Appropriate levels of network and information security are exceptionally important factors for normal operations of the economy and the development of the society. Interference or a decrease in the operation of electronic communications services resulting from malicious acts, natural disasters, systemic or human errors can have a critical effect on the operation of the information society. The European Directive 2009/140/ES brought numerous legislative changes and amendments in the field of electronic communications. One of the directive’s most important objectives is the obligation that appropriate security and integrity of networks and services must be ensured. Slovenia has transposed this directive into its national legislation as part of the Electronic Communications Act.
In Chapter 7 the Act imposes on operators to adopt appropriate technical and organizational measures for appropriately mitigating the risk for network and service security, especially with the objective of preventing and reducing the effects of security incidents on users and inter-connected networks. Operators must adopt all the required measures for ensuring the integrity of their networks with the purpose of ensuring uninterrupted provision of services over these networks. Operators are also obligated to inform and report in the event of security or integrity breaches. In the scope of its authority the Agency informs the national contact point for managing security incidents (SI-CERT), the national regulatory bodies in other member countries and the European Network and Information Security Agency (ENISA) of individual breaches of security of services or network integrity if required and based on the level and scope of the breach.
In accordance with the Electronic Communications Act the Agency has published the General act on the security of networks and services, in which it detailed the organizational measures that operators must adopt to ensure the integrity of their networks and uninterrupted provision of services over these networks. In accordance with the General act, the operators must establish and maintain a documented system for information protection management (SIPM) and a system for uninterrupted operations management (SUOM). Technical measures were not defines, as they are dependent on the characteristics of operations, organization, location, size, and technology, as well as the risk assessment analysis of each individual operator. In the event of a breach of network or service security or network integrity that has a significant impact on the operation of public communication networks or the provision of public communication services, the operator must inform the Agency immediately upon detection.
NEW reporting forms after 6.8.2023:
Notification of restrictions and interruptions on the operator's side
You can read more about network security on the following pages:
- ECASEC Working Group Portal
- Abuse and intrusion of private branch exchanges (PBX) and necessary measures
- SI-CERT
- Web Eye
- Stay safe online
Recommendations:
- ENISA Indispensable baseline security requirements for the procurement of secure ICT products and services
- ENISA Technical Guideline on Security Measures
- ENISA Guideline on Security Measures under the EECC
- ENISA Technical Guideline on Incident Reporting
- ENISA Security aspects of virtualization
- ENISA Threat Landscape for Supply Chain Attacks
- ENISA Signalling Security in Telecom SS7/Diameter/5G
- ENISA 7 Steps to shore up the Border Gateway Protocol (BGP)
- ENISA Cyber Threats Outreach In Telecom
- ENISA Security Controls Matrix
5G network security:
- European Commission: Cybersecurity of 5G networks - EU Toolbox of risk mitigating measures
- European Commission: EU-wide coordinated risk assessment of 5G networks security
- ENISA 5G Supplement - to the Guideline on Security Measures under the EECC
- ENISA Threat Landscape for 5G Networks Report
- ENISA Security in 5G Specifications - Controls in 3GPP
- ENISA Threat Landscape and Good Practice Guide for Software Defined Networks/5G