Building Trusted CTI for the Public Sector at CSIRT Slovakia

Operating a Cyber Threat Intelligence (CTI) capability for the public sector means working at the intersection of security, regulation, and trust. This presentation by CSIRT.SK shows how its Afrodita platform, built on MISP and integrated with several internal systems Aura and Atena, delivers actionable CTI while meeting the specific requirements of NIS2 directive and Slovak cybersecurity legislation. CSIRT.SK runs a centralized architecture of MISP instances connected across GOVNET, the governmental network, and beyond. This design enables secure CTI exchange among public institutions and partners, including selected international instances such as NATO MISP and FIRST MISP. Afrodita acts as the main interface for constituents, while Aura provides internal automation and correlation of incident data, and Atena links threat indicators to the Governmental Security Operation Center (SOC). In return, data collected during SOC operations and incident response, are used for building situational awareness as one of the core services defined by FIRST CSIRT Services. The presentation explains how this multi-layered architecture ensures data enrichment, contextualization, and traceable sharing of IoCs, enabling faster detection and coordinated response within a controlled trust domain. It also highlights practical challenges unique to the public sector constituency and the benefits for other CSIRT Services. Attendees will learn how CTI sharing under Afrodita helps public entities demonstrate NIS2 compliance, by integrating intelligence into vulnerability assessment, security monitoring, incident reporting, and evidence of “state of the art” cybersecurity controls.

Presented at Security Fest 2026.

Speakers: Adrian Ondov, Michal Rampasek

About Adrian Ondov

Adrian Ondov

Adrian is a Threat Intelligence Analyst at Government Unit CSIRT.SK within the Ministry of Investment, Regional Development and Informatization of the Slovak Republic. He specializes in threat intelligence, process automation, and the administration of the local MISP instance network within the public sector, and has been working at CSIRT.SK since 2023. He is also a core member of the Afrodita project, where he contributes to providing Threat Intelligence to the constituency of CSIRT.SK. In addition to his professional role, he runs a computer repair shop as a personal endeavor and leads courses on the fundamentals of network technologies at the Faculty of Informatics and Information Technologies, Slovak University of Technology (STU) in Bratislava.

About Michal Rampasek

Michal Rampasek

Michal is a PhD candidate and lecturer at the Faculty of Law of Comenius University in Bratislava, the Institute of Information Technology Law and Intellectual Property Law. He is a Slovak attorney and lawyer of Slovak Government CSIRT unit. His practice and academic research focuses on ICT law, cybersecurity law, and criminal law. His recent research address issues such as legal aspects of OSINT, CTI and information sharing, as well as legal protection of good-faith security researchers and coordinated vulnerability disclosure (CVD),

 
Get all relevant information and news regarding Security Fest, when we release recordings of talks, etc.
Get newsletter →