Havana, August 17th.- The Official Gazette No. 92 Ordinary of 2021 puts into force this Tuesday a group of new regulations on telecommunications, information and communication technologies (ICT), the use of the radioelectric spectrum and the incidents in cyberspace, which includes Decree-Law 35/21 on Telecommunications, Information and Communication Technologies and the Use of the Radioelectric Spectrum.
Decree-Law 35/21 is a higher-level legal norm, the first of its kind in our country, and it is transversal in the processes of society, which allows greater coherence and ordering of the existing regulatory framework.
The new legal instruments also include:
- Decree 42/21 that approves the General Regulation of Telecommunications and Information and Communication Technologies
- Decree 43/21 Regulation on the Use of the Radioelectric Spectrum
- Resolution 105 Regulation on the National Action Model for Response to Cybersecurity Incidents.
- Resolution 107 of 2021 Regulations for the Use of Radiocommunication Satellite Services
- Resolution 108 of 2021 Regulation of Interconnection, Access and Essential Installations of Telecommunications Networks
In general, the Decree-Law and its complementary regulations ratify among its objectives to contribute to the political, economic and social development of the country through the development and modernization of telecommunications infrastructures, while promoting the harmonious and orderly progress of networks and telecommunications / ICT services.
Wilfredo López Rodríguez, director of regulations for the Ministry of Communications (Mincom), pointed out that his objectives also include meeting the general needs of the State and Government and those related to national security and defense, internal order and defense. in matters of telecommunications / ICT and the use of the radioelectric spectrum.
Likewise, it guarantees the development and technological convergence and prioritizes the implementation of broadband networks, while defending the interests of citizens and ensuring access to services and constitutional rights; in particular the principle of equality, privacy and secrecy in communications.
Among the fundamental issues that this regulatory package deals with, the definition of the Universal Telecommunications Service (SUT) stands out as the set of telecommunications services, information and communication technologies whose provision is a right for all end users regardless of their geographical location, at a price and with a specific quality.
The SUT comprises
- Fixed telephone service and cellular land mobile.
- Internet access service.
- Sound and television broadcasting service.
- Access to public telephone booths and stations.
- Free access to emergency and distress call services made through their networks.
- Application of preferential conditions for people with special needs.
KEY ISSUES IN THE REGULATIONS
In this package, said the Director of Regulations of Mincom, it is defined that private telecommunications services - those established by any natural or legal person for their own use - can only be provided to third parties with the authorization of the Ministry of Communications.
Likewise, it extends to natural and legal persons the access to the broadcasting services of the cable television signal (CATV), and to maximize the profitability of the installed networks.
On this point, the manager stressed that “we have a cable television signal that is offered to tourism and some legal entities, with an infrastructure created that is underused. Wherever the conditions are, the service can be offered to more legal and natural persons, based on the infrastructure we have.
The regulatory package promotes the development and modernization of telecommunications infrastructures with an emphasis on broadband and broadcasting, and the maximum use of these with integrity, rationality and the maximization of their contribution to the economic and social development of the nation, by time that establishes the legal framework to carry out the transition from analogue to digital television, guaranteeing economic and social measures.
López Rodríguez added that the development of the infrastructure of the digital trunked broadband terrestrial mobile radio communication system is established, which satisfies the demand for these services and gives priority to the services of the Government, state companies and cooperatives.
NATIONAL ACTION MODEL FOR RESPONSE TO CYBER SECURITY INCIDENTS
Resolution 105 Regulation on the National Action Model for Response to Cybersecurity Incidents, is the implementation of what is established in Decree 360/2019, has a preventive nature and reaches the whole of society, by implementing a work system between entities specialized in ICT security for the fulfillment of their functions in the secure exchange of information related to vulnerabilities and cybersecurity incidents. In addition, it enables, based on duties and rights, the protection without differences of citizens, civil society and state and private institutions of all kinds.
For the first time in Cuba, in a legal norm, they are associated with cybersecurity incidents, typifications that exceed the limits of technology, grouping various incidents into categories and subcategories. Likewise, it transcends other spheres of the development of society and the lives of its citizens. This allows us to understand terms and categories of events of which the population is not yet aware, but their ignorance can cause harm.
Within the operating principles is to guarantee, through the management of cybersecurity incidents that can be prevented, detected and responded in a timely manner to possible enemy, criminal and harmful activities that may occur in cyberspace, as well as to carry out the confrontation and neutralization of these events and attend to what each body that participates in ICT security is responsible for.
It establishes the cooperation between the organizations involved in ICT security and the defense of the National Cyberspace, and adopts a common terminology to classify cybersecurity incidents.
WHAT TO DO TO NOTIFY A CYBERSECURITY INCIDENT?
If the notification comes from a natural person, they are not obliged to use the established classification, although it is very favorable that they know what the categories and subcategories contemplated are, which culturally helps to identify the threats. In the case of legal persons, they have the responsibility to notify, using the classification regardless of whether it can be rectified by the Office of Computer Network Security (OSRI).
In the event of a cybersecurity incident, you can notify OSRI, through the following channels:
-website www.osri.gob.cu in the incidents section,
-email reportes@osri.gob.cu
-unique number of attention to the population 18810
For a faster procedure, you must identify yourself with your personal data and the entity you represent (if applicable), and provide details that facilitate the management, included in Annex III of the Regulation published in the Official Gazette number 92 of Tuesday 17 August 2021.
After notification, you have the right to receive a response, which can be immediate or post-investigation specific guidance.