Presidential Instructive on Cybersecurity

On October 25th, Chilean President, Sebastián Piñera, signed a bill on computer crimes, and issued a Presidential Instructive (instructivo presidencial) giving instructions to public bodies related to cybersecurity, including urgent measures that should be implemented immediately.

This latest announcement is in line with other measures implemented by the government, including the appointment of a national cybersecurity officer, Mr. Jorge Atton.

The emergency measures in the Presidential Instructive to public bodies are:

  1. Appointment of a high level cybersecurity officer in each service, who must be independent of the institution’s IT head. This measure is to be implemented within ten days of the presidential instruction’s issuance.
  2. Application and updating of technical regulations on cybersecurity. The Ministry General Secretariat of the Presidency (SEGPRES) will update or dictate the regulations on cybersecurity, electronic documents, network protection and information security.
  3. Internal cybersecurity measures. Each head of service must send a confidential evaluation of their computer risks, to the Coordination Center of Government Entities (“CCEG”), within a period of 60 days; together with the measures taken to address them and with a short term action plan to mitigate the identified risks.
  4. Detailed revision of networks, systems and digital platforms of public operation. The public administrative bodies that have critical infrastructure information should cooperate with the CCEG to carry out a detailed analysis of its internal cybersecurity policy.
  5. Surveillance and analysis of the operation of the technological infrastructure of State Administrative bodies. The CCEG will verify compliance with current cybersecurity standards, and will carry out cybersecurity exercises.
  6. Compulsory report of incidents to the CCEG, as soon as they become aware of them. The CCEG will operate continuously for these effects.
  7. Response to cybersecurity incidents. Regardless of the regulations issued in terms of cybersecurity by the head of each service, the Ministry of the Interior through the CCEG will arrange the necessary actions to ensure the continuity and proper functioning of the networks.

Transitional governance of Cybersecurity. While the implementation of the new model of national cybersecurity policy is pending, a temporary governance will be defined. This task will be the responsibility of the Ministry of the Interior, who will designate a responsible person who will implement the measures of the National Cybersecurity Policy in terms of transient governance.