Expert Statement of the Critical Infrastructure Association of the Slovak Republic (AKI SR) on the Serious Cybersecurity Incident at the Ministry of Economy of the Slovak Republic
The Critical Infrastructure Association of the Slovak Republic (AKI SR) expresses serious concern over the cybersecurity incident that was identified at the Ministry of Economy of the Slovak Republic.
Information from the ministry and independent media confirms that this was an attack that had the potential to affect key components of the ministry's infrastructure. State specialized cybersecurity teams are responding on site – the government CSIRT and SK-CERT at the National Security Authority – which confirms the high severity of the event.
Although the ministry stated that early detection prevented the encryption of data and direct damage to information systems, the very fact of successful penetration into part of the infrastructure represents a serious breach of state administration security. In international practice, it is known that ransomware groups and advanced persistent threats (APT) often operate in multiple phases: from initial penetration, through lateral movement, data exfiltration, to activation of encryption or extortion mechanisms. The fact that the attack was intercepted before transitioning to the next phase should be evaluated positively, but at the same time points to the need for a deeper review of security mechanisms throughout the ministry and the broader state administration.
From available information, the actor behind the incident pursued a more extensive goal than just damaging a single system. In such cases, the attackers' motivation may be to gain access to network identifiers, administrator accounts, or systems that can serve as a pivot for further attacks on other state authorities, enterprises, or critical infrastructure entities. This aspect is precisely why AKI SR considers the incident extremely serious, even if the immediate impacts were minimized.
The Ministry of Economy of the Slovak Republic stated that data related to targeted energy assistance were not stored on the affected infrastructure. While this information contributes to public reassurance, the incident simultaneously questions the adequate coordination and unified architecture of information security across state administration ministries. In an environment where ministries manage interconnected data registers and processes, it is not possible to rely on the isolated infrastructure of one ministry eliminating systemic risk.
AKI SR considers it essential that the investigation of the incident not focus exclusively on the technical analysis of individual systems, but bring broader findings about the state of organizational preparedness of the state administration, the level of network segmentation, privilege policy, traffic monitoring and logging systems, as well as the level of implementation of security frameworks that the Slovak Republic must fulfill according to the NIS2 directive, Cyber Resilience Act (CRA), as well as national legislation in the field of cybersecurity.
It is equally important to examine whether state institutions have sufficient capacity to implement modern security architectures including zero-trust models, identity and access management (IAM), regular penetration tests and red-team exercises, real-time security monitoring, as well as the gradual deployment of cryptographic mechanisms resistant to future threats, including post-quantum cryptography.
The incident also confirms a long-known problem: public administration in Slovakia is technically and procedurally heterogeneous, which creates space for new types of attacks and increases the risk of chain propagation of compromises. Cyber threats in 2025 differ dramatically from those against which many systems were originally designed: these are no longer isolated attacks, but organized operations with long-term preparation that utilize advanced automation, abuse of legitimate tools, and finally, vulnerabilities in the software and hardware supply chain.
The Critical Infrastructure Association of the Slovak Republic therefore calls for comprehensive modernization of the state's cybersecurity. Slovakia needs a unified, robust architecture based on international standards, clear risk management, regular resilience testing, immediate implementation of corrective measures, and professional capacities that will be able to face modern threats. The goal must be not only to resolve individual incidents, but to build a level of resilience that minimizes the likelihood that penetrations of a similar type will have systemic or societal impacts in the future.
AKI SR will continue to analyse the incident, provide expert recommendations, and coordinate sectoral positions aimed at increasing the security level of the state and protection of critical infrastructure.
