On 1st April 2018 the Cyber Security Act came into force. The aim of the law is to create the legislative framework necessary for the effective implementation of key measures to secure the national cyberspace by transposing priorities and requirements that have been created at European level. The Act regulates in particular the organization and authority of the public authorities in the area of cyber security, the status and obligations of the persons liable, the organization and the scope of CSIRT cyber security incidents and their accreditation, the cyber security system, the control and the audit. The law also addresses some of the other requirements of the Directives, such as the definition of international cooperation on cyber security, the fulfilment of notification obligations, the reporting of cyber-security incidents, the promotion of research and education as well as the enhancement of security awareness in the field of cyber security.
From the point of view of ensuring the cyber defence of the Slovak Republic, the related amendments to Act no. 198/1994 Coll. on Military Intelligence, Act no. 319/2002 Coll. on the defence of the Slovak Republic and Act no. 45/2011 Coll. on Critical Infrastructure are important.
Under the Cyber Security Act, Paragraph 27 Section 10 the National Security Authority informs Military Intelligence about security incidents that exceed the specified degree of severity and about facts that suggest that a serious cyber-security incident may be cybernetic terrorism. Relevant persons reporting this cyber-security incident are required to provide information to the Military Intelligence to the extent necessary to ensure cyber defence.
Under the amendment to Act no. 319/2002 Coll. on the defence of the Slovak Republic, the state defence is also provided in the cyber space through measures aimed at solving the serious cyber-security incidents under the Cyber Security Act and the defence of objects of special importance, other important objects and elements of critical infrastructure against cyber-attacks carried out in this area by Military Intelligence. In Paragraph 18 Section 2 also introduces the obligation of legal and natural persons authorized to conduct business to provide Military Intelligence with assistance and information important for securing state defence in the cyberspace. According to the amendment to Act no. 198/1994 Coll. on Military Intelligence, Military Intelligence gathers, concentrates and evaluates information relevant to the defence and defence capabilities of the Slovak Republic and abroad, focused on activities and threats in cyberspace, within the scope of its competence, and is authorized to carry out appropriate security measures. Military Intelligence performs tasks in the field of cybernetic security and cyber security in the scope stipulated by the Cyber Security Act through the Centre for Cyber Defence of the Slovak Republic, which is a special organizational component of the Military Intelligence. The Centre acquires, concentrates, analyses and evaluates information relevant to cyber defence, informs affected parties and suggests appropriate measures. The Centre is entitled to request interoperability and information from the owner or operator of objects of critical importance, other critical objects and critical infrastructure elements to the extent necessary to ensure cyber defence and has a direct, real-time electronic access to the full cyber security information system.