NCC MITA
Plan of Action

Strategy

National European
National Strategy
Launching cybersecurity on a national scale essentially calls for a planned, collective, and systemic approach.

Thus, leading to the need of a National Cybersecurity Strategy.

Malta is addressing such a need. Back in 2016, the first national cybersecurity strategy was published. Since then, digitalisation, including wider diffusion and consumption of broadband, mobile technologies, and data, has progressed further in Malta, along with increased use of social and business digital interactions.

The National Cybersecurity Strategy 2023-2026 was articulated with such consideration in place, building on the previous strategy, and allowing for evolving challenges and realities.

The approach adopted to develop this National Cybersecurity Strategy involved the Public Administration, Private Sector, the Society, and the Cybersecurity community. Indeed, these stakeholders constitute the core of the Strategy’s overall vision that:

Malta is more secure and resilient to cyber threats, leading to more trust and confidence within the digital world.

The National Cybersecurity Steering Committee oversees the implementation of the National Cyber Security Strategy, ensuring its currency, and being its national reference point.

WHAT YOU NEED TO FOLLOW

Our National Strategies

Strategy 01
Strategy 02
Strategy 03
Strategy 04

Strategy 01

Cybersecurity Governance Capacity

This domain aims to promote and maintain a robust cybersecurity governance framework to ensure that risks effecting Malta in cyberspace are adequately addressed.

They are to be tackled from legislative, regulatory, policy, standard and best practice aspects and, most importantly, from a risk management and supplier management perspective.

Strategy 02

Cyber Defence Capacity

This domain is based upon the premise that the complexity of cyberspace makes it hard to prevent all attacks, which, in a number of instances, are likely to be more disruptive and costly than natural disasters.

Hence, it aims for a stronger multi-stakeholder concerted effort, in terms of operations, for dealing with cybersecurity challenges from a reactive as well as a proactive perspective, including consolidating and sharing cyber threat intelligence.

Strategy 03

Cyber Competence and Culture

 

This domain recognises that cybersecurity needs to be addressed from a human resource and cultural perspective. It focuses on the academic and training aspects of cybersecurity in various professions and the need to establish a strong security first ethos.

The establishment of a National Coordination Centre, in line with EU legal requirements, shall be instrumental. It shall also promote research development and innovation in cybersecurity.

Strategy 04

International Cooperation

This domain aims to foster active cooperation and engagement by Malta at bi-lateral, multi-lateral, European and international levels in areas of international security in cyberspace, cyber capacity building, cyber response and cybercrime.

National Cybersecurity Strategy 2023-2026
Download
European Strategy
In December 2020, the European Union presented the new cybersecurity strategy. 

Its main aim is to guarantee safe and secure Internet access and ensure strong safeguards against risks to member states’ national security and risks to the fundamental rights of people in Europe.

The drive behind this new strategy was the COVID 19 crisis, where there was a workforce paradigm shift from working at the office to home or remote working, and augmented use of social media. This resulted in the exponential increase of digital services. With this increase in use of digital services, the cyber threat landscape expanded, and cyber-attacks became more sophisticated, successful, and surged to high levels. The strategy stemmed from the Recovery Plan Communication, “Europe’s moment: Repair and Prepare for the Next Generation”, issued by the European Commission.

What you need to follow

Our European Strategies

Strategy 01
Strategy 02
Strategy 03

Strategy 01

Resilience, Technological Sovereignty and Leadership

In this area, the EU Commission proposes to reform the rules on the security of network and information systems.

Strategy 02

Operational Capacity to Prevent, Deter and Respond

In this area, the EU commission aims to strengthen cooperation between EU bodies and Member State authorities responsible for preventing, deterring and responding to cyber-attacks.

Strategy 03

Cooperation to Advance a Global and Open Cyberspace

In this area, the EU Commission will step up work with international partners to strengthen the rules-based global order, promote international security and stability in cyberspace, and protect human rights and fundamental freedoms online.

Several EU wide initiatives have already been issued, originating from the new cyber security strategy and amongst these there are:

  • Regulation (EU) 2021/887 of the European Parliament and of the Council of 20 May 2021 establishing the European Cybersecurity Industrial, Technology and Research Competence Centre and the Network of National Coordination Centres.
  • Directive (EU) 2022/2555 of the European Parliament and of the Council of 14 December 2022 on measures for a high common level of cybersecurity across the Union, amending Regulation (EU) No 910/2014 and Directive (EU) 2018/1972, and repealing Directive (EU) 2016/1148 (NIS 2 Directive).
  • Regulation (EU) 2024/2847 of the European Parliament and of the Council of 23 October 2024 on horizontal cybersecurity requirements for products with digital elements and amending Regulations (EU) No 168/2013 and (EU) 2019/1020 and Directive (EU) 2020/1828 (Cyber Resilience Act).
  • Regulation (EU) 2025/38 of the European Parliament and of the Council of 19 December 2024 laying down measures to strengthen solidarity and capacities in the Union to detect, prepare for and respond to cyber threats and incidents and amending Regulation (EU) 2021/694 (Cyber Solidarity Act).
  • Regulation (EU) 2022/2554 of the European Parliament and of the Council of 14 December 2022 on digital operational resilience for the financial sector and amending Regulations (EC) No 1060/2009, (EU) No 648/2012, (EU) No 600/2014, (EU) No 909/2014 and (EU) 2016/1011.
  • Regulation (EU) 2019/881 of the European Parliament and of the Council of 17 April 2019 on ENISA (the European Union Agency for Cybersecurity) and on information and communications technology cybersecurity certification and repealing Regulation (EU) No 526/2013 (Cybersecurity Act.
  • Regulation (EU) 2023/2854 of the European Parliament and of the Council of 13 December 2023 on harmonised rules on fair access to and use of data and amending Regulation (EU) 2017/2394 and Directive (EU) 2020/1828 (Data Act).
  • Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance and amending Regulation (EU) 2018/1724 (Data Governance Act).
  • Regulation (EU) 2024/1689 of the European Parliament and of the Council of 13 June 2024 laying down harmonised rules on artificial intelligence and amending Regulations (EC) No 300/2008, (EU) No 167/2013, (EU) No 168/2013, (EU) 2018/858, (EU) 2018/1139 and (EU) 2019/2144 and Directives 2014/90/EU, (EU) 2016/797 and (EU) 2020/1828 (Artificial Intelligence Act).
  • Directive (EU) 2022/2557 of the European Parliament and of the Council of 14 December 2022 on the resilience of critical entities and repealing Council Directive 2008/114/EC.
  • Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation).
  • Regulation (EU) 2024/1183 of the European Parliament and of the Council of 11 April 2024 amending Regulation (EU) No 910/2014 as regards establishing the European Digital Identity Framework.