Slovenian National CERT Processes 6,000 Cyber Incidents Annually, Extending Support to Critical Private‑Sector Operators
What Happened – Slovenia’s SI‑CERT, a twelve‑analyst unit within the public agency ARNES, now triages roughly 6,000 cyber incidents each year – a twenty‑fold increase from the early‑2000s. The team operates three dedicated triage lines (routine fraud, high‑severity cases, and phishing) and classifies each report using an ENISA‑based taxonomy.
Why It Matters for TPRM –
- Demonstrates a mature, government‑backed incident‑response capability that can be leveraged by third‑party vendors.
- Shows alignment with NIS/NIS2 reporting mandates, reducing regulatory exposure for downstream supply‑chain partners.
- Highlights a trusted source for phishing takedowns and forensic assistance, valuable for organizations lacking in‑house expertise.
Who Is Affected – Public‑sector agencies, banking & financial services, energy utilities, telecommunications providers, and any third‑party vendors that serve these critical sectors in Slovenia and the broader EU.
Recommended Actions –
- Assess whether your organization or its suppliers can formalize a partnership or information‑sharing agreement with SI‑CERT.
- Verify that your incident‑response contracts reference the NIS2 reporting requirements that SI‑CERT enforces.
- Incorporate SI‑CERT’s ENISA‑based taxonomy into your own incident classification to improve cross‑entity reporting consistency.
Technical Notes – SI‑CERT’s workflow separates low‑complexity fraud reports from high‑impact ransomware or compromised‑account cases, employing dedicated analysts for malware analysis, digital forensics, and threat intelligence. The centre’s public‑sector status enables rapid phishing‑site takedowns for banking, energy, and telecom customers, and its taxonomy feeds aggregated statistics for national cyber‑risk monitoring. Source: Help Net Security