Skip to main content
European Commission logo
enen
Strategy and policy
Reform Support

Increasing the network and information security in the Bulgarian Revenue Agency

Banner for the Increasing the network and information security in the Bulgarian Revenue Agency page

Supporting reforms to ensure efficient and effective revenue administration and public financial management

Funding Programme
Year
  • 2021

Increasing the network and information security in the Bulgarian Revenue Agency

The commission helped strengthening the network and information security of the Bulgarian Revenue Agency and at building strong in-house capacity to protect the information and data assets from unauthorised access.

Context

The threat of cyberattacks has grown exponentially in recent years and has become a persistent to the infrastructure of NRA. Some recent incidents of malicious acts proved the urgent need of the NRA to build a sustainable mechanism for counteracting in cases of cyber incidents and threats, and for continuous monitoring of the entire cyber environment. Furthermore, the NRA needed to strengthen its capabilities for operational and strategic analysis and assessment, operational and technical interaction with government agencies, the EU and other international partners.

Support delivered

The project addressed the needs of NRA by elaborating a tailor-made framework for cybersecurity management, updating the existing policies and procedures for network and information security according to international standards, and proposing a plan for their implementation. Moreover, the project delivered an extensive training programme to different target groups in order to strengthen the capacity of the staff of NRA to prevent and counter information security incidents and threats.

The project produced the following main deliverables:

  • Technical report on the updated framework for cybersecurity management;
  • Updated policies and procedures for network and information security according to standard ISO 27001;
  • Implementation plan for the cybersecurity framework and procedures;
  • training materials and training sessions on network and information security.

Results achieved

The project helped the NRA improve its network and information security in line with the national and European policy and standards, and enhance the capacity of the NRA’s to maintain efficiently a high level of network and information security.

In medium and long term, the project shall help NRA to:

  • Build trust in the NRA as administrator of large amounts of sensitive and confidential information and data;
  • Strengthen the reliability of the NRA as an international partner under the frameworks for administrative cooperation and exchange of information of the European Commission and the OECD;
  • Enhance the voluntary compliance though ensuring high level of security and data protection of the e-services.