One of the main responsibilities of the NCC is that of
fostering a National Cybersecurity Community (“the Community”) that brings together relevant stakeholders from the private sector, the public sector, academia and research, with the ultimate goal of growing the cybersecurity field within a local and European context.
“To secure the Maltese and EU cyberspace by bringing together knowledge, competency, and experience within one community, while encouraging active participation and contribution in research and educational programmes to build next generation cybersecurity solutions.”
The Community’s mission statement embodies the following 6 distinct aspects:
The Community aims to become a central location where domain-specific knowledge can be aggregated and shared among different aspects of the Maltese society, enhancing the utilisation of local academic and practical knowledge notwithstanding the resource limitations of a small nation state. The Community also aims to facilitate the sharing of knowledge between local and EU cybersecurity stakeholders, thereby helping to ensure that all parties have access to the most current cybersecurity capabilities and information.
Further to knowledge, the Community also aims to aggregate diverse competencies that local individuals and entities possess, promoting the sharing of skill sets that cut across the various cybersecurity domains. The community also aims to facilitate the access to EU resources for the enhancement of competencies to help ensure competency alignment from a broader European perspective. Furthermore, such facilitation will also provide local community members the opportunity to contribute to the wider EU cybersecurity upskilling effort.
The Community aims to broaden the development and application of knowledge and competencies through its past and present experiences with both local and foreign stakeholders within the field of cybersecurity. As a result, Malta can be better equipped to solve new and complex problems and thus be in a suitable position to capitalise on social and economic opportunities. Experience can also lead local Community members to contribute to cybersecurity issues at an EU level.
The Community aims to promote and facilitate research opportunities by identifying the relevant individuals and entities that should engage in direct collaboration for specific projects and take advantage of national and/or EU funding mechanisms.
The Community aims to promote cybersecurity-specific education in order to foster and encourage the growth of the next generation of professionals which are required to meet current and future cybersecurity demands. This will also address the local and EU cybersecurity knowledge gap and stimulate the introduction of cybersecurity professionals into the workforce.
The Community aims to be an inclusive community which promotes participation from a wide array of individuals and organisations. Mechanisms to join the Community were designed in such a way to facilitate enrolment, while activities will be organised with the intent of encouraging active engagement from all Community members in order to increase the relevance, quality and applicability of Community initiatives. The Community will strive to achieve transparency in all its initiatives, activities, and processes in order to safeguard the integrity of the Community and maintain trust among its members.
To ensure that the Community can achieve its intended purpose, the following guiding principles are established:
Collaborate with the EU and Global cybersecurity competency centres and networks
Strengthen the security of the national cyberspace and technological infrastructure
Promote research, continuous learning and improvement of cybersecurity capacities, capabilities, and skills to contribute towards leadership and strategic autonomy
Act as an incubator for the generation of ideas and innovation
Act as a platform to facilitate the dissemination of information across members for adaptive cyber defence
The Composition of the Community
The NCC oversees and supports the Community as required, however, the Community is governed by a dedicated Consultation Council (“the Council”) and operationalized through specific Working Groups. These functions encompass a number of roles and responsibilities to ensure the success of the Community. At a high-level, the Community is structured as follows.
An administrative and advisory body that manages the Community in terms of policies, initiatives, market actions, memberships, acceptable behaviour, etc. It is composed of the following appointed and elected roles:
- 2 Public Sector Representatives
- Vice Chair
- 2 Academia & Research Representatives
- 5 Private Sector Representatives
Community members have the possibility of joining special interest groups that provide space for the Community to explore an area of interest or specific technology, with the intent of collaborating and sharing expertise and experiences to address common challenges. Working Groups are formed at the discretion of the Consultation Council and would be composed of a group of experts that is coordinated by an appointed representative from the Council. A typical Working Group will be composed of a Consultation Council Representative and one or more Subject Matter Experts.
All registered members of the Community form part of a General Assembly that is convened for important developments or decisions relating to the Community. As a minimum, the General Assembly meets on an annual basis during an Annual General Meeting. Community members are responsible for the success of the Community by providing their contribution through consultation, focus groups, or voting on issues.
The Community is open for all professionals and entities who have a direct or indirect relationship with cybersecurity. The membership scheme is structured as follows:
A natural person, with a Maltese nationality or is resident in Malta, can register interest to join the Community in his/her individual capacity (provided that the eligibility criteria detailed below is met). The individual also has the option to state an affiliation with an already-registered entity or otherwise register it.
A legal person registered in Malta (i.e., a legal entity in the form of sole ownership, partnership, company, or other legal structures registered in Malta) can register interest to join the Community as a recognised legal entity. Each legal person would need to be represented by a natural person with the necessary authority to represent such an entity.
Who Can Join The Community?While Community membership is free, prospective members must have expertise in or related to one of the following cybersecurity domains:
Academia, research or innovation
- The prospective member pursues research and innovation opportunities to produce cyber-centric solutions and/or to solve domain-specific problems; or
- The prospective member actively contributes to academic initiatives in the cybersecurity domain and/or leads an academic institution which includes specific cybersecurity training and/or education as part of its offering.
Industrial or product development
- The prospective member develops cybersecurity specific solutions (hardware/software) for industrial and/or commercial purposes.
Training and education
- The prospective member is a university/training institution/certification body that delivers formal cyber-related educational programmes.
Security management and operations
- The prospective member manages and maintains its own information security programme (encompassing cyber risk) for implementing processes and controls; performing regular reviews and tests; and various other security operational functions including incident response.
Formal and technical standardization and specifications
- The prospective member is involved in the drafting, proposal and/or enforcement of cybersecurity formal and technical standards and specifications at a national, EU, or global level.
Laws, regulations, and ethics
- The prospective member is involved in the legislative, regulatory, and ethical aspects of cybersecurity, such as but not limited to cybercrime, data privacy, intellectual property, and digital operational resilience.
Community members are expected to comply with the Code of Conduct at all times to ensure a safe and secure environment for all members.