The government CSIRT unit offers public administration authorities free-of-charge services that help uncover weaknesses and prepare for attacks. Three pillars are key: the broad vulnerability assessment Achilles, the threat information sharing Afrodita, and the in-depth penetration testing ARES. The goal is to dispel the false sense of security and rely on proven processes and data.
Who CSIRT is and what it focuses on
The government CSIRT unit handles cybersecurity incidents and operates in Bratislava and Košice. The teams focus on malware and forensic analysis, training, and operational deployments to cover the needs of the entire country. The services are intended for public administration entities – from ministries and state authorities to local governments and chambers.
CSIRT has obtained SIM3 certification, which confirms the maturity of its processes and their regular auditing. It cooperates with the national SK-CERT, the academic sector, and security forces, for example with the Police Force. Thanks to funding from public sources and EU support, the services are free of charge for eligible organizations.
Achilles and Afrodita: from vulnerabilities to threats
Achilles is a blanket service that automatically detects vulnerabilities on assets accessible from the internet. All you need to do is register in the Government Information System of Cyber Security (VISKB) and report the assets you manage. The organization receives clear reports, can verify the findings, and track whether the situation improves over time.
For monitoring websites and their availability, there is a complementary service, Domino, which records the technologies used and facilitates targeted alerts. CSIRT also integrates account breach checking (Have I Been Pwned) so that agencies can quickly see whether their data has appeared in leaks. Critical vulnerabilities need to be remediated immediately, and CSIRT can proactively contact entities that are persistently high risk.
ARES and a lesson against false certainty
An automated scan has limits – it will not reveal, for example, passwords unchanged for ten years or flaws in business logic. ARES therefore provides in-depth penetration testing and configuration audits that specifically verify how a system withstands a real attacker. It is time-consuming work lasting weeks to months, but it delivers detailed findings and concrete recommendations.
Afrodita complements the picture by sharing up-to-date threat information, including blacklists and warnings during campaigns, such as the foreign DDoS attacks after the attempted assassination of the prime minister. CSIRT emphasizes that organizations should not confuse a simple "scan" with a full-fledged pentest and should verify this if in doubt. Approximately 340 out of about 8 000 entities are involved in the services today, so there is significant room for improvement.
