For You

01

SIS 2017 Annual Report

Bratislava, May 2018
  1. Introduction
  2. SIS strategic focus
    1. Security
    2. Countering organized crime
    3. Counterterrorism
    4. International cooperation in CT field
    5. Counterespionage
    6. Illegal migration
    7. Proliferation and safety of nuclear facilities and materials; trading in defence-industry products
    8. Extremist scene
    9. Pseudo-religious groups
    10. Socially excluded communities
    11. Protection of classified information and security vetting for external applicants
    12. Protection of cyberspace
    13. Economy
    14. Corruption and nepotism
    15. Inefficient management of state and municipal property
    16. Customs, tax and financial frauds
    17. Business relations between the Slovak Republic and foreign countries
    18. Foreign politics
    19. Ukraine
    20. Russian Federation
    21. Western Balkans
    22. Crisis and conflict regions
    23. Heightened terrorist threat to Slovak nationals in tourist resorts
    24. Hybrid threats
  3. Cooperation with state bodies and notification duty
    1. Intelligence production for external clients
  4. Situation, principal activities and oversight of the Slovak Information Service
    1. Personnel
    2. Main indicators
    3. Spending and material and technical provisioning
    4. Spending
    5. Material and technical provisioning
    6. Information-technical means
    7. Legal framework for ITM use
    8. ITM use
    9. Cooperation with intelligence services in other countries
    10. Legislation and inspection
    11. Legislation
    12. Inspection
    13. Expert state supervision
  5. A report on the activity of the National Security and Analytical Centre (NBAC)
  6. Conclusion

1. Introduction

This report contains information on the duties, activities carried out and results achieved at the Slovak Information Service in 2017. It includes the Report on the Activity of the National Security and Analytical Centre (NBAC) in 2017 in accordance with its statutes.

The Slovak Information Service is the sponsor of intelligence protection of the state in the framework of the Slovak security system. It actively cooperates with partner intelligence services and international organizations to avoid and eliminate security risks and threats in the space of EU and NATO countries, which Slovakia is a part of, as well as when protecting security of the international community.

The service has positively contributed to the intelligence protection of the constitutional and internal order of the Slovak Republic, ensuring security of the state, and protecting and fostering the Slovak economic and foreign political interests.

2. Strategic Focus

2.1 Security

Countering organized crime

Regarding OC activities, our focus was on economic crime and foreign organized groups with impact on the Slovak Republic.

As to economic crime, our prime concern was VAT and excise fraud, i.e. fraud relating to spirits, tobacco and mineral oils. This type of fraud is committed by international gangs of fraudsters with connected and cooperating businesses that have operations in several countries. It is difficult to uncover and prove, which is why we have stepped up our cooperation with foreign intelligence services in the area of international economic crime.

As to violent criminality, we collected information on perpetrators and orderers of murders, extortion, racketeering (collection of money from businesses), orchestration of prostitution, procuration, hiding places of wanted criminals and other illegal activities. In several cases, information was acquired on crimes of illegal possession of a firearm, production and distribution of narcotics, distribution of illegal and unregistered drugs, usury and insurance fraud.

We kept monitoring the international criminal gangs based in south-eastern, south and eastern Europe engaged in drug trafficking whose activities were affecting Slovakia. To them, Slovakia is not a target country for the drugs they distribute, but a transit territory of drug routes leading to western Europe. We noticed a new phenomenon when large amounts of drugs were smuggled through the borders by Slovak companies set up just for this purpose. The natural drugs distributed in Slovakia were being increasingly replaced by synthetic drugs, which are cheaper and easier to obtain.

As to OC in the border regions of eastern Slovakia, we monitored the trafficking in false documents and banknotes, cigarette smuggling, human trafficking and trafficking in arms in particular.

As the most important domestic OC groups had been eliminated in recent years, greater attention was paid to foreign-speaking organized groups who might seek to gain influence in Slovakia and substitute the recently dominating domestic gangs to turn Slovakia into their base for activities in other EU countries.

One of the methods members of foreign-speaking OCGs used to entrench themselves in Slovakia was legal business activities and fictitious jobs in existing companies. The increased criminality of foreigners in Slovakia was a rising issue.

Counterterrorism

The security situation in 2017 has been evaluated as stable in terms of new terror threats. There have been no substantial changes since 2016. We did not acquire any intelligence suggesting a real threat to the country or its interests abroad, yet the threat level had a mild tendency to rise particularly as a result of the number of completed/thwarted individual violent attacks that had been perpetrated largely by jihadists in some European countries.

The jihadist organization Daesh, returnees from Iraq and Syria, Daesh supporters, individuals ideologically affiliated to Daesh and otherwise motivated Europeans prepared to launch attacks on behalf of the organization, inspired by its media propaganda and frequent calls for terrorist attacks, continued to pose the biggest threat to EU Member States.

In this context, we informed our external clients on the attacks, possible risks stemming from Daesh’s media propaganda, and new ways of perpetrating attacks.

After the wave of terrorist attacks in Europe, both completed and thwarted (the United Kingdom, France, Germany, Spain or Finland), but especially in connection with the attack in Spain on 17-18 August 2017, we analysed the security situation in Europe and the consequent risks to Slovakia.

Prime intelligence attention was paid to the evaluation of threats in Europe in connection with events in Syria/Iraq, because European persons could start using the local modi operandi as Daesh was about to collapse and foreign terrorist fighters were prepared to return to Europe. In this context, our external clients were informed about the foreign terrorist fighters in jihad zones with links to Slovakia.

We alerted to the steep rise in the radicalization and self-radicalization of converts and second- and third- generation Muslims in Europe in the past two years and provided a psychological analysis of a potential attacker from the milieu of vulnerable young frustrated Muslims born in Europe to our external clients.

International cooperation in CT field

We engage in intensive cooperation with our counterparts abroad. In today’s world of mobility and online activities, national borders no longer pose an obstacle to the spread of radical ideas and people prepared to launch terrorist attacks. We worked with our foreign intelligence partners and the Slovak police to launch several successful joint operations that helped uncover dangerous phenomena and terrorism-related human activities. Intelligence is collected especially with the aim of identifying, in the early stage, the groups and individuals with direct links to Slovakia who could be radicalized.

As for international cooperation in the CT field, we were an active member of a working group of services from EU Member States, Switzerland and Norway, and not just when sharing analytical assessments, but also as a member of a joint physical operative platform since 1 January 2017, which was established to share real-time intelligence on terror threats in the EU.

Counterespionage

A member of transnational strategic groups, the Slovak Republic is a target of hostile intelligence activities. They are aimed not only at Slovak interests, but also at interests and policies of the transnational alliances Slovakia is a member of. The espionage activities became more intensive after our country joined NATO, the EU and the Schengen space. We uncover, identify and investigate these activities in the field of intelligence protection in line with the Slovak laws.

The hostile intelligence activities against the Slovak interests and allies are carried out equally on our territory and abroad, e.g. in so-called high-risk regions, where Slovak nationals are targets of interest for the local intelligence services. Our cooperation with partner services abroad is vital to ensure protection against these activities. These partnerships involve a range of activities, from sharing information to joint projects and more.

Besides the traditional methods of espionage using HUMINT sources, the foreign intelligence services collect open-source information from the media, the internet, etc. Another frequently used tool is cyber-attacks when systems are infiltrated by a malicious code.

Some intelligence services in foreign countries kept trying to infiltrate our central administrative bodies and security forces and carry out activities to influence public opinion in 2017. Activities in the economic sphere (especially concerning energy), scientific and military sphere and those regarding information technology and industrial espionage were sought the most.

Since 2013, we have been implementing a Security Awareness Program to improve our counter-espionage prevention. The prime goal of creating this program was to help improve security awareness of the staff at some government institutions particularly with respect to counter-espionage protection and security of digital information. In the program, we provide entry-level information on hostile intelligence activities, areas of interest and objectives, and practical knowledge about information-technical security and recommended methods of securing mobile telecommunication devices and computers. More than 200 employees at ministries and other government institutions participated in our training in 2017.

Illegal migration

In 2017, we watched the situation on the main migration routes to the EU as the number of refugees and illegal migrants was gradually coming down. We noticed that the strongest pressure was on the central Mediterranean route, which leads from Libya to Italy and is the principal route for the illegals. Thanks to the collective influence of several factors, particularly the more effective and intensive involvement of Libyan coastguards assisted by the EU, far fewer migrants came to the EU along this route in the second half of 2017.

The western Mediterranean route, which leads from Africa to Spain, started to be used more.

Migrants would keep using the eastern land route, which enters Slovakia from Ukraine, much less frequently than the other two routes. Slovakia was still a transit country for migrants coming into the EU.

Currently, we notice a very dangerous phenomenon of foreign fighters leaving the jihad zones. In this context, we focus on illegal migration, because it has a direct role in terrorist attacks in Europe.

In 2017, we worked with the National Unit for Countering Illegal Migration, which is a part of the Police Corps Presidium’s Office of the Border and Alien Police, to collect and provide information on the rising numbers of foreigners using sophisticated methods to legalize their stints in Slovakia.

Proliferation and safety of nuclear facilities and materials; trading in defence-industry products

We kept collecting, analysing and providing intelligence on the proliferation of dual-use items and other dangerous materials and on the trading in firearms, ammunition and defence-industry products. The goal was to monitor trade and treatment of these goods and involvement of Slovak natural and artificial persons in the trade.

Along with other government bodies, we took an active part in the licencing procedures connected with trading in dual-use items, defence-industry products and goods the possession of which is limited for safety reasons. We actively shared information in this area with our foreign partners.

As to exporting dual-use items, in addition to uncovering cases of illicit exportation, we did preventive programs to raise companies’ awareness of responsibilities when exporting such goods and technologies to third countries.

Our focus was also on defence exports to regions considered sensitive because of the political situation, which carried a higher risk of re-exporting these goods, or which bordered on embargoed countries. Intelligence attention was paid to contracts for defence-industry products involving high-risk persons and companies. We carried out intelligence activities with the aim of identifying the real end-users of defence-industry products and goods the possession of which was limited for safety reasons. We also monitored high-risk entities’ involvement in the brokering of contracts for defence-industry products.

In 2017, the Slovak companies would continue to perform the contracts with export licences granted to export to the Middle East and some African countries, although much fewer applications for exporting to these regions had been submitted compared to the previous years. We actively cooperated with several partner services abroad on a bilateral level regarding the trade in defence-industry products.

We also kept monitoring and collecting information on the trafficking in firearms, particularly the long-problematic category D firearms. These firearms continued to be made by converting live category A, category B and category C firearms into expansion, Flobert and percussion firearms. The expansion firearms almost stopped selling after the law had been tightened. Thus, targets switched to category D percussion and Flobert firearms, the manufacturing of which was not sufficiently covered by the law. These firearms are still at risk of being misused, as they can be easily converted to live firearms.

We identified more loopholes in the Firearms and Ammunition Act and alerted the relevant statutory clients to them. Until the law and other relating laws are amended comprehensively, the risk of category D firearms being converted to live firearms illegally will persist.

We worked with several partner intelligence services abroad to monitor the trafficking and movement of category D firearms in which OC groups were involved. As a result, a number of firearms were seized and high-risk persons, detained in foreign countries.

We analysed the risks of individuals and groups using unmanned aircraft for terrorist attacks and provided this analysis to the other government bodies. Nowadays, we see many affordable unmanned aircraft on the EU market. Their ways of control and flying range keep improving, they are cheap and available, and one does not need to have special skills to assemble and control them. Explosive devices and other dangerous substances, e.g. biological, chemical and radiological, can be attached to them.

Extremist scene

We paid attention to the prominent figures of the far-right movement in Slovakia as they criticized the government, the Euro-Atlantic structures and the EU migration policy. As always, they would continue to turn the attention of the public to the failing government policies on the Romani people.

The far-right groups organized several public events and activities in connection with elections to regional bodies in November 2017.

An unregistered organization whose members were military sympathizers continued to hold exercises, recruit new members and present its activities to the public. Our external clients received information on impending violent activities of Slovak radical football fans in foreign countries and divisions among hooligan fans and their contacts to foreign far-right organizations. Far-right groups’ activities of holding music performances of far-right bands in Slovakia and neighbouring countries were also monitored. We analysed far-right figures’ online extremist and hateful expressions and paid attention to the online sale of extremist materials.

The far-left supporters and sympathizers performed mostly online activities by which they sought to criticize and discredit mostly far-right figures.

We also kept collecting information on the active involvement of Slovaks in the ongoing conflict in Ukraine.

Pseudo-religious groups

We dealt with efforts of harmful sectarian groupings and pseudo-religious communities to acquire new members, infiltrate the education system, make financial profit and psychologically manipulate their membership. Several pseudo-religious groups carried out charitable work in 2017 to promote own activities, often with the assistance of prominent sportsmen and artists.

Socially excluded communities

We monitored the organized activity of human trafficking carried out by Slovaks abroad (e.g. in the United Kingdom) for the purpose of prostitution, forced-labour and usury.

We informed our external clients on the cases of usury in socially excluded communities and paid attention to the suspected election fraud when votes were bought in socially excluded communities in eastern Slovakia during regional elections.

Protection of classified information and security vetting for external applicants

In 2017, we sent 534 statements on facts important for taking a decision according to the Citizenship Act 40/1993 noting either the identified security risks or the non-existence of information preventing the grant of citizenship to an applicant. The statements are sent at the request of the Public Administration Section of the Ministry of Interior under section 8a(3) of this law.

We also participated in the security vetting carried out by the National Security Authority (NBÚ), Military Intelligence and the Police Corps and provided information on security credibility of candidates and businesspersons to applicants as stipulated by the Protection of Classified Information Act 215/2004. We participated in the process of collecting information under section 75(1)(e) of that law to help assess judicial competence of candidates for judge. We did so by providing information from our databases to the National Security Authority.

We also participated in the vetting of persons under section 14(4) of the Provision of Services in the Area of Private Security Act by means of statements issued at the request of the Office for Private Security Services of the Police Corps Presidium and regional police directorates. Furthermore, we issued statements at the request of the Transport Office’s Civil Aviation Division to assess credibility of persons under section 34a(5) of the Civil Aviation Act 143/1998.

We provided statements under section 5(2, 4) of the Trading in Defence Products Act 392/2011 to the Ministry of Economy in respect of corporate applications for licences to trade (and mediate deals) in defence-industry products.

We carried out administrative vetting of 27 persons at the request of the Ministry of Interior’s Migration Office under section 19a(9) of the Asylum Act 480/2002. We also carried out the administrative vetting of 16,760 persons at the request of the Office of the Border and Alien Police of the Police Corps Presidium under section 125(6) of the Foreigners’ Residence Act 404/2011.

Protection of cyberspace

Regarding cyberspace protection, we would engage mainly in preventive security programs in 2017.

We warned a number of government bodies that their systems had been infiltrated by a malicious code. Some of these attacks seemed to have been carried out by state-supported groups of hackers from foreign countries. Our international partnerships in the cyber area dealt particularly with the cyber infiltration campaigns started in 2016 and continuing into 2017. We sought to eliminate the possibility of cyber-attacks damaging critical infrastructure. We also kept pointing out that IT systems of some Slovak government institutions had been infiltrated by a malicious code. Often, these viruses were used to leak and collect information or commit cyber-attacks during spear phishing campaigns.

We actively cooperated with the National Security Authority in preparing a Cyber Security Act that would provide the necessary framework for implementing the key measures to make the national cyberspace secure and improve the protection of the Public Administration’s information systems. We are also part of the National emergency response system in the area of cyber security.

It is impossible to have effective cyber protection without the adequate cooperation of experts and relevant entities from the private sphere, government and academia. The cooperation, methodical responses to cyber incidents, ways to deal with them and proactive approaches constitute a comprehensive sophisticated program that divides responsibility in this field across the government and society. Here, our focus is on educational programs, particularly in respect of the challenges represented by the benefits of the information technology and the antisocial activities it is used for.

Despite the measures, information security is still unsatisfactory in a number of Public Administration bodies, something that makes the response to sudden cyber threats ineffective. Unfortunately, the Slovak Information Service is one of those institutions that fall behind in IT competences of the staff and overall use of technology. For a long time, our technical capacities have been modernized only where necessary, only for the service to be able to meet its statutory duties.

2.2 Economy

Corruption and nepotism

Throughout the year, we focused on cases of corruption and nepotism concerning the state and regional property and activities of the Financial Administration, the Police and the Prosecutor’s Office.

Our statutory clients received information on corruption when a municipality awarded contracts for the construction of underground services.

We sent information on a suspected sale of a property belonging to a state-owned health-care facility to a private company for less than it was worth.

We pointed to the suspected corruption of a former civil servant who asked a farmer for a bribe to prolong a lease agreement on farmland.

As to renting state-owned land for landholders to take EU subsidies, we circulated information on a suspected member of an organized-crime group from eastern Slovakia who reportedly sought to take up a lease on farmland using fraud and extortion.

A suspected case of corruption was uncovered in the wood industry. Employees of a state-owned company took bribes to allow wood to be sold to a private company for less than it was worth and without making a record of the deal. Corruption during a sale of wood was uncovered at a municipal company administering a town forest in central Slovakia.

Our statutory clients received information on employees of a local state administration body who rigged environmental audits. The officers took bribes to rig an audit at a company that allowed sewage to be released into a river.

Corruption inside the Financial Administration was uncovered. Several tax officers took bribes to rig tax audits in favour of taxpayers engaged in fraudulent VAT repayments. We also sent information about the customs officer who cooperated with a person smuggling cigarettes and drugs from Ukraine to Slovakia.

We dealt with links between organized crime and police in a number of corruption cases in which police officers were to help smuggle cigarettes, drugs and illegal migrants, distribute drugs and commit tax and credit fraud and other crimes. They were to provide the criminals with information on their illegal activities and planned police actions against them so that the criminals could use the information to thwart the police investigation.

We dealt with suspected links between organized crime and courts or the prosecutor’s office. In this case, we pointed to a criminal from eastern Slovakia who gave a bribe to influence, in favour of a person charged with tax fraud, the way a case was adjudicated by a district Prosecutor’s Office and court.

Inefficient management of state and municipal property

The intelligence obtained in 2017 points to the continued harming of interests of the Slovak Republic in several state-owned companies. Particularly the completion of large energy projects co-financed by the Slovak government was coupled with persistent risks in this respect and we monitored them.

We alerted to potential economic risks of insufficient investments in the existing distribution network by an energy distribution company.

We warned that a distress action whereby the government sought remedy for illegally received agricultural subsidies was about to be frustrated. An entrepreneur whose companies were to be seized had made fictitious claims toward these companies to siphon property from them to other companies to frustrate the distress action by the creditor.

We focused on subsidies from the EU structural funds and the Slovak Budget. Our statutory clients received information on subsidies used fraudulently to pay for fictitious and overpriced work. They were subsidies for R&D projects, rural development projects and projects to reduce energy consumption in public buildings. We also sent information on the suspected fraudulent use of subsidies to get rid of environmental burdens.

Customs, tax and financial fraud

We collected information on organized groups in Slovakia whose members were suspected of crimes involving income tax, VAT and excise duty. Most of these cases were suspected tax crimes involving fictitious transactions between connected companies with an aim of reducing fraudulently the tax base of artificial persons and the VAT, or to claim illegal VAT repayments. The companies that are part of carrousel networks have their dummy directors controlled by orchestrators of the fraud. These dummy directors and owners, who are often foreigners, are regularly replaced and the companies they ostensibly control cease to exist by merging with a successor company without declaring bankruptcy. Eventually, the successor company is deleted from the register of companies after the bankruptcy action is frustrated on the grounds of missing property.

A person providing accounting services and economic counselling created a carrousel network to help reduce, via fictitious deals with companies in that carousel network, the tax paid by his clients’ companies.

We also informed our statutory clients on the suspicion that certain prominent food producers attempted to reduce their tax burden by means of making fictitious deals.

Our statutory clients received information on an international network of companies that made fictitious carrousel deals with each other in order to be able to claim and receive illegal VAT repayments.

Regarding excise fraud, we noticed a number of cases when tobacco products were smuggled through the Slovak-Ukrainian border. Our statutory clients received information on the excise fraud in mineral oils, which the orchestrators sold via a network of petrol stations whose operators were companies with dummy directors.

Throughout the year, we continued to monitor various attempts to orchestrate Ponzi schemes and ‘profitable investments’ in shady securities offering a high interest rate.

Business relations between the Slovak Republic and foreign countries

Energy security has long been our main priority. Apart from one or two energy-rich nations, there is no EU country that can meet its energy needs entirely from own resources. This makes energy security a strategic priority for all EU Member States (the conditions for advancing the common objectives of the EU’s energy policy are gradually being created despite many conflicting interests).

Slovakia needs to import oil and natural gas besides electric power, but it is also a country with important oil and gas transit corridors. Especially its gas transit corridor is the determinant of energy security for a large part of Europe.

The most sensitive issue of our energy security, which the service has been addressing very intensively, is the possible endangerment of gas transit and supplies. Since the last gas crisis in 2009, the gas supplies to Slovakia have become much securer thanks to new alternative ways of delivering the commodity. However, new risks have arisen because of efforts to construct new pipelines for Russian gas that will bypass Slovakia. This factor and potential developments were the subject of our analyses and predictions.

Regarding oil, we focused on the risks of terminating or reducing substantially the oil supplies to the Slovnaft refinery and oil transit through our territory and on the risks of redirecting Russian oil outside the Druzhba pipeline.

The threat-posing phenomena regarding nuclear facilities, power plants with high installed capacity and strategic industrial enterprises, the distribution network, the gas transit network, the oil transit network and large storage facilities for natural gas, oil and other fuels were also monitored.

In the area of distribution of electric power and energy production in conventional and nuclear power plants, we pay great attention to the security risks that can imperil the operation and construction of power plants and distribution networks. Cyber-attacks on the energy infrastructure are another important phenomenon. They can endanger electricity supplies.

2.3.Foreign policy

Ukraine

The security and internal situation in Ukraine was one of the top priorities of our intelligence and analytical work in 2017. A crisis region directly bordering on Slovakia, Ukraine could pose direct threat to Slovakia’s security if destabilized.

We continued to see an unstable internal situation marked by corruption and rivalry among the oligarchic groups and tensions among key political actors there. The oligarchs continued to exert influence on decision-making at all levels of power, which posed a serious obstacle to implementing the much-needed economic reforms.

We focused on the conflict in eastern Ukraine, where military clashes of variable intensity persisted. The implementation of Minsk agreements was at a standstill. The parties’ differing strategic objectives were prolonging the conflict and were turning it into a frozen war. The coup in the so-called Lugansk People’s Republic in November 2017 had no serious effect on the security and political situation in the region. The availability of firearms and ammunition and the activation of different radical organizations and groups continued to pose a security threat.

Russian Federation

In Russia, we focused on the internal situation characterized by the strengthening of President Putin’s power. The priority for the Russian leadership was to keep social peace and prepare the March 2018 presidential election. Russia managed to overcome the economic sanctions imposed by the EU and the United States for it annexing the Crimea. Yet, despite the modest recovery, the Russian economy kept stagnating. The country could not embrace structural reforms, ditch corruption, solve its dependence on fuel prices and attract foreign capital. The significant differences between regions regarding self-sufficiency persisted in 2017.

As to foreign policy, Russia kept consolidating its positions of a super power. It was a priority for Russia to preserve its dominant position and influence in the post-Soviet space and strengthen its ties with countries in the near abroad (i.e. those it shares a border with) by integrating them into a Eurasian Economic Union and regional security structures, by using economic pressure (Belarus), and by keeping frozen conflicts alive (Moldova/Transnistria, Ukraine, and Azerbaijan/Nagorny Karabakh). Struggling to be viewed as a super power, Russia continued to participate in the Syrian war while developing pragmatic relations with the other Arab countries.

Western Balkans

We continued to monitor the situation in the Western Balkans with respect to efforts of several Balkan nations to join the EU and because of persistent problems caused by the bad interethnic relations and political instability there. Corruption and power struggle were deepening these problems.

In Serbia, we focused our attention on the internal situation, as a presidential election had been scheduled there for April 2017. The chairman of the ruling Serbian Progressive Party and prime minister Aleksandar Vučić was the winner of the election. In its foreign policy, the Serbian government sought to balance the relations between Russia and the West as Russia was visibly trying to increase its influence in Serbia.

In Kosovo, we monitored an unstable internal situation and risks connected with an early parliamentary election. No marked progress was noticed in the Serbian-Kosovar dialogue on implementing the adopted agreements, possibly because of the Kosovar parliamentary election and Serbian presidential election.

In Montenegro, our focus was on the country’s accession to NATO, which formally took place on 5 June 2017, and preparations for it.

In Macedonia, we monitored an internal crisis and the formation of a new government after the December 2016 parliamentary election. The opposition Social-Democratic Union of Macedonia and Macedonian-Albanian parties seized power after a prolonged crisis there, which culminated in the storming of the parliament building by the supporters of the old government.

In Bosnia and Herzegovina, we focused on the difficult political situation and the recurrent hard-line nationalist rhetoric. Republika Srpska’s President Milorad Dodik was able to strengthen his position. He kept questioning Bosnia’s statehood. In another entity, the Federation of Bosnia and Herzegovina, we noticed a persistent lack of Nations representatives’ will to agree on amending the electoral law. This situation was contributing to ethnic tensions and the possibility of a serious political crisis.

Crisis and conflict regions

We continued to focus on the conflict in Syria. The chances of defeating the al-Assad regime dropped significantly after the pro-regime forces conquered the positions of insurgents in Aleppo. While the Syrian regime supported by Russia and Iran continued to consolidate its territorial gains, the most violent groups, particularly the successors to the Al-Nusra Front, gained the upper hand among the insurgents.

Russia proposed to create de-escalation zones in response to the weakening of the opposition for battle to stop also on the remaining fronts and the Russian diplomats to be given room to negotiate a final deal. However, this process failed and the conflict flared up again, for one, because Turkey, Iran and the Syrian government had no interest in reaching the political agreement according to Russian proposals. The armed opposition, too, had refused the initiative.

During the year, the US-led international anti-Daesh coalition and pro-regime forces eventually destroyed the jihadists’ territorial base in Syria and neutralized a large part of their conventional military capacity. Thus, Daesh was reduced from a territory-controlling proto-state to a terrorist group with very limited territorial control in the east of Syria.

Given the pro-regime forces’ military achievements, President Bashar al-Assad would be even less prepared for political give-and-take. The regime turned out to be uncooperative not only during the UN-sponsored talks in Geneva, but also in respect of the Russian initiatives. The attempts of the EU to give new momentum to the diplomatic talks with an offer of economic assistance if al-Assad stepped down failed to bring the expected results, although the Syrian government was suffering badly from a lack of means to provide the basic services, including security.

We monitored the situation in Libya, which remained the key source of instability to the North-African and European region despite the regional and international actors’ intensive diplomatic efforts. Because of the struggle for power amongst the Libyan political and military elites motivated by private interests, the internal scene could not be consolidated and its instability was the main factor behind the rise in crime and terrorism in this country. The absence of a centrally controlled state police force was also influencing the security situation. The economic situation remained critical, although the Libyan oil production grew throughout the year. The economic and security problems were accompanied by a lack of trust of Libyans in the existing institutions in the country.

We analysed the factors behind the lower number of migrants traveling along the Libyan section of the central Mediterranean route in the second half of 2017. In our opinion, the drop is unsustainable, since there is no effective strategy of combating the local criminal networks in Libya. In all likelihood, these local networks include the armed groups that formally support the internationally recognized government in Tripoli. Unless these militias replace their people smuggling with something else to earn money, they are likely to carry on with people smuggling.

Regarding the Egyptian presidential election planned for the summer 2018, we advised of the measures taken by the el-Sisi regime to consolidate presidential power and of their impact on Egypt’s political and security stability. As the repressive policy of the regime continued, it became apparent that no opposition candidate would be able to defeat el-Sisi in the election. El-Sisi kept high approval ratings even as the bad living standards and instable security situation caused by the attacks of Daesh’s Egyptian affiliate started to reflect on his popularity. Daesh kept attacking the Sinai Peninsula despite the government’s preventive and retaliatory measures.

Heightened terrorist threat to Slovak nationals in tourist resorts

A heightened terrorist threat to the Western/EU nationals and interests persisted in the Middle East and North Africa. Citizens on a visit to Middle-Eastern countries, individually or in organized groups, were the most vulnerable. The tourist infrastructure and the mass transport were frequent targets for terrorist groups as the important elements of the local economy. Violence was encouraged by the intensive online jihadist propaganda calling for terrorist attacks against the countries and citizens involved in the war on Daesh.

The terror-threat level would depend on local conditions, particularly a presence of security forces and security of the tourist-infrastructure elements.

Tunisia, Egypt and Turkey (or certain regions there) were the most dangerous places. In Egypt, the attacks would target mostly the northern parts of the Sinai Peninsula, while the Red Sea coast was a relatively secure area without the signals of impending incidents. Tunisia was dangerous because of the high number of returnees from jihad zones (Syria, Libya) and because of the activities of people inspired by the online propaganda. The risks continued to be present in Turkey, where a network of Daesh members and sympathizers with links to Daesh structures in Syria and Kurdish militant groups was operating.

Hybrid threats

Hybrid threats are a set of political, information, intelligence, military, economic and legal tools used in a conflict or during a span of time to destroy the enemy’s integrity. They include various tools, from cyber-attacks and electronic warfare to traditional military tools, from terrorist acts and sabotages to political and economic pressure, from psychological operations to hostile propaganda, etc.

The hybrid operations are to destabilize a functioning nation and polarize its society. They can be carried out to incite public protests or an internal conflict in a country or to weaken and bring down a government without openly using a military force. They focus on vulnerabilities, erase the difference between war and peace and wreak havoc on purpose.

A harmful phenomenon on its own cannot always be characterized as a hybrid attack. It will become one only if used in combination with certain political intentions to provoke instability and uncertainty.

Hybrid strategies are not used by the state actors only. Daesh is also the actor with significant influence on security of the EU and other nations.

In 2017, we focused on the selected hybrid warfare used by state actors. We pointed out the risks connected with private military companies, which a number of countries use as their foreign policy tool.

We believe that international cooperation of NATO and EU intelligence structures is the way to counter the hybrid threats. We do engage in it by attending expert meetings, sharing information and helping with joint analytical projects.

We also helped to create the Slovak Republic’s Strategy of countering hybrid threats sponsored by the Office of the Security Council of the Slovak Republic. We worked with other state bodies to elaborate the characteristics of security environment in Europe following the rise in hybrid threats from several state and private actors. We also evaluated the biggest potential hybrid threats to the stability and security of the Slovak Republic.

3. Cooperation with state bodies and notification duty

We continued to cooperate with the other Slovak state bodies in 2017 by means of official external liaisons under the Slovak Information Service Act. We actively cooperated with the Office of the National Council of the Slovak Republic, the Office of the President of the Slovak Republic, the Office of the Government of the Slovak Republic, central bodies of the State Administration and other offices and institutions.

There was active cooperation in the area of classified information protection, security vetting, certification of devices, development of information and communication technologies, cryptographic protection of information, protection against the illicit use of information-technical means, legislation, and international crisis management.

The information obtained and other documents were used in our analytical and operative work. As for intelligence production, the feedback from external recipients was particularly important as it helped improve the quality of our work.

In multilateral cooperation with domestic entities, we took an active part in the work of interdepartmental expert working groups dealing with counterterrorism, extremism and illegal migration.

Intelligence production for customers

In 2017, the Slovak Information Service elaborated 285 intelligence products for the external recipients covering all areas of the Strategic Focus. Of this number, 166 (58%) were on security, 69 (24%), economy, and 50 (18%), foreign policy.

The details are in the tables and chart below:

Table: Summary of intelligence production in 2017

4. Situation, principal activities and oversight of the Slovak Information Service

4.1 Personnel

Main indicators

On 31 December 2017, the service’s staffing level was 81.64% of the plan, which is a very small increase from 80.86% on 31 December 2016. The demography remains basically the same as in previous years. Sixty per cent of the personnel are male and forty per cent, female. There are fewer officers below 40 (33%) than middle-aged officers between 40 and 50 (43%) and 70% of officers have university education (including the bachelor’s degree). In 2017, 93.4% of officers were in permanent civil service, 6.25%, in preparatory civil service and less than one per cent (exactly 0.35 per cent), in temporary civil service. Several hundreds of citizens applied for a job with the service and 47.6%, who met the statutory conditions and whose professional profile matched the service’s needs, were included in the admission process. 17.9% succeeded in getting the job.

Chart: Personnel structure according to gender, age, education and type of civil service

4.2 Spending and material and technical provisioning

Spending

In the Budget Act 357/2016, a binding expenditure limit of €51,510,678 (a €4,000,000 of which sum was for capital expenses) and a binding income indicator of €130,000 were allotted to the Slovak Information Service for 2017.

In 2017, the Ministry of Finance of the Slovak Republic used a Budget measure once to adjust the service’s expenditure limit.

Table: Binding indicators in the Budget’s SIS chapter

Material and technical provisioning

The capital expenses were used mainly for upgrading the information and communication system (including the communication infrastructure) and intelligence and monitoring technologies, for crypto equipment, to restore and modernize the telecommunication technology and electronic protection system in the service’s buildings, to ensure that the individual buildings are in working condition, for measures to satisfy the terms of protecting classified information, and to repair and supplement, where necessary, the outdated car fleet used for special duties of an intelligence and operative nature.

The operating expenses were used, where necessary, to fund intelligence activities, to cover obligatory and contractual payments and to service the outdated equipment and buildings. The other expenses were used strictly to maintain the service’s day-to-day operation and keep its information and communication technologies in working condition.

Because of the continued public sector deficit, the service is unable to keep up with the modern trends in the use of information, communication and intelligence technologies despite the expenditure adjustments. There have been no investments in the development of modern means of cyber protection in the service for a long time.

Measures were taken in 2017 to match demands for funding in the Budget’s SIS chapter against the ability to meet them in a way to ensure effective spending of the public funds.

4.3 Information-technical means (ITM)

Legal framework for ITM use

The Slovak Information Service Act 46/1993 and the Act on the Protection of Privacy Against the Illicit Use of Information-Technical Means 166/2003 provide in their section 10(1)(b) and section 2(2), respectively, that the Slovak Information Service is authorized to use information-technical means when carrying out its duties. It is possible to use ITM to invade citizens’ privacy without their consent provided that the statutory requirements have been met. This measure requires a judge’s written consent before it can be applied. Even with this consent, an ITM can be used only for the time necessary not longer than six months. This period begins on the day the judge gives his consent. If necessary, several types of ITM can be used at the same time or sequentially, but each can be used only within the limits expressly stated in the judge’s consent. If an ITM is to be used at places inaccessible to the public, the judge will specify whether the consent also applies to entering these places.

ITM use

In 2017, the service submitted 311 requests for ITM use, seven of which were refused by the judge.

On 8 February 2018, when this report was still being compiled, 197 out of 304 cases of ITM use had been evaluated in respect of reaching the statutory goal and purpose. Of this number, 183 placements met the statutory goal and purpose. The remaining 107 placements could not be evaluated. They were either live or waiting to be evaluated within the 30-day period after the withdrawal of ITM. All placements made in the first half of 2017 have been evaluated.

ITM use at the Slovak Information Service is fully compliant with the provisions of the Slovak Information Service Act 46/1993 and Act on the Protection of Privacy Against the Illicit Use of Information-Technical Means 166/2003.

The technical solutions used and strict organizational and control measures warrant that the legality of ITM use is respected and no interference with the service’s surveillance and data storage/archiving system is possible. Comparing the SIS statistics with those provided by the Bratislava County Court, we discovered that the number of requests for ITM placement and the number of granted judicial approvals were the same in 2017, so each case of ITM use had a judge’s approval and none was illegal.

Table: Detailed statement on the use of ITM in 2017 (as of 8 February 2018)

The ITM use at our service is fully in harmony with the provisions of the Act 46/1993 and Act 166/2003. Our technical solutions and organizational/control measures warrant that ITM use is legal and there are no intrusions in the monitoring and data archiving systems.

4.4 Cooperation with intelligence services from other countries

The year of 2017 was the proof that the Slovak Information Service is a highly trusted partner for the international community. At the bilateral level, we currently cooperate with 102 partner services from around the world, and counting, as several new services join the cooperation each year.

Judging by the quality of bilateral relations and results of joint activities, there was blossoming cooperation with the counterparts from EU and NATO member countries, particularly the United Kingdom, Germany, France, the United States and the V4 countries (the Czech Republic, Hungary, Poland). Cooperation with Balkan services was high on the agenda because of the Strategic Focus priorities. At all levels of the cooperation, potential endangerments from international terrorism and radical Islamist extremism were discussed as the key issues in addition to the situation in crisis and unstable regions, manifestations of political extremism, illegal migration, proliferation, trafficking in defence-industry products, organized crime and hostile intelligence activities.

The sharing of analytical information and results on all key topics is the cornerstone of our foreign bilateral cooperation. Furthermore, we are engaged in bilateral cooperation with our foreign partners in a number of operative fields, joint exercises, projects and special operations and when sharing views on legal questions.

The multilateral cooperation went on according to the plan of activities and the Strategic Focus (sharing information via communication systems; sending experts to regular multilateral expert meetings, working groups and seminars; participation of the SIS management in Heads of Service meetings, etc.). Thematically, the focus was on combating terrorism, extremism, proliferation of dual-use items, trafficking in defence-industry products, illegal migration, organized crime and hostile intelligence activities. The services would also address the situation in high-risk or conflict regions and relations between the intelligence services and EU institutions.

In 2017, the service prepared itself to assume the presidency of multilateral platforms in 2018 and 2019. In this context, it held several consultation meetings with its partner services.

4.5 Legislation and inspection

Legislation

The service cooperates with ministries, the other central bodies of the State Administration and the other government bodies in the making of laws. In 2017, it reviewed 73 proposed bills sent for the interdepartmental debate, of which 10 it queried. The goal for the service was to alert the proposers to the problems that would arise if the bills were signed into law as well as to create a legal basis upon which to carry out its statutory duties in a proper and effective way. A number of the service’s comments were incorporated into the materials. One of the proposed bills was the draft law on cybersecurity. The service made seven crucial remarks about it.

Inspection

Regarding administrative security, one inspection of records of physical destruction of classified documents and administrative tools in classified documents protocols and the Administrative Tool Book and one unscheduled inspection to verify the completeness of classified documents, registry records, administrative tools and registration tools took place in 2017. As to security of technical equipment, three inspections of photocopiers used for classified documents took place. Regarding physical security and security of buildings, there was one unscheduled inspection to make sure that officers use their safekeeping boxes properly. Twenty internal inspections were carried out in the service’s principal divisions to ensure the abidance of public statutes and the service’s internal regulations. There was also one financial audit, which was carried out on the spot according to the Financial Audit Act 357/2015. Officers were checked for alcohol using a breath analyser in all principal divisions of the service throughout the year. The test was positive in one case. The inspectors found no violation of the service’s internal regulations or the public statutes during the remaining internal inspections and the inspections were finished with an Account of the results of an internal inspection. No shortcomings were found during the on-the-spot audit and it was finished with a Report on the results of an on-the-spot audit.

Expert state supervision

State inspectors and the public health officer launched 17 planned supervisions, including 10 expert state supervisions in the area of the workplace security and health safety of civil servants and device security, 5 fire supervisions and 2 health supervisions. The inspectors took two remedial measures — the remaining shortcomings had been dealt with before finishing supervisions. The inspectors found no violation of the service’s internal regulations or the public statutes. The director general commissioned the public health officer to assess health risks and categorize jobs within the Slovak Information Service.

5. Report on the Activity of the National Security and Analytical Centre

In 2017, the NBAC kept performing duties in the area of interdepartmental information exchange so that decisions and measures could be taken at the earliest possible time to preserve the security of the Slovak Republic and Slovak citizens. It worked with the other state bodies with a member status to collect, evaluate and share information on terrorism and other security incidents, events and phenomena. The Slovak government institutions use the NBAC more and more as a platform for fast information exchange enabling the fusion of knowledge and an immediate response by departments seeking effective measures within their remits. In 2017, the bodies represented in the centre paid heightened attention to the identification and evaluation of possible terrorist risks affecting Slovakia and Slovaks and risks that stem from the increased number of legalized stints of third-country nationals in Slovakia, legal and illegal arrivals of high-risk persons in Slovakia, extremist and radical expressions in the media and on the internet, and cyberterrorism and hacktivism affecting Slovakia.

The NBAC participated in the tasks of increased monitoring of the security situation in Slovakia and abroad by working hand in glove with Slovak government institution to assess security risks within their remits and by managing the top-level political events, such as the visit of the German president or the visit of Prince Edward, son of the queen of the United Kingdom and Northern Ireland, to Slovakia, and other public events of international importance in Slovakia, including international conferences Globsec and Slovak Security Forum 2017, mass public events held on the occasion of the anniversary of the Slovak National Uprising, religious memorial events, and abroad during the G20 meeting of presidents and parliament speakers in Hamburg, Germany.

The NBAC performed tasks of information sharing when fast response to requests of foreign partners was needed in the context of terrorist attacks in Belgium on 23 March and 20 June 2017, Sweden on 7 April 2017, France on 20 April 2017, the United Kingdom on 3 June 2017 and Finland on 18 August 2017. More of these tasks were carried out in the context of suspicions that a terrorist attack was impending in a European country and that high-risk individuals might have links to international terrorist organizations; in the context of staging protests against an international exhibition of defence and security equipment in London, the United Kingdom and in the context of an impending bomb attack on a Polish embassy. The centre continued to engage in international cooperation by establishing a bilateral partnership with the Hungarian Counter-Terrorism Information and Criminal Analysis Centre (TIBEK) and participating in meetings of the informal group of CT centres and coordinators from EU Member States, Scandinavia, North America and Australia, known as the Madrid group.

In 2017, the NBAC Council met twice to discuss the report on the NBAC activities in 2016, the security situation in Slovakia and the current threat level, to consider relocation of the centre and to propose three shifts for the centre to be able to operate in a 24-hour regime. The NBAC Council proposed on 23 August 2017 that the prime minister and minister of interior raise the threat level in Slovakia from low to increased.

To provide continued information sharing on security threats, the centre was put into the 24-hour regime for 22 days in 2017. During 2017, it was actively involved in elaborating documents for the National Risk Assessment, a comprehensive national assessment of the vulnerability of the Slovak Republic to money laundering and financing of terrorism, which should serve as the basis for the fifth round of assessment by the Council of Europe’s permanent monitoring body Moneyval in 2019. After four years of positive experience, the centre continued to draw on the expert potential provided by the government departments to share in responsibilities and hold lectures for State Administration employees. These lectures were focused thematically on the state of affairs regarding cybersecurity in Slovakia, competences and procedures of the Financial Administration when releasing high-risk goods through customs regimes, responsibilities and activities of the NATO Force Integration Unit in Slovakia, remotely controlled devices and how they can be used for terrorist and other illegal purposes, and Russian activities in the Middle East.

The centre gave thematic lectures in a number of state institutions to explain its responsibilities and mission and raise the employees’ awareness of active cooperation between individual government bodies.

The centre joined the informal debate on extending its roles, e.g. as regards the interdepartmental cooperation in evaluating the impact of hybrid threats on Slovakia and its EU/NATO partners.

The Slovak Information Service continued to second new staff to the centre to deal with the demands placed on it regarding its roles, to keep standardizing its activities and to respond proactively to the ever-changing situation in the security field. Steps were taken to provide the centre with new spaces where it could perform its duties appropriately.

6. Conclusion

In 2017, the Slovak Information Service continued to carry out the tasks of collecting and evaluating information for its statutory clients within its domain and powers as set forth in the Act 46/1993.