Security Fest 2026

Operating a Cyber Threat Intelligence (CTI) capability for the public sector means working at the intersection of security, regulation, and trust. This presentation by CSIRT.SK shows how its Afrodita platform, built on MISP and integrated with several internal systems Aura and Atena, delivers actionable CTI while meeting the specific requirements of NIS2 directive and Slovak cybersecurity legislation.

CSIRT.SK runs a centralized architecture of MISP instances connected across GOVNET, the governmental network, and beyond. This design enables secure CTI exchange among public institutions and partners, including selected international instances such as NATO MISP and FIRST MISP. Afrodita acts as the main interface for constituents, while Aura provides internal automation and correlation of incident data, and Atena links threat indicators to the Governmental Security Operation Center (SOC). In return, data collected during SOC operations and incident response, are used for building situational awareness as one of the core services defined by FIRST CSIRT Services.

The presentation explains how this multi-layered architecture ensures data enrichment, contextualization, and traceable sharing of IoCs, enabling faster detection and coordinated response within a controlled trust domain. It also highlights practical challenges unique to the public sector constituency and the benefits for other CSIRT Services.

Attendees will learn how CTI sharing under Afrodita helps public entities demonstrate NIS2 compliance, by integrating intelligence into vulnerability assessment, security monitoring, incident reporting, and evidence of “state of the art” cybersecurity controls.