СТАН ПРАВОВОГО ЗАБЕЗПЕЧЕННЯ КІБЕРБЕЗПЕКИ В УКРАЇНІ

The purpose of the article is to analyze the state of legal support cybersecurity in Ukraine and to determine its future development prospects.

In Ukraine, cybersecurity is seen as a component of national security. In recent years, our country has taken a number of positive steps to fulfill its international obligations to improve cybersecurity legislation, which has been translated into the adoption of a number of laws, strategies and other secondary legislation on relevant issues.

At the same time, along with the positive dynamics of the development of legislation in the field of cybersecurity, it should be noted that there is a need to further align national legislation with international standards. In particular, the Law of Ukraine “On the Fundamental Principles of Cybersecurity of Ukraine” is rather a roadmap for the development of future regulations rather than a comprehensive cybersecurity law that regulates the full range of cybersecurity issues and meets international standards and best practices. Experts also point out the following problematic aspects of cybersecurity legal support in Ukraine: inconsistency and inconsistency of terminology; lack of a critical infrastructure law; lack of rules for conducting information security audits of critical infrastructure facilities that must be based on international standards; duplication of cyber incident reporting; lack of security and information requirements for critical infrastructure operators and digital service providers; lack of long-term strategic planning with clearly defined interim results, timelines and responsibility for their achievement; budgetary constraints on the ability of the state to pay competitive salaries to attract and retain highly professional cybersecurity professionals.

Accordingly, this area of work still requires considerable attention and efforts.

As the development of cybersecurity legal support in Ukraine is linked to Ukraine's European integration aspirations, it will be effective to improve national cybersecurity legislation to take into account the terms of the Association Agreement between Ukraine and the EU and its Member States, on the other hand (2014). implementation of EU countries' experience and best practices and standards. In particular, in the near future, Ukraine should develop requirements for operators of critical infrastructure facilities to provide information on the circumstances under which they should inform about incidents, format, templates and procedures for such information, as well as categorization of cyber incidents, and establish a procedure for informing other states about cyber incidents, which may be influenced by them, subject to the requirements of confidentiality and trade secrets, to audit existing legislation to identify any rules contrary to the NIS Directive, terminological inconsistencies and character, and at the legislative level delineate and specify the scope of authority and responsibility by ensuring cyber security.