Monaco Cyber Security Agency
Agence Monégasque de Sécurité Numérique
24 rue du Gabian
Monaco Cyber Security Agency :
(+377) 98 98 24 93
Why a Cyber Security Agency?
The Principality, like all States, is a potential target, because of its image and position in the world, and also because of the financial and economic affairs it generates.
The most frequent cyber attacks are of four types:
- Cyber crime: ransomware, scams involving the president, falsification of means of payment, etc.
- Damage to image: by denying service (saturating IT sites, thus preventing all normal working, disfiguring web sites to display terrorist, political or other messages)
- Spying: accessing information systems to steal information, technologies, know-how, etc.
- Sabotage: destruction of information systems to prevent all activity, or for propaganda (e.g. TV5 monde)
The Monaco Cyber Security Agency (AMSN), which was created by Sovereign Ordinance on 23 December 2015, is the national authority responsible for the security of information systems. It consists of an expertise, response and processing centre that deals with security and cyber-attacks for the State and for Critical Infrastructure Operators (OIV).
The AMSN's mission is as follows:
- To be a Computer Emergency Response Team (CERT)
- To prevent, detect and respond to cyber attacks
- To lead and coordinate the response to crisis situations
- To represent the Principality within international bodies and with other CERT
- To raise awareness and encourage public services and critical infrastructure operators to pay attention to cyber security requirements
- To monitor the level of security deployed by public services and critical infrastructure operators
- To evaluate and certify the security of information technology products and systems
- To designate products and service providers as trustworthy
It is responsible for:
- The application of some items contained in Act No. 1.383 of 02/08/2011 on the Digital Economy particularly with regard to cryptology and Act No. 1.430 of 13/07/2016 on various measures relating to the preservation of national security particularly on the levels of classification of information
- Areas contained in Act n° 1.435 of 8 November 2016 on combating technological crime
The main measure of this law, with regard to the area covered by the Monaco Cyber Security Agency, concerns the obligation for operators of vital importance to apply the rules defined by the AMSN following a dialogue with these operators, in order to determine financially sustainable actions that are achievable within agreed deadlines.
The main rules cover the following subjects:
- The implementation of an attack detection system
- The obligation to report attacks to the Monaco Cyber Security Agency
- The application of measures prescribed by the Minister of State in the case of a major crisis
- The use of equipment that is approved by the Monaco Cyber Security Agency, for the most sensitive systems
- The obligation to carry out checks on their most sensitive systems
Operation and composition
The agency's missions stated above give rise to organisation in three areas in addition to the management:
- An area of expertise, responsible for technical expertise, technical assistance and assistance with all the activities linked to security products and services
- An operational expertise centre, for response and appropriate action, which is responsible for the prevention and detection of cyber attacks on information systems and taking appropriate action
- A regulatory and external relations area, which sets out regulations, deals with external relations and coordinates the Agency's interventions