The Slovenian National Cyber Security Strategy was adopted in February 2016. The strategy is based on three pillars: prevention, response, awareness.
Strategic objectives and related measures include:
Obj. 1 Strengthening and systemic regulation of the national cyber security assurance system: establishing a central coordination of the national cyber security assurance system; strengthening human resource and technological bodies at the operational level of cyber security assurance system along with the implementation of SIGOV CERT; regular participation in international exercises on cyber security and organisation of national exercises; gradual upgrade of state bodies HKOM networks with equipment that is appropriately approved by Slovenian authoritites as being safe and suitable for use; implementing competent checks of safety and functionality of IT equipment within existing and newly established bodies.
Obj. 2 The safety of citizens in cyberspace: regular implementation of awareness-raising programmes on cyber security; introducing cyber security content in education and training programmes.
Obj. 3 Cyber security in the economy: promoting the development and introduction of new technologies in the field of cyber security; regulation implementation of awareness raising programmes on cyber security for businesses.
Obj. 4 Providing the operation of critical infrastructure in the sector of ICT support: regular assessment of risks to the operation of critical infrastructures; planning appropriate protection measures and updating risk assessment in this field.
Obj. 5 Cyber security assurance to ensure public security and combat cyber crime: implementing appropriate cyber capacities to protect ICT systems of the police; regular training on cyber security for law enforcement authorities participating in the development of cyber capacities for public security and in combatting cybercrime; regular updating of the laws and procedures in line with the development of ICT.
Obj. 6 Development of defence cyber capabilities: developing appropriate cyber capabilities to protect defence ICT systems.
Obj. 7 Ensuring safe operation and availability of ensuring conditions for the smooth operation of key ICT systems in the event of major natural and other disasters: ensuring conditions for the smooth operation of key ICT systems in the event of a major natural and other disasters.
Obj. 8 Strengthening national cyber security through international co-operation: ensuring conditions for the participation of Slovenian experts in the relevant international working bodies and associations in the area of cyber security.
The importance of cyber risk management is highlighted for critical infrastructures (both public and privately held) rather than as a best practice for digital businesses in general.
NATIONAL CYBERSECURITY STRATEGY - NIS Capacities
|Year of adoption||2016, the government adopted the Slovenian National Cyber Security Strategy - Establishing a system to ensure a high level of cyber security.|
|Updates and revisions||
In April 2017, Slovenia adopted the resolution on obligations and the organisation of the established national cyber security authority, thereby beginning to fulfil its commitment to NATO in order to prioritise strengthening of national capacities of cyber defence and applying the requirements, imposed by the NIS Directive on measures to ensure high overall level of network and information security in European Union (NIS Directive 2016). Thus, central coordination of the national security system and conditions for stable operation have been established.
|Implementation and monitoring||
The Strategy implementation will be monitored by the Government of the Republic of Slovakia and by relevant ministries in accordance with the grounds of jurisdiction set out in the Constitution and legislation.
|Operational capacity building||
Capacity building in Slovenia is part of establishing a comprehensive cyber security system and clear governance structure.
SI-CERT (English version) is the main contact point for reporting network security incidents involving systems and networks located in Slovenia. By agreement with Slovenian government, SI-CERT also provides the role of the Government CERT. SI-CERT is a service of ARNES (Academic and Research Network of Slovenia). (Slovenian: www.cert.si/; English: www.cert.si/en with basic information).
Due to a growing number of cyber attacks (Petya, WannaCry), intense preparations of cyber security legislation are underway and expected in 2017.
|Overall assessment/best practices||
Slovenia participates in international cyber security exercises. In Cyber Europe exercises, organised by ENISA, in 2010 Slovenia took part as an observer and in 2012 and 2014 as an active participant. Furthermore, from 2013 on, it actively participates in Cyber Coalition exercises within NATO. Participation in these exercises proved to be a good opportunity to check the capacities for cyber security assurance at the national level, as well as to exchange experience and establish new connections between stakeholders. National cyber security exercise has not yet been carried out.
|Date of last WISER analysis||July 2017|
Compliance with the GDPR and NIS Directive: Report a cyber incident
|Report a cyber incident to national CERT/CSIRT|
|Guidance and Updates||
SI-CERT - www.cert.si/ keeps its constituency up to date on cyber threats and other related information through the news section of its website in Slovenian. Examples include technical information about attacks with false messages and the percentage of countries affected by ransomware attacks.
Other updates on Slovenia include:
In March 2016, a strategic paper entitled "The Information Society Development Strategy to 2020 – DIGITAL SLOVENIA 2020" was adopted by the Slovenian Government. This framework strategy lays down Slovenia’s key strategic development goals in this area and combines the Next-Generation Broadband Network Development Plan to 2020 and the Cyber Security Strategy together into a unified strategic framework.
|Date of last WISER analysis||July 2017|