The national 2021 strategy prioritises continuous capacity building in cybersecurity. To ensure that cybersecurity is the responsibility of every citizen, the strategy prioritises national mechanisms that determine cybersecurity policy, governance and processes for the detection and handling of incidents, professional capacity building and the dissemination of situational and security awareness alongside building trustworthiness. 

• Creating the concept of a “safe Internet for all“, which combines efforts of the state to ensure a high level of cybersecurity with the responsibility of individuals for carrying out activities aimed at their own security. 

• Ensuring a flexible response of the state to new technologies so that a risk analysis is always carried out while defining the possible security impacts of these technologies on essential and critical assets of both the state and citizens. 

• Preparing legislative proposals that are comprehensible and applicable but without imposing disproportionate economic, personnel or organisational costs on liable entities. Integrating extant regulations in the field of cybersecurity so that respective entities do not have to apply multiple legal regulations on the same issue. 

• Developing certification as a tool for trusted products, processes and services in the field of cybersecurity and integrating European certification schemes in the field of cybersecurity into national certification procedures. 

• Apply a coherent concept of crisis management in cybersecurity, with links to integrated national and international mechanisms. 

• Continuously strengthen technical, organisational and personnel capacities for the detection and handling of cybersecurity incidents at national level and within individual sectors, including critical infrastructures. Establishing a viable system of continuous capacity building of professional personnel, including detection and collection of security-related events in national cyberspace as well as evaluation and incident detection by modern techniques such as artificial intelligence. 

• Developing capabilities in security incident handling and automation of processes with machine learning and capabilities to respond to severe security incidents at operators of essential services. Integrating existing escalation procedures for incident reporting so reporting entities do not have to apply multiple legal regulations on the same issue. 

• Strengthening analytical capabilities in security threats, specialising in cybersecurity incident attribution with effective performance of active and passive cyber intelligence aimed at collecting, aggregating and evaluating information on cyberspace that pose a national security threat. 

• Setting up rules and mechanisms for blocking abusive content, e.g. control servers of attackers, devices spreading malicious code. 

• Developing an education and training concept for personnel in public administration, aimed at recruiting and retaining security and career progression, as well as increasing professional competence. 

• Creating suitable motivational and reward tools for professional staff in public administration to balance conditions of public administration and the private sector.

  Improving the education framework for prosecuting authorities and courts in the field of cybercrime. 

• Continuously raising security awareness in the field of cybercrime with a focus on a wide range of population and the most vulnerable groups (children and seniors).

   

The overarching goal is to ensure professionals and citizens are well-educated on cybersecurity. Social awareness, education and the ability to respond to cyber threats are all fundamentally important for ensuring quality, efficiency and effectiveness of performance measures for cybersecurity. 

Under the Action Plan, the Ministry of Education is responsible for an innovative education system on cybersecurity at primary and secondary school levels as well as specialised education at secondary and university levels and for experts. 

Measures: 

• Establishing a vocational higher and secondary education system to train new professionals. 
• Creating a system of specialised training for professionals in the field of cybersecurity and information security.
• Raising a security and situational awareness of threats, vulnerabilities, incidents and protection procedures in cyberspace.
• Establishing a system of education for public administration staff so that they meet minimum knowledge standards in the field of cybersecurity and information security. 
• Completing and retaining competencies in cybersecurity and information security through the Slovak Qualifications Framework and the National Qualifications System of the Slovak Republic.
• Developing the concept of minimum security awareness requirements for all levels of education.
• Integrating roles in the field of cybersecurity and information security into the National Qualifications Framework.
• Implementing joint educational activities and activities that support security awareness raising with public authorities, academia and the private sector.
• Developing capabilities through exercises and training in technical and process areas of cybersecurity and creating an appropriate technical and organisational platform for organising such exercises.
• Supporting projects and programmes in the field of education and security and situational awareness raising.
• Raising awareness of the importance of cybersecurity takes place across citizens, professionals and companies:
• Creating nationwide cyber defence awareness programmes for children, adolescents and adults, e.g. through eSlovensko (eSlovakia). 

The Zodpovedne.sk centre (Slovak Safer Internet Centre) is responsible for raising awareness on the safe use of the Internet, mobile communications and new technologies and crime-control performance.  The website also has a section on threats, e.g. intolerance on the web, cyber bullying, to which schoolchildren may be exposed to. 

eSlovakia has been running educational activities aimed at protecting children and young people from the threats of cyberspace since 2007. Over the past 14 years, more than 50,000 workers with children and youths and over 360,000 schoolchildren from all over Slovakia have been trained. 

The educational part of the programme is accredited by the Ministry of Education, Science, Research and Sports of the Slovak Republic under the number AKPSM / 0034/2013/1/78. The training concept won the INSAFE award for its innovative approach to prevention as the best project in the European Union.

There are several types of training:

• Workers with children and youths: school principals, teachers, school psychologists, educational counselors, other pedagogical staff, coordinators of child protection against violence, Centers for Pedagogical and Psychological Counseling and Prevention, Methodological and Pedagogical Centers, School Offices, Police Preventers and city ​​police, helplines, etc. Screening of the film Who's Next? associated with an interactive lecture on the topic of prevention, bullying, cyberbullying, hacking and social issues. The activity takes place in cinemas throughout Slovakia with a capacity of 200-300 participants, lasting 4-5 hours with the possibility of organising a training session during the day.
• Age groups of 12+ years: Screening of the film Who's Next?The capacity is 200 - 300 teenagers, depending on the size of the cinema hall. The duration of the activity is 3 hours. It is possible to carry out 2 training sessions in one day. Musical and theatrical performance Aless - Born to win on the topic of bullying, cyberbullying and other social issues. The activity takes place in cinemas, municipal or city halls, in large areas of schools throughout Slovakia with a capacity of 100-200 teenagers, lasting for 1.5 hours and with the possibility of organising 3 training sessions in one day. 
• Age-group: children between 6 and 11: Musical-theatrical performance OVCE.sk on the topic of personal data protection, hacking, bullying, cyberbullying and other social issues, taking place in cinemas, municipal or city halls, in large areas of schools throughout Slovakia with a capacity of 100-200 children , lasting 1.5 hours and with the possibility of organising 3 training sessions in one day.

R&D on cybersecurity is to be supported through cooperation on qualitative and quantitative research projects. The strategy will support participation in national as well as European research projects and activities of cybersecurity with the allocation of funds. The central state administration authority for cybersecurity coordinates research activities. 

Building research and development capabilities in the field of cybersecurity

Threats and vulnerabilities in cyberspace are constantly evolving with the technological development and digitalization of society. Research and development in the field of cybersecurity is an appropriate mechanism for responding to a change in the security environment and implementing appropriate measures in order to minimize threats, mitigate vulnerabilities, detect and handle cybersecurity incidents.

Measures: 

• Creating a comprehensive concept of state support for research and development in the field of cybersecurity for the Slovak Academy of Sciences, universities and commercial organisations.
• Allocating financial resources for state support of research and development for the next 5 years (from 2021).
• Supporting research centres in the field of cybersecurity at universities.
• Developing capabilities in the field of national cryptography.
• Supporting scientific and research projects of private companies and research centres at national level.
• Assisting and supporting entities in their participation in scientific and research programmes and grants at national and international level. 
• Participating in the promotion of national research programmes and their results.
• Establishing a closed research network infrastructure across the whole Slovak Republic for cybersecurity research, development and testing.
• Coordinating the support of science and research through the Competence and Certification Cyber Security Centre. 

The 2021-2025 measures include:

• Adopting a sector-specific approach in the field of cybersecurity. 
• Providing support to both operators of essential services and operators of critical infrastructure in the private sector for taking appropriate security measures. 
• Ensuring effective cooperation, information sharing and expert discussion of the public and private sectors.
• Establishing a strong partnership network at national level between the state authorities, the state and the private sector, as well as academia and the professional community.
• Estalishing a network of cybersecurity competence centres at European level, including the Slovak Competence and Certification Cyber Security Centre as a national representative in the Governing Board of the European Competence Centres.
• Increasing the involvement of the Slovak Republic in the activities of the European Cyber Security Organisation (ECSO).

• Setting up and operating the national CSIRT network, which will unite Slovak CSIRT units (state-run and private).

• Setting up coordinating sectoral ISACs.

• Building cooperation of the state with the private sector, especially with companies specialised in cybersecurity solutions and innovative technologies.

The CYBERWISER.eu CyPR is all about boosting opportunities in the cybersecurity marketplace. 

This European Cybersecurity Professional Register is the place where professionals, juniors or seniors, age can promote their specific skill sets and experiences in cybersecurity, courses taken and qualifications.

Organisations of any size or sector from SMEs to large companies and public institutions can find and contact the right skills and experiences they need to improve their IT security posture.

January 2021

The information contained here is based on desk research carried out by CYBERWISER.eu, including the ENISA interactive maps on national strategies and educational courses. 

• CSIRT.SK, as a CSIRT unit responsible for sector “Public Administration” established under Office of the Deputy Prime Minister of the Slovak Republic for Investments and Informatisation. Services primarily to state and public administration in response to security incidents against public administration information systems (except for classified and military incidents). 
• National SK-CERT, the Slovak Computer EmergencyResponse Team, established under NSA for cybersecurity management, threat analysis, coordination of national security incident handling and response.
• The Cyber Defence Centre of the Slovak Republic responsible for cyber defence tasks of the Slovak Republic. Report a cyber incident to national CSIRT/CERT

CSIRT.SK
Guidelines on reporting a cyber incident can be found at www.csirt.gov.sk/incident-report-86c.html

• Team Email 1: incident@csirt.gov.sk
• Team Email 2: csirt.gov.sk
• Telephone: 02 / 59278 454, 02 / 59278 514
• Fax: 02 / 52926 870
• Public PGP key

February 2021. 

The information contained here is the result of desk research carried out by CYBERWISER.eu.