cases such as identity theft, sending viruses, sabotage, service cuts, spam, among many other incidents".
Regarding the 2023-2028 national cybersecurity policy promoted by the current administration, he pointed out that it will "allow the development of the cybersecurity industry in Chile, which is also an opportunity for jobs and investment, through scientific investment applied to the needs of our country to protect people and organizations from cyber threats".
Framework Law
The new regulation creates a cybersecurity framework legislation with the establishment of the National Cybersecurity Agency (ANCI). This will be the governing body for cybersecurity, will set technical standards, will supervise and will be able to apply fines of up to 40,000 UTM ($ 2,600 million). The agency will dictate protocols and standards to prevent, report and resolve cybersecurity incidents or cyberattacks.
These rules will regulate the operation of the Essential Services (ES) and the Operators of Vital Importance (OIV), the latter being the providers of these essential services.
The law considers the following Essential Services (ES): State administration agencies and the National Electric Coordinator; and services provided under a public service concession.
Those provided by private institutions under public service concession in the following sectors:
The ANCI will be a public service whose function will be to regulate, supervise and sanction the actions of the agencies that are part of the scope of application in cybersecurity matters, in addition, it will have a judicial authorization mechanism if the Agency requires access to a network or computer system.
The Agency may qualify other services as essential by resolution of the National Director when their affectation may cause serious damage to the life or physical integrity of the population or its supply, to relevant sectors of the economic activities, to the environment, to the normal functioning of society, of the State Administration, to national defense, or to security and public order. Such qualification shall be submitted to public consultation.
Sanctions
Penalties may be minor, serious or very serious. The latter include the failure to take the necessary measures in a timely and expeditious manner to reduce the impact and spread of a cybersecurity incident or cyber-attack, when it has a significant impact.
The sanctions to be applied by the Cybersecurity Agency range from 0 to 5,000 UTM ($64,793 UTM value today) in the case of minor infractions for SEs and up to 10,000 UTM for OIVs.
The serious ones up to 10,000 UTM for SEs and 20,000 UTM for OIVs and the very serious ones up to 20,000 UTM for SEs and 40,000 UTM for OIVs.
We are committed to deliver, create and devise cybersecurity strategies for our clients and prospects that enable them to have technology, tools, implementation services and managed services through our Security Operations Center. Learn more here
Source: Diario Financiero