From Critical Infrastructure and Industrial Lines to Smart Buildings. What About Security?
28. marca 2025
We are an industrial country in a world that is in a cyber war. Further growth without increasing cyber resilience is not possible.
Operational Technology security is key to everyday life.
Let's look at Slovakia's gross domestic product structure or where you go to work. An industrial park or an office in a smart building? Do you use healthcare services, energy suppliers, transportation, or go to a shopping center? All these areas are already packed with technologies. Artificial intelligence, cloud, and 5G are bringing further challenges for Operational Technology (OT) security.
While awareness of IT cybersecurity in companies and state organizations is increasing, "OT security will still have to fight this battle," says Michal Srnec from Aliter Technologies .
Important Role
"Modernization of operational technologies is a significant area and challenge for security," evaluates the trend Maroš Trnka, head of the information technology department at Vodohospodárska výstavba.
In the energy sector, for example, control systems have been in operation for over twenty years. At that time, manufactured components or the control systems themselves were often designed more for longevity than security.
The security of these systems is increasing through the application of measures, but Slovakia faces a radical step. New control systems in the energy sector must now have parameters that meet the strictest OT security requirements.
Militarization of Technologies
We live in an era where technologies themselves, or their misuse, are becoming weapons. As we see east of our borders, the offensive begins with an attack on critical infrastructure.
With the amendment of the cybersecurity law, growing attacks, and the geopolitical situation, companies will increasingly deal with OT security. "We are inevitably facing practical implementation of changes, security tools, segmentation, and security strategies," predicts Maroš Trnka.
He immediately points out a chronic ailment - the lack of qualified experts in OT security. This also reopens the question of quality suppliers.
Traditional Problem
Operational security is characterized by dependence on specialized hardware and software suppliers. Third-party risk means that suppliers provide, support, and often develop specific technologies. While the local network infrastructure is in the hands of the company, the "keys to the mixer" are with the supplier.
According to cybersecurity expert Roman Čupka's experience, it often happens that the operator of information systems and critical infrastructure has no access to the security design of components and must rely solely on their manufacturers.
Paradoxically, manufacturers are not subject to such strict legislative frameworks as operators, so it is important that the "circle be closed". The EU Cyber Resilience Act should define security frameworks next year not only for IT manufacturers but also for OT technology manufacturers, ensuring their security lifecycle through standards and measures.
Let´s Move Forward
Many people automatically associate Operational Technologies or IoT technologies with industry or energy production and distribution. "Besides these areas, we can find these technologies in seemingly non-traditional environments," warns Tomáš Baksa, a business specialist at KFB Control.
Whether we enter a business center, shopping gallery, bank, or airport, dozens and hundreds of small helpers are installed everywhere. They make our lives more comfortable, pleasant, and efficient.
However, not all these IoT helpers were designed with cybersecurity in mind. They are often connected through various applications across the organization and are quite difficult to segment. Therefore, they represent attractive targets for attackers and threats to organizations.
Because of an Electric Frenzy
Cybersecurity consultant for critical infrastructure Martin Fábry draws attention to the cybersecurity of charging stations. This is a new topic worth considering, given that electromobility in Slovakia is rising sharply, with approximately one-third more charging stations added in the last year.
Currently, there are more than two thousand public charging points for electric vehicles in almost nine hundred locations. These "chargers" are equipped with intelligent technologies, which opens the door to potential cyber threats. Cyberattacks here can have serious consequences, from endangering transportation safety to network disruption and extortion of operators.
And a Smart Frenzy
The very term "smart buildings" means they are equipped with advanced technologies for management and optimization. This includes lighting, heating, ventilation, elevators, security, and other critical functions.
"In Slovakia, the current situation is that smart building security is almost never addressed. The security manager often doesn't even know that something like this exists in the building and should be dealt with," assesses Martin Fábry.
Building management system protection is often at a low level. Yet, cybersecurity of smart buildings is a key aspect that we must not underestimate. In Slovakia, this is still a little-known topic, but it is perceived very intensively abroad.
It's Already Happening
A building management system can be misused, for example, for cryptocurrency mining. Tomáš Baksa cites a case where an operator noticed unusually high load on building management system components. "After applying a security probe in the network, it was revealed that this was caused by an unauthorized crypto mining software installed and managed from an external location," he says about the successful outcome.
Another example of a security incident is the failure of cooling systems in a data center in the middle of summer. Within a few hours, it caused server overheating, which led to an urgent requirement to shut them down.
Source: HNšpeciál. 2024. “Kritická infraštruktúra, priemyselné linky až po smart budovy. Aká je bezpečnosť?” HN Online.sk, August 23, 2024. https://hnonline.sk/hn-special/96165504-kriticka-infrastruktura-priemyselne-linky-az-po-smart-budovy-aka-je-bezpecnost. Accessed: 27. 3. 2025
Let's look at Slovakia's gross domestic product structure or where you go to work. An industrial park or an office in a smart building? Do you use healthcare services, energy suppliers, transportation, or go to a shopping center? All these areas are already packed with technologies. Artificial intelligence, cloud, and 5G are bringing further challenges for Operational Technology (OT) security.
While awareness of IT cybersecurity in companies and state organizations is increasing, "OT security will still have to fight this battle," says Michal Srnec from Aliter Technologies .
Important Role
"Modernization of operational technologies is a significant area and challenge for security," evaluates the trend Maroš Trnka, head of the information technology department at Vodohospodárska výstavba.
In the energy sector, for example, control systems have been in operation for over twenty years. At that time, manufactured components or the control systems themselves were often designed more for longevity than security.
The security of these systems is increasing through the application of measures, but Slovakia faces a radical step. New control systems in the energy sector must now have parameters that meet the strictest OT security requirements.
Militarization of Technologies
We live in an era where technologies themselves, or their misuse, are becoming weapons. As we see east of our borders, the offensive begins with an attack on critical infrastructure.
With the amendment of the cybersecurity law, growing attacks, and the geopolitical situation, companies will increasingly deal with OT security. "We are inevitably facing practical implementation of changes, security tools, segmentation, and security strategies," predicts Maroš Trnka.
He immediately points out a chronic ailment - the lack of qualified experts in OT security. This also reopens the question of quality suppliers.
Traditional Problem
Operational security is characterized by dependence on specialized hardware and software suppliers. Third-party risk means that suppliers provide, support, and often develop specific technologies. While the local network infrastructure is in the hands of the company, the "keys to the mixer" are with the supplier.
According to cybersecurity expert Roman Čupka's experience, it often happens that the operator of information systems and critical infrastructure has no access to the security design of components and must rely solely on their manufacturers.
Paradoxically, manufacturers are not subject to such strict legislative frameworks as operators, so it is important that the "circle be closed". The EU Cyber Resilience Act should define security frameworks next year not only for IT manufacturers but also for OT technology manufacturers, ensuring their security lifecycle through standards and measures.
Let´s Move Forward
Many people automatically associate Operational Technologies or IoT technologies with industry or energy production and distribution. "Besides these areas, we can find these technologies in seemingly non-traditional environments," warns Tomáš Baksa, a business specialist at KFB Control.
Whether we enter a business center, shopping gallery, bank, or airport, dozens and hundreds of small helpers are installed everywhere. They make our lives more comfortable, pleasant, and efficient.
However, not all these IoT helpers were designed with cybersecurity in mind. They are often connected through various applications across the organization and are quite difficult to segment. Therefore, they represent attractive targets for attackers and threats to organizations.
Because of an Electric Frenzy
Cybersecurity consultant for critical infrastructure Martin Fábry draws attention to the cybersecurity of charging stations. This is a new topic worth considering, given that electromobility in Slovakia is rising sharply, with approximately one-third more charging stations added in the last year.
Currently, there are more than two thousand public charging points for electric vehicles in almost nine hundred locations. These "chargers" are equipped with intelligent technologies, which opens the door to potential cyber threats. Cyberattacks here can have serious consequences, from endangering transportation safety to network disruption and extortion of operators.
And a Smart Frenzy
The very term "smart buildings" means they are equipped with advanced technologies for management and optimization. This includes lighting, heating, ventilation, elevators, security, and other critical functions.
"In Slovakia, the current situation is that smart building security is almost never addressed. The security manager often doesn't even know that something like this exists in the building and should be dealt with," assesses Martin Fábry.
Building management system protection is often at a low level. Yet, cybersecurity of smart buildings is a key aspect that we must not underestimate. In Slovakia, this is still a little-known topic, but it is perceived very intensively abroad.
It's Already Happening
A building management system can be misused, for example, for cryptocurrency mining. Tomáš Baksa cites a case where an operator noticed unusually high load on building management system components. "After applying a security probe in the network, it was revealed that this was caused by an unauthorized crypto mining software installed and managed from an external location," he says about the successful outcome.
Another example of a security incident is the failure of cooling systems in a data center in the middle of summer. Within a few hours, it caused server overheating, which led to an urgent requirement to shut them down.
Source: HNšpeciál. 2024. “Kritická infraštruktúra, priemyselné linky až po smart budovy. Aká je bezpečnosť?” HN Online.sk, August 23, 2024. https://hnonline.sk/hn-special/96165504-kriticka-infrastruktura-priemyselne-linky-az-po-smart-budovy-aka-je-bezpecnost. Accessed: 27. 3. 2025
On Wednesday, September 10, 2025, an important meeting took place between the Critical Infrastructure Association of the Slovak Republic and another central state administration body in the critical infrastructure sector, namely the Administration of State Material Reserves of the Slovak Republic (SŠHR).
V stredu 10. septembra 2025 sa uskutočnilo dôležité rokovanie Asociácie kritickej infraštruktúry Slovenskej republiky s ďalším ústredným orgánom štátnej správy na úseku kritickej infraštruktúry, ktorým je Správa štátnych hmotných rezerv Slovenskej republiky (SŠHR).
The Critical Infrastructure Association of the Slovak Republic (AKI SR) is negotiating with critical subjects and ministries about a suitable financing model for the resilience of critical subjects and the preservation of basic services. The Association is convinced that the entire burden of costs should not be borne only by critical subjects, but that the state should help finance the resilience of critical infrastructure, for example from European funds, and also support negotiations with banks on preparing advantageous loans towards developing threat analyses, security audits and subsequently projects to eliminate identified deficiencies. AKI SR will, in accordance with this proposal, initiate negotiations with the Slovak Banking Association and with the Deputy Prime Minister of the Slovak Republic for the recovery plan and knowledge economy. AKI SR is gradually concluding cooperation memorandums with ministries in accordance with the sectors that are under their responsibility according to the critical infrastructure law.
Asociácia kritickej infraštruktúry SR rokuje o financovaní nákladov na odolnosť kritických subjektov
Asociácia kritickej infraštruktúry Slovenskej republiky (AKI SR) rokuje s kritickými subjektami a ministerstvami o vhodnom modeli financovania odolnosti kritických subjektov a zachovania základných služieb. Asociácia je presvedčená, že celé bremeno nákladov by nemali niesť len kritické subjekty, ale aby štát pomohol financovať odolnosť kritickej infraštruktúry napríklad z európskych fondov a podporil aj rokovania s bankami o príprave výhodných úverov smerom k vypracovaniu analýz hrozieb, bezpečnostných auditov a následne projektov na odstránenie zistených nedostatkov. AKI SR bude v súlade s týmto návrhom iniciovať rokovania so Slovenskou bankovou asociáciou a s podpredsedom vlády SR pre plán obnovy a znalostnú ekonomiku. AKI SR postupne uzatvára memorandá o spolupráci s ministerstvami v súlade so sektormi, ktoré sú v zmysle zákona o kritickej infraštruktúre v ich zodpovednosti.
Representatives of the Critical Infrastructure Association of the Slovak Republic participated on August 21, 2025, in a working meeting on the issue of the Critical Infrastructure Strategy in the agriculture and rural development sector of the Slovak Republic.
Zástupcovia Asociácie kritickej infraštruktúry Slovenskej republiky sa 21. augusta 2025 zúčastnili na pracovnom stretnutí k problematike Stratégie kritickej infraštruktúry v rezorte pôdohospodárstva a rozvoja vidieka SR.
As part of developing cooperation across all critical infrastructure sectors, another significant meeting of the Critical Infrastructure Association of the Slovak Republic took place on August 14, 2025, this time at the Ministry of Investments, Regional Development and Informatization of the Slovak Republic.
V rámci rozvoja spolupráce naprieč všetkými sektormi kritickej infraštruktúry sa 14. augusta 2025 uskutočnilo ďalšie významné rokovanie Asociácie kritickej infraštruktúry Slovenskej republiky, tentokrát na Ministerstve investícií, regionálneho rozvoja a informatizácie Slovenskej republiky.
In the video, you will learn how the Critical Infrastructure Association of the Slovak Republic protects the state's strategic systems, supports innovation, and coordinates cooperation between the public and private sectors. From January 1, 2025, laws No. 367/2024 and 366/2024 bring new obligations in the area of critical infrastructure and cybersecurity. How to prepare for EU directives and face threats? See how the Critical Infrastructure Association of the Slovak Republic helps companies and institutions!
Vo videu sa dozviete, ako Asociácia kritickej infraštruktúry Slovenskej republiky chráni strategické systémy štátu, podporuje inovácie a koordinuje spoluprácu verejného a súkromného sektora. Od 1. januára 2025 prinášajú zákony č. 367/2024 a 366/2024 nové povinnosti v oblasti kritickej infraštruktúry a kyberbezpečnosti. Ako sa pripraviť na smernice EÚ a čeliť hrozbám? Pozrite si, ako Asociácia kritickej infraštruktúry Slovenskej republiky pomáha firmám a inštitúciám!