The National Cybersecurity Community

Bylaws

ARTICLE 1. Authority

1.1. The National Cybersecurity Community (“the Community”) is established in accordance with the Regulation establishing the European Cybersecurity Competence Centre and Network. This Community is established in accordance with and operates under the provisions set out by the Malta National Cybersecurity Coordination Centre (“the NCC”).

1.2. Membership to the Community is free and is open to any individual satisfying the eligibility criteria set out by the NCC. All Community members form part of the General Assembly, from which two distinct bodies are formed:

  1. Consultation Council: an oversight function formed through appointed and elected roles. The Council acts as an administrative and advisory body to manage the Community in terms of policies, initiatives, market actions, memberships, acceptable behaviour, and other related matters as necessary.
  2. Working Groups: special interest groups formed at discretion of the Consultation Council and composed of subject matter experts from the General Assembly. Such groups provide space for the Community to explore an area of interest or specific technology, with the intent of collaborating and sharing expertise and experiences to address common challenges.

Further details on the Community structure and membership are found in the Overview page.

 

ARTICLE 2. Formation of the Consultation Council

A. Composition of the Consultation Council

2.1. The Consultation Council (“the Council”) shall be composed of twelve (12) members and one (1) advisor. The Chair, Secretary, 2 Public Sector Representatives, and Advisor are appointed by the NCC, while the seats for the other sectorial representatives are elected by the General Assembly (the Community members). The Vice Chair shall be elected by the Council members themselves. A Council term shall be no longer than a period of two (2) years.

 

Roles and responsibilities

2.2. In order for the Community to fully leverage broad-ranging experience and education, the Council must be diverse with regard to professional and technical expertise and must reflect the diversity of the Maltese Community. Council membership is voluntary, and members are not compensated for their services.

2.3. In the absence of an operating Council, the NCC assumes such a role until a new Council is formed.

2.4. The roles and responsibilities are as follows:

NCC
Appointed
Chair

The Chair is to lead the Consultation Council, ensuring that it fulfils its responsibilities, and chair the respective meetings. Other responsibilities will include:

  1. Providing leadership, enabling the Council to act strategically to meet the Community priorities.
  2. Planning the annual cycle of council meetings.
  3. To liaise closely with the secretary about dates, arrangements and agendas for council meetings.
  4. Monitoring the implementation of decisions taken at meetings.
  5. Representing the Community and acting as a spokesman as appropriate.
  6. To act as an ambassador for the Council and Community, promoting its activities.
  7. Maintains all records of the Council and established Working Groups. All documents, reports, or other materials presented to, or prepared by or for the Council, constitute official NCC records and are available to the public upon request and approval by the NCC.
NCC
Elected
Vice Chair

The Vice Chair acts as the Chair when the former is not available and undertakes assignments at the request of the Chair. Other responsibilities will include:

  1. Providing support and assistance to the Chair in carrying out his/her responsibilities and to act as a ‘sounding board’ and ‘critical friend’ to both the Chair and members of the Consultation Council.
  2. To provide an alternative route for other Members of the Council to raise issues or concerns if they are unable to do so with the Chair.
  3. To support the NCC, if required, in the annual process to review the attendance of the Chair and of Council members to Council meetings, and their contribution to the work of the Council.
  4. To act as an ambassador for the Council and Community, promoting its activities, on behalf of the Chair if required.

 

NCC
Appointed
Secretary

The Secretary is responsible for providing the Council with authoritative guidance about its responsibilities and on how these responsibilities should be discharged. Furthermore, the Secretary shall:

  1. Ensure that new or revised responsibilities for the Council (e.g., arising from changes to bylaws) are drawn to the Council’s attention.
  2. Be responsible to alert the Council if he/she believes that any proposed action would exceed the Council’s powers or is contrary to its Bylaws and guiding principles.
  3. Ensure that all documentation provided to members of the Council is concise and its content is appropriate.
  4. Take minutes of Council meetings.
  5. Be responsible for arranging an induction programme for new members of Council.
  6. Oversee that the Community objectives are in line with the NCC objectives and act as a bridge between the two organisational bodies.
  7. Communicate updates originating from the NCC to the Council.
  8. Guide the Council and Community to meet the objectives, expectations, and requirements set out by the NCC.
  9. Act as a liaison for requests/queries made by the Council or Community to the NCC.
NCC
Elected
2 Academia & Research Representatives

The Academia & Research Representatives will represent all of the academic and research institutions forming part of the Community. These representatives are tasked with:

  1. Acting as the point of contact for such institutions.
  2. Facilitating initiatives between the Council, Community and academic institutions.
  3. Representing the interests of academic institutions within the Community.
NCC
Appointed
2 Public Sector & Service Representatives

The Public Sector & Service Representatives will represent the various public sector entities forming part of the Community. These representatives are tasked with:

  1. Acting as the point of contact for such entities.
  2. Facilitating initiatives between the Council, Community and the public sector.
  3. Representing the interests of the public sector within the Community.
NCC
Elected
5 Private Sector Representatives

The Private Sector Representatives will represent all of the private sector entities forming part of the Community. The elected members shall be representing the following major economic sectors or segments. Representation shall be as follows:

  • 1 Financial Services Representative
  • 1 Online Gaming Representative
  • 1 SMEs Representative
  • 1 Cybersecurity Service Providers Representative
  • 1 All Other Sectors Representative

 

These representatives are tasked with:

  1. Acting as the point of contact for such organisations.
  2. Facilitating initiatives between the Council, Community and private sector.
  3. Representing the interests of the private sector within the Community.
NCC
Appointed
Advisor

The Advisor will be responsible for providing the Consultation Council with the necessary consultancy and guidance regarding matters being discussed and tackled by the council. An Advisor will be required to:

  1. Contribute to Consultation Council outcomes through value-driven insights and advice.
  2. Provide strategic introductions and advocacy within approved guidelines for the Council.
  3. Provide advice on various Community matters such as with respect to the growth of its member base.
  4. Providing advice on how the Community can instil a national cybersecurity dialogue effectively.

Appointed Members

2.5. The NCC shall be responsible for appointing individuals to the Council’s appointed seats.

2.6. Appointments for positions on the Council are personal to the member and cannot be transferred to another individual. Members may not designate someone to attend in their stead, participate in discussions, or vote. If a member becomes ineligible for membership, the member must inform the Council immediately.

2.7. If it is the intent of the member to resign, he or she must submit the request in writing to the NCC as well as to the Chair. Appointed members will serve one (1) Council term. Appointed members may be reappointed for an unlimited number of Council terms.

 

Elected Members

2.8. Elections shall take place ahead of an Annual General Meeting as communicated by the Council. Community members may submit their nomination for a maximum of one of the available seats on the Council allocated for representatives from the private sector and academia & research, and shall serve one (1) Council term. Elected members may serve an unlimited number of terms subject to the nomination process every Council term.

2.9. The seat for the Vice Chair shall be filled by one of the elected representatives through an internal voting process within the Council. Elected representatives may only be elected for the Vice Chair seat for a maximum of two (2) consecutive or non-consecutive Council terms.

2.10. In the event that the Vice Chair resigns, the replacement Vice Chair’s term shall be constituted as an additional term over and above the maximum of two (2) terms.

 

B. General Election for Council Members

Voting rights

2.11. Community members are eligible for a single non-transferrable vote for each available role on the Council, such that each Community member is entitled to vote for his/her preferred candidate for each respective position as follows: five (5) votes for each private sector representation, and one (1) vote for the academia & research representation.

 

Nomination process

2.12. Community members interested in nominating themselves for one (1) of the seven (7) seats available for the sectorial representatives on the Council shall submit a nomination in the allocated time window as communicated by the Council. The time window for the acceptance of nominations shall span over fourteen (14) days, followed by a period for the evaluation of the received nominations.

2.13. The nomination process shall be initiated at least six (6) weeks before the Annual General Meeting.

2.14. Valid nominations shall contain a write-up of around three hundred (300) words addressing the following points:

  1. The role on the Council the nomination is for
  2. A short biography of the nominee
  3. Relevant professional experience in relation to the sector and industry (if applicable) to be represented
  4. The value that the nominee can bring to the Council and the Community

A mock-up of the write-up is provided hereunder.

I would like to nominate myself, Joseph Borg, as a candidate for the position of a public sector representative on the Consultation Council. I believe that my educational background and experience working in IT and cybersecurity within various public sector entities puts me in a suitable position for representing the public sector interest on the Council and within the Community.

My professional career spans 15 years, with the last 5 years being fully dedicated to a cybersecurity engineering role at MITA. During this time, I have been instrumental in developing and implementing various cybersecurity initiatives to safeguard the government’s critical infrastructure and protect sensitive government data from various cyber threats. Prior to my role at MITA, I spent 10 years as an IT administrator and subsequently in a managerial role within various public sector authorities, including the MFSA and the MTA, as well as within various ministries.

Thanks to my time working in the public sector, I have acquired a strong understanding of the priorities and concerns of this sector and will therefore ensure that the relevant needs are effectively represented on the Council and the Community. In addition, I have established numerous professional relationships with key stakeholders in government agencies, allowing me to facilitate collaboration with the Council, and navigate through bureaucracy in an efficient manner.

Outside work, my passion to cybersecurity and the commitment to advance in this field motivate to keep abreast of emerging technologies such as cloud, IoT, and AI-driven cybersecurity solutions. Furthermore, I believe that continued education is key; in this respect, further to my BSc in Computer Science from the University of Malta, I have also obtained several industry certifications, including the CompTIA Security+ and ISACA’s CISM.

While I thank you for your time and consideration, please do not hesitate to reach out to me for any clarification.

2.15. Community members shall submit their formal nomination for a particular seat on the Council by sending an email to [email protected]. The Council shall vet each nomination to ensure it is accurate, sound, and relevant and inform the nominee accordingly. If the nomination is accepted, the nominee becomes a valid candidate for that particular seat during the upcoming election.

2.16. Should no nominations be submitted for a particular position, or otherwise an insufficient number of acceptable nominations have been submitted to fill all available seats, the NCC reserves the right to directly appoint an individual who satisfies the required eligibility criteria for the position in question.

 

Voting process

2.17. General Elections shall be held ahead of the Annual General Meetings. The voting process shall be in electronic form and shall be facilitated by the Portal, ensuring the integrity of the overall voting process.

2.18. The specific voting time window shall be communicated by the Council and shall span over fourteen (14) days. Following the closure of the voting process, the Council shall conduct the vote counting.

 

Vote counting process

2.19. The vote counting process follows a simple mechanism – the candidate with the largest count of votes for a designated position shall be considered as elected, followed by the candidate with second largest count of votes, and so on, until all available seats for that position are filled. The process ends when a total of seven (7) candidates have been successfully elected to the available positions.

2.20. In the event of voting parity and only one remaining seat is available, the candidate who has been a member of the Community the longest shall take precedence.

 

C. Election for the Vice Chair Seat

Nomination process

2.21. During the first meeting of a newly elected Council, an election for the Vice Chair seat is carried out. The seven (7) sectorial representatives are automatically considered as candidates for the position of the Vice Chair, unless an individual prefers to opt out by informing the Council before the voting process starts.

 

Voting and vote counting process

2.22. Each Council member (except for the Advisor) is eligible to vote for their preferred candidate (including oneself). The Council member obtaining the highest count of votes will assume the position of the Vice Chair.

2.23. In the event of voting parity, a runoff vote is taken, whereby the candidate with the lowest count of votes is eliminated. The voting process continues until one candidate has the highest count of votes from that round.

2.24. The Council member elected to the Vice Chair seat shall then assume that position on the Council. The vacated seat for the sectorial representative shall be filled by the candidate who has obtained the next highest count of votes in the previous General Election within the respective sector.

 

D. Resignations

2.25. In the event of a resignation by a sectorial representative, the seat is automatically filled by the subsequent most voted candidate for that particular position during the previous General Election. Should the individual in question refuse the seat, and/or no more candidates for that particular position are available, the NCC reserves the right to appoint a member to occupy the vacant elected position.

2.26. In the event that the Vice Chair resigns, an extraordinary meeting of the Council is called by the Chair within one (1) month of the resignation. The election process for the Vice Chair is re-performed to elect a new Vice Chair as well as replace the vacated seat of the sectorial representative.

2.27. In the event that an appointed member of the Council resigns, the NCC shall be responsible for re-appointing a suitable individual for that seat accordingly.

 

ARTICLE 3. Operating Model of the Consultation Council

A. Responsibilities

3.1. Further to the responsibilities outlined in Article 2.4, all Council members are equally responsible for the successful operation of the Council as a strategic body within the local cybersecurity community as well as in its role as advisor to the NCC.

3.2. The composition of the Consultation Council seeks to balance numerous viewpoints and perspectives as possible. In this respect, attendance to Council meetings and active participation during such meetings is vital to the Council’s purpose.

3.3. Council members are expected to personally attend and participate in physical/virtual meetings and conference calls. The NCC may review the participation of a member of the Council and remove uncommitted members at its discretion.

3.4. The Chair may also recommend to the NCC that any member who is unable to fulfil his/her responsibility be removed from the Council. Members of the Council may be recommended for removal by the Chair for reasons such as, but not limited to:

  1. Missing three (3) consecutive meetings without reasonable justification, or not participating in the Council initiatives and activities;
  2. Violating the Code of Conduct; or
  3. Engaging in illegal activities.

3.5. Council members are also responsible to communicate any material changes with respect to their professional status that could be deemed as creating a conflict of interest or otherwise goes against the spirit of what the member represents. For instance, if a public sector representative pursues a new role in the private sector during an ongoing Council term, the individual is responsible for communicating this event during the next Council meeting. The Council shall then evaluate the situation and propose the best course of action on a case-by-case basis.

 

B. Restrictions

3.6. Council members shall not use their position on the Council for the purpose of soliciting business for or otherwise seeking economic advantage for themselves, their companies, or their employers.

3.7. Members may not use any non-public information obtained in the course of their duties as a member for personal gain or for that of their company or employer. Members must hold any non-public information, including pre-decisional documents such as draft reports, in confidence

3.8. Council members have no authority to speak on behalf of the Council, the Community, or for the NCC unless explicitly allowed as part of the member’s role or as approved during a Council meeting.

3.9. If speaking outside of the Council structure at other forums or meetings, the restrictions set out in Article 3.8. also apply.

 

C. Meeting Procedures

Meeting Schedule and Call of Meetings

3.10. The newly elected Council shall meet within one (1) month of the General Election. Thereon, the frequency of the meetings shall be decided by the Council members.

3.11. Meetings may be held physically or virtually, ideally once a quarter to ensure the continuous dialogue of Community-related matters. Meetings may be held more frequently, or as necessary and appropriate, to address mission requirements. Additional meetings may be scheduled, pending approval from the Chair or Vice Chair.

3.12. The Chair or Vice Chair must attend all Council meetings.

 

Agenda

3.13. Meeting agendas are officialised by the Chair and Vice Chair. The Chair will approve the agenda for all Council meetings and distribute the agenda to members at least two (2) business days prior to the meeting.

 

Quorum

3.14. A quorum of Council members is the presence of not less than two-thirds (⅔) of the Council members. A quorum of the Council is required to a Council meeting.

 

Voting

3.15. Any item being presented to the Council for approval must be discussed by the Council during the meeting and must receive a majority vote from the Council. When a decision or recommendation of the Council is required, the Chair will request a motion for a vote. A motion is considered to have been adopted if agreed to by a simple majority of a quorum of the Council members.

3.16. Each Council member is provided a single vote, except for the appointed Advisor who will act in an observatory role. The remaining members are assigned one vote and only members present at the meeting may vote on an item under consideration. No proxy votes or votes by email will be allowed.

3.17. Members can either vote in favour or against a motion, or they can decide to abstain from the vote. In cases where there is a voting deadlock (due to an even number of meeting members and/or vote abstentions), the acting Chair has the casting vote.

 

Minutes

3.18. The acting Chair shall review the meeting minutes taken by the Secretary and distribute copies to each Council member. The minutes will include a record of:

  1. The time, date, and place of the meeting;
  2. A list of all attendees; and
  3. An accurate description of each matter discussed and the resolution, if any, made by the Council.

 

D. Expenses and Reimbursements

3.19. The NCC is responsible for providing financial and administrative support to the Consultation Council. Members of the Council will serve on the Council without compensation. However, to the extent permitted by law, members may be reimbursed for travel and per diem expenses.

3.20. Travel expenditures must be approved by the Chair in advance. The NCC will be responsible for processing travel reimbursements for the Council.

 

ARTICLE 4. Working Groups

A. Formation of a Working Group

4.1. At its discretion, the Consultation Council shall establish special interest groups referred to as “Working Groups” as necessary for activities that are deemed to be outside the immediate capabilities of the Council. This may include:

  1. Performing studies
  2. Analysing strategic directions
  3. Holding public consultations
  4. Organising events
  5. Performing industry specific analysis

4.2. Community members may have the possibility of joining Working Groups. These groups provide the space for the Community to explore an area of interest or specific technology, with the intent of collaborating and sharing expertise and experiences to address common challenges.

 

Roles and responsibilities

4.3. Depending on the underlying objective, a Working Group may be composed of the following roles:

NCC
Responsibilities
Consultation Council Representative

One Council representative will be responsible for representing the Council within the Working Group and will also act as the Chair of the Working Group. This individual will provide the overall leadership of the Working Group and will act as a liaison between the Working Group and the Council. Other responsibilities include:

  1. Chairing all Working Group meetings and taking note of progress, impediments, decisions and conclusions reached by the Working Group.
  2. Present progress updates to the Council on a periodic basis.
  3. Identify and notify the Council of any members who no longer show interest in the Working Group or who stop contributing to the established objectives.
  4. Ensure that there is no breach in conduct by any member of the Working Group.
  5. Put forward nominations for the adding or replacing of Subject Matter Experts into the Working Group.
NCC
Responsibilities
Subject Matter Expert(s)

The Subject Matter Experts are selected at the discretion of the Consultation Council, with the total number of representatives being set by the Council upon the establishment of the Working Group. These members are required to contribute to the Working Group matters, discussions and conclusions by leveraging their knowledge related to their area of expertise as well as the matter tackled.

 

A Subject Matter Expert is expected to contribute to any drafting of reports and deliverables which will be presented to the Consultation Council for deliberation and discussion.

4.4. A Working Group shall be responsible to provide periodic updates to the Council on progress, impediments, required resources, and other pertinent information.

4.5. Working Groups shall be established as needed and are terminated when the objectives have been reached or otherwise the objectives are abandoned.

4.6. The Council members shall select from among the members of the Council, an individual to represent the Council within the Working Group and serve as the leader for that working group.

 

B. Operating Model of a Working Group

Working Group Tasking

4.7. The Council must discuss and agree upon the appropriate participants for each tasking assigned to the Working Group.

4.8. Once the tasking has been examined by a Working Group, the group must present its proposed approach to the Council for full deliberation and discussion.

 

Meetings and Reporting

4.9. A Working Group shall meet not less frequently than on quarterly basis, with the meeting agenda formulated prior to the commencement of the meeting.

4.10. In addition to supporting taskings mandated by the Council, the Working Group must also provide the Council with information regarding its activities, findings, and recommendations.

4.11. All working group discussions and materials, including briefings, outlines, and reports, are considered pre-decisional working drafts and shall not be publicly available.

 

ARTICLE 5. Security Clearances

5.1. Members are not required to have security clearances to be part of the Consultation Council, a Working Group, or the Community itself, unless this is required for a specific purpose. Such circumstances are handled on a case-by-case basis.

 

ARTICLE 6. Amendment of Bylaws

6.1. The Consultation Council may amend these bylaws at any time, and the amendments shall become effective immediately provided a successful vote of at least two-thirds (⅔) of the quorum.

6.2. The NCC reserves the right to veto any amendments deemed contradictory to the mission statement of the Community itself, or the objectives of the NCC.