They are everywhere. They collect, analyze, send, and store data. And security?

25. apríla 2025

Cameras, sensors, meters, smart devices. They are already in energy, transportation, healthcare, in small and large companies. Tiny IoT boxes can mean big problems. 

The intersection between the IoT world and operational technologies is referred to as the industrial internet of things.

This new world brings many security challenges. Moreover, the long life cycle of robust operational technologies contrasts with the rapid development of IoT devices. 

We must go forward

Companies usually buy or develop IoT devices to bring new services, increase efficiency, automate routine processes, and ideally save costs. 

"The problem arises when an increasing number of IoT devices start to accumulate – from sensors through cameras, actuators to sophisticated devices in logistics or manufacturing. They were designed with an emphasis on compatibility and functionality, not security," says Rudolf Klein, product manager at Aliter Technologies

But no need to run

Here Rudolf Klein continues mercilessly in describing the environment. Devices have weak or no encryption of communication because the effort to make them "invisible" in the network could disrupt their compatibility. Regular users want simple installation, modern interfaces, and a visible sense of value for money spent, and here "boring security gives way to requirements." 

Moreover, manufacturers often stop supporting innovations after a few years and stop issuing security updates. And if they are available, the device is connected remotely and uses expensive data for updates. 

This means that the network often contains devices that are either at the edge of security policy or completely bypass it. However, they are connected to the same network as company computers, servers, internal systems, and databases including sensitive information data. 

Every vulnerability counts

In industrial systems, IoT devices are increasingly used as part of operational technologies. Both are often connected to the network, exposing them to cyber threats or they are carriers of vulnerabilities. A compromised IoT device can be an entry point for an attack on the entire system. 

Bohuš Levčík, a security specialist with more than two decades of experience in energy, gives an example – if a smart electric meter or a vibration sensor on a turbine does not have secured communication or is vulnerable, they can be misused as an entry point into the entire operational technology infrastructure. 

The topic is getting broader 

"To be honest, the topic of IoT security is still not perceived in its entire content spectrum in the corporate environment," says Bohuš Levčík. In larger companies, experts are aware of the risks associated with IoT, especially in critical infrastructures such as energy or industry. In small and medium-sized companies, IoT security is often underestimated. Measures exist, but they are often not systematic. 

And here too, the main problem remains the lack of experts who could properly evaluate IoT threats in an industrial environment. 

Warnings are increasing

Cybersecurity professional Michal Legerský also points to a shift over recent years. "Many companies in the past focused more on IT environment security, and operations and IoT were rather perceived as something that is not attacked and therefore does not need to be protected as much. The current era unfortunately shows us that the opposite is true." 

The increased number of cyberattacks on IoT devices is related to their widespread use and implementation growth. The reason is mainly optimization and streamlining of machinery maintenance, which extends the operability and lifespan of production units and reduces costs. 

Here Michal Legerský boldly says that the media coverage of incidents and sharing experiences significantly helps raise awareness and it is necessary to continue doing so. 

The ecosystem is growing 

Media coverage of attacks and the pressure of legislative changes cause enlightened company leadership to realize that cyber risks are not just an IT issue. "They have a direct impact on business continuity, reputation, and financial results," warns cybersecurity manager and consultant Viktória Blažíčková.

IoT devices are no longer just technical add-ons. The risk increases with their expansion, while their weak security can threaten not only the company itself but also the entire supply chain. 

Viktória Blažíčková therefore highly appreciates that cybersecurity is getting higher on the top management priority list. However, she considers it crucial that it becomes part of strategic decision-making, not just a response to incidents. 

Exceptions will no longer exist 

Just as strict security measures are applied in operational technologies, they must also be implemented on IoT devices. The head of information security department at Volkswagen Slovakia, Marián Klačo, connects these two worlds here. 

Operational technologies have a much longer life cycle than IT technologies, are often outdated, and lack security knowledge is added to that. "Therefore, with the implementation of IoT security measures comes hand in hand the need to increase knowledge among teams managing operational technologies." 

We're not done yet

The unmanaged combination of information and operational technologies can be exacerbated by the growing use of artificial intelligence. The interconnection of these three factors dramatically increases cybersecurity risks. "An attack on IT infrastructure can quickly spread to the operational technology environment, which can lead to production stoppage or equipment damage," describes the scenario cybersecurity expert Ivan Kopáčik. 

Systems that use AI can be misused for automated attacks or manipulation of decision-making. Unsecured AI models can be influenced by false inputs, which can lead to incorrect reactions in control processes.

In the global industry, we observe a dual trend - technological and personnel. "The implementation of post-quantum cryptography and AI-based security systems goes hand in hand with building specialized teams of cyber experts," adds Matej Michalko, Chairman of the Supervisory Board of the Critical Infrastructure Association of the Slovak Republic. Need to go further It is necessary to train teams that implement technologies and teams that take care of them about security requirements. This broad spectrum includes integrators, suppliers, planning department staff, and maintenance personnel. 

Already when introducing operational technologies or changing them, it is necessary to remember their security. For example, as part of deployment, doing a so-called hardening, which is something like strengthening the infrastructure and thinking about antivirus protection where appropriate. Here Marián Klačo again reminds the mantra for selecting operational technologies: Security by design.

Warning

• 96 percent of cyber attacks in 2024 exploited vulnerabilities that were known before and had updates available

• simulated attacks on healthcare facilities showed 71 percent of compromised devices due to vulnerabilities older than two years 

Source: “Sú už všade. Zbierajú, analyzujú, posielajú a ukladajú dáta. A bezpečnosť?” HN špeciál, April 24, 2025. https://hnonline.sk/hn-special/96208291-su-uz-vsade-zbieraju-analyzuju-posielaju-a-ukladaju-data-a-bezpecnost.



Accessed 25th April 2025

Stanovisko Asociácie kritickej infraštruktúry SR Reakcia na článok Denníka E z 30. apríla 2026

1. mája 2026
Asociácia kritickej infraštruktúry SR (ďalej len „asociácia") považuje za potrebné reagovať na článok publikovaný v Denníku E, ktorý vo viacerých bodoch nepresne interpretuje činnosť asociácie, jej členskú základňu, ako aj povahu projektov realizovaných niektorými členskými subjektmi. Nižšie uvádzame vecné stanovisko k jednotlivým tvrdeniam.

Introducing the sectors of critical infrastructure: Finance

30. apríla 2026
The area of critical infrastructure in the Slovak Republic is regulated by Act No. 367/2024 Coll. on Critical Infrastructure and on the Amendment and Supplementation of Certain Acts, which defines the individual sectors, sub-sectors and essential services necessary for the functioning of the state. The Critical Infrastructure Association of the Slovak Republic gradually presents the individual sectors with the aim of bringing closer their importance, their functioning and their impacts on the everyday life of society. This time we focus on the finance sector.

Predstavujeme sektory kritickej infraštruktúry: Financie

30. apríla 2026
Oblasť kritickej infraštruktúry v Slovenskej republike upravuje zákon č. 367/2024 Z. z. o kritickej infraštruktúre a o zmene a doplnení niektorých zákonov, ktorý definuje jednotlivé sektory, podsektory a základné služby nevyhnutné pre fungovanie štátu. Asociácia kritickej infraštruktúry Slovenskej republiky postupne predstavuje jednotlivé sektory s cieľom priblížiť ich význam, fungovanie a dopady na každodenný život spoločnosti. Tentokrát sa zameriame na sektor financií .

From a Vilnius Warehouse to the Leipzig DHL Ramp: A Trial That Is Changing the View on the Protection of European Logistics Infrastructure

29. apríla 2026
On 17 April 2026, a trial began at the District Court in Vilnius that is shifting the European debate on the protection of critical infrastructure from the technical level to a very concrete one. Five men are charged with sending, in July 2024, in cooperation with the Special Tasks Department of the Russian military intelligence service GRU, incendiary parcels via DHL and DPD from Vilnius to the air hub in Leipzig, to Poland and to the United Kingdom. The head of the German counter-intelligence service BfV stated that only a flight delay prevented an in-flight detonation that could have destroyed a cargo aircraft. 

Z vilniuského skladu na rampu lipského DHL: proces, ktorý mení pohľad na ochranu európskej logistickej infraštruktúry

29. apríla 2026
Na Okresnom súde vo Vilniuse sa 17. apríla 2026 začal proces, ktorý posúva európsku diskusiu o ochrane kritickej infraštruktúry z roviny technickej do roviny veľmi konkrétnej. Päť mužov je obvinených z toho, že v júli 2024 v spolupráci s Oddelením špeciálnych úloh ruskej vojenskej spravodajskej služby GRU posielali zápalné zásielky cez DHL a DPD z Vilniusu do leteckého uzla v Lipsku, do Poľska a do Veľkej Británie. Šéf nemeckej kontrarozviedky BfV uviedol, že len omeškanie letu zabránilo detonácii vo vzduchu, ktorá mohla zničiť dopravné lietadlo.

Cyber Resilience Act enters the operational phase: what was said at KYBER2026 and what Slovakia must complete before 11 September 2026

28. apríla 2026
The KYBER2026 conference of the National Security Authority and SK-CERT, held on 27 and 28 April 2026 at Hotel Sitno Vyhne, confirmed what operators of essential services and critical entities had already suspected since the beginning of the year. 2026 is not a year of preparation — it is a year of demonstrable functionality. At the centre stands Regulation (EU) 2024/2847 of the European Parliament and of the Council on cyber resilience, which reaches its first hard milestone on 11 September 2026: mandatory reporting of actively exploited vulnerabilities and significant incidents through ENISA's Single Reporting Platform.

Cyber Resilience Act vstupuje do prevádzkovej fázy: čo zaznelo na KYBER2026 a čo musí Slovensko stihnúť do 11. septembra 2026

28. apríla 2026
Konferencia KYBER2026 Národného bezpečnostného úradu a SK-CERT, ktorá sa konala 27. a 28. apríla 2026 v hoteli Sitno Vyhne, potvrdila to, čo prevádzkovatelia základných služieb a kritických subjektov tušili už od začiatku roka. Rok 2026 nie je rokom prípravy, ale rokom preukázateľnej funkčnosti. V centre stojí nariadenie Európskeho parlamentu a Rady číslo 2024/2847 o kybernetickej odolnosti, ktoré dosiahne 11. septembra 2026 prvý ostrý míľnik, povinné hlásenie aktívne zneužívaných zraniteľností a závažných incidentov cez Single Reporting Platform agentúry ENISA.

Memorandum between the Critical Infrastructure Association of the SR and Slovak Investment Holding opens space for sustainable investments in critical infrastructure

24. apríla 2026
The Critical Infrastructure Association of the Slovak Republic (AKI SR) and Slovak Investment Holding, a. s. concluded a memorandum of cooperation on 23 April 2026, the aim of which is to create a framework for the support of investments and the financing of projects in the field of critical infrastructure in Slovakia. The memorandum confirms the shared interest of both parties in developing strategic, developmental and innovation projects with a focus on increasing the resilience of critical infrastructure and securing essential services. The cooperation will concentrate in particular on the identification of suitable projects, the exchange of expert knowledge, as well as the interconnection of public and private sources of financing. An important part of the cooperation is also the use of expert capacities and practical experience in the preparation and implementation of projects, in particular in the areas of infrastructure and innovation. “We see room for projects that will have a long-term impact and, at the same time, financial sustainability. In areas of public interest, such as critical infrastructure or innovation, we can bring knowledge of the environment, the identification of projects and the interconnection of partners, so that high-quality and feasible solutions come into being,” stated Tibor Straka, President of AKI SR. According to his words, it is crucial that the cooperation brings concrete results: “It is important for us that this cooperation is sustainable in the long term and brings measurable results that will have a real benefit for Slovak critical infrastructure.” At the same time, the memorandum creates space for systematic expert cooperation, consultations and further joint activities aimed at the support of investments and the development of critical infrastructure. Both parties declare their interest in actively participating in projects that will contribute to the modernisation of infrastructure, the more efficient use of resources and the strengthening of the investment environment in Slovakia.

Memorandum medzi Asociáciou kritickej infraštruktúry SR a Slovak Investment Holding otvára priestor pre udržateľné investície do kritickej infraštruktúry

24. apríla 2026
Asociácia kritickej infraštruktúry Slovenskej republiky (AKI SR) a Slovak Investment Holding, a. s. uzavreli 23. apríla 2026 memorandum o spolupráci, ktorého cieľom je vytvoriť rámec pre podporu investícií a financovanie projektov v oblasti kritickej infraštruktúry na Slovensku. Memorandum potvrdzuje spoločný záujem oboch strán rozvíjať strategické, rozvojové a inovačné projekty so zameraním na zvýšenie odolnosti kritickej infraštruktúry a zabezpečenie základných služieb. Spolupráca sa bude sústreďovať najmä na identifikáciu vhodných projektov, výmenu odborných poznatkov, ako aj prepájanie verejných a súkromných zdrojov financovania. Dôležitou súčasťou spolupráce je aj využitie odborných kapacít a praktických skúseností pri príprave a realizácii projektov, najmä v oblastiach infraštruktúry a inovácií. „ Vidíme priestor pre projekty, ktoré budú mať dlhodobý dopad a zároveň finančnú udržateľnosť. V oblastiach verejného záujmu, ako sú kritická infraštruktúra či inovácie, vieme priniesť znalosť prostredia, identifikáciu projektov a prepájanie partnerov tak, aby vznikali kvalitné a realizovateľné riešenia,“ uviedol prezident AKI SR Tibor Straka. Podľa jeho slov je kľúčové, aby spolupráca prinášala konkrétne výsledky: „Je pre nás dôležité, aby táto spolupráca bola dlhodobo udržateľná a prinášala merateľné výsledky, ktoré budú mať reálny prínos pre slovenskú kritickú infraštruktúru.“  Memorandum zároveň vytvára priestor pre systematickú odbornú spoluprácu, konzultácie a ďalšie spoločné aktivity zamerané na podporu investícií a rozvoj kritickej infraštruktúry. Obe strany deklarujú záujem aktívne sa podieľať na projektoch, ktoré prispejú k modernizácii infraštruktúry, efektívnejšiemu využívaniu zdrojov a posilneniu investičného prostredia na Slovensku.

When the Supplier Is the Single Point of Failure: The ChipSoft Attack and a Lesson for Slovak Healthcare

22. apríla 2026
A ransomware attack on ChipSoft, the supplier of the electronic health records system used by approximately 70 to 80 percent of Dutch hospitals, paralysed a substantial part of the national healthcare system within a matter of hours. The event reaches far beyond the borders of the Netherlands. It confirms that the concentration of sensitive infrastructure in the hands of a single software supplier is becoming a systemic vulnerability of critical infrastructure.