Slovak Finance Ministry drafts country's first cyber-security law

Slovakia is in the process of drafting its first cyber-security law which will address not only the security of finance and health but also critical utilities infrastructure.

Concerns over Russia and proximity to Ukraine has spurred Slovakia to take action at a national level on cyber-security
Concerns over Russia and proximity to Ukraine has spurred Slovakia to take action at a national level on cyber-security

Slovakia's Ministry of Finance is currently drafting the country's first cyber-security law, according to Slovak deputy prime minister for investments and information Peter Pellegrini.

"Right now, in cooperation with the National Security Authority, we are finalising works on a new law on cyber-security," Pellegrini told local news site Tablet.tv. "One thing is to protect banks' data assets and medical records, but we must also talk about how the country will respond if a cyber-attack is performed on its grids or water supply systems."

Meanwhile, local observers say that, due to the lack of a comprehensive cyber-security law, whenever Slovak companies have their data stolen, local police investigate such instances as simple acts of theft.

Slovakia's decision-makers started to streamline more efforts to cyber-security in the wake of Russia's military intervention in Ukraine. Ukraine approved a new cyber-security strategy in March and there has been heightened interest in cyber-security in the central and eastern Europe (CEE) region in recognition of the growing threats and the introduction by the European Union of the Directive on the security of network and information systems (NIS).

Meanwhile, local analysts say that neighbouring Czech Republic, which remained part of the same country with Slovakia until 31 December 1992, when Czechoslovakia dissolved, has been placing more attention to developing its cyber-security capabilities since before the conflict that shook Eastern Europe.

"There was a strong focus [on cyber-security] even before the Ukraine crisis," Jakub Janda, the deputy director for public and political affairs at the Prague-based think tank European Values, told SCMagazineUK.com. "The Czech government has been quite active in this field, and I would say efficient compared with other European countries."

In January, the Slovak National Security Authority (NBU) took over the responsibility for coordinating the country's cyber-security efforts at state level from the Ministry of Finance, but the latter remained responsible for developing Slovakia's first comprehensive cyber-security legislation.

To define its priorities in the field of cyber-security, in March 2016, the government adopted a new strategic document, the Action Plan of Realisation of the Concept of Cybernetic Security for Years 2015-2020.

The plan, developed by the Government Office of the Slovak Republic in cooperation with the NBU and Slovakia's National Agency for Network and Electronic Services (NASES), "defines the tasks and means of their execution by the responsible authority, and the period of implementation,” the office said in a statement. According to the document, the aim is to create “a coherent, coordinated and effective system for the protection of the cyber-space of the Slovak Republic".

"One of the principal tasks of the Government Office and NASES will be to establish a national portal for cyber-security … and develop and implement an early warning and incident response," the document says.

Maroš Kirňák, the director of the Cyber Security Programme at the Slovak Security Policy Institute (SSPI), told SCMagazineUK.com that, in the past years, cyber-security was not part of Slovakia's primary security agenda.

"However, the change in the security environment, as well as technological progress have not been unnoticed, and Slovakia is slowly adapting to the new threats. Events which happened in the past years in our neighbourhood have attracted our attention," Kirňák said.

"Slovakia adopted a new document, the Cyber-Security Concept of the Slovak Republic for 2015-2020. This came along with the redistribution of responsibilities among authorities, according to which competences in the area of cyber-security as well as the informatisation of society have been transferred from the Ministry of Finance [to] the National Security Authority," Kirňák continued.

According to Kirňák, the "adoption of this strategy is a big step forward and a promise to focus on the increase of capabilities and level of security in the upcoming years."

Dr Joanna Świątkowska, CYBERSEC programme director at the Kosciuszko Institute in Poland, told SC in an email that it appears Slovakia, like many of its neighbours, is preparing itself for the NIS Directive.

She said: “It is clear that the country tries to establish a cyber-security framework that will establish the main roles, responsibilities, processes, aims and priorities. The Cyber Security Concept is interesting from the point of view of engaging various stakeholders, underlining a wide range of issues.

“On the other hand, some aspects of the documents indicate that this is the initial stage of the process of building a cyber-security system. But let's be fair – it is not that all the other players are way ahead.”

Sign up to our newsletters