Current Activities

In accordance with Section 16a (9) TKG 2003, RTR-GmbH, in agreement with the Federal Minister of Agriculture, Regions and Tourism and the Federal Minister of the Interior, has published a telecommunications network security ordinance (TK-NSiV 2020) on obligations for oommunication network operators and electronic communication services providers regarding minimum security measures taking into account 5G networks and with information requirements in the event of security incidents.

This regulation specifies more detailed provisions to ensure network security in the telecommunications sector. At the same time, a large part of the EU catalog of measures to increase cybersecurity is implemented in 5G networks.

• Telecommunications Network Security Ordinance

The regulatory authority has the form for notifications acc. Art. 16a TKG 2003 revised and simplifies the process for filing such communications. Messages acc. Art. 16a TKG 2003 should preferably be submitted via the eGovernment portal of RTR-GmbH.

• File an Incident (RTR e-Gov-Portal)

Based on the Austrian Cybersecurity Strategy (ÖSCS) and the Austrian Program for the Protection of Critical Infrastructure (APCIP), the regulatory authority is currently conducting another risk analysis for the telecommunications sector. This is necessary in order to ensure the timeliness of the identified risks and of the derived action recommendations and to maintain a high level of protection.

• Telecoms Sector Risk Assessment 2020

Based on the European Commission recommendation on Cybersecurity of 5G networks inviting member states of the European Union to carry out national 5G cybersecurity analyzes, the Regulatory Authority has re-evaluated the telecoms sector risk assessment from 2018 at the request of BMVIT and BKA with regard to potential hazards associated with the introduction of 5G technology. In a further step, the member states, together with the European Commission, developed a set of Union instruments that are suitable for addressing the identified dangers at European or national level.

• 5G Cyber Security Risk Assessment 2019

Pursuant to Art. 16a (3) TKG 2003, operators of public communications networks or services are required to provide the regulatory authority, as required by law, with information required to assess the security or integrity of its services and networks, including documentation of its security measures.

The Regulatory Authority has again called on fixed and mobile operators to submit documentation to understand the security measures taken and to allow for review by the regulatory authority. The completion of the investigations is planned for the end of 2019.

The European Commission's Recommendation on the Safety of 5G Networks from March 2019 prompted BEREC to convene an ad hoc working group, which has since been working intensively on aspects of 5G cybersecurity. The regulatory authority is an active member of this working group and brings expertise from the national priority themes 5G and cybersecurity into the work.

• BEREC on Cyber Security of 5G Networks

In 2020, the BEREC ad hoc working group on 5G cybersecurity will accompany the implementation of the toolbox of the NIS cooperation group and examine it from a regulatory point of view. The working group is also planning to hold a public workshop on 5G cybersecurity in March 2020. The venue will be Brussels.