Armenian NAs servers "public thoroughfare"

ArmInfo. The servers of the National Assembly of the Republic of Armenia are a "public thoroughfare." Gegham Manukyan, a member of parliament from the  opposition "Armenia" faction, stated this at the NA plenary session  on October 1, commenting on the draft law "On Cybersecurity,"  submitted by the RA government in its first reading.

The MP recalled that video cameras are installed in the corridors of  the NA, recording every movement of parliamentarians. The data from  the cameras is transmitted to the parliament's servers. In this  regard, Manukyan recalled the case of NA MP Mher Sahakyan, whose  incident was directed at the main server, which was allegedly hacked.  Just three hours later, Manukyan continued, this incident appeared on  one of the websites. The MP emphasized that in the past, the Personal  Data Protection Agency would immediately take appropriate action in  such cases, but recently, very little attention has been paid to the  Agency's activities, and even the Ministry of Internal Affairs  ignores his data.

The opposition leader also noted that similar video cameras are  installed at airports, which are also used by members of the National  Assembly. The servers at the airports are monitored by the National  Security Service. "And then suddenly a message appears on the same  website that Gegham Manukyan has departed for Moscow. My hair isn't  turning gray, but I've spent half my life constantly inquiring with  the National Security Service, the State Security Service, and the  National Assembly about how these videos appear on this website. The  response is complete silence," Manukyan noted, recalling that the  website in question is owned by Taron Chakhoyan, Deputy Chief of  Staff to the Prime Minister of the Republic of Armenia.

The MP, emphasizing the importance of the document presented, pointed  to the need to guarantee the security of citizens' personal data in  order to prevent similar situations.

According to the draft law, a special autonomous body will be created  in Armenia to combat cybercrime.  Presenting the document, RA  Minister of High-Tech Industry Mkhitar Haypapetyan noted that the  package aims to create a legal framework for protecting information  systems and critical infrastructure, including the energy, transport,  and financial sectors, from cyber threats. The new state autonomous  body will monitor, assess risks, and coordinate incident response  measures. The scope of regulation covers relations related to the  uninterrupted functioning of information systems and critical  information infrastructures used to provide vital services; ensuring  the availability, integrity, and confidentiality of processed,  distributed, stored, and transmitted information; notification of  cyber incidents, their prevention, and resolution; requirements for  cybersecurity service providers; and overseeing compliance with the  requirements of this law.

The bill clarifies the powers of the body developing state  cybersecurity policy, represented by the Ministry of High-Tech  Industry of the Republic of Armenia, and the body implementing  cybersecurity policy, represented by an autonomous body, as well as  other competent state bodies in this area. Adoption of the package  will create a legal basis for developing a comprehensive state  cybersecurity policy and action plan, inventorying and classifying  cybersecurity challenges and risks, and principles for responding to  cyber incidents, strengthening cybersecurity in emergency situations  and under martial law, clarifying roles and responsibilities,  planning and conducting cyber exercises, and implementing programs  aimed at raising public awareness.

To ensure the security of the state information system, the  autonomous body will be tasked with restricting the use of state  information systems and the level of data exchange (x-road). These  systems are created and developed using state budget funds,  constitute critical infrastructure, contain a security component, and  are aimed at providing the population with uninterrupted, secure, and  high-quality services. To implement this function, the body must have  clear legislative provisions and an enabling regulatory framework. It  should be noted that, with the adoption of the bill, the total annual  salary and social security costs, once the relevant positions and  employees of the autonomous body are fully staffed, will amount to  4-6 billion drams. The cost calculations took into account the fact  that the salaries of employees in professional units are high in the  market, and these teams will comprise the bulk of the body's staff.