Zbornik - Urad Vlade Republike Slovenije za varovanje tajnih

2002-2012
Urad Vlade Republike
Slovenije za varovanje
tajnih podatkov
Government Office For The
Protection
Of Classified Information
(NSA)
Proceedings of the Office of the Government
of the Republic of Slovenia for the Protection
of Classified Information to mark its 10th
anniversary (2002–2012)
Zbornik Urada Vlade Republike Slovenije za
varovanje tajnih podatkov ob 10. obletnici
delovanja, 2002—2012
Naročnik: Urad Vlade Republike Slovenije za
varovanje tajnih podatkov, Gregorčičeva 27, 1000
Ljubljana
Avtorji besedil in slik (po abecednem vrstnem
redu): Tatjana Balorda, Igor Eršte, mag. Mateja
Kapš, Uroš Kogoj, Gregor Majcen, v. d. direktorja
urada, Boris Mohar, dr. Boštjan Petelinc, Marko
Rosandič, Maja Rožaj, mag. Erik Schlegel
in Miran Skobe.
Odgovorna oseba: Gregor Majcen v. d. direktorja
Uredil: dr. Boštjan Petelinc, Urad Vlade Republike
Slovenije za varovanje tajnih podatkov
Oblikovala: Peter Hazler, Urad Republike Slovenije
za makroekonomske analize in razvoj, in dr. Boštjan
Petelinc, Urad Vlade Republike Slovenije za
varovanje tajnih podatkov
Leto izida: 2012
Urad Vlade RS za varovanje tajnih podatkov,
Gregorčičeva 27, 1000 Ljubljana
telefon: (01) 478 13 90
telefaks: (01) 478 13 99
e-pošta: gp.uvtp(at)gov.si
Published by: the Office of the Government of the
Republic of Slovenia for the Protection of Classified
Information, Gregorčičeva 27, SI-1000 Ljubljana
Authors of articles and photographs (in
alphabetical order): Tatjana Balorda, Igor Eršte,
Mateja Kapš, Uroš Kogoj, Gregor Majcen, Boris
Mohar, Boštjan Petelinc, Marko Rosandič, Maja
Rožaj, Erik Schlegel, and Miran Skobe.
Responsible person:
Director of the Office
Gregor
Majcen, Acting
Edited by: Boštjan Petelinc, Office of the Government
of the Republic of Slovenia for the Protection of
Classified Information
Design: Peter Hazler, Institute of Macroeconomics
Analysis and Development; and Boštjan Petelinc,
Office of the Government of the Republic of Slovenia
for the Protection of Classified Information
First edition: 2012
Office of the Government of the Republic of
Slovenia for the Protection of Classified Information,
Gregorčičeva 27, SI-1000 Ljubljana
Phone: (01) 478 13 90
Fax: (01) 478 13 99
Email: [email protected]
Izdal, založil in tiskal Urad Vlade Republike Slovenije
za varovanje tajnih podatkov, Gregorčičeva 27, 1000
Ljubljana, uporaba in objava podatkov dovoljena le z
navedbo vira.
Issued, published and printed by the Office of the
Government of the Republic of Slovenia for the
Protection of Classified Information. The use and
publication of the information contained herein is
only permissible with reference to the source.
Vsebina zbornika je dostopna tudi na spletni strani
http://www.uvtp.gov.si/
The proceedings are published online at http://www.
uvtp.gov.si/
ForThe
TheProtection
Protectionof
OfClassified
ClassifiedInformation
Information(NSA)
(NSA)
10 years of Government Office for
1
Kazalo
Table of Contents
1
O Uradu Vlade Republike Slovenije za
varovanje tajnih podatkov................................ 15
1
About the Office................................................ 15
1.1
Tasks and objectives........................................ 16
1.1
Naloge in cilji..................................................... 16
1.2
UVTP emblem.................................................... 19
1.2
Znak UVTP......................................................... 19
1.3
UVTP employees............................................... 21
1.3
Zaposleni na UVTP............................................ 21
2
2
Zakonodaja na področju varovanja tajnih
podatkov............................................................ 22
Legislation relating to protection of
classified information....................................... 22
3
3
Varovanje tajnih podatkov v Republiki
Sloveniji............................................................. 24
Protection of Classified Information in the
Republic of Slovenia.........................................24
3.1
3.1.1
3.1.2
Osebna varnost................................................. 24
Osnovna varnost................................................. 24
Postopek pridobivanja dovoljenja za dostop do
nacionalnih tajnih podatkov................................. 24
3.1.2.1 Medresorska delovna skupina za osebno
varnost................................................................ 25
3.1.3 Dovoljenje za dostop do tajnih podatkov EU...... 26
3.1.4 Dovoljenje za dostop do tajnih podatkov zveze
Nato.................................................................... 26
3.2
3.2.1
3.2.2
3.2.3
Dokumentacijska varnost................................ 29
Medresorska delovna skupina za
dokumentacijsko varnost.................................... 30
Registrski sistem za tajne podatke EU in zveze
Nato.................................................................... 31
Komisija Vlade Republike Slovenije za
presojanje upravičenosti prevladujočega
javnega interesa v zvezi z razkritjem podatkov,
ki so označeni kot tajni........................................ 32
3.3
Fizična varnost.................................................. 34
3.4
3.4.1
3.4.2
3.4.3
3.4.4
3.4.4.1
Informacijska varnost....................................... 36
Komisija Vlade RS za informacijsko varnost.......37
Natova delavnica Infosec.................................... 38
Tempest.............................................................. 38
Kriptologija.......................................................... 39
Medresorska strokovna delovna skupina za
komunikacijsko varnost....................................... 41
EU NDA – nacionalni organ Evropske unije za
razdeljevanje kriptografskega materiala (CM).... 42
3.4.5
3.5
3.5.1
Industrijska varnost.......................................... 44
Medresorska projektna skupina za industrijsko
in fizično varnost................................................. 46
3.6
Usposabljanje....................................................48
4
Mednarodno sodelovanje.................................50
4.1
Varovanje tajnih podatkov tujih držav ali
mednarodnih organizacij................................. 50
4.2
Povzetek iz Zakona o tajnih podatkih............. 50
4.3
4.3.1
Dvostransko sodelovanje................................ 54
Sporazumi COMSEC.......................................... 58
4.4
Večstransko sodelovanje................................. 59
4.5
EVROPSKA UNIJA............................................ 60
4.5.1.1 Galileo................................................................. 62
4.5.1.2 EGNOS (European Geostacionary Navigation
Overlay Service)................................................. 63
4.5.1.3 GMES (Global Monitoring for Environment and
Security).............................................................. 63
4.5.1.4 Sedmi okvirni program evropskih raziskav
(FP7)................................................................... 64
2
3.1
3.1.1
3.1.2
Personnel security............................................ 24
Basic security...................................................... 24
Security clearance process to access national
classified information.......................................... 24
3.1.2.1 Inter-ministerial working group for personnel
security................................................................ 26
3.1.3 EU Security Clearance........................................26
3.1.4 NATO Security Clearance................................... 27
3.2
3.2.1
3.2.2
3.2.3
Documentation security................................... 29
Inter-ministerial working group for
documentation security....................................... 31
Registry system for EU and NATO classified
information.......................................................... 32
Government Commission for Assessing
the Legitimacy of the Prevailing Public
Interest in the Disclosure of Secret Classified
Information.......................................................... 32
3.3
Physical security............................................... 34
3.4
3.4.1
3.4.2
3.4.3
3.4.4
3.4.4.1
Information security.......................................... 36
Government Commission for IT Security............ 37
NATO InfoSec workshop..................................... 38
TEMPEST........................................................... 38
Cryptography....................................................... 40
Inter-Ministerial Expert Working Group for
Communication Security..................................... 42
EU NDA – National Crypto Distribution
Authority.............................................................. 42
3.4.5
3.5
3.5.1
Industrial security............................................. 44
Inter-Ministerial Project Group for Industrial and
Physical Security................................................. 46
3.6
Training.............................................................. 48
4
International cooperation................................. 50
4.1
Protection of Classified Information
of Foreign Countries or International
Organisations.................................................... 50
4.2
Summary of the Classified Information Act... 50
4.3
4.3.1
Bilateral Co-operation...................................... 54
COMSEC Agreements........................................ 58
4.4
Multilateral cooperation................................... 59
4.5
EUROPEAN UNION........................................... 60
4.5.1.1 GALILEO.............................................................62
4.5.1.2 EGNOS (European Geostationary Navigation
Overlay Service)................................................. 63
4.5.1.3 Global Monitoring for Environment and
Security............................................................... 64
4.5.1.4 The EU’s seventh framework programme for
research.............................................................. 64
4.6
NATO.................................................................. 65
10 let Urada RS za varovanje tajnih podatkov
4.6
4.6.1
4.6.2
4.6.3
4.6.4
4.7
4.7.1
NATO.................................................................. 65
Varnostni odbor NATA......................................... 66
Natova mednarodna konferenca (Nato Security
Committee/AdHoc Working Group).................... 67
Sporazum ATOMAL............................................ 68
MISWG 2010...................................................... 68
4.6.1
4.6.2
Regionalno sodelovanje...................................72
South East European National Security
Authorities........................................................... 72
4.7
4.7.1
4.6.3
4.6.4
NATO Security Committee.................................. 66
NATO international conference (NATO Security
Committee/Ad Hoc Working Group)................... 67
ATOMAL Agreement........................................... 68
Multinational Industrial Security Working
Group, 2010........................................................ 68
Regional cooperation....................................... 72
South-East European National Security
Authorities........................................................... 72
10 years of Government Office for The Protection of Classified Information (NSA)
3
4
10 let Urada RS za varovanje tajnih podatkov
Predgovor
GREGOR MAJCEN, vršilec dolžnosti direktorja
urada od 9. marca 2012
Foreword
GREGOR MAJCEN, Acting Director of the Office
since 9 March 2012
Dear reader,
This publication is issued by the Office of the
Government of the Republic of Slovenia for the
Protection of Classified Information (hereinafter:
UVTP or the Office). Its history and development,
areas of work, and some of its achievements are
outlined herein.
Spoštovani,
predstavljamo vam publikacijo Urada Vlade
Republike Slovenije za varovanje tajnih podatkov
(v nadaljevanju UVTP), s katero želimo na kratko
prikazati ustanovitev in razvoj, osvetliti področja dela
ter našteti nekaj dosežkov našega urada.
Urad Vlade Republike Slovenije za varovanje
tajnih podatkov (UVTP) je bil ustanovljen zaradi
usklajevanja zakonodaje s pravnim redom EU in
zveze Nato ter s tem uvedbe enotnih standardov
varovanja tajnih podatkov. Prvotni Zakon o tajnih
podatkih (ZTP), veljaven je postal 23. 11. 2001, je za
izvajanje nalog s področja varovanja tajnih podatkov,
predpisanih z ZTP in predpisi, sprejetimi na njegovi
podlagi, predvideval ustanovitev urada, zato je bil
sprejet Sklep o ustanovitvi, nalogah in organizaciji
Urada Vlade Republike Slovenije za varovanje
tajnih podatkov, ki je začel veljati 26. 1. 2002. UVTP
je z ustanovitvijo prevzel tudi vlogo Nacionalnega
varnostnega organa (v nadaljevanju NSA – National
Security Authority) po standardih Nata in EU in je
zato tudi naslednik Komisije Vlade RS za varovanje
zaupnih dokumentov Zveze Nato in Komisije Vlade
RS za varovanje dokumentov Zahodnoevropske
unije. Letos torej praznujemo deseto obletnico
ustanovitve.
UVTP je nastal zaradi zahtev mednarodne skupnosti
in je v mednarodno okolje še vedno močno vpet prek
konferenc, sestankov, delovnih skupin, s sklepanjem
sporazumov in podobno. To od nas zahteva veliko
angažiranosti, samoiniciativnosti in izobraževanja,
saj mednarodno okolje pričakuje kompetentnega
in zaupanja vrednega sogovornika. Hkrati seveda
izkušnje in znanje prenašamo naprej, saj UVTP
kot koordinativni organ na področju varovanja
The UVTP was established in order to harmonise
the relevant national legislation with the acquis
communautaire in order to comply with the legal
obligations and commitments of NATO membership,
thereby introducing common standards for the
protection of classified information. The original
Classified Information Act, which entered into force
on 23 November 2001, envisaged the establishment
of an office to perform tasks pertaining to the
protection of classified information stipulated by the
relevant provisions and rules adopted under this Act.
Therefore, the Decision on the establishment, tasks
and organisation of the Office of the Government of
Slovenia for the Protection of Classified Information,
which took effect on 26 January 2002, was adopted.
The newly established UVTP also assumed the
duties and tasks of the National Security Authority
(hereinafter: NSA), in accordance with NATO and
EU standards, thereby succeeding the Commission
of the Government of the Republic of Slovenia for the
Protection of NATO Classified Information and the
Commission of the Government of the Republic of
Slovenia for the Protection of the Western European
Union Classified Information. This year, we therefore
celebrate the 10th anniversary of its establishment.
The UVTP was set up as a response to the
requirements of the international community. It takes
part in conferences, meetings, working groups, the
conclusion of agreements, and the like, and is strongly
integrated into the international environment. This
requires great commitment, proactivity and further
training on our part, as our international partners
expect us to be a competent and credible counterpart.
Moreover, we disseminate our experience and
skills; as the UVTP is a coordination body in the
protection of classified information, it monitors the
current situation, and provides for the development
and enforcement of standards, the implementation
of international commitments and treaties, prepares
draft regulations, provides opinions, keeps records
and carries out several other tasks.
10 years of Government Office for The Protection of Classified Information (NSA)
5
tajnih podatkov spremlja stanje, skrbi za razvoj in
uveljavljanje standardov, skrbi za izvajanje sprejetih
mednarodnih obveznosti in mednarodnih pogodb,
pripravlja predloge predpisov, daje mnenja, vodi
evidence in opravlja še vrsto drugih nalog.
Svet se naglo spreminja, živimo v času informacijske
tehnologije, hitrih sprememb in nenehnega pretoka
množice informacij, kar seveda prinaša izzive tudi
na našem delovnem področju. Zveza Nato in EU
iščeta odgovore v krepitvi varnostnih struktur in jasni
določenosti pogojev in načinov obravnave tajnih
podatkov, čemur se kot članica obeh pridružuje
tudi Slovenija. Zavedamo se, da je popolna varnost
žal samo teoretičen pojem, za katerega dosego si
prizadevamo, enako velja tudi za področje varovanja
tajnih podatkov. Pri razpravah o varnosti se vedno
srečamo s pojmom varnostna kultura. Poudaril bi,
da varnostna kultura ni nekaj, kar bi se dalo na hitro
naučiti, niti ni samo nabor ukrepov ali postopkov, ki
bi se lahko upoštevali, ampak je skupek vrednot,
odgovornosti, zavedanja nevarnosti ter načinov
vedenja in hkrati nekaj, kar moramo ponotranjiti ter
skladno s tem živeti poklicno in zasebno. Upam si
trditi, da v slovenskem prostoru varnostna kultura
narašča, vendar moramo kljub temu še veliko narediti.
Delo UVTP je samo delček v mozaiku varnostne
kulture, za katero si moramo vsi prizadevati.
Obdobje, ki je pred nami, bo polno preizkušenj
in trdega dela: spremembe normativne ureditve,
sodelovanje z ustreznimi organi EU in zveze Nato
ter tujimi NSA, sklepanje dvo- in večstranskih
sporazumov ter druge naloge, katerih namen je v
prvi vrsti zagotavljanje učinkovitega varovanja tajnih
podatkov in odpiranje poslovnih možnosti za naše
gospodarstvo.
The world is changing rapidly. We live in an era of
information technologies, sudden changes and a
permanent and massive flow of information, which,
of course, also poses challenges to our areas
of work. NATO and the EU are seeking answers
to these challenges by strengthening security
structures and clearly defining the conditions for
and methods of handling of classified information,
a policy which is also adhered to by Slovenia as a
member of these two associations. Although we are
striving to achieve complete security, we are aware
that it is, unfortunately, only a theoretical concept;
the same is also true of the protection of classified
information. When discussing security, we always
come across the concept of security culture. I would
like to emphasise that security culture is neither
something that can be learned quickly nor a set of
measures and procedures to be complied with, but
rather a combination of values, responsibilities,
risk awareness and methods of conduct, as well as
something that we must internalise and comply with
in our professional and private lives. I dare say that
the security culture in Slovenia is improving; however
there is still a lot to be done to this end. The work
performed by the UVTP is only a piece in the jigsaw
that is security culture, for which we all must strive.
The period ahead will be full of challenges and hard
work. This, among other things, includes modifications
to the normative framework, cooperation with the
relevant EU and NATO authorities and foreign
NSAs, the conclusion of bilateral and multilateral
agreements, and other tasks which are focused
on providing the effective protection of classified
information and business opportunities for the
Slovenian economy.
Danes UVTP uživa visoko stopnjo zaupanja. Za to
gre zahvala mojim predhodnikom – Ludviku Čarniju,
Vojku Kosu, mag. Milanu Tarmanu, vsem njihovim
in mojim sodelavcem ter vsem posameznikom,
organom in organizacijam, ki so prispevali, da je
UVTP prepoznaven in cenjen doma in v tujini ter
pri varnostnih strukturah Nata in EU. Vsem sem
hvaležen za opravljeno delo.
Today, the UVTP enjoys a high level of confidence.
Thanks for this should go to my predecessors Ludvik
Čarni, Vojko Kos and Milan Tarman, as well as to
all our colleagues, other individuals, bodies and
organisations. They have all contributed to ensuring
that the UVTP is recognisable and respected at home
and abroad, and within the EU and NATO security
structures. I am very grateful to them all for their hard
work.
Gregor Majcen
v. d. direktorja
Gregor Majcen
Acting Director
6
10 let Urada RS za varovanje tajnih podatkov
Uvodna beseda
dosedanjih direktorjev
UVTP
Foreword by former UVTP
directors
LUDVIK ČARNI – from 7 February 2002 to 31 May
2005
LUDVIK ČARNI – od 7. februarja 2002 do 31. maja
2005
Urad Vlade Republike Slovenije za varovanje tajnih
podatkov je bil ustanovljen leta 2002 kot organ, ki
naj bi imel pristojnosti spremljanja stanja na področju
določanja in varovanja tajnih podatkov ter skrb za
razvoj in uveljavljanje enotnih fizičnih, organizacijskih
in tehničnih standardov varovanja tajnih podatkov
v državnih organih, organih lokalnih skupnosti, pri
nosilcih javnih pooblastil ter gospodarskih družbah
in organizacijah, ki pridobijo tajne podatke ali
razpolagajo z njimi. Urad je prevzel delovne naloge
od Komisije Vlade RS za varovanje tajnih podatkov
zveze Nato in Zahodnoevropske unije.
V obdobju ustanovitve urada so v Sloveniji potekale
intenzivne priprave za vstop Slovenije v Evropsko
unijo in Nato. Ob tem je imel urad še veliko nalog
glede priprave postopkov in izdelave podzakonskih
aktov, ki jih je bilo treba na ravni domače zakonodaje
uskladiti s pravnim redom Evropske unije in Natovimi
predpisi.
Delo je v ustanovitvenih letih od 2002 do 2005
opravljalo od 5 do 9 oseb, ki so bile takrat v uradu
zaposlene kot detaširane iz posameznih ministrstev.
Zaposleni so imeli zaradi svojih prejšnjih funkcij
dovolj izkušenj iz varovanja tajnih podatkov na
različnih strokovnih področjih. Na tej podlagi so
bili detaširani iz ministrstva za notranje zadeve,
slovenske obveščevalne agencije in ministrstva za
obrambo.
Na začetku se je urad zaradi novosti, predpisanih v
podzakonskih aktih, soočil tudi z nerazumevanjem
dela strokovne javnosti, zato je bila vložena ustavna
pritožba na nekatera določila podzakonskih aktov,
kar je povzročilo blokado delovanja urada, dokler
o zadevi ni ponovno odločalo Ustavno sodišče
Republike Slovenije.
Naloge urada so postale vse številčnejše in
obsežnejše, zato je bila sprejeta odločitev o kadrovski
popolnitvi urada. Prav tako se je urad v svojem
nastajanju spopadal še z drugimi težavami, kakor
na primer ustrezna sistemizacija delovnih mest,
zagotovitev ustreznih prostorov in podobno.
Urad je v začetnem obdobju svojega delovanja
pripravil vse podzakonske akte, potrebne zaradi na
The UVTP was established in 2002 as a body to
be entrusted with the responsibility of monitoring
the situation in the area of the identification and
protection of classified information, and to provide
for the development and implementation of common
physical, organisational and technical standards of
safeguarding classified information in Government
agencies, local community agencies, holders of public
authorisations, and companies and organisations
that acquire or possess such information. The Office
assumed its operational tasks from the Commissions
of the Government of the Republic of Slovenia for the
Protection of NATO and Western European Union
Classified information.
While the Office was in the process of being
established, Slovenia was intensively preparing for
its accession to the European Union and NATO.
Moreover, the Office had several other tasks to
address regarding the preparation of procedures
and the design of statutory instruments, which, at the
level of domestic legislation, had to be harmonised
with the acquis communautaire and NATO rules.
During is early years, i.e. from 2002 to 2005, the
Office's work was performed by five to nine members
of staff, who were seconded from other line ministries.
Their previous functions enabled them to obtain the
experience required to protect classified information
in various fields of expertise. Therefore, they were
seconded to the Office from the Ministry of the
Interior, the Slovenian Intelligence Agency and the
Ministry of Defence.
Owing to new provisions incorporated in the statutory
instruments, the Office was faced with a certain
scepticism in its early days, which was articulated by
a part of the expert public. As a result, a constitutional
complaint was lodged against certain provisions
of the statutory instruments blocking the Office's
operations, until the case was remanded to the
Slovenian Constitutional Court for re-adjudication.
The ever increasing number and complexity of
tasks to address led to the adoption of a decision
to augment the Office's staff. During its early years,
the Office was also faced with other issues, including
the problem of classifying posts appropriately, the
provision of appropriate facilities, and similar issues.
10 years of Government Office for The Protection of Classified Information (NSA)
7
novo sprejetega Zakona o tajnih podatkih, zato smo
veliko časa posvetili proučevanju pravnega reda EU
in Natovih predpisov.
Tu je vsekakor treba omeniti veliko pomoč osebja
varnostnih organov EU, zlasti NOS (takratni direktor
NOS W. Raichak, Robert Keil in Rolf Ultes so samo
nekateri od njih), ki je v pristopnem obdobju k Natu in
takoj po vstopu veliko pomagalo takratnemu osebju
našega urada.
Kljub vsem začetnim težavam, ki se pojavljajo ob
ustanovitvi novega organa in nalogah urada na
nacionalni ravni, ter pred vstopom in na začetku
članstva v EU in Nato, menim, da je »začetna
ekipa« opravila naložene naloge strokovno in s tem
pripravila dobre temelje za delovanje urada, ki tudi
danes opravlja vse naloge.
8
During the initial period of its operation, the Office
prepared all the statutory instruments required
pursuant to the adoption of the new Classified
Information Act. We therefore devoted a great deal
of our time to examining the acquis communautaire
and NATO rules.
In this regard, mention should be made of the
extensive assistance provided by the personnel of
the EU security authorities, particularly the NSAs
(NSA Director W. Raichak, Robert Keil and Rolf Ultes,
amongst others), who were of great help to the staff
working for the Office, both during and immediately
after the period of accession to NATO.
Despite all the initial difficulties that usually emerge
when a new agency is being established, and despite
all the tasks assumed by the Office at the national
level, prior to accession and at the outset of EU and
NATO membership, I believe that the »first team«
accomplished the tasks to which they were entrusted
in a professional manner, thereby putting a solid
foundation in place for the current operation of the
Office and the performance of its numerous tasks.
10 let Urada RS za varovanje tajnih podatkov
VOJKO KOS – od 1. junija 2005 do 22. novembra
2007
VOJKO KOS – from 1 June 2005 till 22 November
2007
In May 2005, I was given the opportunity to assume
the management of the UVTP.
Maja 2005 mi je bila dana priložnost, da prevzamem
vodenje nacionalnega varnostnega organa Republike
Slovenije, to je Urada Vlade Republike Slovenije za
varovanje tajnih podatkov.
Ob prevzemu vodenja UVTP sem pristojnim
predstavil svojo vizijo o tem, kako je treba urediti
področje obravnavanja tajnih podatkov, da bodo tajni
podatki Republike Slovenije ustrezno zavarovani.
Pri tem sem poudaril stroške, in sicer v tem smislu, da
pri obravnavi tajnih podatkov ne bi bilo nepotrebnih
stroškov, da obravnavanje tajnih podatkov ne bi
povzročalo nepotrebnih administrativnih težav pri
vsakdanjem delu in da bo delo s tajnimi podatki v
Republiki Sloveniji primerljivo z obravnavo tajnih
podatkov v mednarodnem okolju, zlasti v EU in
Natu.
Za uresničevanje dogovorjenih ciljev mi ni nihče
postavljal omejitev na zakonodajnem področju,
to pomeni pri pripravi sprememb Zakona o tajnih
podatkih in na njem temelječih podzakonskih aktih.
Pri tem sem moral zagotoviti le to, da bo obravnavanje
tajnih podatkov v Republiki Sloveniji skladno z
obravnavanjem tajnih podatkov v mednarodnem
okolju.
Kadrovske in finančne omejitve (naloge je bilo treba
opraviti v okviru odobrenih kadrovskih in finančnih
virov) pa so zame dejansko predstavljale izziv.
Z delom od jutra do večera vse dni v tednu, tudi ob
sobotah in nedeljah in med dopustom, je uspela
tako imenovana »misija nemogoče«. UVTP sem iz
najetih in dragih ter varnostno neustreznih prostorov
preselil v skromne, a hkrati ustrezne prostore v lasti
Republike Slovenije, ki omogočajo in zagotavljajo
ustrezno izvajanje nalog nacionalnega varnostnega
organa. UVTP so okrepili javni uslužbenci, ki sem
jih dobro poznal kot skromne, visoko strokovne in
nepopustljive osebe, ki nikoli ne vprašajo, kakšne
osebne koristi bodo imele zaradi opravljenega dela,
Upon taking over the post of UVTP Director, I
presented to the competent authorities my vision as
to how the handling of classified documents would be
regulated in order to ensure that national classified
information would be suitably protected. In so doing,
I highlighted measures to avoid unnecessary costs
in the handling of classified information. Moreover,
I stated that the handling of classified information
should not cause excessive administrative burdens
in day-to-day work and that work related to classified
information in the Republic of Slovenia should be
comparable to the handling of such information in
the international environment, particularly in the EU
and NATO.
There were no objections to achieving the goals
agreed upon by suggesting legislative restrictions –
that is to say, any restrictions related to the preparation
of amendments to the Classified Information Act and
its related statutory instruments. The only promise
I had to make was that the handling of classified
information in Slovenia would be in compliance with
the relevant international standards.
For me, however, the real challenge was the
restrictions in place regarding human resources and
financial means, since our tasks had to be performed
within the framework of the human and financial
resources approved.
Working every day from morning until evening,
including Saturdays, Sundays and during our holidays,
we managed to accomplish »mission impossible«. I
moved the UVTP from rented, costly and – in terms of
security – inadequate premises to modest yet suitable
Government-owned premises, which facilitated and
ensured the effective performance of NSA tasks.
The UVTP's staff was reinforced by public servants
whom I knew to be modest, highly professional and
tenacious people – people who would never ask
about how they would benefit personally from the
work done, people who would never argue that the
work they were doing alone required additional staff,
and people who would never stop working until their
tasks had been accomplished.
Alone and without signing expensive contracts with
external experts, UVTP employees succeeded
in preparing draft amendments to the Classified
Information Act, through which we completely
revised the Act then in force. We prepared an Act that
regulates the handling of classified information in an
intelligible, effective, rational and transparent manner,
10 years of Government Office for The Protection of Classified Information (NSA)
9
ki nikoli ne poudarjajo, da sami opravljajo delo, za
katero bi potrebovali več ljudi, in ki ne prenehajo
delati, dokler naloga ni opravljena.
Sami, brez dragih avtorskih pogodb z zunanjimi
strokovnimi izvajalci, smo zaposleni v UVTP uspeli
pripraviti predlog sprememb Zakona o tajnih podatkih,
s katerimi smo takratni veljavni zakon vsebinsko
popolnoma preuredili. Pripravili smo zakon, ki
področje obravnavanja tajnih podatkov ureja jasno,
učinkovito, racionalno, pregledno, brez nepotrebnih
pravnih ali administrativnih zapletanj. Ureditev
obravnavanja tajnih podatkov, ki smo jo predlagali, je
bila vsebinsko popolnoma usklajena z zahtevami in
standardi, ki sta jih pri obravnavanju tajnih podatkov
sprejela EU in Nato. Predlagani zakon smo uspeli
uskladiti z državnimi organi Republike Slovenije, s
strokovno javnostjo ter pravnima službama vlade in
državnega zbora. Pri tem moram posebej poudariti,
da so predlagane rešitve po usklajevanju in
sprejetju zakona v državnem zboru ostale vsebinsko
nespremenjene. Podobno nam je uspelo tudi pri
pripravi in sprejetju vseh podzakonskih aktov.
without any unnecessary legal or administrative
ambiguities. The regulatory framework we proposed
was, in terms of content, fully harmonised with the
requirements and standards adopted by the EU
and NATO in relation to the handling of classified
information. We succeeded in coordinating the draft
Act with the Slovenian public authorities, the expert
public and with the Government's and National
Assembly's legal services. In this connection, I would
particularly like to emphasise that the content of the
solutions proposed remained unchanged following
the coordination and adoption procedure in the
National Assembly. We managed to accomplish
practically the same for the preparation and adoption
of all the statutory instruments.
The fact that we did an excellent job was confirmed by
the transposition of certain legislative solutions of the
Classified Information Act into domestic legislation
covering other areas. This, for example, applies to
certain solutions regarding the performance of tasks
in the areas of private security, the physical protection
of courts, and nuclear facilities and substances in
Slovenia.
Da smo delo odlično opravili, dokazujejo posamezne
zakonske rešitve, ki so bile povzete po rešitvah v
Zakonu o tajnih podatkih tudi na drugih področjih
domače zakonodaje, na primer posamezne rešitve
glede izvajanja nalog zasebnega varovanja, nalog
na področju fizičnega varovanja sodišč v Sloveniji
in nalog na področju fizičnega varovanja jedrskih
objektov ter jedrskih materialov v Sloveniji.
The UVTP's international activities were quite modest
at the beginning of my term of office. International
commitments and the associated tasks were at
first mainly fulfilled and performed in cooperation
with public servants from other state authorities.
This situation began to change when appropriate
arrangements were made at the national level.
Dejavnost UVTP na mednarodni ravni je bila
na začetku mojega mandata zelo skromna. Pri
mednarodnih obveznostih so sprva v večjem obsegu
sodelovali in naloge opravljali javni uslužbenci iz
drugih državnih organov. Stanje smo začeli spreminjati
potem, ko smo uredili razmere na nacionalni ravni.
Despite the aforementioned circumstances,
also laid solid foundations for our activities at
international level, and gradually started to take
initiative in concluding international treaties on
mutual handling of confidential information with
and NATO member states.
Kljub navedenemu smo tudi na mednarodni ravni
postavili zanesljive temelje in postopoma začeli
prevzemati pobudo pri sklepanju mednarodnih
sporazumov za vzajemno obravnavanje tajnih
podatkov z državami članicami Nato in EU.
The quality of work my colleagues and I performed
is also evidenced by the fact that, following my
departure from the UVTP, the Classified Information
Act and the statutory instruments covering the
handling of confidential information have remained,
in terms of content, unchanged. And neither has the
trust held in my colleagues at the UVTP wavered
since my departure. They continue to perform their
tasks at the Office with great success.
Kakovost dela, ki sem ga opravil s sodelavci,
dokazuje tudi dejstvo, da se Zakon o tajnih
podatkih in podzakonski akti o obravnavanju tajnih
podatkov po mojem odhodu iz UVTP vsebinsko
niso spreminjali. Prav tako se po mojem odhodu ni
spremenilo zaupanje v sodelavce v UVTP in vsi še
vedno uspešno opravljajo svoje naloge v tem uradu.
Osebno sem ponosen tudi na to, da sem
primopredajo nalog direktorja UVTP opravil z mag.
Milan Tarmanom temeljito, strokovno in korektno. S
sodelavci smo zadeve predali z obširnimi zapisniki
za vse vsebinske sklope. Dejansko je primopredaja
10
we
the
the
the
EU
I am also very proud of the thorough, professional
and proper way in which the handover of the UVTP
Director's duties to Milan Tarman was carried
out. Together with my colleagues, I handed over
the relevant matters supported by corresponding
and comprehensive records. The area-by-area
handover actually took several months to complete.
We carried this out by observing a common goal
– to ensure the further appropriate handling of the
10 let Urada RS za varovanje tajnih podatkov
po področjih potekala več mesecev. Opravili smo
jo s skupnim ciljem – zagotoviti nadaljnje ustrezno
ravnanje s tajnimi podatki Republike Slovenije in
tajnimi podatki drugih držav in organizacij, ki so bili
z mednarodnimi sporazumi dani Republiki Sloveniji v
obravnavo in varovanje.
Ob praznovanju 10-letnice UVTP vsem želim vse
najboljše, zlasti da bi sodelavci in direktor v UVTP
še naprej uspešno opravljali svoje delo na področju
obravnavanja tajnih podatkov v Sloveniji, tajnih
podatkov drugih držav ter tajnih podatkov EU in
Nata.
confidential information of the Republic of Slovenia
and the confidential information of other countries
and organisations, i.e. information provided to the
Republic of Slovenia for processing and protection
under international treaties.
On the 10th anniversary of the UVTP, I would like
to wish everyone all the best and, in particular, that
the UVTP's employees and its Director continue to
successfully perform their duties in handling national
classified information, as well as that of other
countries, the EU and NATO.
10 years of Government Office for The Protection of Classified Information (NSA)
11
mag. MILAN TARMAN – od 23. novembra 2007 do
8. marca 2012
MILAN TARMAN – from 23 November 2007 to 8
March 2012
Dear reader,
It is my honour and pleasure to share with you some
thoughts and views related to the past period on the
occasion of the 10th anniversary of the operation of
the UVTP.
Spoštovani,
ob letošnji 10-letnici delovanja Urada Vlade Republike
Slovenije za varovanje tajnih podatkov mi je v čast
in veselje deliti z vami nekaj misli in pogledov na
preteklo obdobje.
Osebno sem ponosen, da sem bil v sodelovanju
z vami del delovanja UVTP, ki je kot nacionalni
varnostni organ – NSA – normativno nosilec področja
varovanja tajnih podatkov ter spremlja in usklajuje
izvajanje zakona in drugih predpisov, sprejetih na
njegovi podlagi, ter mednarodnih pogodb, ki jih je
sklenila Republika Slovenija. Pristojen je tudi za
delovanje in spremljanje ter oblikovanje varnostnih
politik, strategij, direktiv ter predpisov v varnostnih
odborih in delovnih skupinah Sveta EU, Evropske
komisije in Nata.
V obdobju delovanja, ko sem imel privilegij in
zadovoljstvo voditi to službo z zelo kompetentnimi in
prijetnimi sodelavkami in sodelavci, naj izpostavim
nekaj skupnih dosežkov in rezultatov.
UVTP je proaktivno vodil in deloval v različnih oblikah
medresorskega sodelovanja:
Komisiji za informacijsko varnost; Komisiji za
presojanje upravičenosti prevladujočega javnega
interesa v zvezi z razkritjem podatkov, ki so
določeni kot tajni; Medresorski delovni skupini za
industrijsko varnost; Medresorski delovni skupini
za osebno varnost; Medresorski delovni skupini za
dokumentacijsko varnost; Medresorski strokovni
delovni skupini za komunikacijsko varnost in
Medresorski strokovni delovni skupini za izvajanje
zaščite pred nezaželenim elektromagnetnim
sevanjem (pripravljal imenovanje).
Dejavnost smo izvajali skladno z Resolucijo o
strategiji nacionalne varnosti Republike Slovenije,
s smernicami in akcijskim načrtom za delovanje
12
I am very proud that, together with you, I could be
part of the UVTP team who, in its role as NSA, is
a statutory holder of powers in the protection of
classified information, and monitors and coordinates
the implementation of the relevant Act, the regulations
adopted on its basis, and international treaties
concluded by the Republic of Slovenia. The UVTP is
also responsible for taking part in the activities of the
security committees and working groups of the EU
Council, the European Commission and NATO, and
to monitor and co-design security policies, strategies,
directives and rules within their framework.
Allow me to highlight some of the joint achievements
and results of my term of office, when I had the
privilege of heading this agency and its highly
competent and pleasant staff.
The UVTP was in charge of and proactively
participated in various forms of inter-ministerial
cooperation within the framework of the following
bodies:
Commission for IT Security; Commission for
Assessing the Legitimacy of the Prevailing Public
Interest in the Disclosure of Secret Classified
Information; Inter-Ministerial Working Group for
Industrial Security; Inter-Ministerial Working Group
for Personnel Security; Inter-Ministerial Working
Group for Documentation Security; Inter-Ministerial
Expert Working Group for Communication Security;
and Inter-Ministerial Expert Working Group for
Unintentional Compromising Emanations.
The relevant activities were carried out in compliance
with the Resolution on the National Security Strategy
of the Republic of Slovenia, the guidelines and action
plan related to Slovenia's policies in the Western
Balkans, and other strategic documents and rules.
We carried out all the internal legal procedures
required in order to adopt, sign and ratify several
bilateral agreements on the exchange and mutual
protection of classified information. In addition, the
agreements yet to be concluded with several countries
are in various phases of the adoption process. As an
appropriate legal basis, bilateral agreements facilitate
cooperation between state authorities and economic
entities, and strengthen mutual trust.
10 let Urada RS za varovanje tajnih podatkov
Republike Slovenije na Zahodnem Balkanu ter
drugimi strateškimi dokumenti in predpisi.
Izpeljali smo vse potrebne notranjepravne postopke
za sprejetje in podpis ter ratifikacijo več dvostranskih
sporazumov o izmenjavi in vzajemnem varovanju
tajnih podatkov, v različnih fazah sprejemanja so
še sporazumi s številnimi državami. Dvostranski
sporazumi kot ustrezna pravna podlaga omogočajo
sodelovanje državnih organov in gospodarskih
subjektov ter krepijo medsebojno zaupanje.
Največ dejavnosti v okviru delovanja EU je bilo
namenjenih sprejetju novih pravil o varovanju tajnih
podatkov EU v okviru Sveta EU in posvetovanjem
o sprejetju tovrstnih pravil Evropske komisije in
evropske službe za zunanjepolitično delovanje
(EEAS). V okviru varnostnega odbora Sveta EU
je bil usklajen in izveden postopek ratifikacije za
sporazum med državami članicami Evropske unije
o varovanju tajnih podatkov, ki se izmenjujejo v
interesu Evropske unije. Ta bo olajšal medsebojno
sodelovanje na vseh področjih EU, ki vključujejo
obravnavo tajnih podatkov EU. UVTP je sodeloval
in še danes dejavno sodeluje tudi pri spremembi
varnostne politike, direktivi na področju industrijske
varnosti ter na področju informacijske in kibernetske
varnosti v zvezi Nato.
UVTP je uspešno organiziral in vsebinsko pripravil
več mednarodnih dogodkov in konferenc, ki so
pripomogli k večji prepoznavnosti naše države in
nacionalnega gospodarstva: v letu 2009 je organiziral
dve konferenci v okviru zveze Nato, in sicer v
januarju konferenco INFOSEC, junija konferenco
NSC AHWG, leta 2010 pa mednarodno konferenco o
industrijski varnosti (Multinational Industrial Security
Working Group - v nadaljevanju MISWG.
V letu 2011 so stekle priprave za organizacijo
mednarodnega dogodka, načrtovanega v maju
2012 v okviru držav članic jugovzhodne Evrope, s
sodelovanjem regionalnega centra za sodelovanje
EU, Nata in slovenskega zunanjega ministrstva.
Pri uresničevanju letnih programov UVTP v obdobju
mojega vodenja naj kot ključne izpostavim naslednje
dosežke:
–
–
–
uspešno medresorsko sodelovanje z okrepitvijo
delovanja medresorskih delovnih skupin s
predstavniki pristojnih ministrstev in služb,
koordinacija in izvedba Natovih inšpekcij v letih
2009 in 2011, iz česar izhaja pozitivna ocena
Republike Slovenije na področju obravnave in
varovanja tajnih podatkov,
uspešno in mednarodno prepoznavno delovanje
UVTP kot »National Security Authority – NSA«
Republike Slovenije v odborih ter delovnih telesih
Evropske unije, Evropske komisije in zveze
Nato,
Most of our activities within the framework of the
EU were dedicated to the adoption of new rules on
the protection of EU classified information within the
EU Council, and to consultations on the adoption
of such rules within the European Commission and
the European External Action Service. In addition,
the procedure for the ratification of the agreement
between the EU's Member States on the protection
of classified information exchanged in the interests
of the European Union was coordinated and carried
out by the EU Council Security Committee. This will
facilitate mutual cooperation in all areas pertinent to
the handling of EU classified information. The UVTP
has participated, and still does, in the security policy
modification procedure, and drafting directives on
industrial security and NATO information and cyber
security.
The UVTP successfully organised and prepared
relevant topics for several conferences and other
international events, all of which have contributed
to increasing the visibility of our country and its
economy. In 2009 it organised two conferences within
the framework of NATO: the InfoSec conference held
in January and the NSC AHWG conference held in
June, while in 2010 it organised the Multinational
Industrial Security Working Group (hereinafter:
MISWG) conference on industrial security.
The year of 2011 saw the beginning of the
organisational preparations for an international event
to take place in 2012 between the countries of SouthEast Europe, in cooperation with the EU Regional
Cooperation Centre, NATO and the Slovenian
Ministry of Foreign Affairs.
With regard to the implementation of UVTP annual
programmes during my term of office, I would like to
highlight the following key achievements:
–
–
–
–
–
successful inter-ministerial cooperation as a
result of the augmentation of the relevant working
groups with representatives from the competent
ministries and agencies;
the coordination and implementation of NATO
inspections in 2009 and 2011, resulting in a
favourable evaluation of the Republic of Slovenia
in the handling and protection of classified
information;
the successful and internationally recognisable
participation of the UVTP, in its role as the
Slovenian NSA, in the activities of the EU, the
European Commission and NATO committees
and working groups;
promoting and facilitating the activities of
Slovenian economic operators; and
the preservation and reinforcement of the Office's
status.
10 years of Government Office for The Protection of Classified Information (NSA)
13
–
–
spodbujanje, omogočanje in promocija dejavnosti
slovenskih gospodarskih subjektov,
ohranitev in krepitev statusa službe.
Prav tako gre zahvala tudi mojim predhodnikom in
nasledniku na mestu direktorja – vsi so prispevali in
prispevajo svoj del k uspešnemu delovanju UVTP.
Posebno zahvalo izrekam tudi vsem posameznikom,
organom in organizacijam, s katerimi smo sodelovali
in sodelujemo doma ter v tujini in po delu z njimi
ostajajo nepozabni kolektivni in osebni spomini.
Vse navedeno je bilo mogoče samo v sodelovanju
z izjemno motiviranimi sodelavkami in sodelavci z
visoko pripadnostjo timskemu duhu.
I would also like to thank my predecessors and my
successor – they have all contributed and continue
to contribute towards the efficient operation of
the UVTP. Special thanks should also go to all the
people, agencies and organisations with whom we
have cooperated, both at home and abroad. Working
with them left behind unforgettable collective and
personal memories.
Everything I have mentioned could only be achieved
through cooperation with highly motivated colleagues
with a strong sense of team spirit.
So, with great gratitude, thanks again to everyone
I have mentioned. It would be my great pleasure to
have the opportunity to meet you again.
Vsem omenjenim še enkrat izražam veliko zahvalo –
v veliko osebno zadovoljstvo mi bodo ponovni stiki in
srečanja z vami.
14
10 let Urada RS za varovanje tajnih podatkov
1
O Uradu Vlade
Republike Slovenije
za varovanje tajnih
podatkov
Na področju varovanja tajnih podatkov sta od začetka
leta 1995 delovali dve komisiji, in sicer Komisija Vlade
Republike Slovenije za varovanje zaupnih podatkov
zveze Nato in Komisija Vlade Republike Slovenije
za varovanje dokumentov Zahodnoevropske unije.
V obeh komisijah, ki sta imeli sedež na slovenskem
zunanjem ministrstvu, so sodelovali poleg ministrstva
za zunanje zadeve še predstavniki ministrstva za
obrambo, notranje zadeve in pravosodja.
Slovenija je z Natom podpisala varnostni sporazum
julija 1994 in ga ratificirala oktobra 1997. Na njegovi
podlagi je slovenska vlada julija 1997 ustanovila
nacionalni varnostni organ (NSA) – Komisijo za
varovanje zaupnih dokumentov Nato, to področje pa
je z Evropsko unijo urejala v sklopu predpristopnih
pogajanj za članstvo v njej.
Področje varovanja tajnih podatkov Zahodnoevropske
unije je urejal Varnostni sporazum med Vlado
Republike Slovenije in Zahodnoevropsko unijo,
podpisan v Bruslju 24. julija 1998.
Na podlagi delovanja teh komisij in pristopnih pogajanj
je Republika Slovenija leta 2001 s sklepom številka
023-32/2001-1 z dne 17. januarja 2002 ustanovila
Urad Vlade Republike Slovenije za varovanje tajnih
podatkov.
1
About the Office
As of early 1995, the protection of classified
information was covered by two commissions: the
Commission of the Government of the Republic
of Slovenia for the Protection of NATO Classified
Information and the Commission of the Republic of
Slovenia for the Protection of the Western European
Union Classified Information. Alongside the Ministry
of Foreign Affairs, where the two commissions were
based, representatives of the Ministry of Defence,
the Ministry of the Interior and the Ministry of Justice
also took part in their work.
Slovenia signed a security agreement with NATO in
July 1994, which it then ratified in October 1997. On
its basis, the Slovenian Government established the
National Security Authority (NSA) – the Commission
for the Protection of NATO Classified Information
– in July 1997. In relation to the European Union,
this area was regulated in the context of the preaccession negotiations for EU membership.
The protection of Western European Union classified
information was regulated by the Security Agreement
between the Government of the Republic of Slovenia
and the Western European Union, which was signed
in Brussels on 24 July 1998.
Based on the activities of these commissions and on
the accession negotiations, the Republic of Slovenia
established, pursuant to Decision no. 023-32/2001-1
of 17 January 2002, the Office of the Government
of the Republic of Slovenia for the Protection of
Classified Information.
10 years of Government Office for The Protection of Classified Information (NSA)
15
1.1 Naloge in cilji
1.1 Tasks and objectives
Dela in naloge UVTP so opredeljeni v Sklepu o
ustanovitvi, nalogah in organizaciji UVTP (Uradni list
RS, št. 6/02), Zakonu o tajnih podatkih (Uradni list
RS, št. 50/06 – uradno prečiščeno besedilo, 9/10 in
60/11, v nadaljnjem besedilu: ZTP) in Aktu o notranji
organizaciji in sistemizaciji delovnih mest v UVTP.
The UVTP's duties and tasks are laid down in
the Decision on the Establishment, Tasks and
Organisational Structure of the Government Office
for the Protection of Classified Information (Uradni
list RS [Official Gazette of the Republic of Slovenia],
no. 6/02), the Classified Information Act (Uradni list
RS, no. 50/06 – official consolidated text, 9/10 and
60/11) and the Act on the Internal Organisation and
Post Classification of the Government Office for the
Protection of Classified Information.
UVTP skladno z njimi opravlja naslednje poglavitne
naloge:
Spremlja stanje na področju določanja in varovanja
tajnih podatkov ter skrbi za razvoj in izvajanje
fizičnih, organizacijskih in tehničnih standardov
varovanja tajnih podatkov v državnih organih, organih
lokalnih skupnosti, pri nosilcih javnih pooblastil ter v
gospodarskih družbah in organizacijah, ki pridobijo
tajne podatke ali razpolagajo z njimi.
Skrbi za izvajanje sprejetih mednarodnih obveznosti
in mednarodnih pogodb o varovanju tajnih podatkov
ter na tem področju sodeluje z ustreznimi organi tujih
držav in mednarodnih organizacij.
Skrbi za zagotavljanje varnosti tajnih podatkov v
nacionalnih organih in v tujini ter v zvezi s tem opravlja
zlasti naslednje naloge: izdaja dovoljenja za dostop
do tajnih podatkov, varnostna potrdila pravnim
osebam, varnostna potrdila za sisteme in naprave za
prenos, hrambo in obdelavo tajnih podatkov, potrjuje
izpolnjevanje predpisanih pogojev za obravnavanje
tajnih podatkov s strani posameznega organa tujim
državam in organizacijam, predlaga varnostno
preverjanje za izdajo dovoljenja za dostop do tajnih
podatkov, katerih predlagatelji niso zajeti v 22. členu
ZTP in potrebujejo dovoljenje za dostop do tajnih
podatkov tuje države ali mednarodne organizacije,
izdaja navodila za ravnanje s tajnimi podatki tuje
države ali mednarodne organizacije, nadzoruje
izvajanje fizičnih, organizacijskih in tehničnih
ukrepov za varovanje tajnih podatkov tuje države ali
mednarodne organizacije in skladno z ugotovitvami
nadzora izdaja obvezna navodila za odpravo
ugotovljenih pomanjkljivosti, ki jih morajo organi
izvesti takoj, ter izmenjuje podatke z nacionalnimi
varnostnimi organi in mednarodnimi organizacijami.
Pripravlja predloge predpisov, ki so potrebni za
izvajanje ZTP, daje mnenje o skladnosti splošnih
aktov o določanju, varovanju in dostopu do tajnih
podatkov z ZTP, usklajuje delovanje državnih
organov, pristojnih za varnostno preverjanje, in
predlaga ukrepe za izboljšanje varovanja tajnih
podatkov.
Vodi evidenco dovoljenj za dostop do tajnih podatkov
(22. člen ZTP), dovoljenj fizičnim osebam za dostop
do tujih tajnih podatkov (43. b člen ZTP), izdanih
16
In accordance with these acts, the UVTP performs
the following main tasks:
1. to monitor the situation in the classification
and protection of classified data, and ensure
the development and implementation of the
physical, organisational and technical standards
of classified information protection in government
agencies, local community agencies, holders
of public authorisations and those companies
and organisations that either obtain or possess
classified information;
2. to ensure the implementation of binding
international obligations and international treaties
on the protection of classified information, and
to cooperate with the corresponding foreign
agencies and international organisations in this
area;
3. to ensure the security of classified information
in national agencies and those abroad, and to
perform the following tasks:
–
–
–
–
–
–
–
issue personnel security clearance;
issue facility security clearance;
issue security permissions for the systems and
devices used to transmit, store and process
classified information;
certify that an agency fulfils the conditions for
handling classified information set out by foreign
countries and organisations;
propose security clearance process for requestors
who are not included in Article 22 of the Classified
Information Act and who require permission to
access the classified information of a foreign
country or international organisation;
issue instructions for handling the classified
information of a foreign country or international
organisation;
supervise the implementation of physical,
organisational and technical measures for the
protection of the classified information of a
foreign country or international organisation and,
in accordance with the findings of the supervision
procedure, issue directives for corrective measures
to be implemented by the agencies immediately
in order to eliminate the shortcomings identified
10 let Urada RS za varovanje tajnih podatkov
Slika 1: Zastava Evropske unije, Republike Slovenije
in zveze Nato
Figure 1: Flags of the European Union, the Republic
of Slovenia, and NATO
Slika 2: Prostori Urada Vlade Republike Slovenije za
varovanje tajnih podatkov
Figure 2: Premises of the Office of the Government
of the Republic of Slovenia for the Protection of
Classified Information
10 years of Government Office for The Protection of Classified Information (NSA)
17
varnostnih dovoljenj organizacijam (35. člen ZTP),
izdanih varnostnih dovoljenj organizacijam za dostop
do tujih tajnih podatkov (43. b člen ZTP) in začasnih
dostopov do tajnih podatkov (30. člen ZTP).
4.
5.
Organizira in izvaja usposabljanja s področja
varovanja tajnih podatkov in opravlja druge naloge,
določene s predpisi, sprejetimi na podlagi ZTP.
6.
7.
8.
18
and exchange information with national security
agencies and international organisations.
to draw up the draft regulations required for the
implementation of the Classified Information Act.
to give opinions as to the compliance of general
acts on the determination, protection of and
access to classified information with the Classified
Information Act.
to coordinate the activities of government
agencies responsible for security clearance and
to propose measures to improve the protection of
classified information.
to keep records of personnel security clearances
(Article 22 of the Classified Information Act),
personnel security clearances to access foreign
classified information (Article 43b of the Classified
Information Act), facility security clearances
(Article 43b of the Classified Information Act),
and temporary security clearances (Article 30 of
the Classified Information Act).
to organise and carry out training in the area
of the protection of classified information, and
to perform other tasks set forth by regulations
adopted on the basis of the Classified Information
Act.
10 let Urada RS za varovanje tajnih podatkov
1.2 Znak UVTP
1.2 UVTP emblem
Uredba o obliki in uporabi znaka UVTP (Uradni list
RS, št. 1/08) določa obliko in uporabo znaka, ki
simbolizira varnostno ključavnico.
The Decree on the Design and Use of the UVTP
Emblem (Uradni list RS, no. 1/08) prescribes the
design and use of the emblem, which is symbolised
by a safety lock.
Znak sestavlja šest koncentričnih krogov. V notranjem
krogu je stiliziran napis UVTP, sestavljen iz začetnic
besed imena UVTP. V zgornji polovici zunanjega
kroga je napis Republika Slovenija, v spodnji polovici
pa napis Urad Vlade RS za varovanje tajnih podatkov.
V zunanjem krogu so grb Republike Slovenije ter
znaka Evropske unije in Nata.
The emblem comprises six concentric circles. The
inner circle contains a stylised logo made up from
the initials of the Office's name. The upper half of
the external circle bears the inscription »Republic of
Slovenia« and the lower half the inscription »Office of
the Government of the Republic of Slovenia for the
Slika 3: Znak Urada Vlade Republike Slovenije za
varovanje tajnih podatkov
Figure 3: Emblem of the Office of the Government
of the Republic of Slovenia for the Protection of
Classified Information
Slika 4: Pozlačeni znak in znak v lesenem okvirju
Figure 4: Gilded emblem and emblem encased in a
wooden frame
10 years of Government Office for The Protection of Classified Information (NSA)
19
Vsi trije znaki so razporejeni tako, da sestavljajo
enakostranični trikotnik, pri čemer je grb Republike
Slovenije med besedama Republika Slovenija, znak
Evropske unije je na levi, znak Nata pa na desni
strani. Vmesna kroga vsebujeta črtne in številčne
oznake varnostne ključavnice.
Na zadnji strani znaka so obris zemljevida Republike
Slovenije ter napisa Republika Slovenija z grbom med
besedama in spodaj Urad Vlade RS za varovanje
tajnih podatkov.
Znak se lahko uporablja na dokumentih in uradnih
dokazilih, ki jih za službene namene uporabljajo
uslužbenci urada, in sicer na potrdilih, vabilih,
čestitkah, vizitkah in podobno.
Izdela se lahko v različnih grafičnih oblikah, tudi
poenostavljenih in stiliziranih, v različnih velikostih,
dvo- ali tridimenzionalno. Uporablja se kot namizna
zastavica, nalepka, kovinska značka, obesek,
kovanec in podobno ter vnese na različne materiale
(papir, tkanina, usnje, plastika, kovina, steklo).
Protection of Classified Information«. In the external
circle there are the coats-of-arms of the Republic
of Slovenia, and the European Union and NATO
emblems.
All three signs are arranged so as to make up an
equilateral triangle, whereby Slovenia's coat-of-arms
is placed between the words »Republika Slovenija«,
while the EU emblem is on the left-hand side and
the NATO emblem is on the right. The intervening
circles contain the bar and numerical codes of a
safety lock.
The reverse of the emblem shows the contours of
the Republic of Slovenia, while the lower half bears
the inscription »Office of the Government of the
Republic of Slovenia for the Protection of Classified
Information«.
The emblem may be used on documents and official
evidence used by the Office's employees for official
purposes on certificates, letters of invitation and
congratulation, visiting cards, etc.
It can be manufactured in various graphic forms,
including simplified and stylised forms, in different
sizes and in a two- or three-dimensional designs. It
can be used as a miniature table flag, a label, a metal
badge, a tag, and a coin and similar, and inserted
in various materials (paper, fabric, leather, plastics,
metal or glass).
20
10 let Urada RS za varovanje tajnih podatkov
1.3 Zaposleni na UVTP
1.3 UVTP employees
UVTP danes zaposluje ljudi s področja vojaških
in obrambnih ved, poslovodnih in upravljalnih
ved, naravoslovja, varstvoslovja, matematike in
informatike, agronomije, poslovnih in upravnih ved,
prava, družbenih ved in humanistike.
Currently, the UVTP employs people who obtained
their qualifications in the following areas: military and
defence sciences, management, natural sciences,
mathematics and informatics, agronomy, law, social
sciences and the humanities.
Izobrazbena struktura
Education strukture
Visoka strokovna /
College
Univerzitetna /
Univerity
Strokovni magisterij /
Specialisation
Magisterij znanosti /
M.Sc.
Doktor znanosti /
Ph.D.
Slika 5: Sedanja izobrazbena struktura zaposlenih
na UVTP
Figure 5: Current UVTP employee educational
structure
10 years of Government Office for The Protection of Classified Information (NSA)
21
2 Zakonodaja na
področju varovanja
tajnih podatkov
2 Legislation relating
to protection of
classified information
Državni zbor Republike Slovenije je na seji 25.
oktobra 2001 sprejel Zakon o tajnih podatkih (ZTP),
ki je v 43. členu predvidel ustanovitev Urada Vlade
Republike Slovenije za varovanje tajnih podatkov
– tega je morala vlada ustanoviti za spremljanje
izvajanja tega zakona in drugih predpisov, sprejetih
na njegovi podlagi.
In its session of 25 October 2001, the National
Assembly of the Republic of Slovenia adopted the
Classified Information Act (ZTP), which provides in
Article 43 for the establishment of the UVTP; this was
set up by the Government of the Republic of Slovenia
for the purposes of monitoring the implementation
of the aforementioned Act and of other regulations
adopted pursuant to it.
Omenjeni zakon je v poglavju o prehodnih in končnih
določbah predvidel tudi ustanovitev urada v šestih
mesecih po uveljavitvi zakona.
Vlada Republike Slovenije je s sklepom, objavljenim
v Uradnem listu Republike Slovenije 25. januarja
2002, ustanovila Urad Vlade Republike Slovenije
za varovanje tajnih podatkov ter skladno z zakonom
določila strokovne naloge urada in njegovo
organizacijo.
Zakonodaja, ki ureja delovanje in naloge Urada
Vlade RS za varovanje tajnih podatkov:
Zakon o tajnih podatkih (Uradni list RS, št. 50/06 –
uradno prečiščeno besedilo, 9/10 in 60/11),
Uredba o varovanju tajnih podatkov (Uradni list RS,
št. 74/05, 7/11 (24/11 popr.)),
Uredba o obliki in uporabi znaka Urada Vlade RS za
varovanje tajnih podatkov (Uradni list RS, št. 1/08),
Uredba o notranjem nadzoru nad izvajanjem zakona
o tajnih podatkih in predpisov, izdanih na njegovi
podlagi (Uradni list RS, št. 106/02),
Uredba o izvajanju inšpekcijskega nadzora na
področju varovanja tajnih podatkov in vsebini
posebnega dela strokovnega izpita za inšpektorja
(Uradni list RS, št. 94/06),
Uredba o varnostnem preverjanju in izdaji dovoljenj
za dostop do tajnih podatkov (Uradni list RS, št.
71/06 in 138/06),
Uredba o načinu in postopku ugotavljanja pogojev
za izdajo varnostnega dovoljenja organizaciji (Uradni
list RS, št. 70/07),
Sklep o določitvi pogojev za varnostnotehnično
opremo, ki se sme vgrajevati v varnostna območja
(Uradni list RS, št. 94/06),
22
The chapter on the transitional and final provisions of
the mentioned act provided for the establishment of
the aforementioned office within six months following
its entry into force.
On 25 January 2002, the Government of the Republic
of Slovenia, by virtue of its decision published in the
Uradni list Republike Slovenije, established the UVTP
and, pursuant to the law, laid down its professional
tasks and system of organisation.
The legislation regulating the operation and the tasks
of the UVTP is as follows:
The Classified Information Act (Uradni list RS, no.
50/06 – official consolidated text, 9/10 and 60/11)
Decree on the Protection of Classified Information
(Uradni list RS, no. 74/05, 7/11 (24/11 corrigendum))
Decree Determining the Form and Use of the
Government Office for the Protection of Classified
Information Emblem (Uradni list RS, no. 1/08)
Decree on Internal Supervision of the Implementation
of the Classified Information Act and Relevant
Implementing Regulations (Uradni list RS, no.
106/02)
Decree on the Conduct of Inspections in the Field
of Classified Information Protection and the Subject
Matter of a Special Part of Professional Examination
for Inspectors (Uradni list RS, no. 94/06)
Decree on vetting and issuing of personnel security
clearances (Uradni list RS, nos 71/06 and 138/06)
Decree on the Method and Procedure for Assessing
the Conditions for Issuing Facility Security Clearance
(Uradni list RS, no. 70/07)
Decision Determining Conditions for Technical
Security Equipment Permitted to be Installed in
Security Areas (Uradni list RS, no. 94/06)
10 let Urada RS za varovanje tajnih podatkov
Uredba o varovanju tajnih podatkov v komunikacijskoinformacijskih sistemih (Uradni list RS, št. 48/07 in
86/11).
Decree on the Protection of Classified Information in
Communication and Information Systems (Uradni list
RS, Nos 48/07 and 86/11)
Poleg navedenega področje tajnih podatkov
urejajo tudi drugi sistemski postopkovni zakoni in
mednarodne pogodbe, ki jih je sklenila Republika
Slovenija.
In addition to the legislation stated above, classified
information is regulated by other systemic procedural
laws and international agreements concluded by the
Republic of Slovenia.
10 years of Government Office for The Protection of Classified Information (NSA)
23
3 Varovanje tajnih
podatkov v Republiki
Sloveniji
3 Protection of
Classified Information
in the Republic of
Slovenia
3.1 Osebna varnost
3.1.1
Osnovna varnost
Osebna varnost pri varovanju tajnih podatkov
pomeni, da so vse osebe, ki dostopajo do tajnih
podatkov
zaradi opravljanja nalog ali funkcije
na svojem delovnem mestu, ustrezno varnostno
preverjene. To pomeni, da se v postopku varnostnega
preverjanja osebe preverijo njena lojalnost,
zanesljivost in verodostojnost, in sicer z namenom
osebi izdati ali ji podaljšati dovoljenje za dostop do
tajnih podatkov. V postopku varnostnega preverjanja
se obravnavajo vidiki, ki zadevajo osebnostni
značaj, in okoliščine, ki bi lahko povzročile nastanek
potencialnih varnostnih problemov.
3.1.2
Postopek pridobivanja dovoljenja
za dostop do nacionalnih tajnih
podatkov
3.1 Personnel security
3.1.1
Personnel security with regard to the protection of
classified information means that every person who
requires access to classified information in order to
discharge his/her tasks or functions must undergo
a personnel security clearance procedure. The
personnel security clearance procedure is used to
determine the loyalty, dependability and authenticity
of the person concerned for the purposes of delivering
or extending personnel security clearance. During
the personnel security clearance procedure, any
circumstances and aspects of the person's character
which might result in potential security problems are
considered.
3.1.2
Vsaka oseba, ki se mora pri delu seznaniti s tajnimi
podatki, mora biti pred dostopom do tajnih podatkov
ustrezno varnostno preverjena. Varnostno preverjanje
osebe je poizvedba, ki jo pred izdajo dovoljenja za
dostop do tajnih podatkov opravi pristojni organ,
in katere namen je zbrati podatke o morebitnih
varnostnih zadržkih za dostop do tajnih podatkov.
Postopek za pridobitev dovoljenja za dostop do
tajnih podatkov je skladen z določili Zakona o tajnih
podatkih (Uradni list RS, št. 50/06 – uradno prečiščeno
besedilo, 9/10 in 60/11) in Uredbe o varnostnem
preverjanju in izdaji dovoljenj za dostop do tajnih
podatkov (Uradni list RS, št. 71/06 in 138/06).
Postopek varnostnega preverjanja se začne na
pisni predlog predlagatelja (predstojnik organa ali
neposredno od njega pooblaščena oseba) in mora
vsebovati osebno ime, rojstni datum osebe, ki jo je
treba varnostno preveriti, in stopnjo tajnosti tajnih
podatkov, za dostop do katerih je dan predlog za
izdajo dovoljenja.
Predlagatelj iz 22. f člena Zakona o tajnih podatkih
mora preverjano osebo, ki je prej opravila
usposabljanje za obravnavo in varovanje tajnih
podatkov (osnovno usposabljanje), seznaniti z razlogi
za pridobitev dovoljenja za dostop do tajnih podatkov
24
Basic security
Security clearance process to access
national classified information
Any person required to have knowledge of relevant
classified information in the performance of his/her
work must be security cleared prior to obtaining
access to classified information. Personnel security
clearance is an inquiry carried out by a competent
authority prior to issuing permission to access
classified information; its aim is to gather data on
any possible security restrictions regarding access to
classified information.
The procedure for obtaining personnel security
clearance complies with the provisions of the
Classified Information Act (Uradni list RS, no. 50/06
– official consolidated text, 9/10 and 60/11) and with
the Decree on the vetting and issuing of personnel
security clearances (Uradni list RS, nos 71/06 and
138/06).
The personnel security clearance procedure is
initiated on the written proposal of the proposer (either
the head of the authority or a person authorised
by the head) and must contain the name and date
of birth of the person to be vetted and the level of
classification allocated for the proposal to issue a
security clearance certificate.
10 let Urada RS za varovanje tajnih podatkov
ustrezne stopnje tajnosti, obsegom varnostnega
preverjanja ter vsebino in postopkom za pridobitev
dovoljenja za dostop do tajnih podatkov ustrezne
stopnje tajnosti ter jo pozvati, naj da pisno soglasje
za začetek varnostnega preverjanja.
Ko preverjana oseba da svoje pisno soglasje za
začetek varnostnega preverjanja in podpiše izjavo
o seznanitvi s predpisi s področja tajnih podatkov,
ji predlagatelj izroči ustrezne varnostne vprašalnike
za varnostno preverjanje. Preverjana oseba vrne
izpolnjene varnostne vprašalnike predlagatelju v
zaprti ovojnici.
Na sprednjo stran ovojnice preverjana oseba
napiše ime in priimek, organ zaposlitve in opombo
»vprašalnik za varnostno preverjanje«.
Če preverjana oseba ne da soglasja za začetek
postopka varnostnega preverjanja, se varnostno
preverjanje ne opravi.
Pisni predlog, podpisano soglasje in izjavo, dokazilo
o osnovnem usposabljanju (to ne sme biti starejše
od enega leta) ter ovojnico z izpolnjenimi varnostnimi
vprašalniki predlagatelj predloži pristojnemu organu
za vodenje postopka varnostnega preverjanja in
izdajo dovoljenja za dostop do tajnih podatkov.
Če v postopku varnostnega preverjanja varnostni
zadržki niso bili ugotovljeni, se preverjani osebi izda
dovoljenje za dostop do nacionalnih tajnih podatkov.
Varnostno preverjanje opravljajo z zakonom določeni
organi, in sicer:
•
•
•
Ministrstvo za notranje zadeve (MNZ) opravlja
varnostno preverjanje za osebe, zaposlene v
MNZ, ter za osebe, zaposlene v drugih organih
in organizacijah Republike Slovenije (razen MO,
SOVA), če ne gre za opravljanje obrambnih
dolžnosti ali vojaške službe.
Ministrstvo za obrambo – Obveščevalnovarnostna služba (MO OVS) opravlja varnostno
preverjanje za zaposlene v MO in kadar gre
za opravljanje obrambnih dolžnosti ali vojaške
službe.
Slovenska obveščevalno-varnostna agencija
(SOVA) opravlja varnostno preverjanje za
zaposlene v SOVI.
The proposer referred to in Article 22.f of the Classified
Information Act is required to inform a person who
has completed training in the handling and protecting
classified information (basic training) of the reasons
for the following: obtaining a personnel security
clearance of the relevant classification level; and
of the scope of personnel security clearance and of
the contents and procedures for obtaining personnel
security clearance at the relevant classification level
– and call upon this person to consent in writing to
the commencement of personnel security clearance.
When a person subject to security clearance
provides his/her written consent to commence
personnel security clearance and declares in writing
that he/she has knowledge of the regulations on
classified information, the proposer forwards him/
her the relevant personnel security clearance
questionnaires. The person subject to security
clearance returns the completed personnel security
clearance questionnaires to the proposer in a sealed
envelope.
The front of the envelope must bear the person's
name, his/her employment agency/organisation,
and the words »personnel security clearance
questionnaire«.
If the person subject to security clearance does not
give consent to the commencement of the personnel
security clearance procedure, personnel security
clearance shall not be carried out.
The written proposal, the signed consent, the
evidence of basic training (this may not be older than
a year) and the envelope containing the personnel
security clearance questionnaires completed are
submitted by the proposer to the authority competent
for vetting and issuing personnel security clearance.
Where no security restrictions are established during
the personnel security clearance procedure, the
person subject to security clearance will be delivered
a personnel security clearance certificate granting
him/her access to national classified information.
Personnel security clearance is carried out by the
authorities defined by law. These are as follows:
•
3.1.2.1 Medresorska delovna skupina za
osebno varnost
Od leta 2009 deluje na področju osebne varnosti tudi
medresorska delovna skupina za osebno varnost, ki
jo imenuje direktor UVTP. Poleg predstavnikov UVTP
jo sestavljajo še predstavniki ministrstva za notranje
zadeve, ministrstva za obrambo in Slovenske
•
Ministry of the Interior (MNZ); it carries out
personnel security clearance for the persons
employed in this ministry and for persons
employed in other bodies and organisations
of the Republic of Slovenia (with the exception
of the Ministry of Defence and the Slovenian
Intelligence and Security Agency (SOVA)), where
their work does not involve the performance of
defence duties or military service.
Ministry of Defence – Intelligence and Security
Service (MO OVS); it carries out personnel
security clearance for the persons employed
10 years of Government Office for The Protection of Classified Information (NSA)
25
obveščevalno-varnostne agencije. Osnovne naloge
medresorske delovne skupine so reševanje odprtih
vprašanj in sprejemanje usmeritev na področju
osebne varnosti ter priprava predlogov sprememb
predpisov s področja obravnavanja in varovanja tajnih
podatkov, ki vključujejo področje osebne varnosti.
3.1.3
Dovoljenje za dostop do tajnih
podatkov EU
3.1.2.1 Inter-ministerial
personnel security
Če oseba na svojem delovnem mestu opravlja
funkcijo ali delovne naloge, zaradi katerih bi se
morala seznaniti z vsebino tajnih podatkov EU, je
treba zaprositi za dovoljenje za dostop do tajnih
podatkov EU.
Dovoljenje za dostop do tajnih podatkov EU izda
UVTP na podlagi pisnega predloga predlagatelja iz
22. f člena Zakona o tajnih podatkih, če ima oseba
veljavno dovoljenje za dostop do nacionalnih tajnih
podatkov.
Pisni predlog mora vsebovati osebno ime, datum
in kraj rojstva osebe, za katero se predlaga izdaja
dovoljenja za dostop do tajnih podatkov EU,
navedbo tuje države ali mednarodne organizacije,
do katere tajnih podatkov naj bi imela oseba dostop
(EU), stopnjo tajnosti tajnih podatkov EU in navedbo
delovnega mesta osebe.
Pisnemu predlogu mora predlagatelj priložiti izjavo
o seznanitvi s predpisi, ki urejajo obravnavanje in
varovanje tajnih podatkov EU (Sklep Sveta 2011/292/
EU, Sklep Komisije 2001/844/ES, Euratom), in
zaprosilo za dostop do tajnih podatkov EU. Na
zaprosilu mora biti glava organa predlagatelja.
Pisni predlog, podpisano
predlagatelj pošlje UVTP.
izjavo
in
zaprosilo
Dovoljenje za dostop do tajnih podatkov EU izda
UVTP z veljavnostjo za čas, ko oseba potrebuje
dostop do tajnih podatkov EU, vendar ne dlje, kakor
velja dovoljenje za dostop do nacionalnih tajnih
podatkov.
3.1.4
Dovoljenje za dostop do tajnih
podatkov zveze Nato
Če oseba na svojem delovnem mestu opravlja
funkcijo ali delovne naloge, zaradi katerih bi se
morala seznaniti z vsebino tajnih podatkov zveze
Nato, je treba zaprositi za dovoljenje za dostop do
tajnih podatkov zveze Nato.
Dovoljenje za dostop do tajnih podatkov zveze Nato
izda UVTP na podlagi pisnega predloga predlagatelja
26
•
in this ministry and for persons involved in
the performance of defence duties or military
service.
Slovenian Intelligence and Security Agency
(SOVA); it carries out personnel security clearance
for its own employees.
working
group
for
The inter-ministerial working group for personnel
security, which is appointed by the UVTP director,
has been active in the field of personnel security
since 2009. Apart from the UVTP's representatives,
the group is composed of representatives of the
Ministry of the Interior, Ministry of Defence and of
the Slovenian intelligence and Security Agency. The
basic tasks of the inter-ministerial working group are
to find solutions to open issues, adopt guidelines in
the field of personnel security, and draft proposals
for amendments to regulations on the handling
and protection of classified information, including
personnel security.
3.1.3
EU Security Clearance
When a person performs a function or tasks for which
he/she should have knowledge of the content of EU
classified information, a request for EU security
clearance must be made.
EU security clearance shall be issued by the UVTP
on the basis of a written proposal by the proposer, as
referred to in Article 22.f of the Classified Information
Act, if the person concerned has a valid security
clearance certificate which permits access to national
classified information.
The written proposal must contain the name, date,
and place of birth of the person for whom the proposal
is made for EU security clearance, an indication of the
country or international organisation whose classified
information is to be accessed by that person (EU), the
EU classified information level, and the employment
position of the person concerned.
The proposer shall annex to the written proposal
a statement to the effect that the person has been
acquainted with the regulations governing the
handling and protection of EU classified information
(Council Decision 2011/292/EU, Commission
Decision 2001/844/EC, Euratom), and a request for
EU security clearance. The letter of request must
contain the header of the proposing authority.
The written proposal, the signed statement and
the request shall be submitted to the UVTP by the
proposer.
10 let Urada RS za varovanje tajnih podatkov
The UVTP shall issue the EU security clearance
with a period of validity that corresponds to the time
the person requires access to the EU classified
information requested; however, this should not
exceed the period of validity applicable to national
classified information.
iz 22. f člena Zakona o tajnih podatkih, če ima oseba
veljavno dovoljenje za dostop do nacionalnih tajnih
podatkov.
Pisni predlog mora vsebovati osebno ime, datum
in kraj rojstva osebe, za katero se predlaga izdaja
dovoljenja za dostop do tajnih podatkov zveze Nato,
navedbo tuje države ali mednarodne organizacije,
do katere tajnih podatkov naj bi imela oseba dostop
(zveza Nato), stopnjo tajnosti tajnih podatkov zveze
Nato in navedbo delovnega mesta osebe.
3.1.4
When a person performs a function or tasks for which
he/she should have knowledge of the content of EU
classified information, a request must be made for
NATO security clearance.
Pisnemu predlogu mora predlagatelj priložiti izjavo
o seznanitvi s predpisi, ki urejajo obravnavanje in
varovanje tajnih podatkov zveze Nato, ter zaprosilo
za dostop do tajnih podatkov zveze Nato. Na
zaprosilu mora biti glava organa predlagatelja.
Pisni predlog, podpisano
predlagatelj pošlje UVTP.
izjavo
in
NATO Security Clearance
NATO security clearance shall be issued by the UVTP
on the basis of a written proposal by the proposer, as
referred to in Article 22.f of the Classified Information
Act, if that person already has personnel security
clearance to access national classified information.
zaprosilo
Dovoljenje za dostop do tajnih podatkov zveze Nato
izda UVTP z veljavnostjo za čas, ko oseba potrebuje
dostop do tajnih podatkov zveze Nato, vendar ne
dlje, kakor velja dovoljenje za dostop do nacionalnih
tajnih podatkov.
The written proposal must contain the name, date,
and place of birth of the person for whom the
proposal is made for NATO security clearance, an
indication of the country or international organisation
whose classified information is to be accessed by
the person concerned (NATO), the level of NATO
classified information, and the employment position
of the person concerned.
Overjeno kopijo dovoljenja za dostop do tajnih
podatkov zveze Nato izda UVTP na podlagi pravilno
izpolnjenega zaprosila za izdajo overjene kopije
dovoljenja. Overjeno kopijo dovoljenja izda UVTP
v angleščini in je namenjena udeležbi na sestankih,
projektih in podobno zveze Nato v tujini.
The proposer shall annex to the written proposal
a statement to the effect that the person has been
acquainted with the regulations governing the handling
1600
Število izdanih dovoljenj /
Number of permissions delivered
1400
1200
1000
Nato
800
EU
600
400
200
0
2007
2008
2009
2010
2011
Leto veljavnosti / Year of validity
Slika 6: Število izdanih dovoljenj za Nato in EU z
začetkom veljavnosti v koledarskem letu
Figure 6: Number of NATO and EU security
clearances delivered per calendar year
10 years of Government Office for The Protection of Classified Information (NSA)
27
and protection of NATO classified information, and
a request for NATO security clearance. The letter of
request must contain the header of the proposing
authority. The written proposal, the signed statement
and the request shall be forwarded to UVTP by the
proposer.
UVTP shall issue the NATO security clearance with
a period of validity that corresponds to the time
the person requires access to the NATO classified
information requested; however, this should not
exceed the period of validity applicable to national
classified information.
A certified copy of the NATO security clearance
shall be delivered by the UVTP on the basis of a
duly completed letter of request. A certified copy of
the permission will be issued by the UVTP in the
English language and will be used for the purposes
of participating in NATO meetings, projects and the
like, held abroad.
28
10 let Urada RS za varovanje tajnih podatkov
3.2 Dokumentacijska varnost
3.2 Documentation security
Tajni podatki državi omogočajo, da z oznako tajnosti
varuje svoje vitalne interese in tako zadosti svoji
nacionalni varnosti. Tajni podatek je dejstvo ali
sredstvo z delovnega področja organa, ki se nanaša
na javno varnost, obrambo, zunanje zadeve ali
obveščevalno in varnostno dejavnost države, sisteme,
naprave, projekte in načrte pomembne za javno
varnost, obrambo, zunanje zadeve ter obveščevalno
in varnostno dejavnost državnih organov Republike
Slovenije, znanstvene, raziskovalne, tehnološke,
gospodarske in finančne zadeve, pomembne za javno
varnost, obrambo, zunanje zadeve ter obveščevalno
in varnostno dejavnost državnih organov Republike
Slovenije, ki ga je treba zaradi zakonsko določenih
razlogov zavarovati pred nepoklicanimi osebami in,
ki je v skladu z zakonom določeno in označeno za
tajno.
Classified information allows countries to safeguard
their vital interests and to satisfy their national security
needs. Classified information is a fact or means from
the sphere of an agency relating to public security,
defence, foreign affairs or intelligence, and the
security activities of the country, systems, appliances,
projects and plans related to public security, defence,
foreign affairs and intelligence, and the security
activities of government agencies of the Republic
of Slovenia, the scientific, research, technological,
economic and financial affairs of relevance to public
security, defence, foreign affairs and intelligence and
security activities of Government agencies of the
Republic of Slovenia, which, on statutory grounds,
must be protected against unauthorised persons and
which has been defined and marked as confidential.
Classified information may be designated as
RESTRICTED, CONFIDENTIAL, SECRET OR TOP
SECRET.
Tajni podatek je lahko označen s stopnjo tajnosti
INTERNO, ZAUPNO, TAJNO ali STROGO TAJNO.
OZNAKA
MERILO po ZTP: možne škodljive
posledice, če bi bil podatek razkrit
nepoklicani osebi
STROGO
TAJNO
razkritje bi ogrozilo vitalne interese
Republike Slovenije ali jim povzročilo
nepopravljivo škodovalo
TAJNO
razkritje bi lahko hudo škodovalo varnosti
ali interesom Republike Slovenije
ZAUPNO
razkritje bi lahko škodovalo varnosti ali
interesom Republike Slovenije
INTERNO
razkritje bi lahko škodovalo delovanju ali
izvajanju nalog organa
Preglednica 1: Pomen oznak stopnje zaupnosti po
ZTP
Dokumentacijska varnost opredeljuje enoten sistem
določanja in označevanja tajnih podatkov, prenosa,
razmnoževanja,
evidentiranja,
uničevanja
in
arhiviranja ter postopka ob zlorabi tajnega podatka.
Pravno podlago, ki se pri tem upošteva, tvorijo
predpisi s področja tajnih podatkov, in predpisi, ki
obravnavajo ravnanje z dokumentarnim in arhivskim
gradivom nasploh.
Dokumentacijska varnost se z organizacijskimi ukrepi
obravnave tajnih podatkov prepleta s fizičnimi in
tehničnimi ukrepi varovanja tajnih podatkov, ki tvorijo
celovit sistem varovanja tajnih podatkov, katerega
cilj je preprečitev dostopa nepooblaščenim osebam
ter sledljivost podatkov v njihovi življenjski dobi.
Dokumentacijska varnost je opredeljena v Uredbi o
varovanju tajnih podatkov (Uradni list RS, št. 74/05,
7/11 in 24/11– popr.).
MARKING
CRITERION in accordance with the
CLASSIFIED INFORMATION ACT:
possible adverse effects for the
disclosure of classified information
to unauthorised persons
TOP SECRET
Disclosure to unauthorised persons
would cause irreparable damage to
or put in jeopardy the vital interests
of the Republic of Slovenia
SECRET
Disclosure to unauthorised persons
could seriously harm the security
or interests of the Republic of
Slovenia
CONFIDENTIAL
Disclosure to unauthorised persons
could harm the security or interests
of the Republic of Slovenia
RESTRICTED
Disclosure to unauthorised persons
could harm the activities or
performance of tasks of an agency
Table 1: Classification level markings in accordance
with the Classified Information Act
Documentation security defines a unique system for
the determining and marking of classified information,
its transmission, copying, recording, destruction,
archiving and the procedure that applies in dealing
with the abuse of classified information. The relevant
legal basis to be considered in this regard consists
of regulations governing classified information and of
regulations governing the handling of documentary
and archival material in general.
In the domain of documentation security,
organisational measures on the handling of
classified information are intertwined with physical
and technical measures of protection; the latter
constitute a comprehensive system of classified
10 years of Government Office for The Protection of Classified Information (NSA)
29
Predpisi o tajnih podatkih med drugim opredeljujejo
pristojnost določanja tajnih podatkov in v zvezi s tem
tudi materialna in formalna merila tajnosti, dolžnost
varovanja tajnosti ter tudi postopka ob morebitni
zlorabi tajnega podatka.
Po ZTP je namreč tajen le tisti podatek, ki kumulativno
izpolnjuje materialno in formalno merilo tajnosti.
Materialno merilo tajnosti podatka se opira na sámo
vsebino podatka in določa, da se lahko podatek
določi za tajnega le takrat, če je tako pomemben,
da bi z njegovim razkritjem nepoklicani osebi lahko
nastale ali bi očitno nastale škodljive posledice za
varnost države ali za njene politične in gospodarske
koristi ter se obenem nanaša izključno na že zgoraj
navedena področja: javna varnost, obramba, zunanje
zadeve, obveščevalna in varnostna dejavnost
državnih organov Republike Slovenije oziroma se
nanaša na sisteme, naprave, projekte in načrte ali
znanstvene, raziskovalne, tehnološke, gospodarske
in finančne zadeve, ki so pomembni za omenjene
cilje. Materialno merilo torej vključuje dva vidika –
prvi je v tem, da bi z razkritjem podatka lahko nastala
ali bi očitno nastala določena škoda, drugi pa v
povezavi škode s taksativno naštetimi interesnimi
področji države.
Oba materialna elementa se zrcalita v formalnem
merilu tajnega podatka. Podatek je upravičeno
označen kot tajen le, če so izpolnjeni naslednji trije
formalni elementi. Prvi tak element je, da lahko
podatek za tajnega določi le za to pooblaščena oseba.
Načeloma je to po ZTP predstojnik organa ali oseba
na najvišjih delovnih mestih in položajih, s čimer
je zagotovljeno, da odločitve o tajnosti sprejemajo
osebe, ki imajo dovolj informacij in znanja, da lahko
ocenijo pomen morebitnih škodljivih posledic ob
razkritju tajnega podatka. ZTP predpisuje tudi način
in postopek določanja tajnosti, katerega bistvo je v
izdelavi pisne ocene možnih škodljivih posledic, ki
bi lahko nastale z razkritjem podatka. Pisna ocena
predstavlja drugi element formalnega merila tajnosti
in dejansko določa objekt varstva, torej interes, ki bi
bil z razkritjem nepooblaščeni osebi ogrožen. Pisna
ocena se hrani kot priloga dokumenta pri organu, ki je
podatku določil stopnjo tajnosti. Prav ta pisna ocena
možnih škodljivih posledic omogoča tudi naknadno
preverjanje in ugotavljanje razlogov in okoliščin za
odločitev, da se podatek določi za tajnega. Tretji
element formalnega merila pa temelji na pravilni
oznaki, saj je tajen samo tisti podatek, ki je ustrezno
označen kot tajen.
3.2.1
Medresorska delovna skupina za
dokumentacijsko varnost
UVTP spremlja in usklajuje zadeve na področju
dokumentacijske varnosti v najširšem smislu. V ta
namen je ustanovljena tudi medresorska delovna
30
information protection aimed at preventing access to
unauthorised persons and ensuring the traceability
of information during its lifetime. Documentation
security is defined in the Decree on the Protection of
Classified Information (Uradni list RS, no. 74/05, 7/11
(24/11 corrigendum)).
Regulations on classified information lay down
inter alia who is competent for the classification of
information, as well as relevant material and the
formal criteria of secrecy, the duty to protect the
confidentiality of information, and the procedure that
applies in the event of a potential abuse of classified
information.
Under the Classified Information Act, only those
pieces of information which cumulatively satisfy
the material and formal criteria of secrecy shall be
deemed classified. The material criterion of the
secrecy of a piece of information relies on its very
content and provides that a piece of information
may be designated as classified only when it is of
such importance that its disclosure to unauthorised
persons could or might clearly prejudice the security
of the country or its political or economic interests,
and is exclusively related to the areas referred to
above: public security, defence, foreign affairs,
intelligence and security activities of Government
agencies of the Republic of Slovenia, or which
relates to systems, appliances, projects and plans
or scientific, research, technological, economic and
financial affairs of importance for the mentioned
objectives. The material criterion therefore includes
two aspects – the first being that the disclosure of a
piece of information could or might obviously result
in some adverse effects, and the second in relating
such adverse effects to all the specified areas of
interest of the country.
These two material elements are reflected in a
formal criterion for a classified piece of information. A
piece of information is correctly marked as classified
when the following three formal elements have
been fulfilled: first, a piece of information can be
designated as classified only by a person authorised
to do so. Under the Classified Information Act, such
persons are, in principle, the heads of agencies, or
officials occupying the highest positions and ranks,
this being a guarantee for decisions on secrecy to be
taken by persons who possess sufficient information
and knowledge to assess the importance of possible
adverse effects resulting from the disclosure of
classified information. In addition, the Classified
Information Act lays down the manner and procedures
for the classification of information, the essence of
which is the elaboration of a written assessment of
any possible adverse effects that might result from the
disclosure of information. Such a written assessment
constitutes the second formal criterion of secrecy
and actually defines the subject of protection, i.e.
10 let Urada RS za varovanje tajnih podatkov
skupina za dokumentacijsko varnost, ki skrbi za
usklajevanje mnenj, enotno interpretacijo predpisov in
iskanje odgovorov na odprta vprašanja, ki se dnevno
porajajo ob konkretnem delu s tajnimi podatki. To
delovno skupino tvorijo poleg UVTP tudi predstavniki
ministrstev, pristojnih za obrambo, notranje zadeve,
zunanje zadeve, javno upravo, finance in zdravje ter
agencije za obveščevalno dejavnost. Na delovnih
sestankih preučujejo zahtevnejša vprašanja s
področja varovanja tajnih podatkov in z izmenjavo
izkušenj dobrih praks iščejo odgovore na praktična
vprašanja.
the interest that would be jeopardised through the
disclosure of information to an unauthorised person.
The written assessment shall be attached as an
annex to the document, and kept with the authority
that determined the level of classification. Such an
assessment allows for the subsequent verification
and determination of the grounds and circumstances
resulting in the decision leading to the information
being designated classified. The third element of
the formal criteria is based on the accuracy of the
marking, since only properly marked information can
be deemed classified.
Vse več pozornosti se posveča tajnim podatkom
v elektronski obliki, saj gre razvoj informacijskokomunikacijske opreme in sistemov nezadržno
naprej.
3.2.1
Inter-ministerial working group for
documentation security
Z delovnimi sestanki z drugimi organi smo iskali
optimalne rešitve glede obravnavanja tajnih podatkov
tudi v sodnih postopkih oziroma v sodni veji oblasti.
The UVTP monitors and coordinates documentation
security matters in their broadest sense. To this end,
an inter-ministerial working group for documentation
security has been established. Its tasks include the
coordination of views, the provision of a unique
interpretation of the relevant regulations, and a
search for answers to open issues resulting from
day-to-day work on classified information. Apart
from the UVTP, this working group is composed of
representatives from the intelligence agency and the
ministries responsible for defence, internal affairs,
public administration, finance and health. As a rule,
complex issues relating to the protection of classified
Slika 7: Povezanost dokumentacijske in informacijske
varnosti
Figure 7: Interconnectivity of documentation and
information security
3.2.2
information are discussed during working meetings,
where answers to practical problems are also sought
through the exchange of examples of good practice.
Nekaj tém, ki jih je obravnavala omenjena komisija:
elektronsko poslovanje s tajnimi podatki, ocena
možnih škodljivih posledic, če bi bil tajni podatek
razkrit nepooblaščeni osebi, arhiviranje tajnih
podatkov, celostna grafična podoba tajnih podatkov,
smiselnost uvedbe morebitne dodatne kategorije
varovanih podatkov …
Registrski sistem za tajne podatke
EU in zveze Nato
Za obravnavo tajnih podatkov zveze Nato in EU je
sprejeto Navodilo za delo s tajnimi podatki zveze Nato
in Evropske unije. Postopki so usklajeni s predpisi
zveze Nato in EU na področju varovanja tajnih
Hand in hand with the relentless development
of information-communication equipment, more
attention is increasingly paid to classified information
in electronic form.
10 years of Government Office for The Protection of Classified Information (NSA)
31
podatkov ter z nacionalno zakonodajo, ki v nekaterih
segmentih predpisuje celo zahtevnejše standarde
varovanja od minimalnih. Bistvo registrskega sistema
je sledljivost tajnemu podatku od prejema do uničenja
ali arhiviranja.
Registrski sistem za obravnavo tajnih podatkov EU
in Nata je ustrezno vzpostavljen in deluje skladno s
predpisi. Registrski sistem za obravnavo EU tajnih
podatkov obsega centralni register vzpostavljen
na zunanjem ministrstvu ter deset podregistrov
vzpostavljenih na različnih ministrstvih.
Registrski sistem za obravnavo tajnih zveze Nato
obsega centralni register vzpostavljen na obrambnem
ministrstvu ter trinajst podregistrov in tri kontrolne
točke vzpostavljenih na različnih lokacijah.
3.2.3
Komisija Vlade Republike
Slovenije za presojanje upravičenosti
prevladujočega javnega interesa v zvezi
z razkritjem podatkov, ki so označeni
kot tajni
Komisija Vlade RS za presojanje upravičenosti
prevladujočega javnega interesa v zvezi z razkritjem
podatkov, ki so označeni kot tajni, obravnava zahteve
po razkritju tajnega podatka in pri tem predvsem na
podlagi ocene možnih škodljivih posledic presoja
težo in tehta interes za razkritje tajnega podatka
ali ohranitev njegove tajnosti. Komisijo vodi UVTP,
v njej pa sodelujejo tudi predstavniki ministrstva za
obrambo, ministrstva za notranje zadeve, ministrstva
za zunanje zadeve ter Slovenske obveščevalnovarnostne agencije. Razumljivo je, da je načelo
javnosti v demokratični družbi pomembna pravica,
vendar pa si tudi najbolj demokratična država
ne more privoščiti popolne javnosti delovanja,
saj postane ranljiva za nedemokratične pritiske,
neuspešna in neučinkovita ter kot taka sama pomeni
največjo grožnjo demokraciji. Za varovanje tajnosti
mora vzpostaviti instrumente, ki ščitijo zasebnost
države pred javnostjo in dejanskim ali potencialnim
nasprotnikom. S tem ko se državi dopusti zaščita
tajnosti, pa je treba zagotoviti tudi dovolj močne
vzvode, ki onemogočajo in otežujejo zlorabo tega
instituta. Eden teh vzvodov je tudi javna odgovornost
oblasti in njena odgovornost do volivcev in javnosti.
Primeri, ki jih navedena komisija obravnava, jasno
kažejo na občutljivo ravnovesje med tajnostjo
in javnostjo, ko je treba demokratičnemu načelu
javnosti zadostiti tako, da ni škodljivih posledic
za načelo tajnosti, in da se tančica tajnosti odstre
toliko, da se ob spoštovanju načela tajnosti zadosti
načelo javnosti. Tajnost je torej kompleksen pojav, ki
vključuje pravico države do zasebnosti in varovanja
svojih tajnosti.
32
Some of the topics discussed by the aforementioned
Commission include electronic commerce with
classified information, an assessment of the possible
adverse effects in the event of the disclosure of
classified information to unauthorised person(s),
the archiving of classified information, the corporate
design identity of classified information, and the
appropriateness of introducing a possible additional
classified information category, amongst others.
In addition, optimum solutions regarding the handling
of classified information in court proceedings were
sought at working meetings held with other relevant
authorities.
3.2.2
Registry system for EU and NATO
classified information
The handling of NATO and EU classified information
required the adoption of the Instructions for Handling
NATO and EU Classified Information. Relevant
procedures have been harmonised with NATO and
EU regulations on classified information, as well
as with national legislation which, in certain areas,
provides for even stricter standards of protection than
the minimum prescribed. The essence of the registry
system is to ensure the traceability of classified
information from the moment it is received until it is
destroyed or archived.
The registry system for handling EU and NATO
classified information has been properly put in
place, and operates in compliance with the relevant
regulations. The registry system for handling EU
classified information comprises the central registry
established at the Ministry of Foreign Affairs and
ten sub-registries set up at various other ministries.
The registry system for handling NATO classified
information comprises the central registry established
at the Ministry of Defence plus thirteen sub-registries
and three control points set up at different locations.
3.2.3
Government Commission for
Assessing the Legitimacy of the
Prevailing Public Interest in the
Disclosure of Secret Classified
Information
The Commission for Assessing the Legitimacy of
the Prevailing Public Interest in the Disclosure of
Secret Classified Information considers relevant
requests for the disclosure of classified information
and, based on an examination of any possible
adverse effects, assesses the importance of and
the interest in disclosing the information or keeping
it secret. The Commission is led by the UVTP and
brings together representatives of the Ministry of
Defence, Ministry of the Interior, Ministry of Foreign
10 let Urada RS za varovanje tajnih podatkov
Slika 8: Simbolična tehtnica interesa tajnosti in
interesa javnosti
Figure 8: Scales symbolising the weighing up of
secrecy interests against the public interest
Velikokrat so državni organi in pooblaščene osebe
soočeni z dilemo, ali neki podatek pomeni tajnost,
in če jo, katere stopnje naj bo. Zato se zgodi, da
imajo oznako tajnosti podatki, ki naj bi dejansko
ne bili tajni, ker ne zadoščajo predpisanim merilom
tajnosti. Ocena možnih škodljivih posledic je zato
pomemben dokument, v katerem je treba pisno
pojasniti, kateri podatek se dejansko stopnjuje in
razloge za stopnjevanje ter oceniti, kakšna škoda
bi lahko dejansko nastala ob morebitnem razkritju
nepooblaščeni osebi.
Affairs and of the Slovenian Intelligence and Security
Agency. It is understandable that in a democratic
society the principle of public interest constitutes an
important right; however, even the most democratic
countries cannot afford absolute transparency in their
operations, since this may make them vulnerable to
undemocratic pressures, unsuccessful and inefficient
and, as a result, a significant threat to democracy. In
order to safeguard secrecy, every country must put
in place mechanisms which protect the privacy of the
state from the public and from existing or potential
rivals. Allowing the state to protect its secrecy requires
the provision of sufficiently strong leverage which is
capable of preventing and hindering the abuse of this
institute. One such lever is the public responsibility of
the authorities in power and their responsibilities to
the voters and the public.
The cases considered by the aforementioned
Commission clearly point to a sensitive equilibrium
between secrecy and publicity when the democratic
principle of public interest has to be satisfied in
such a way that the principle of secrecy can suffer
no adverse effects and that the veil of secrecy is
drawn back only to the extent allowing the principle
of public interest to get proper satisfaction. Secrecy
is a complex phenomenon which includes the right of
a state to privacy and to protect its secrets.
State authorities and authorised persons are often
faced with a dilemma as to whether some piece of
information should be classified and – in the event
of an affirmative answer – what classification level it
should be allocated. As a result, certain information
may be classified, despite not requiring classification,
since it does not satisfy the statutory material criteria
of secrecy. Therefore, an assessment of the possible
adverse effects is a very important document wherein
it is necessary to explain in writing which item of
information is actually graded, including the reasons
for its grading, and to assess the damage that would
result from its eventual disclosure to an unauthorised
person.
10 years of Government Office for The Protection of Classified Information (NSA)
33
3.3 Fizična varnost
3.3 Physical security
Fizična varnost je pomemben element celotnega
sistema varovanja tajnih in drugih pomembnih
podatkov. Njen glavni cilj je odvrniti, preprečiti in/
ali odkriti nepooblaščene dostope do prostorov
in predmetov, ki jih želimo zavarovati. Sistem
fizične varnosti je sestavljen iz organizacijskih,
varnostnotehničnih in mehanskih ukrepov ter
postopkov in ukrepov fizičnega varovanja ali
varovanja, ki ga opravljajo za to pooblaščene in
usposobljene osebe. Vsi našteti dejavniki so med
seboj tesno povezani, zato je učinkovitost celotnega
sistema fizične varnosti odvisna od učinkovitosti
njegovih posameznih elementov.
Physical security is an important element in the entire
system of the protection of classified and other relevant
information. Its main objective is the dissuasion,
prevention and/or detection of unauthorised access
to premises and items requiring protection. The
physical security system consists of organisational,
security-technical and mechanical measures and
procedures, and of physical protection or protectionrelated measures performed by duly authorised and
qualified personnel. All the above stated factors are
closely interconnected, what makes the efficiency of
the overall physical security system dependent on
the efficiency of its individual parts.
Slika 9: Element fizičnega varovanja
Figure 9: Physical security component
Fizični varnostni ukrepi predstavljajo zgolj en vidik
varnosti in morajo biti nujno podprti z drugimi elementi
varovanja, kot so: osebna in dokumentacijska varnost
ter varnost informacijskih sistemov, v kombinaciji
s katerimi tvorijo t. i. integralni varnosti sistem. Pri
odločanju o tem, katera stopnja fizične varnosti je
potrebna, da so izpolnjena minimalna varnostna
merila, je treba upoštevati različne dejavnike: stopnjo
tajnosti in vrsto podatkov, ki se varujejo, njihovo
količino, obliko in način hrambe, oceno ogroženosti
in oceno tveganja ter stopnjo varnostne kulture pri
zaposlenih.
Physical security measures constitute only one of
the security aspects and must have the inevitable
support of other protection-related elements such
as personnel and documentation security and the
security of information systems, which, in combination
with the former, constitute the integrated security
system. When deciding on the degree of physical
security required to ensure compliance with the
minimum rules on security, the following should be
taken into account: the classification level and type of
classified information, its volume, form and method
of storage, management of threats and risks, and the
employees' awareness of security culture.
Fizični ukrepi varovanja morajo biti takšni, da
preprečijo vsakršen prikrit ali nasilen vstop ali
dostop do varovane dobrine s strani zunanjih
vsiljivcev, odvrnejo ali zaznajo zlonamerne aktivnosti
zaposlenih, omogočijo izvajanje načela potrebe po
seznanitvi ter zaznavo in ukrepanje zoper vsakršne
varnostne postopke v najkrajšem možnem času.
Zakonsko predpisani minimalni pogoji, ki veljajo v
Sloveniji in jim mora ustrezati varnostnotehnična
oprema varnostnih območij, so visoki, kar je
neposredno tesno povezano z relativno visokimi
stroški v zvezi z vzpostavitvijo varnostnih območij.
Urad si zato v tesnem sodelovanju s pristojnimi
resorji prizadeva, da bi se v slovensko zakonodajo,
34
Physical security measures must be such so as to
prevent any covert or violent intrusion or access to
protected assets by external intruders; they should
discourage or detect any unauthorised activity by
employees, facilitate the implementation of the needto-know principle, detect and take action against any
actions that pose a threat to security activities in the
shortest time possible.
The statutory minimum conditions applicable in
Slovenia and the security technical equipment
installed in security areas to which they must comply
are high; as a result, this is closely related to the
10 let Urada RS za varovanje tajnih podatkov
ki ureja področje varovanja tajnih podatkov, uvedla
metodologija upravljanja varnostnih tveganj, ki bi
odpravila dosedanjo togo ureditev ter omogočila
večjo prožnost pri izbiri cenovno primernih in hkrati
učinkovitih varnostnih rešitev.
relatively high costs of establishing security areas. For
this reason, the UVTP, in close cooperation with the
relevant sectors, makes efforts to incorporate such a
methodology into national legislation (regulating the
area of classified information protection) for security
risk management, which would eliminate the present
rigid system and allow for more flexibility regarding
the choice of suitable and more cost-effective security
solutions.
10 years of Government Office for The Protection of Classified Information (NSA)
35
3.4 Informacijska varnost
3.4 Information security
Informacijska varnost ima pri sodobnem poslovanju,
kjer je vedno več poslovnih postopkov podprtih z
informacijsko tehnologijo, čedalje pomembnejšo
vlogo, kar velja tudi za državno in celotno javno
upravo. Tu se vsak dan prejme, ustvari, dopolni in
spremeni veliko podatkov, med njimi tudi precejšnje
število tajnih podatkov.
Information security in modern business operations,
where more and more operators use IT technology
support has an ever increasing role; this applies to
both the state and the public administration. Here,
large amounts of information are received, created,
supplemented and amended every day; much of it is
classified information.
Za celovitejše varovanje tajnih podatkov v
komunikacijsko-informacijskih sistemih je vlada
sredi leta 2007 sprejela Uredbo o varovanju tajnih
podatkov v komunikacijsko-informacijskih sistemih.
In mid- 2007, in order to provide for more
comprehensive protection of classified information in
communication-information systems, the Government
adopted the Decree on the protection of classified
information in communication-information systems.
The Decree lays down a system of minimum
standards, procedures and technical measures
corresponding to the classification level of the
information processed in the communicationinformation systems, and prevents the disclosure of
information to unauthorised persons.
Ta uredba določa sistem minimalnih standardov,
postopkov in tehničnih ukrepov, ki ustreza stopnji
tajnosti podatkov, ki se obravnavajo v komunikacijskoinformacijskih sistemih, ter onemogoča njihovo
razkritje nepooblaščenim osebam.
S to uredbo so opredeljeni: postopki varnostne
odobritve za delovanje za komunikacijskoinformacijskega sistema, varovanje ključnih in drugih
sestavin takega sistema, obveščanje o kritičnem
informacijskem varnostnem dogodku, identifikacija
in overitev dostopa uporabnikov v sistem, selekcija
dostopa uporabnikov do podatkov, spremljanje in
nadzor pristopa v sistem, zaščita tajnih podatkov pri
prenosu zunaj varnostnega območja, povezovanje
sistemov ter izvajanje zaščite proti neželenemu
elektromagnetnemu sevanju.
V skladu s sklepom Vlade Republike Slovenije je
UVTP kot krovni nacionalni varnostni organ prevzel
koordinacijsko vlogo varnostnih organov, ki na podlagi
obstoječih normativnih aktov že opravljajo naloge
s področja informacijske varnosti. Tako je UVTP
postal krovno koordinacijsko telo oziroma nacionalni
organ za komunikacijsko varnost (NCSA), nacionalni
organ za zaščito pred neželenim elektromagnetnim
sevanjem (NTA) in nacionalni organ za distribucijo
kriptografskega materiala (NDA). Konkretne naloge
se še naprej opravljajo v okviru posameznih
organov, ki so te naloge opravljali tudi v preteklosti
(organi za potrebe varovanja tajnih podatkov EU so
vzpostavljeni v UVTP, organ za potrebe varovanja
nacionalnih obrambnih TP in TP zveze NATO so
vzpostavljeni v MORS, nekateri resorni organi imajo
za nacionalne potrebe ustanovljene posamezne
organe).
Zaradi lažjega izvajanja naloge so v okviru UVTP
ustanovljene strokovne delovne skupine, v katerih
sporazumno sodelujejo strokovnjaki iz Ministrstva
za notranje zadeve Republike Slovenije – Policije,
Ministrstva za obrambo Republike Slovenije,
Slovenske obveščevalno-varnostne agencije ter
predstavnik UVTP, ki strokovno delovno skupino tudi
vodi.
36
The Decree regulates the procedures relating
to communication-information security system
accreditation, the protection of its most important
and other relevant components, the notification of
critical security events, system user identification
and authentication, the selection of user access to
information, the monitoring and control of access to
the system, the protection of classified information
during transmission outside the security area, the
connection of systems, and carrying out protection
against unintentional compromising emanations.
In accordance with the Government's decision,
the UVTP as an umbrella national security agency
which has assumed the role of coordinator over
security authorities that perform information security
tasks on the basis of existing normative Acts. As a
result, the UVTP became the umbrella coordination
authority, i.e. the National Communications Security
Authority (NCSA), the National TEMPEST Authority
for Protection against Unintentional Compromising
Emanations (NTA) and the National Distribution
Authority for Cryptomaterial (NDA). Specific
tasks continue to be carried out by the individual
authorities that used to perform these tasks in the
past (authorities providing protection for EU classified
information are set up within the UVTP; the authority
for the protection of national defence classified
information and NATO classified information is set up
at the Ministry of Defence; in order to satisfy national
requirements, relevant individual authorities were set
up with some sectoral bodies).
In order to facilitate the implementation of its tasks,
several expert working groups have been set up
within the UVTP; these involve the consensual
participation of experts from the Ministry of the
Interior – Police sector, the Ministry of Defence, the
10 let Urada RS za varovanje tajnih podatkov
UVTP je na podlagi zakona o tajnih podatkih pristojen
za izdajanje in preklic varnostnih dovoljenj za naprave
za prenos, hrambo in obdelavo tujih tajnih podatkov
skladno s sprejetimi mednarodnimi pogodbami.
Slovenian Intelligence and Security Agency and a
representative from the UVTP as head of the expert
working group.
Tako je UVTP od vstopa v zvezo Nato in EU leta
2004 organ za varnostno odobritev (SAA – Security
Accreditation Authority) delovanja komunikacijskoinformacijskih sistemov zveze Nato in EU na teritoriju
Republike Slovenije.
Under the Classified Information Act, the UVTP is
responsible for the issue and revocation of security
certificates relating to the transmission-, storage- and
processing equipment used with foreign classified
information, in accordance with the international
agreements concluded.
Varnostna
odobritev
prvih
komunikacijskoinformacijskih sistemov zveze Nato v Republiki
Sloveniji je bila izvedena leta 2004. Istega leta je bila
pripravljena tudi zahtevana varnostna dokumentacija
za prve komunikacijsko-informacijske sisteme EU.
Since its accession to NATO and the EU in 2004,
the UVTP acts as a national security accreditation
authority (SAA) responsible for the operation of
NATO and EU communication-information systems
in the Republic of Slovenia.
V okviru Nata UVTP dejavno sodeluje v varnostnem
odboru zveze Nato za zagotavljanje informacijske
varnosti ter v posameznih delovnih skupinah s
tega področja (kriptografska zaščita, kibernetska
obramba ter v odborih za varnostne akreditacije
komunikacijsko-informacijskih sistemov. Sodelujemo
tudi v delu odbora za zagotavljanje informacijske
varnosti in kibernetsko obrambo.
V okviru EU UVTP dejavno sodeluje v delu teles
v okviru Sveta EU, Evropske komisije, evropske
zunanje službe ter posameznih agencij.
3.4.1
Komisija Vlade RS za informacijsko
varnost
Ker je področje informacijske varnost zelo široko in
ga je nemogoče opredeliti zgolj v enem dokumentu
– treba je pripraviti posamezna izvedbena navodila
in priporočila –, je vlada ustanovila komisijo za
informacijsko varnost. Sestavljajo jo strokovnjaki iz
ministrstva za javno upravo, ministrstva za notranje
zadeve, ministrstva za obrambo, ministrstva za
zunanje zadeve, Slovenske obveščevalno-varnostne
agencije in UVTP, katerega predstavnik komisijo tudi
vodi. Delo komisije ureja poslovnik, h kateremu da
soglasje Vlada Republike Slovenije.
Naloge komisije so priprava tehničnih in normativnih
rešitev za varovanje tajnih podatkov v komunikacijskoinformacijskih sistemi, določanje primernih načinov
in postopkov za identifikacijo in overitev dostopa
uporabnikov v komunikacijsko-informacijske sisteme,
potrjevanje šifrirnih sistemov, ki se lahko uporabljajo
v komunikacijsko-informacijskih sistemih, izdelava
zahtev za povezovanje komunikacijsko-informacijskih
sistemov in priprava varnostnih zahtev za izvajanje
zaščite proti neželenemu elektromagnetnemu
sevanju.
Security accreditation for the first NATO
communication-information systems in the Republic
of Slovenia was provided in 2004. That same year,
the security documentation required was drawn up
for the first EU communication-information systems.
The UVTP actively participates in NATO's Security
Committee for information security and in several
other NATO working groups (cryptographic protection,
cyber defence), as well as in committees for the
security accreditation of communication-information
systems. The Office also participates in the work of
the committee responsible for ensuring the provision
of information security and cyber defence.
Within the EU framework, the UVTP plays an active
role in the work of its bodies such as the European
Council, the European Commission, EU external
services, and individual agencies.
3.4.1
Government Commission for IT
Security
IT security is a very broad area which cannot be
defined in a single document and requires the
preparation of separate implementation guidelines
and recommendations. For this purpose, the
Government has established the Commission for IT
Security. The Commission is composed of experts
from the Ministry of Public Administration, the
Ministry of the Interior, the Ministry of Defence, the
Ministry of Foreign Affairs, the Slovenian Intelligence
and Security Agency and the UVTP, whose
representative is also the head of the Commission.
The Commission's work is regulated by its rules
of procedure, which have been approved by the
Government.
The tasks of the Commission are to prepare technical
and regulatory solutions for the protection of classified
information in communication and information
systems, in order to define appropriate methods and
procedures for the identification and authentication
of users prior to their access to information and
10 years of Government Office for The Protection of Classified Information (NSA)
37
3.4.2
Natova delavnica Infosec
Od 28. do 30. januarja 2008 je na Brdu pri Kranju
potekala Natova delavnica INFOSEC, ki sta jo s
pomočjo UVTP organizirala NATO HQ Consultation,
Comand and Control Staff (NHQC3S) in NATO Office
of Security (NOS). Delavnica je bila namenjena
predstavitvi organov INFOSEC, njihovega dela
in nalog, zaščite TEMPEST, postavitve NATO
KIS, postopka varnostne odobritve (akreditacije)
povabljenima državama za članstvo v zvezi Nato –
Albaniji in Hrvaški – ter predstavitvi dobrih praks.
Na delavnici je sodelovalo skoraj 40 udeležencev,
med njimi pet iz Slovenije (UVTP in MORS).
3.4.3
Tempest
V delovno področje UVTP spada tudi usklajevanje
izvajanja ukrepov za zaščito pred neželenim
elektromagnetnim sevanjem v komunikacijskoinformacijskih sistemih, v katerih se obravnavajo
tajni podatki, označeni s stopnjo ZAUPNO ali
višje – govorimo o t. i. zaščiti TEMPEST. Ta zaščita
sistemov je predpisana v Uredbi o varovanju tajnih
podatkov v komunikacijsko-informacijskih sistemih
(Uradni list RS, št. 48/2007, 86/2011) in jo morajo
zagotavljati upravljavci sistemov. Z enako mero
morajo biti zaščiteni nacionalni tajni podatki in tudi
tajni podatki, označeni s primerljivimi mednarodnimi
oznakami istih stopenj.
TEMPEST se pogosto razlaga kot kratica za Transient
Electromagnetic Pulse Emanation Standard, vendar
pa sam izraz TEMPEST ne pomeni le tega in ne
obsega le standardov za zaščito pred neželenim
elektromagnetnim sevanjem. Nanaša se na analize
in raziskave oziroma preučevanje sevanja ter vrste
ukrepov za njegovo zmanjšanje. Neželeno sevanje
je opredeljeno kot sevanje, ki se nenadzorovano
razširja in s tem omogoča nekontrolirano odtekanje
tajnih podatkov.
Prenašajo se namreč signali, ki jih je mogoče prestreči
in analizirati ter s tem razkriti informacije, ki so bile
poslane, prejete ali kako drugače obravnavane z
opremo, ki seva.
Deli sistemov, v katerih se obravnavajo tajni podatki,
se delijo glede na stopnjo zaščite, ki jo dajejo. Stopnje
so označene s črkami A, B ali C, pri čemer A pomeni
največjo zaščito, C pa najnižjo.
Potrebna stopnja zaščite je odvisna od tega, v kakšen
prostor je sistem postavljen, kar pa je povezano s
tem, kako blizu lahko pride potencialni napadalec.
Prostori so označeni z oznakami cona 0, 1 ali 2, pri
čemer cona 0 pomeni, da lahko napadalec pride v
38
communication systems, to certify cryptographic
systems which may be used in communication and
information systems, to define the requirements for
interconnection of communication and information
systems, and to define the security requirements
for protection against unintentional compromising
emanations.
3.4.2
NATO InfoSec workshop
From 28 to 30 January 2008, a NATO InfoSec
workshop was held at Brdo pri Kranju. It was
organised by NATO HQ Consultation, Command
and Control Staff (NHQC3S) and the NATO Office
of Security (NOS) in cooperation with the UVTP. The
purpose of the workshop was to present the InfoSec
bodies, their work and tasks, TEMPEST protection,
NATO CIS deployment, the security accreditation
process for two NATO candidate countries – Albania
and Croatia – and examples of good practice.
The workshop was attended by almost forty
participants, five of whom were from Slovenia (from
the UVTP and the Ministry of Defence).
3.4.3
TEMPEST
The UVTP's area of work includes the coordination
of measures to be taken for protection against
unintentional compromising emanations emitted from
within the communication and information systems
which process information classified CONFIDENTIAL
or higher; it is called TEMPEST protection. Such a
protection system is prescribed in the Decree on the
protection of classified information in communication
and information systems (Ur. l. RS, nos 48/2007
and 86/2011) and must be provided by system
administrators. An equivalent degree of protection
must apply to national classified information and
classified information marked by comparable
international markings of the same classification
levels.
The term TEMPEST is often interpreted as the
abbreviation for Transient Electromagnetic Pulse
Emanation Standard; however, this is not its sole
meaning as it covers more than just the standards
for protection against unintentional compromising
emanations. It refers to analyses, investigations and
studies of compromising emanations and all types
of measures for reducing emanations. Unintentional
compromising emanations are defined as emanations
emitted without control, thereby facilitating the leaking
of classified information.
Emanations are modulated signals which, if
intercepted and analysed, may disclose the
information transmitted, received, handled or
otherwise processed by any communication
equipment.
10 let Urada RS za varovanje tajnih podatkov
Slika 10: Lahki odjemalec SUEDZ
Figure 10: Thin client SUEDZ
neposredno bližino; cona 1, da se lahko napadalec
približa do 20 metrov; cona 2 pa približanje do 100
metrov. Določitev cone je odvisna tudi od uporabljenih
gradbenih materialov, zato je za uvrstitev za vsak
prostor treba izvesti ustrezne meritve.
The parts of the systems which process classified
information are defined with regard to the levels of
protection they provide. The levels are marked with
the letters A, B or C, whereby A indicates the highest
level of protection, while C indicates the lowest.
Te lahko opravljajo delavci ministrstva za obrambo,
Policije,
Slovenske
obveščevalno-varnostne
agencije in drugi organi, ki jih pooblasti komisija za
informacijsko varnost.
The level of protection requirements depends on
the location of the system; this is related to the
assumption of how close the potential attacker may
come. The environments are designated by Zone 0,
1 or 2. In Zone 0 it is assumed that an attacker has
almost immediate access, in Zone 1 it is assumed that
an attacker cannot get closer than about 20 metres,
while in Zone 2 an attacker cannot get closer than
100 m. The definition of the zone depends on the
building materials used; therefore, each environment
can only be defined after appropriate measurements
have been carried out.
Na nacionalni ravni bo na podlagi sklepa vlade in
soglasjem sekretariata Sveta za nacionalno varnost
ustanovljena medresorska strokovna delovna skupina
za izvajanje zaščite pred neželenim elektromagnetnim
sevanjem. V njej bodo sodelovali strokovnjaki z
ministrstva za notranje zadeve (Policije), ministrstva
za obrambo, Slovenske obveščevalno-varnostne
agencije in UVTP.
Vodja te delovne skupine bo delavec UVTP, ta pa
ima že zdaj vlogo in naloge nacionalne avtoritete
TEMPEST — NTA (National TEMPEST Authority).
UVTP sodeluje z državnimi organi in gospodarskimi
subjekti ter organi EU in Nata. V EU je bila za
to področje ustanovljena delovna skupina ITTF
(Implementation Tempest Task Force), katere član je
tudi predstavnik Slovenije, zveza Nato pa to področje
obravnava v agenciji SECAN (Military Committee
Communications Security & Evaluation Agency).
Standardi zaščite so poenoteni v EU in Natu ter
preneseni tudi v slovensko zakonodajo.
3.4.4
Kriptologija
Z razvojem informacijskih tehnologij in s tem
povezanim razvojem obdelave informacij je danes
precej lažje prestreči in spremeniti zapise podatkov.
Prav zato so se v informacijski dobi povečale zahteve
These measurements can be made by employees
of the Ministry of Defence, the Police, the Slovenian
Intelligence and Security Agency and other bodies
authorised by the Commission for IT Security.
At the national level, an inter-ministerial expert
working group for the protection against unintentional
compromising emanations will be set up on the
basis of a decision adopted by the Government
in agreement with the Secretariat of the National
Security Council. The group will be composed of
experts from the Ministry of the Interior (the Police),
the Ministry of Defence, the Slovenian Intelligence
and Security Agency and the UVTP.
The head of the working group will be an employee
from the UVTP who has already been performing the
role and tasks of the National TEMPEST Authority.
The UVTP cooperates with national bodies and
economic operators as well as with EU and NATO
10 years of Government Office for The Protection of Classified Information (NSA)
39
Slika 11: Shematski prikaz delovanja simetričnega
kriptosistema za pošiljanje zaupnih sporočil, kjer
pošiljatelj in prejemnik uporabljata isti tajni ključ.
po varnosti. Poleg običajnih ukrepov računalniške
varnosti (npr. vstopno uporabniško ime in pripadajoče
geslo, protivirusni programi in programske ali strojne
požarne pregrade) je v današnji družbi uporaba
kriptografije ključna, če že ne nujna za zagotavljanje
varnega delovanja komunikacijsko-informacijskih
sistemov. Temeljni gradniki računalniške varnosti, ki
so za posameznega uporabnika popolnoma nevidni,
so večinoma izjemno zapleteni kriptografski algoritmi
in protokoli. Kriptografija zaradi svoje prilagodljivosti
digitalnim medijem omogoča najvišjo stopnjo varnosti
v primerjavi z alternativnimi metodami, če je seveda
pravilno uporabljena. Glede na svoj strateški pomen in
občutljivost je bila kriptografija zgodovinsko gledano
v domeni državnih obveščevalnih in tajnih služb
ter vojaških organizacij. Nemalokrat je tudi vplivala
na potek zgodovine, saj je razkritje pomembnih
zašifriranih informacij velikokrat določalo nadaljnji
tok dogodkov.
Figure 11: Schematic presentation of the operation
of a symmetric cryptographic system for transmitting
secret messages, whereby the message sender and
recipient use the same secret key.
authorities. In the European Union, an Implementation
TEMPEST Task Force (ITTF) has been established for
this purpose, a member of which is a representative
from Slovenia, while NATO deals with this area within
the Military Committee Communications Security &
Evaluation Agency (SECAN). The EU and NATO
have uniform protection standards that have also
been transposed into Slovenian legislation.
3.4.4
Cryptography
Primer klasičnega kriptosistema je sistem, v katerem
se uporablja en ključ, ki je poznan samo uporabnikom
komunikacije in mora biti zato varovan ter hranjen
v strogi tajnosti. Kriptosisteme s tajnimi ključi
imenujemo tudi simetrični kriptosistemi ali simetrične
šifre. Scenarij delovanja simetričnega kriptosistema
je prikazan na sliki 11.
The development of information technology and the
related data processing development have made
it easier to intercept and reconstruct data records.
The information age therefore calls for a higher
level of security. Apart from the ordinary computer
security measures used in today's society (e.g.
the entry of user names and passwords, anti-virus
programmes and software or hardware firewalls),
the use of cryptography is of key importance; if not
as urgent, in order to ensure the safe operation of
the communication and information systems. The
basic components of computer security, which
are entirely unknown by the typical layperson, are
usually extremely complex cryptographic algorithms
and protocols. On account of its adaptability to
Slika 12: Shematski prikaz operacije seštevanja točk
na eliptični krivulji.
Figure 12: Schematic presentation of the addition of
points on the elliptic curve
40
10 let Urada RS za varovanje tajnih podatkov
Slabost simetričnih kriptosistemov je v tem, da je
potreben dodaten varen kanal, po katerem se ključ
pošlje uporabnikom. To bi bila v današnjem času zelo
velika ovira, zato so se že pred časom pojavile želje/
ideje po rešitvi tega problema. Iskal se je način, po
katerem bi lahko obvestili uporabnike o ključu brez
uporabe varnega kanala. Problem se je rešil z vpeljavo
koncepta kriptografije javnih ključev. Prva realizacija
je bila zasnovana na problemu faktorizacije, kar je
izjemno težko izračunljiv matematičen problem.
V zadnjih desetletjih pa se vse bolj uporabljajo
kriptosistemi z eliptičnimi krivuljami. Na sliki 10 je
prikazana operacija seštevanja točk na eliptični
krivulji, ki se uporablja v takih kriptosistemih.
Po slovenski zakonodaji je dovoljeno hraniti,
obravnavati ter prenašati tajne podatke v upravnem
oziroma v varnostnem območju organa. Izven
upravnega oziroma varnostnega območja organa je
dovoljeno prenašati tajne podatke po akreditiranih
sistemih, vendar le v šifrirni obliki. Nadalje, izmed
šifrirnih rešitev je za namene prenašanja tajnih
podatkov po akreditiranih sistemih dovoljeno
uporabljati le tiste šifrirne rešitve, ki jih odobri komisija
za informacijsko varnost ali drug zakonsko določen
organ, ter izda UVTP ali drug zakonsko določen organ.
Ob izdaji potrdila so izdane tudi odobrene minimalne
varnostne zahteve za označevanje, distribucijo in
uporabo. Šifrirne rešitve so šifrirna oprema (strojna in
programska) ter sistemi, ki se uporabljajo za šifrirno
varovanje podatkov v komunikacijsko-informacijskih
sistemih, v katerih se obravnavajo tajni podatki. Med
šifrirne rešitve spadajo tudi vsi moduli (sklopi), ki so
vgrajeni v posamezne dele sistemov in namenjeni
šifrirnemu varovanju podatkov.
3.4.4.1 Medresorska strokovna delovna
skupina za komunikacijsko varnost
Šifrirno ovrednotenje oziroma akreditacija šifrirne
rešitve je postopek, v katerem se ugotovi primernost
predlagane šifrirne rešitve za varovanje tajnih
podatkov določene stopnje tajnosti. Za opravljanje
akreditacij šifrirnih rešitev je UVTP na podlagi
sklepa Vlade RS, soglasja Sekretariata Sveta za
nacionalno varnost ter v soglasju z ministrstvom za
notranje zadeve (Policijo), v soglasju z ministrstvom
za obrambo in v soglasju s Slovensko obveščevalnovarnostno agencijo ustanovil medresorsko strokovno
delovno skupino za komunikacijsko varnost (MDS
KV) v aprilu 2011.
Skupino MDS KV sestavljajo predstavniki ministrstva
za obrambo, ministrstva za notranje zadeve (Policije),
Slovenske obveščevalno-varnostne agencije in
UVTP.
Naloge skupine MDS KV so: vrednotenje šifrirnih
rešitev skladno z Navodilom o postopku odobritve
digital media, cryptography provides for the highest
degree of security if compared to other methods. It
must, however, be properly used. With regard to its
strategic importance and sensitivity, cryptography
has been throughout history in the domain of national
security and intelligence services and military
organisations. It has also had a significant impact
on the course of history because the disclosure of
important encrypted information often affected the
future course of events.
An example of a classic cryptographic system is a
system using a single encryption key which is known
only to communication users and must therefore
be protected and kept completely confidential.
Cryptographic systems with secret keys are
also called symmetric cryptographic systems or
symmetric ciphers. The scenario for the operation of
a cryptographic system is shown in Figure 11.
The weakness of symmetric cryptographic systems is
that they require an additional safe channel through
which the key is sent to the users. Today, this would
represent a major hindrance; therefore, some time
ago, the need and resulting ideas materialised to
resolve this problem. Efforts were made to find a way
in which users could be informed of the key without
using a safe channel. The problem was resolved by
introducing the concept of public key cryptography.
The implementation of this concept was, at first, based
on the factorisation problem, which is a very difficult
maths problem. However, in recent decades, elliptic
curve cryptographic systems have been increasingly
used. Figure 10 shows an arithmetic operation – the
addition of points on the elliptic curve – which is used
in such cryptographic systems.
According to Slovenian legislation, classified
information may be stored, processed and
transmitted in the administrative and security area of
a government authority. Outside this area, classified
information may only be transmitted via systems
accredited for processing classified information, but
only in encrypted form. Moreover, for the transmission
of classified information via accredited systems, only
those cryptographic solutions may be used which
have been approved by the Commission for IT
Security or another body determined by the law, and
issued by the UVTP, or another body determined by
law. When a certificate is issued, approved minimum
security requirements for markings, distribution and
application must also be issued. Cryptographic
solutions include cryptographic equipment (hardware
and software) and systems used for cryptographic
information protection in the communication and
information systems where classified information
is processed. Cryptographic solutions also include
all the modules (assemblies) incorporated in the
separate system parts and intended for cryptographic
information protection.
10 years of Government Office for The Protection of Classified Information (NSA)
41
uporabe šifrirnih rešitev v Republiki Sloveniji št. 02201/2010/61 z dne 7. 12. 2010, neposredno sodelovanje
pri razvoju kriptografskih rešitev, vodenje evidence
ter pregledovanja potrjenih kriptografskih rešitev,
zagotavljanje učinkovitega in pravilnega izbora,
uvajanja, upravljanja ter vzdrževanja kriptografskih
rešitev, postavljanje nacionalnih standardnih
kriptografskih primitivov, izvajanje nadzora nad
tehničnimi informacijami v zvezi s kriptografskimi
rešitvami zveze Nata in EU, ki se uporabljajo za
obravnavanje nacionalnih tajnih podatkov ter tajnih
podatkov Nata in EU v nacionalnih komunikacijskoinformacijskih sistemih, sodelovanje s sorodnimi
organi v Sloveniji ter v drugih državah in mednarodnih
organizacijah, ki so odgovorni za komunikacijsko
varnost ter s tem povezanimi področji informacijske
varnosti ter druge naloge s področja komunikacijske
varnosti.
3.4.5
EU NDA – nacionalni organ
Evropske unije za razdeljevanje
kriptografskega materiala (CM)
NDA je sestavni del informacijske varnosti,
neposredno podrejen vodji informacijske varnosti pri
nacionalnem varnostnem organu.
Osnovna naloga: upravljanje in zagotavljanje
pravilnega ravnanja s kriptografskim materialom
EU in s tem povezanimi nalogami prevzemanja,
evidentiranja, shranjevanja, uničevanja, rokovanja,
razdeljevanja, sledenja, reševanja kriptografskih
incidentov in izobraževanja uporabnikov.
Učinkovito delovanje NDA je povezano z vsaj tremi
do štirimi osebami: vodjo NDA, kriptografskim
skrbnikom, njegovim namestnikom in inženirjem
za komunikacijsko varnost. Naloge so razdeljene
glede na področje delovanja: za varovanje in nadzor
NDA skrbi vodja NDA, naloge, povezane s samim
kriptomaterialom, prevzame kriptografski skrbnik
ali njegov namestnik, inženir za komunikacijsko
varnost pa pripravi vse potrebne postopke za delo
s kriptomaterialom ter druge, povezane in soodvisne
postopke.
Delovanje je nujno hierarhično, saj se tako zagotavlja
optimalna razdelitev dela in nalog. Povezano je
predvsem s sprotnim in natančnim ter doslednim
delom pri ravnanju s kriptomaterialom v vseh
mogočih oblikah. NDA sodeluje z organi v EU (zlasti
s področja kriptografije) in tudi znotraj Republike
Slovenije (končni uporabniki kriptomateriala).
3.4.4.1 Inter-Ministerial Expert Working Group for
Communication Security
Cryptographic evaluation or the approval of a
cryptographic solution is a procedure used to
determine the adequacy of a proposed cryptographic
solution for the protection of classified information at
a specific level of classification. In April 2011, the
UVTP established – on the basis of a decision by
the Government of the Republic of Slovenia and
in agreement with the Secretariat of the National
Security Council, the Ministry of the Interior (the
Police), the Ministry of Defence and the Slovenian
Intelligence and Security Agency – the InterMinisterial Expert Working Group for Communication
Security, which took over responsibility for the
approval of cryptographic solutions. It is composed
of representatives of the Ministry of Defence, the
Ministry of the Interior (Police), the Slovenian
Intelligence and Security Agency and the UVTP.
The tasks of the Inter-Ministerial Expert Working
Group for Communication Security are as follows: to
evaluate cryptographic solutions in accordance with
the Instructions on the approval procedure for the use
of cryptographic solutions in the Republic of Slovenia,
no. 0220-1/2010/61 of 7 December 2010; to directly
participate in the development of cryptographic
solutions, to keep records of and examine approved
cryptographic solutions, to provide an effective and
correct selection, to introduce, manage and maintain
cryptographic solutions, to set international standards
for cryptographic primitives, to carry out supervision
over technical information related to NATO and EU
cryptographic solutions being used for the processing
of national classified information, and NATO and EU
classified information in national communication and
information systems, to cooperate with related bodies
in Slovenia and other countries and the international
organisations responsible for communication security
and for similar IT security areas, and to carry out
other tasks in the area of communication security.
3.4.5
EU NDA – National Crypto Distribution
Authority
The NDA constitutes an integral part of IT security,
directly subordinate to the head responsible for IT
security at the NSA.
The basic task of the NDA is to manage and provide
for the correct handling of EU cryptomaterial and to
carry out related tasks, including the take-over, record
keeping, storage, destruction, handling, distribution
and tracking of material, to resolve cryptographic
incidents, and to provide training for users.
The NDA must involve at least the following three
or four persons to be able to operate effectively: the
42
10 let Urada RS za varovanje tajnih podatkov
head of the NDA, a crypto custodian, an alternate
crypto custodian and a communications security
officer. With regard to its area of operation, its tasks
are distributed as follows: the head of the NDA is
responsible for the protection and supervision of the
NDA, the crypto custodian and the alternate crypto
custodian are responsible for the crypto material,
while the communications security officer is in charge
of preparing all the procedures required for work
with the cryptomaterial, and for interconnectivity and
interdependency.
Their operations must be organised hierarchically in
order to provide for the optimum distribution of work
and tasks. This mainly refers to continuous, accurate
and consistent work related to cryptomaterial in all
its possible forms. The NDA cooperates with EU
authorities (particularly in the area of cryptography)
and also with the authorities in Slovenia (final users
of the cryptomaterial).
10 years of Government Office for The Protection of Classified Information (NSA)
43
3.5 Industrijska varnost
3.5 Industrial security
Pojem industrijska varnost v ožjem smislu zajema
zagotavljanje varnostnih postopkov in ukrepov,
potrebnih za doseganje ustrezne ravni varnosti tajnih
podatkov, ki jih država izmenjuje z gospodarskimi
družbami. Gre za vzpostavitev takega sistema
varovanja, ki učinkovito preprečuje nepooblaščeno
razkritje, uničenje, odtujitev, spreminjanje ali kakršno
koli drugačno zlorabo tajnih podatkov, opreme,
objektov oziroma kakršnega koli premoženja, ki
ga želi država zavarovati. Področje industrijske
varnosti je multidisciplinarno, saj prepleta elemente s
področja osebne, fizične, tehnične, dokumentacijske
in informacijske varnosti. Za doseganje ustrezne
ravni varovanja tajnih podatkov so zato potrebni
organizacijski, administrativni in drugi postopki, ki
omogočajo celostno oziroma integralno varovanje. V
širšem smislu lahko pri industrijski varnosti govorimo
tudi o sposobnosti države, da vzpostavi ustrezno
ravnovesje med zaščito lastnih gospodarskih,
političnih ali varnostnih interesov ob hkratnem
spodbujanju gospodarske konkurenčnosti.
In its narrowest sense, the term industrial security
means the provision of security procedures and
measures required to achieve the relevant levels
of protection of classified information exchanged
between the state and companies. It involves the
introduction of a security system which effectively
prevents the unauthorised disclosure, destruction,
misappropriation, modification or any other misuse
of classified information, equipment, facilities, or any
kind of property the state wishes to protect. Industrial
security is a multidisciplinary area integrating elements
of personal, physical, technical, documentation and
IT security. In order to achieve a relevant level of
protection of classified information, organisational,
administrative and other procedures are required to
provide for comprehensive and integrated security.
In its broader sense, industrial security can also
be understood as the ability of the state to strike
an adequate balance between protecting its own
economic, political and security interests and, at the
same time, promote economic growth.
Da lahko neka gospodarska družba dostopa do tajnih
podatkov, katerih lastnik je Republika Slovenija,
mora pridobiti ustrezno varnostno dovoljenje.
Varnostno dovoljenje je administrativna potrditev,
da gospodarska družba izpolnjuje pogoje za varno
obravnavanje tajnih podatkov od najnižje do vključno
tiste stopnje tajnosti, do katere ji je bilo varnostno
dovoljenje izdano. V zadnjih nekaj letih je na tem
A company may be given access to classified
information owned by the Republic of Slovenia if
it obtains appropriate facility security clearance.
Facility security clearance means an administrative
determination that a company fulfils the conditions
for the safe handling of classified information of the
lowest classification level up to the same classification
level as the clearance being granted. In recent years,
Slika 13: Predstavitev podjetja na konferenci MISWG
2010
Figure 13: Presentation of a company at the MISWG
2010 Conference
44
10 let Urada RS za varovanje tajnih podatkov
področju opazen znaten premik oziroma vedno večje
število gospodarskih subjektov, ki so v možnosti
sodelovanja v projektih, ki zahtevajo ali vključujejo
dostop do tajnih podatkov, prepoznali poslovno
priložnost. V Sloveniji je danes tako že skoraj dvesto
gospodarskih družb z varnostnimi dovoljenji, ki jim
omogočajo sodelovanje pri tajnih naročilih.
Posedovanje varnostnega dovoljenja gospodarski
družbi odpira tudi možnost sklepanja komercialnih
pogodb, katerih izvedba pogojuje dostop do tajnih
podatkov, z gospodarskimi družbami drugih držav,
pri čemer pa je temeljnega pomena pogoj, da ima
Republika Slovenija z zadevno državo sklenjen in
veljaven varnostni sporazum.
Dvostransko sodelovanje in meddržavni dogovori
o vzajemnem varovanju tajnih podatkov so ena
od pomembnih vlog nacionalnega varnostnega
organa, katerega naloge opravlja Urad Vlade RS
za varovanje tajnih podatkov. Število gospodarskih
družb s pridobljenimi varnostnimi dovoljenji za dostop
do tujih tajnih podatkov vsako leto narašča, vendar
številka še zdaleč ne kaže dejanske konkurenčnosti
slovenskega gospodarstva. Urad si zato v
sodelovanju s pristojnimi resorji zelo prizadeva, da
bi gospodarske družbe spodbudil k pridobivanju teh
dovoljenj. S pridobljenim varnostnim dovoljenjem
za dostop do tujih tajnih podatkov se gospodarskim
družbam namreč odprejo tudi vrata za sodelovanje v
razpisih zveze Nato in Evropske unije.
Zaradi nenehno spreminjajočega se globalnega
varnostnega okolja je področje industrijske varnosti
eno najbolj razvijajočih se in intenzivnih področij
delovanja in sodelovanja nacionalnih varnostih
organov, hkrati pa se na tem področju vsake
spremembe tudi najhitreje pokažejo. Prožnost in
prilagodljivost vseh sodelujočih sta zato izjemnega
pomena. Zaradi usklajevanja dejavnosti, razreševanja
odprtih vprašanj in sprejemanja usmeritev na področju
industrijske varnosti se pristojni organi na nacionalni
in mednarodni ravni povezujejo v različne oblike
sodelovanja. Na nacionalni ravni je treba omeniti
medresorsko projektno skupino za industrijsko in
fizično varnost, v kateri sodelujejo predstavniki
različnih resorjev, ki so vključeni v proces industrijske
varnosti, na mednarodni ravni pa je poleg delovnih
odborov in teles EU in Nata, ki ustvarjajo varnostno
politiko tega področja, treba omeniti delovanje
skupine MISWG.
Danes so za prepoznavanje raznih vrst ogroženosti
in obvladovanje tveganj potrebna specifična znanja.
Da bi UVTP dvignil raven varovanja tajnih podatkov
in spodbudil razmišljanja o pomenu krepitve
varnostne ozaveščenosti, je leta 2009 začel posebna
usposabljanja vodilnih in za varnost odgovornih oseb
iz gospodarskih družb z varnostnim dovoljenjem.
significant progress has been observed in this area
and the number of economic operators who have
found a business opportunity in participating in
projects requiring and involving access to classified
information has also increased. Today, there are
almost 200 companies in Slovenia that have obtained
facility security clearance, which enables them to
participate in security procurements.
A company in possession of facility security
clearance also has an opportunity to sign commercial
contracts with companies from other countries,
the implementation of which requires access to
classified information; the precondition is, however,
that Slovenia has signed a security agreement with
the country in question and that the agreement is in
force.
Bilateral cooperation and interstate agreements on
the mutual protection of classified information are
among the most important NSA tasks performed
by the UVTP. The number of companies who were
granted facility security clearances for access to
foreign classified information is increasing every year;
however, the overall number is far from reflecting the
actual competitiveness of the Slovenian economy.
For this reason, the UVTP is making every effort
– in cooperation with the relevant ministries – to
encourage companies to acquire these clearances.
By being granted facility security clearances for
access to foreign classified information, companies
may also get the opportunity to participate in NATO
and EU tenders.
Owing to the constantly changing global security
environment, industrial security has become one
of the most rapidly developing and intensive areas
of operation and cooperation between national
security authorities; it is also an area in which every
change can be observed immediately. Flexibility and
the adaptability of everyone involved are therefore
two extremely important elements. The competent
authorities at the national and international levels
have entered into various forms of cooperation in
order to coordinate their activities, resolve open issues
and adopt guidelines relating to industrial security.
At the national level, the Inter-Ministerial Project
Group for Industrial and Physical Security should be
mentioned, which consists of representatives from
different ministries who are involved in the industrial
security process, while at the international level, the
most important authorities are EU and NATO working
committees and bodies developing security policies
in this area, and the MISWG.
Today, specific knowledge is required for the
identification of different types of threats and
risk management. In 2009, the UVTP introduced
special training programmes in order to improve the
level of protection of classified information and to
10 years of Government Office for The Protection of Classified Information (NSA)
45
Poleg krepitve vezi med državo in gospodarskih
sektorjem, ki je na področju varnosti tajnih podatkov
ključnega pomena, je glavni namen takega
usposabljanja približanje razumevanja koncepta
varovanja vitalnih državnih interesov subjektom, ki
se v procesu svojega delovanja srečujejo s tajnimi
podatki. Poleg tega naj bi udeleženci navedenega
usposabljanja pridobili tudi boljšo ozaveščenost o
zaščiti lastnega znanja, inovacij in idej. Na tak način
urad neposredno prispeva k zaščiti konkurenčnosti
slovenskega gospodarstva, posredno pa k njegovi
hitrejši gospodarski rasti in razvoju.
3.5.1
Medresorska projektna skupina za
industrijsko in fizično varnost
Na pobudo in poziv UVTP je bila leta 2008 ustanovljena
medresorska projektna skupina za industrijsko
varnost. Z novim sklepom o imenovanju leta 2012 je
bila nazivu dodana tudi obveznost obravnave fizične
varnosti. Poleg UVTP jo sestavljajo predstavniki
ministrstva za notranje zadeve, obrambo, finance
– Carinske uprave Republike Slovenije, ministrstva
za gospodarstvo, za zunanje zadeve in Slovenske
obveščevalno-varnostne agencije. Pri oblikovanju
in usklajevanju določenih strokovnih vsebin, ki se
nanašajo na področje industrijske in fizične varnosti,
lahko pri delu komisije po odločitvi vodje delovne
skupine sodelujejo tudi predstavniki drugih državnih
organov in strokovnjaki s posameznih področij.
Osnovne naloge projektne skupine na začetku
delovanja so bile izdelava skrajšane in popolne
izdaje priročnika o industrijski varnosti, poenotenje
postopkov in uporabljenih standardov pri izdajanju
varnostnih dovoljenj organizacijam pri vseh organih,
proučevanje in dajanje predlogov rešitev pri novih
problemskih situacijah, povezanih z industrijsko
varnostjo, priprava letnih poročil o industrijski
varnosti v Sloveniji za MISWG in priprava vsebinskih
podlag za organizacijo konference MISWG, ki je leta
2010 potekala v Sloveniji. Pri aktualiziranju nalog
smo letos črtali zadnjo alinejo, dodali pa obveznost
priprave predlogov sprememb predpisov s področja
obravnavanja in varovanja tajnih podatkov, ki
vključujejo področje industrijske in fizične varnosti.
Za obravnavo ožjega specifičnega področja v okviru
svojih nalog lahko medresorska projektna skupina
oblikuje podskupino, ki o svojih ugotovitvah in sklepih
poroča medresorski delovni skupini.
46
encourage people to raise their security awareness.
The programmes are intended for key management
personnel and the persons responsible for security
in companies which possess facility security
clearances.
The main purpose of the training is not only to
strengthen ties between the state and the economic
sector, which is crucial in the area of protection of
classified information, but also to make the concept of
protecting vital state interests more understandable to
those entities that come across classified information
in their working processes. The training participants
should also be better aware of the need to protect
their own knowledge, innovations and ideas. In this
way, the UVTP directly contributes to protecting the
competitiveness of the Slovenian economy, while
indirectly also contributing to faster economic growth
and development.
3.5.1
Inter-Ministerial Project Group for
Industrial and Physical Security
At the initiative and upon the request of the UVTP, the
Inter-Ministerial Project Group for Industrial Security
was established in 2008. On the basis of the new
decision on the appointment adopted in 2012, the
project group also took over the obligation of dealing
with physical security and was therefore renamed
the Inter-Ministerial Project Group for Industrial and
Physical Security. Apart from the representatives of
the UVTP, the project group involves representatives
from the Ministry of the Interior, the Ministry of
Defence, the Ministry of Finance (the Customs
Administration of the Republic of Slovenia), the
Ministry of the Economy, the Ministry of Foreign
Affairs and the Slovenian Intelligence and Security
Agency. In the development and coordination of
certain professional contents which refer to industrial
and physical security, the representatives of other
state authorities and experts for individual areas may
also participate in the work of the Commission, but
only subject to the approval of the head of the project
group.
At the beginning of its operation, the basic tasks of the
project group were to draw up a full- and short-form
version of an industrial security manual, to introduce
uniform procedures and applicable standards to
be used by every authority issuing facility security
clearances to organisations, to examine and submit
proposals for solutions in new critical situations
related to industrial security, to prepare annual
reports on industrial security in Slovenia for the
MISWG and to prepare substantive bases for the
organisation of the MISWG Conference, which took
place in Slovenia in 2010. In the process of updating
the tasks, the obligation of preparing substantive
bases for the organisation of the Conference was
10 let Urada RS za varovanje tajnih podatkov
replaced by the obligation to prepare proposals
for amendments to regulations which refer to the
handling and protection of classified information,
including the area of industrial and physical security.
The Inter-Ministerial Project Group may also establish
a subgroup to deal with more specific areas within its
tasks; the subgroup shall be obliged to report to the
inter-ministerial project group.
10 years of Government Office for The Protection of Classified Information (NSA)
47
3.6 Usposabljanje
3.6 Training
UVTP skladno z Zakonom o tajnih podatkih in
Uredbo o varnostnem preverjanju in izdaji dovoljenj
za dostop do tajnih podatkov organizira in izvaja
osnovna usposabljanja s področja obravnavanja
in varovanja tajnih podatkov za osebe, ki tovrstno
usposabljanje potrebujejo.
Pursuant to the Classified Information Act and the
Decree on the vetting and issuing of personal security
clearances, the UVTP organises and carries out
basic training for handling and protecting classified
information which is intended for persons who need
this kind of training to perform their work.
Zaprosila za izvedbo usposabljanja ali prijave na
usposabljanje se pošljejo na uradni elektronski
naslov UVTP: gp.uvtp(at)gov.si.
Requests for the performance of training and
applications for training are to be sent to the official
email address of the UVTP: [email protected].
Prav tako urad izvaja izobraževanja, katerih vsebina
je namenjena osebam, ki v organih in organizacijah
(4. točka prvega odstavka 35. b člena ZTP) izvajajo
izobraževanje in prenašajo ustrezno znanje s področja
obravnavanja tajnih podatkov na druge osebe. Namen
tovrstnega usposabljanja je udeležencem predstaviti
integralni sistem obravnavanja tajnih podatkov ter
spodbuditi razmišljanje o pomenu krepitve varnostne
ozaveščenosti zaposlenih, da bi zagotovili čim
višjo raven zaščite nacionalnih interesov Republike
Slovenije,
tako da bodo udeleženci v svojih
delovnih okoljih uspešno prenašali tovrstno znanje
sodelavcem.
The UVTP also carries out training programmes,
the contents of which are intended for persons who
provide training in authorities and organisations and
transfer the knowledge related to the handling of
classified information to other persons. The purpose
of such training programmes is to present to the
participants an integral system of handling classified
information and to encourage them to develop their
viewpoint on the importance of strengthening security
awareness of the employees. By transferring their
knowledge successfully to their colleagues in their
working environments, the training participants can
also provide the highest possible level of protection
of Slovenia's national interests.
Osnovno in dodatno usposabljanje lahko v organih in
organizacijah izvajajo osebe ali organizacijske enote,
ki jih določi predstojnik. Praviloma naj usposabljanje
opravljajo osebe, ki imajo ustrezna predznanja
s področja varnostnih ved in dejansko izvajajo
naloge s področja obravnavanja tajnih podatkov, kar
In authorities and organisations, basic and advanced
training may be carried out by persons or organisation
units appointed by the head of an authority or
organisation. As a rule, training should be carried out
by persons who have adequate prior knowledge of
Slika 14: Usposabljanje o tjnih podatkih
Figure 14:Classified IT security training
48
10 let Urada RS za varovanje tajnih podatkov
predstavlja neposreden prenos znanja in izkušenj
drugim.
Neposredni izvajalci usposabljanja so lahko
strokovnjaki s področja obravnavanja tajnih podatkov,
ki jih za izvedbo usposabljanja določi predstojnik (prvi
odstavek 23. člena Uredbe o varnostnem preverjanju
in izdaji dovoljenj za dostop do tajnih podatkov).
Vsebina usposabljanja naj bo prilagojena sistemu
obravnavanja in varovanja tajnih podatkov v organu/
organizaciji ter udeležencem in njihovim potrebam v
zvezi z obravnavanjem tajnih podatkov.
Izvajalci usposabljanj (organi/organizacije) izdajo
udeležencem po usposabljanju potrdilo/dokazilo
o udeležbi na usposabljanju, ta pa mora vsebovati
vsaj osebno ime in rojstni datum udeleženca, vrsto
usposabljanja (osnovno ali dodatno) ter navedbo
organa ali organizacije, ki je opravila usposabljanje.
criminal justice and security and actually carry out
tasks related to the handling of classified information,
which enables them to transfer their knowledge and
experience directly to others.
Direct providers of training may be experts in handling
classified information and are appointed for that
purpose by the head of an authority or organisation
(first paragraph of Article 23 of the Decree on vetting
and issuing of personal security clearances). The
content of training should be adapted to the system
of handling and protecting classified information in
an authority or organisation and to the participants
and their needs related to the handling of classified
information.
10 years of Government Office for The Protection of Classified Information (NSA)
49
4 Mednarodno
sodelovanje
4 International
cooperation
4.1 Varovanje tajnih podatkov tujih
držav ali mednarodnih organizacij
4.1 Protection of Classified
Information of Foreign Countries
or International Organisations
Poleg delovanja in zastopanja varnostnih interesov
Republike Slovenije v mednarodnih organizacijah
je ena osnovnih nalog UVTP varovanje tujih tajnih
podatkov. Osnova je zapisana v Zakonu o tajnih
podatkih in podzakonskih aktih, osnovna načela
izmenjave in vzajemnega varovanja tajnih podatkov
po posameznih državah pa so sprejeta v dvostranskih
sporazumih.
One of the UVTP's main tasks, in addition to
the operation and representation of the security
interests of the Republic of Slovenia in international
organisations, is the protection of foreign classified
information. The basis is laid down in the Classified
Information Act and its implementing acts, while the
main principles of the exchange and mutual protection
of classified information for individual countries are
adopted in bilateral agreements.
4.2 Povzetek iz Zakona o tajnih
podatkih
Tajni podatek tuje države je podatek, ki ga je Republiki
Sloveniji ali njenim organom posredovala tuja država
ali njen organ ali mednarodna organizacija ali njen
organ v pričakovanju, da bo ostal tajen, ter podatek, ki
je rezultat sodelovanja Republike Slovenije ali njenih
organov s tujo državo ali mednarodno organizacijo
ali njihovimi organi, in za katerega je dogovorjeno,
da mora ostati tajen.
Dostop do tajnih podatkov tuje države ali mednarodne
organizacije, njihov prenos in varovanje se izvaja
skladno z Zakonom o tajnih podatkih ali predpisi,
izdanimi na njegovi podlagi, ali skladno z mednarodno
pogodbo, ki jo je s tujo državo ali mednarodno
organizacijo sklenila Republika Slovenija.
Tajni podatki tuje države ali mednarodne organizacije
praviloma ohranijo oznake, ki so v rabi v tej državi
ali organizaciji, ali pa se označijo na način, določen
z ZTP, pri čemer morajo biti stopnje tajnosti
primerljive in morajo zagotavljati enakovredno
varovanje. Z mednarodno pogodbo, ki jo v zvezi
z izmenjavo ali posredovanjem tajnih podatkov s
tujo državo ali mednarodno organizacijo sklepa
Republika Slovenija, je določen način označevanja
tajnih podatkov Republike Slovenije v tuji državi
ali mednarodni organizaciji in raven varovanja teh
podatkov. Standard varovanja ne sme biti nižji od
tistega, določenega v ZTP.
V mednarodni pogodbi je lahko zapisano, da pristojni
varnostni organi Republike Slovenije in tujih držav
ali mednarodnih organizacij lahko medsebojno
sodelujejo pri varnostnem preverjanju oseb, če to ni
v nasprotju s predpisi, ki v Republiki Sloveniji urejajo
varstvo osebnih podatkov.
50
4.2 Summary of the Classified
Information Act
The classified information of a foreign country is
information which a foreign country or its agency,
or an international organisation or its agency,
have conveyed to the Republic of Slovenia on
the understanding that it will be kept secret, and
information resulting from cooperation between
the Republic of Slovenia or its agencies with a
foreign country or an international organisation and
its agencies which is to be kept secret by mutual
agreement.
Access to the classified information of a foreign
country or an international organisation, and its
transmission and protection shall be implemented
in accordance with the Classified Information Act
or the regulations based thereon, or in accordance
with international treaties concluded between a
foreign country or international organisation and the
Republic of Slovenia.
The markings of the classified information of a
foreign country or international organisation shall,
as a rule, remain in the form in which they are used
in that country or international organisation. Such
information may also be marked as provided by the
Classified Information Act, on the condition that the
levels of classification are comparable and ensure an
equal degree of protection. The method of marking
classified information of the Republic of Slovenia in
a foreign country or international organisation, and
the degree of protection afforded to that information,
should be specified in an international treaty on
the exchange or provision of classified information
10 let Urada RS za varovanje tajnih podatkov
Izvajanje mednarodnih pogodb spremlja in usklajuje
nacionalni varnostni organ. Naloge nacionalnega
varnostnega organa v Republiki Sloveniji opravlja
UVTP.
between a foreign country or international
organisation and the Republic of Slovenia. The
degree of protection shall allocated not be inferior to
the degree determined by the Classified Information
Act.
Nacionalni varnostni organ skrbi za izvajanje
mednarodnih pogodb in sprejetih mednarodnih
obveznosti, ki jih je v zvezi z obravnavanjem in
varovanjem tajnih podatkov sklenila ali sprejela
Republika Slovenija, ter na tem področju sodeluje
z ustreznimi organi tujih držav in mednarodnih
organizacij, razen če mednarodna pogodba ne
določa drugače.
International treaties may determine that, in carrying
out personnel security clearance, the competent
bodies of the Republic of Slovenia may cooperate
with the security clearance agencies of foreign
countries or international organisations, provided that
this is not in conflict with the regulations on personal
data protection in the Republic of Slovenia.
Nacionalni varnostni organ usklajuje dejavnosti za
zagotavljanje varnosti nacionalnih tajnih podatkov v
tujini in tujih tajnih podatkov na območju Republike
Slovenije.
The implementation of international treaties shall be
monitored and coordinated by the NSA. The tasks of
the NSA in the Republic of Slovenia are carried out
by the UVTP.
V zvezi z izvajanjem mednarodnih pogodb in
sprejetih mednarodnih obveznosti nacionalni
varnostni organ opravlja zlasti naslednje naloge:
izdaja in preklicuje dovoljenja fizičnim osebam za
dostop do tujih tajnih podatkov, izdaja in preklicuje
varnostna dovoljenja organizacijam za dostop do
tujih tajnih podatkov, izdaja in preklicuje varnostna
dovoljenja za sisteme in naprave za prenos, hrambo
in obdelavo tujih tajnih podatkov skladno s sprejetimi
mednarodnimi pogodbami, potrjuje izpolnjevanje
predpisanih pogojev za obravnavanje tajnih podatkov
s strani posameznega organa ali organizacije tujim
državam in mednarodnim organizacijam, izdaja
navodila za ravnanje s tajnimi podatki tuje države
ali mednarodne organizacije, nadzoruje izvajanje
fizičnih, organizacijskih in tehničnih ukrepov za
varovanje tajnih podatkov tuje države ali mednarodne
organizacije in skladno z ugotovitvami nadzora
izdaja obvezna navodila za odpravo ugotovljenih
pomanjkljivosti, ki jih morajo organi opraviti takoj,
od pristojnega inšpektorata zahteva izvedbo
inšpekcijskega nadzora pri določenem organu ali
organizaciji in izmenjuje podatke z nacionalnimi
varnostnimi organi tujih držav ter mednarodnimi
organizacijami.
The UVTP, in its role as NSA, shall ensure the
implementation of international treaties and
the international commitments and obligations
undertaken, concluded or adopted by the Republic of
Slovenia with reference to the handling and protection
of classified information, and shall cooperate in this
area with the relevant authorities of foreign countries
and international organisations, unless otherwise
provided by the international treaty in question.
Pred izdajo dovoljenja fizičnim osebam ali
varnostnega dovoljenja organizacijam za dostop do
tujih tajnih podatkov lahko nacionalni varnostni organ,
kadar prejme obvestilo tujega varnostnega organa
o varnostnem zadržku, od organa, pristojnega za
varnostno preverjanje, zahteva vmesno varnostno
preverjanje osebe ali organizacije.
Nacionalni varnostni organ izda dovoljenje fizični
osebi za dostop do tujih tajnih podatkov na predlog
predstojnika državnega organa, organa lokalne
skupnosti, nosilca javnih pooblastil ali drugega
organa, predstojnika gospodarske družbe in
organizacije, ki pri izvajanju zakonsko določenih
The UVTP, in its role as NSA, shall coordinate activities
aimed at ensuring the security of national classified
information abroad and foreign classified information
in the territory of the Republic of Slovenia.
In relation to the implementation of international
treaties and the international commitments and
obligations undertaken, the UVTP, in its role as NSA,
shall perform in particular the following tasks: issue
and revoke personnel security clearance to access
foreign classified information; issue and revoke
facility security clearance to access foreign classified
information; issue and revoke security clearance
for transmission systems and equipment; store and
process foreign classified information in accordance
with the international treaties adopted; approve
compliance with the prescribed requirements for
the handling of classified information by a particular
authority or organisation for foreign countries or
international organisations; issue instructions on the
handling of the classified information of a foreign
country or international organisation; supervise
the implementation of physical, organisational and
technical measures for the protection of the classified
information of a foreign country or international
organisation and issue, in compliance with the
findings of the supervision, mandatory instructions
for the elimination of established deficiencies which
the bodies shall remedy immediately; make a request
to the competent inspectorate to carry out inspection
10 years of Government Office for The Protection of Classified Information (NSA)
51
nalog pridobijo ali razpolagajo s tajnimi podatki za
osebe, ki bodo dovoljenja potrebovala zaradi izvajanja
nalog na delovnem mestu, ministra, pristojnega
za gospodarstvo za osebe, ki bodo dovoljenje za
dostop do tujih tajnih podatkov potrebovala zaradi
izvajanja javnih in drugih naročil, v okviru katerih
bodo potrebovale dostop do tajnih podatkov tuje
države ali mednarodne organizacije in predstojnika
nacionalnega varnostnega organa za primere, ki
niso predhodno našteti.
supervision of a certain body or organisation; and
exchange data with the national security authorities
of foreign countries and international organisations.
Before issuing personnel security clearance or
facility security clearance to access foreign classified
information, the UVTP, in its role as NSA, may,
upon receiving a foreign authority's notification on a
security restriction, request an interim personnel or
facility security clearance from the body competent
for security clearance.
Naštete osebe morajo imeti veljavno nacionalno
dovoljenje za dostop do tajnih podatkov, opredeljeno
v ZTP, in opravljajo funkcijo ali izvajajo naloge na
delovnem mestu, na katerem potrebujejo dovoljenje
za dostop do tujih tajnih podatkov. Dovoljenje se izda
z veljavnostjo za čas, ko oseba potrebuje dostop
do tujih tajnih podatkov, vendar ne dlje, kakor velja
nacionalno dovoljenje za dostop do tajnih podatkov.
Če oseba, ki ji je bilo izdano dovoljenje za dostop
do tujih tajnih podatkov, ne izvaja več nalog, pri
katerih potrebuje dostop do tujih tajnih podatkov,
mora predstojnik organa ali organizacije o tem takoj
obvestiti nacionalni varnostni organ. Nacionalni
varnostni organ dovoljenje za dostop do tujih tajnih
podatkov prekliče, ko prenehajo pogoji za njegovo
uporabo.
The UVTP, in its role as NSA, shall issue personnel
security clearance to access foreign classified
information on the proposal of the head of a national
authority; local community authority; bearers of public
authority or other authorities; head of a company
or organisation who, during the implementation of
their statutory tasks, obtains or disposes with the
classified information for personnel who will need
this security clearance to carry out their tasks; the
minister responsible for the economy, for personnel
who will need this security clearance to access
foreign classified information for the purpose of
implementing public and other procurements, where
they will need to access the classified information of
a foreign country or international organisation; and
the head of the NSA for those cases not previously
mentioned.
Nacionalni varnostni organ izda varnostno dovoljenje
organizaciji za dostop do tujih tajnih podatkov na
predlog predstojnika državnega organa, organa
lokalne skupnosti, nosilca javnih pooblastil ali
drugega organa, predstojnika gospodarske družbe
in organizacije, ki pri izvajanju zakonsko določenih
nalog pridobijo ali razpolagajo s tajnimi podatki za
organizacije, ki izvajajo naročila tega organa, in
ministra, pristojnega za gospodarstvo za organizacije,
ki potrebujejo varnostno dovoljenje za dostop do tujih
tajnih podatkov zaradi sodelovanja na javnih razpisih
ali izvedbe naročila tuje države ali mednarodne
organizacije.
Kot pogoj velja, da mora organizacija imeti veljavno
nacionalno varnostno dovoljenje v skladu z ZTP, prav
tako morajo tudi osebe, ki bodo imele v organizaciji
dostop do tajnih podatkov, imeti veljavno dovoljenje
za dostop do tujih tajnih podatkov.
Pred izdajo varnostnega dovoljenja organizaciji
za dostop do tujih tajnih podatkov lahko nacionalni
varnostni organ, kadar to izhaja iz mednarodne
pogodbe, zahteva od organizacije dodatno
dokumentacijo ali opravi dodaten pregled varovanja
tajnih podatkov.
Varnostno dovoljenje za dostop do tujih tajnih podatkov
se organizaciji izda za dobo, določeno v pogodbi o
naročilu, ali čas veljavnosti nacionalnega varnostnega
dovoljenja. Odgovorna oseba organizacije mora
obveščati nacionalni varnostni organ o spremembi
52
The aforementioned personnel shall have valid
national security clearance to access classified data,
as defined in the Classified Information Act, and shall
exercise the functions or tasks within their job for
which they need security clearance to access foreign
classified information. The security clearance shall
be issued with a validity period that covers the time
when a person needs to access foreign classified
information, but not exceeding the validity period of
the national security clearance to access classified
information.
If a person that was issued security clearance to
access foreign classified information no longer
performs functions or tasks requiring this access, the
head of the agency or organisation shall immediately
notify the NSA thereof. The UVTP, in its role as
NSA, shall revoke the personnel security clearance
to access foreign classified information when the
conditions for its application cease to exist.
The UVTP, in its role as NSA, shall issue facility security
clearance to access foreign classified information on
the proposal of the head of a national authority; local
community authority; bearer of public authority or
other authority; head of a company or organisation
who, during the implementation of their statutory
tasks, obtains or disposes with classified information
for the organisations that carry out procurements on
behalf of this authority; and the minister responsible
10 let Urada RS za varovanje tajnih podatkov
pogojev, na podlagi katerih je organizacija varnostno
dovoljenje pridobila. Nacionalni varnostni organ
organizaciji prekliče varnostno dovoljenje za dostop
do tujih tajnih podatkov, če ugotovi, da ne izpolnjuje
več prej omenjenih pogojev.
for the economy, for organisations who need security
clearance to access foreign classified information in
order to participate in public tenders or implement
the procurement of a foreign country or international
organisation.
The condition shall be that such an organisation has
valid national facility security clearance in accordance
with the Classified Information Act; also, the persons
who will access foreign classified information within
the organisation shall have valid personnel security
clearance to access foreign classified information.
Before issuing a facility security clearance to access
foreign classified information, the UVTP, in its role as
NSA, may, when so stipulated in an international treaty,
request the submission of additional documents from
the organisation or carry out an additional inspection
of classified information protection.
Facility security clearance to access foreign
classified information shall be issued for the period
of time determined in the procurement contract or
for the validity period of the national facility security
clearance. The responsible person of the organisation
shall notify the UVTP, in its role as NSA, of any
change to conditions through which the organisation
obtained the facility security clearance. The National
Authority shall revoke the facility security clearance
to access foreign classified information if it is
established that the organisation no longer complies
with the aforementioned conditions.
10 years of Government Office for The Protection of Classified Information (NSA)
53
4.3 Dvostransko sodelovanje
4.3 Bilateral Co-operation
Ne glede na dejstvo, da zakon izrecno ne opredeljuje
UVTP kot nosilca sklepanja dvostranskih sporazumov
na področju tajnih podatkov, mu je vlada leta 2006
določila ta mandat.
Despite the fact that the law does not specify that
the UVTP is responsible for concluding bilateral
agreements in the area of classified information, the
Government entrusted the UVTP with this mandate
in 2006.
Postopek sklepanja dvostranskih sporazumov kot
mednarodnih pogodb opredeljujejo določila V. poglavja
Zakona o zunanjih zadevah z naslovom Mednarodne
pogodbe, ki temeljijo na načelih Dunajske konvencije
o pogodbenem pravu. Postopkovne določbe vsebuje
tudi Poslovnik Državnega zbora Republike Slovenije
v tretjem poglavju pod naslovom Ratifikacija
mednarodnih pogodb. V tem pogledu predstavljajo
podlago tudi določila Ustave Republike Slovenije, ki
so relevantna za obravnavano tematiko.
UVTP s sklenitvijo sporazuma ustvarja primerno
podlago za izvajanje nalog državnih organov, ki pri
svojem delu izmenjujejo tajne podatke s predstavniki
drugih držav. Tudi za države članice EU in Nata je
ne glede na članstvo za izmenjavo in medsebojno
varovanje nacionalnih tajnih podatkov treba skleniti
dvostranski sporazum. Med pomembnejšimi
razlogi za sklenitev sporazumov je omogočanje
enakovrednega nastopanja na natečajih in sklepanja
The procedure for concluding bilateral agreements
as international treaties is defined by the provisions
of Chapter V of the Foreign Affairs Act under the
title International Treaties, which are based on the
principles of the Vienna Convention on the Law
of Treaties. The procedural provisions are also
determined by the Rules of Procedure of the National
Assembly of the Republic of Slovenia in the third
chapter under the title Ratification of International
Treaties. In this respect, the basis is also provided by
the provisions of the Constitution of the Republic of
Slovenia which refer to the subject concerned.
By concluding an agreement, the UVTP creates a
relevant basis for the implementation of the tasks
entrusted to the national authorities who exchange
classified information with the representatives of other
countries in the course of their working activities.
It is necessary to conclude a bilateral agreement
BILATERALNI SPORAZUMI O VAROVANJU TAJNIH PODATKOV - EVROPA
BILATERAL AGREEMENTS OF THE PROTECTION OF CLASSIFIED INFORMATION - EUROPE
LEGENDA SPORAZUMOV - STANJE 15.3.2012
AGREEMENT LEGEND - SITUATION AS AT 15 MARCH 2012
VELJAVNI SPORAZUMI / AGREEMENT IN FORCE
PODPISANI SPORAZUMI / SIGNED AGREEMENTS
SPORAZUMI PRED PODPISOM / AGREEMENT AWAITING SIGNATURE
POGAJANJA O SPORAZUMIH V TEKU / AGREEMENT UNDER NEGOTIATION
Slika 15: Zemljevid držav s sklenjenimi sporazumi
54
Figure 15: A map of countries with concluded
agreements
10 let Urada RS za varovanje tajnih podatkov
poslov, ki se vežejo na varovanje tajnih podatkov za
slovenske gospodarske družbe in organizacije.
Vsebine sporazumov se med seboj razlikujejo v
delih, kjer se razlikujejo tudi rešitve v nacionalnih
postopkih in merilih, cilj sporazuma pa je enotna
ureditev slednjih.
V sporazumih so po določitvi namena uporabe
opredeljeni izrazi, ki se uporabljajo v besedilu.
Navedeni so pristojni varnostni organi, odgovorni za
splošno izvajanje sporazumov in ustrezen nadzor
nad vsemi njegovimi vidiki. V nadaljevanju sporazumi
določajo razvrstitev tajnih podatkov po stopnji tajnosti
in primerljivosti klasifikacij pogodbenic. Določene so
omejitve pri dostopu do tajnih podatkov, ki veljajo za
vse stopnje tajnosti.
Bistveno je določilo, da pogodbenice zagotavljajo
tajnim podatkom iz sporazumov enako raven
varovanja kakor svojim lastnim tajnim podatkom
enakovredne stopnje tajnosti.
Po opredelitvi pogojev za omejitev uporabe tajnih
podatkov sledi določilo o prenosu tajnih podatkov.
Določena so pravila pri razmnoževanju, prevajanju
in uničevanju tajnih podatkov ter postopki in ravnanje
pri pogodbah s tajnimi podatki ter obiskih. Nacionalni
varnostni organi si na zahtevo zagotavljajo podatke
o nacionalnih varnostnih standardih ter postopkih in
praksah pri varovanju tajnih podatkov.
Urad je do danes, največ po letu 2006, uskladil
in izvedel postopek za sprejetje in ratifikacijo 15
sporazumov o izmenjavi in vzajemnem varovanju
tajnih podatkov:
•
•
•
•
•
•
•
Sporazum med Vlado Republike Slovenije in
Vlado Zvezne republike Nemčije o vzajemnem
varovanju zaupnih podatkov (Uradni list RS, št.
2/2004)
Sporazum med Vlado Republike Slovenije in
Vlado Slovaške republike o vzajemnem varovanju
tajnih podatkov (Uradni list RS, št. 49/2005)
Sporazum o vzajemnem varovanju tajnih
podatkov med Vlado Republike Slovenije in Vlado
Kraljevine Norveške (Uradni list RS, št. 64/2006)
Sporazum med Vlado Republike Slovenije
in Vlado Republike Finske o izmenjavi in
medsebojnem varovanju tajnih podatkov (Uradni
list RS, št. 21/2009)
Sporazum med Vlado Republike Slovenije
in Avstrijsko zvezno vlado o izmenjavi in
medsebojnem varovanju tajnih podatkov (Uradni
list RS, št. 37/2009)
Sporazum med Republiko Slovenijo in Češko
republiko o izmenjavi in medsebojnem varovanju
tajnih podatkov (Uradni list RS, št. 43/2009)
Sporazum med Republiko Slovenijo in Ukrajino
o izmenjavi in medsebojnem varovanju tajnih
podatkov (Uradni list RS, št. 90/2009)
on the exchange and mutual protection of national
classified information even when EU Member
States and NATO members are involved. The major
reasons for the conclusion of agreements include
enabling Slovenian companies and organisations
to participate on an equal footing in tenders and the
conclusion of business deals associated with the
protection of classified information.
The contents of agreements differ in those parts
where there are also differences in solutions provided
by the national procedures and criteria, whereas the
goal of any agreement is their uniform arrangement.
After stating the purpose of application, the terms
used in the text are defined in agreements. The
competent security authorities responsible for
the general implementation of agreements and
appropriate control over all of their aspects are stated.
The agreements then determine the categorisation
of classified information in accordance with their
security classification level and the comparability of
classifications between the parties to the agreement.
Restrictions on access to classified information are
defined and apply to all levels of classification.
The most important is the provision that the parties to
the agreement afford the same protection level to the
classified information referred to in the agreement as
to their own information of the corresponding security
classification level.
The definition of the conditions for restrictions
on the use of classified information is followed
by the provision on the transmission of classified
information. The rules on copying, translating and
destroying classified information are determined,
together with the procedures on handling contracts
involving classified data and procedures on visits.
Upon request, the national security authorities
shall provide data on national security standards,
procedures and practices concerning the protection
of classified information.
Until the present date, mostly after 2006, the
UVTP has been harmonised and implemented the
procedures for the adoption and ratification of 15
agreements on the exchange and mutual protection
of classified information:
•
•
Agreement between the Government of the
Republic of Slovenia and the Government of
the Federal Republic of Germany on Mutual
Protection of Classified Information (Ur. l. RS, no.
2/2004)
Agreement between the Government of the
Republic of Slovenia and the Government of
the Slovak Republic on Mutual Protection of
Classified Information (Ur. l. RS, no. 49/2005)
10 years of Government Office for The Protection of Classified Information (NSA)
55
•
•
•
•
•
•
•
Sporazum med Vlado Republike Slovenije
in Vlado Republike Poljske o izmenjavi in
medsebojnem varovanju tajnih podatkov (Uradni
list RS, št. 30/2010)
Sporazum med Vlado Republike Slovenije
in Vlado Republike Estonije o izmenjavi in
medsebojnem varovanju tajnih podatkov (Uradni
list RS, št. 30/2010)
Sporazum med Vlado Republike Slovenije
in Vlado Francoske republike o izmenjavi in
medsebojnem varovanju tajnih podatkov (Uradni
list RS, št. 35/2010)
Sporazum med Vlado Republike Slovenije in
Vlado Republike Makedonije o izmenjavi in
medsebojnem varovanju tajnih podatkov (Uradni
list RS, št. 80/2010)
Sporazum med Vlado Republike Slovenije in
Svetom ministrov Republike Albanije o izmenjavi
in medsebojnem varovanju tajnih podatkov
(Uradni list RS, št. 80/2010)
Sporazum med Vlado Republike Slovenije
in Vlado Republike Latvije o izmenjavi in
medsebojnem varovanju tajnih podatkov (Uradni
list RS, št. 80/2010)
Sporazum med Vlado Republike Slovenije
in Vlado Republike Hrvaške o medsebojnem
varovanju tajnih podatkov (Uradni list RS, št.
66/2011)
Slika 16: Podpis sporazuma med Republiko Slovenijo
in Ukrajino o izmenjavi in medsebojnem varovanju
tajnih podatkov (Uradni list RS, št. 90/2009), kjer sta
podpisu prisostvovala predsednik Ukrajine Viktor
Janukovič in predsednik Republike Slovenije dr.
Danilo Türk.
56
•
•
•
•
•
•
•
Agreement on Mutual Protection of Classified
Information between the Government of the
Republic of Slovenia and the Government of the
Kingdom of Norway (Ur. l. RS, no. 64/2006)
Agreement between the Government of the
Republic of Slovenia and the Government of the
Republic of Finland on the Exchange and Mutual
Protection of Classified Information (Ur. l. RS, no.
21/2009)
Agreement between the Government of the
Republic of Slovenia and the Austrian Federal
Government on the Exchange and Mutual
Protection of Classified Information (Ur. l. RS, no.
37/2009)
Agreement between the Republic of Slovenia and
the Czech Republic on the Exchange and Mutual
Protection of Classified Information (Ur. l. RS, no.
43/2009)
Agreement between the Republic of Slovenia and
Ukraine on the Exchange and Mutual Protection
of Classified Information (Ur. l. RS, no. 90/2009)
Agreement between the Government of the
Republic of Slovenia and the Government of the
Republic of Poland on the Exchange and Mutual
Protection of Classified Information (Ur. l. RS, no.
30/2010)
Agreement between the Government of the
Republic of Slovenia and the Government of the
Figure 16: The President of Ukraine, Viktor
Yanukovych, and the President of the Republic of
Slovenia, Danilo Türk, attend the formal signing of
the Agreement between the Republic of Slovenia
and Ukraine on the Exchange and Mutual Protection
of Classified Information (Ur. l. RS, no. 90/2009)
10 let Urada RS za varovanje tajnih podatkov
•
•
Sporazum med Vlado Republike Slovenije in
Vlado Romunije o medsebojnem varovanju tajnih
podatkov (Uradni list RS, št. 93/2011)
Sporazum med Vlado Republiko Slovenije
in Vlado Kraljevine Švedske o izmenjavi in
medsebojnem varovanju tajnih podatkov
Podpisu sta prisostvovala tudi predsednik Ukrajine
Viktor Janukovič in predsednik Republike Slovenije
dr. Danilo Türk.
Poleg že veljavnih sporazumov so v različnih fazah
sprejemanja še dvostranski sporazumi z Nizozemsko,
Luksemburgom, Španijo, Bolgarijo, Rusko federacijo,
Italijo in Srbijo.
Ob pogajanjih o dvostranskih sporazumih in skupni
udeležbi na sestankih varnostnih odborov smo
spletli mrežo stikov s predstavniki nacionalnih
varnostnih organov drugih, predvsem evropskih
držav. Prav to nam poleg urejene pravne podlage
v sporazumih omogoča učinkovito sodelovanje na
področju varnostnega preverjanja ter medsebojno
posvetovanje pri uveljavitvi enotnih standardov in
posledično pomoč pri pripravi sprememb predpisov.
UVTP je dejavno sodeloval s sorodnimi službami
tudi v regiji Zahodnega Balkana. Pomoč na področju
zakonske ureditve področja tajnih podatkov smo
nudili predstavnikom Makedonije, Hrvaške, Črne
gore, Bosne in Hercegovine ter Srbije, gostili smo
delegacije Makedonije, Hrvaške, Črne gore ter Bosne
in Hercegovine ter jim predstavili praktične rešitve
in dobre prakse našega delovnega področja. Na
začetku leta 2009 smo gostili posebno konferenco
s področja informacijske varnosti zaradi vključitve
Hrvaške in Albanije v poseben Natov informacijski
sistem. Redno se udeležujemo ter kot svetovalci
in predavatelji sodelujemo na letnih konferencah
nacionalnih varnostnih organov balkanskih držav.
Začenjamo tudi postopek ustanovitev področne
»delovne skupine« poenotenja standardov varovanja
tajnih podatkov v regiji Zahodnega Balkana po vzoru
povezav baltskih držav ali t. i. Višegrajske skupine.
Podporo bi zagotovo dobili tudi od varnostnih odborov
EU in Nato.
Poudarek delovne skupine bi bil na industrijski
varnosti (v povezavi z gospodarstvom bi poleg
enotnega doseganja standardov lahko tudi okrepili
industrijo in proizvodnjo visokotehnoloških sredstev
za varovanje, pa tudi gradbeništva in tehnološko
manj zahtevnih produktov – zaščitne omare, vrata in
podobno).
Pripravili smo tudi nekaj predlogov o povečanju
prepoznavnosti in prisotnosti Slovenije na Zahodnem
Balkanu v zvezi z varovanjem tajnih podatkov.
•
•
•
•
•
•
•
Republic of Estonia on the Exchange and Mutual
Protection of Classified Information (Ur. l. RS, no.
30/2010)
Agreement between the Government of the
Republic of Slovenia and the Government of the
French Republic on the Exchange and Mutual
Protection of Classified Information (Ur. l. RS, no.
35/2010)
Agreement between the Government of the
Republic of Slovenia and the Government of the
Republic of Macedonia on the Exchange and
Mutual Protection of Classified Information (Ur. l.
RS, no. 80/2010)
Agreement between the Government of the
Republic of Slovenia and the Council of Ministers
of the Republic of Albania on the Exchange and
Mutual Protection of Classified Information (Ur. l.
RS, no. 80/2010)
Agreement between the Government of the
Republic of Slovenia and the Government of the
Republic of Latvia on the Exchange and Mutual
Protection of Classified Information (Ur. l. RS, no.
80/2010)
Agreement between the Government of the
Republic of Slovenia and the Government of
the Republic of Croatia on Mutual Protection of
Classified Information (Ur. l. RS, no. 66/2011)
Agreement between the Government of the
Republic of Slovenia and the Government of
Romania on Mutual Protection of Classified
Information (Ur. l. RS, no. 93/2011)
Agreement between the Government of the
Republic of Slovenia and the Government of the
Kingdom of Sweden on the Exchange and Mutual
Protection of Classified Information
In addition to the agreements in force, bilateral
agreements with the Netherlands, Luxembourg,
Spain, Bulgaria, Russia, Italy and Serbia are now in
various stages of the adoption process.
During the negotiations on bilateral agreements
and joint participation in the security committees'
meetings, we have created a network of contacts with
the representatives of national security authorities
and other countries, most of which are in Europe. In
addition to the agreements' regulated legal bases, it
is this network that enables us to participate efficiently
in the area of security clearance and fosters mutual
consultation in setting up uniform standards and
assistance in drafting amendments to regulations.
The UVTP also cooperated actively with its related
offices and services in the Western Balkans.
Assistance in the legal regulation of classified
information was provided to representatives of
Macedonia, Croatia, Montenegro, Bosnia and
Herzegovina, and Serbia; we hosted delegations
from Macedonia, Croatia, Montenegro, and Bosnia
10 years of Government Office for The Protection of Classified Information (NSA)
57
Posebno pozornost smo posvetili navezavi na
gospodarstvo in integraciji držav Zahodnega Balkana
v evroatlantske povezave.
4.3.1
Sporazumi COMSEC
UVTP je skladno s svojimi pristojnostmi in kot krovni
organ za komunikacijsko varnost odgovoren za
pripravo in podpis sporazumov (memorandumov o
soglasju) z nacionalnimi organi za komunikacijsko
varnost držav članic zveze Nato in EU za prodajo,
nabavo in uporabo posameznih šifrirnih rešitev.
S tem sporazumom se opredeljuje pristojnost in
odgovornosti podpisnic ter določijo pogoji prevoza,
namestitve, uporabe in nadzora nad posameznimi
šifrirnimi rešitvami.
and Herzegovina and presented to them
practical solutions and examples of good
practice in our working area. At the beginning
of 2009, we hosted a conference on
information security on account of Croatia's
and Albania's integration into a special NATO
information system. We regularly take part as
advisers and lecturers in annual conferences
organised by the national security authorities
of Balkan countries.
We are also beginning the process of
establishing a sectoral »working group«
for the unification of standards of classified
information protection in the Western Balkans
region after the model of the alliance of the
Baltic States, known as the Višegrad Group.
We will certainly obtain the support of the EU
and NATO security committees.
The focus of the working group will be on
industrial safety (in cooperation with the
economic sector, we could also reinforce the
industry and production of high technology
means of protection, in addition to setting up
uniform standards; and we could also include
the construction sector and technologically
less demanding products, such as security
cabinets, doors, etc.).
We have also prepared some proposals on
increasing Slovenia's visibility and presence
in the Western Balkans in terms of the
protection of classified information.
Special attention has been paid to
strengthening ties with the economic sector
and the integration of Western Balkan
countries into Euro-Atlantic structures.
4.3.1
COMSEC Agreements
In accordance with its competences and as
the umbrella authority for communications
security, the UVTP is responsible for drafting
and signing agreements (memorandums of
understanding) with the national authorities
for communications security of EU Member
States and NATO Members on the sale,
procurement and use of specific cryptographic
solutions. These agreements define the
competences and responsibilities of the
signatories and determine the conditions
required for the transport, installation, use
and supervision of individual cryptographic
solutions.
58
10 let Urada RS za varovanje tajnih podatkov
4.4
Večstransko sodelovanje
Sooblikovanje varnostnih politik na področju
varovanja tajnih podatkov v okviru dveh največjih in
najpomembnejših mednarodnih povezav – Nato in
EU – je ključna in najpomembnejša naloga UVTP na
področju mednarodnega sodelovanja.
To pa obenem ne pomeni, da zanemarjamo
dejavnosti, povezane z našim delovnim področjem
pri drugih mednarodnih organizacijah, na primer
OZN, OECD, RCC in drugih, kar se izraža z dajanjem
mnenj in stališč ter svetovanjem o posameznih
zaznanih situacijah. V skladu z zunanjepolitičnimi
usmeritvami naše države pa smo se odzivali tudi na
povabila za sodelovanje v forumu V4.
Foruma sta se udeležila tudi David Galloway,
namestnik generalnega direktorja v generalnem
direktoratu za varovanje, varnost in komunikacijske
in informacijske sisteme pri Svetu EU, ter Stephan
Smith, direktor NOS pri Natu.
UVTP je v predpisih Nato in EU ter tudi pri drugih
mednarodnih organizacijah in tujih državah določen
kot stična in kontaktna točka Republike Slovenije za
vsa vprašanja v zvezi z varovanjem tajnih podatkov.
Le tako lahko opravlja naloge koordinatorja na
nacionalni ravni.
Slika 17: Srečanje v okviru foruma V4
4.4 Multilateral cooperation
The co-creation of security policies for the protection
of classified information within the framework of
the two largest and most important international
groupings – NATO and the EU – is the pivotal and
most important task of the UVTP with regard to
international cooperation.
However, this does not imply neglecting activities
associated with our area of work in other international
organisations such as, for example, the UN, OECD,
RCC and others, where we cooperate by providing
opinions, observations and advice on specific
situations identified. In accordance with our country's
foreign-policy guidelines, we also honoured our
invitations to participate in the Forum V4.
The forum was attended by David Galloway, Deputy
Director-General of the Directorate-General for
Security, Safety and Communication and Information
Systems of the EU Council, and Stephen Smith,
Director of the NATO Office of Security, amongst
others.
NATO and EU regulations and the regulations of other
international organisations and foreign countries
identified the UVTP as Slovenia's contact point for
all issues relating to classified information protection.
Under this arrangement, the UVTP may perform the
tasks of national coordinator.
Figure 17: Meeting within the Forum V4 framework
10 years of Government Office for The Protection of Classified Information (NSA)
59
4.5 EVROPSKA UNIJA
4.5 EUROPEAN UNION
Začetki dela UVTP so bili neposredno povezani
tudi s pristopnimi pogajanji za vstop Slovenije v
EU. Izdelava pravne podlage in s tem povezanega
celovitega sistema varovanja tajnih podatkov EU
je bila prvi korak, obenem pa tudi pogoj, ki ga je
postavljala mednarodna organizacija.
The launch of the UVTP's activities was directly linked
to the negotiations for Slovenia's accession to the
EU. Establishing the legal basis and the related EU
integrated system of classified information protection
was the first step and also the prerequisite laid down
by the international organisation.
Kot posledica zapletene strukture sestave institutov
Evropske unije in odsotnosti določila o obveznosti
varovanja tajnih podatkov za vse na enoten
način v ustanovitveni pogodbi EU je tudi struktura
varnostnih odborov precej razvejana. Vsebinsko je
najzahtevnejše delo v varnostnem odboru Sveta
EU, ki pa s svojimi rezultati, stališči in predlogi
dokumentov pomeni nekakšen gradnik za posamezna
podpodročja varovanja tajnih podatkov, obenem pa
zaradi konsenza sprejetih rešitev med vsemi državami
članicami tudi osnovo tako Evropski komisiji, skupni
zunanji službi ter posameznim agencijam. Poleg
dejavne vključenosti v delo varnostnega odbora
Sveta EU in njegovih pododborov je UVTP tudi
del varnostno-posvetovalnega odbora Evropske
komisije in varnostnega odbora skupne zunanje
službe Evropske unije.
The structure of security committees is considerably
diversified as a result of intricately structured
European Union institutions and the absence of
a provision on the obligation of uniform classified
information protection for all Member States in
the Treaty on European Union. Working in the EU
Council's Security Committee is the most challenging
of all in terms of the substantive issues at hand,
but its results, observations and draft proposals
constitute components of particular subfields of
classified information protection; moreover, owing to
the consensus reached in solutions adopted by all
Members States, they also constitute the basis for
the activities of the European Commission, External
Action Service and individual agencies. In addition to
active engagement in the work of the EU Council's
Security Committee and its sub-committees, the
UVTP is also part of the Security Advisory Committee
of the European Commission and the Security
Committee of the European External Action Service.
Ključna naloga varnostnega odbora Sveta EU in s
tem tudi UVTP na področju delovanja Evropske
unije je bila sprejetje novih pravil o varovanju tajnih
podatkov EU, ki smo jo usklajevali v letih med 2009
in 2011.
Pri novih varnostnih pravilih Sveta EU je zaznan
prožnejši pristop k upravljanju tveganj kot podlaga za
varovanje tajnih podatkov EU. Največji poudarek pri
spremembi je bil v upoštevanju praktičnih izkušenj,
pridobljenih med veljavo dosedanjih pravil. Da bi bila
zares uporabna, so sestavljena enostavno, dovolj
kratka in razumljiva, odpravljene pa so tudi nekatere
nedoslednosti.
Slika 18: Zastava Evropske unije (vir: europa.eu)
60
The key task of the EU Council's Security Committee
and, therefore, of the UVTP, in the EU area was
the adoption of new security rules for protecting EU
classified information, which we adjusted during the
period 2009–2011.
The EU Council's new security rules provide for
more flexible access to risk management as the
basis for protecting EU classified information. The
major emphasis in amending the rules was placed on
Figure 18: European Unin flag (Source: europa.eu)
10 let Urada RS za varovanje tajnih podatkov
Stopnja
tajnosti –
Slovenija
Stopnja tajnosti – EU
INTERNO
RESTREINT UE/EU RESTRICTED
ZAUPNO
CONFIDENTIEL UE/EU CONFIDENTIAL
TAJNO
SECRET UE/EU SECRET
STROGO
TAJNO
TRÈS SECRET UE/EU TOP SECRET
Preglednica 2: Primerjava stopenj tajnosti med
Slovenijo in Evropsko unijo
Poleg vsebovanega okvira varovanja tajnih podatkov
EU bodo pravila in na njihovi podlagi sprejeti ukrepi
še naprej zagotavljali primerno raven varovanja
tajnih podatkov, prejetih od držav članic, drugih držav
in mednarodnih organizacij.
UVTP je vzporedno z usklajevanjem teh pravil
izvedel tudi postopek usklajevanja in sprejemanja
sporazuma med državami članicami Evropske unije,
ki so se sestale v okviru Sveta, o varovanju tajnih
podatkov, ki se izmenjujejo v interesu Evropske unije.
Sporazum je bil podpisan 4. maja 2011 v Bruslju.
Sporazum bo soobstajal z varnostnimi predpisi
Sveta in Komisije ter pomagal okrepiti sistem, ki
ureja varovanje tajnih podatkov v Evropski uniji.
Določila sporazuma dajejo primeren okvir za
varovanje nacionalnih tajnih podatkov, izmenjanih
med državami članicami v interesu EU, če države
članice med seboj nimajo sklenjenih dvostranskih
sporazumov, obenem pa vidno in jasno vključujejo
obveze, da se za tajne podatke, ki jih EU prejme od
tretjih držav in mednarodnih organizacij, zagotovi
ustrezna raven varovanja v državah članicah, če jim
tajne podatke predložita Svet ali Komisija. Seveda
pa je glavni namen sporazuma obveza držav članic,
da sprejmejo vse ustrezne ukrepe za zagotovitev
primernega varovanja tajnih podatkov, ki jim jih
predložijo Svet in Komisija ter agencije EU in ES.
Sporazum sam po sebi ne določa pravil, ki urejajo
tajne podatke EU – še naprej jih bodo urejali
varnostni predpisi Sveta EU. Slednji se uporabljajo
kot referenčna točka za določitev enakovredne
ravni varovanja tajnih podatkov, za katere velja ta
sporazum.
Sporazum nima prednosti pred nacionalnimi zakoni in
predpisi držav članic glede varovanja njihovih tajnih
podatkov, dostopa javnosti do dokumentov ali varstva
osebnih podatkov, niti ne vključuje usklajevanja
ali približevanja zakonodaje ali predpisov na tem
področju.
UVTP se posredno ali neposredno vključuje tudi v
obravnavo problematike, povezne z delovanjem
Security
classification
level –
Slovenia
Security classification level – EU
RESTRICTED
RESTREINT UE/EU RESTRICTED
CONFIDENTIAL
CONFIDENTIEL UE/EU
CONFIDENTIAL
SECRET
SECRET UE/EU SECRET
TOP SECRET
TRÈS SECRET UE/EU TOP
SECRET
Table 2: Comparison of security classification levels
between Slovenia and the European Union
the incorporation of practical experiences obtained
during the applicability period of the former rules. In
order to really serve their purpose, the amended rules
are simple, sufficiently brief, easy to understand, and
free of certain former inconsistencies.
In addition to protecting EU classified information,
the rules and measures adopted on the basis
thereof will continue to ensure an adequate level of
protection of classified information received from the
Member States, other countries and international
organisations.
Alongside the modification of these rules, the UVTP
also carried out the procedure for the harmonisation
and adoption of the Agreement between the Member
States of the European Union, who met within the
framework of the Council, regarding the Protection of
Classified Information Exchanged in the Interests of
the European Union. The Agreement was signed in
Brussels on 4 May 2011.
The Agreement will apply together with the EU
Council's and EU Commission's security regulations
and will help reinforce the system regulating the
protection of classified information in the EU.
The Agreement's provisions provide a relevant
framework for the protection of national classified
information exchanged between the EU Member
States in the interests of the European Union, if
the Member States have no bilateral agreements
concluded, while the Agreement also visibly and
clearly lays down the obligation that the classified
information received by the EU from third countries
and international organisations be provided with the
appropriate level of protection in the Member States
if the classified information are submitted to them
by the Council or the Commission. Cleary the main
purpose of the Agreement is to impose an obligation
on the Member States to adopt all appropriate
measures to ensure adequate protection of classified
information submitted to them by the EU Council, EU
Commission and the agencies of the EU and EC.
10 years of Government Office for The Protection of Classified Information (NSA)
61
nekaterih agencij EU (EUROPOL, EUROJUST itd.).
To se po eni strani izraža z dajanjem mnenj in stališč
v enotnem komunikacijsko-informacijskem sistemu
odločanja o zadevah EU (EU-portal) v Sloveniji, na
drugi strani pa s pomočjo in posvetovanji z organi
in posamezniki, ki so neposredno vključeni v delo
omenjenih agencij. Stična točka v vseh primerih
ostaja pomoč pri varnostnem preverjanju in izmenjava
podatkov o dovoljenjih za dostop do tajnih podatkov.
Usklajevanje in opredelitve ter stališča do posameznih
vprašanj, ki se nanašajo na varovanje tajnih podatkov
EU, se poleg agencij lahko dotikajo tudi drugih
ključnih delov EU (npr. Evropskega parlamenta),
lahko pa se nanašajo na posamezne projekte (npr.
Projekt Galileo, FP7) ali druga področja delovanja
EU (kritična infrastruktura, nabavni postopki).
4.5.1.1 Galileo
Predstavniki UVTP dejavno sodelujemo tudi v
varnostnih odborih, organih za varnostne akreditacije
in v posameznih ekspertnih delovnih skupinah, ki
jih je v okviru svojih projektov ustanovila Evropska
komisija – sodelujemo v projektih Galileo, EGNOS,
GMES in FP 7.
GALILEO je strateški program držav članic in skupni
projekt Evropske komisije in Evropske vesoljske
agencije (ESA – European Space Agency). Gre za
civilni projekt, ki zagotavlja avtonomijo na področju
satelitske navigacije, hkrati pa zaradi interoperabilnosti
z že obstoječimi satelitskonavigacijskimi sistemi
(GPS) pripomore k večji natančnosti pozicioniranja
po vsem svetu. Poleg interoperabilnosti in globalne
dosegljivosti Galileo zagotavlja visoko stopnjo
zanesljivosti sistema in informacijsko integriteto.
Namen posebnih ciljev programa Galileo je zagotoviti,
da se signali, ki jih oddaja sistem, lahko uporabijo za
naslednje funkcije:
Ponuditi »odprto storitev« (OS – Open Service), ki
je brezplačna in zagotavlja informacije o določanju
položaja in časa ter je namenjena množični uporabi
satelitske radionavigacije.
Ponuditi »storitev varovanja življenj« (SoL – Safety of
Life Service), ki je namenjena uporabnikom, za katere
je varnost bistvenega pomena, in ki izpolnjuje zlasti
zahteve letalskega, pomorskega in železniškega
sektorja. Storitev izpolnjuje tudi zahtevo po stalnosti
in ima funkcijo celovitosti, ki omogoča, da je uporabnik
obveščen o nepravilnem delovanju sistema.
Ponuditi »komercialno storitev« (CS – Commercial
Service), ki z večjo učinkovitostjo in s podatki, ki
imajo večjo dodano vrednostjo od podatkov, dobljenih
z »odprto storitvijo«, omogoča razvoj aplikacij za
poslovne ali komercialne namene.
62
However, the Agreement per se does not determine
the rules regulating EU classified information – these
will continue to be regulated by the EU Council's
security rules. The latter shall be used as a reference
point for determining an equivalent level of protection
as that afforded to classified information subject to
this Agreement.
The Agreement shall not have advantage over the
national laws and regulations of Member States
regulating the protection of their classified information,
public access to documents or protection of personal
data, nor shall it include the harmonisation or
approximation of laws or regulations in this area.
The UVTP is also engaged directly and indirectly
tackling issues associated with the operation of certain
EU agencies (EUROPOL, EUROJUST, etc.). On the
one hand, this is expressed by providing opinions
and observations in the unified communication and
information system of decision-making in the EU
affairs in Slovenia (the EU portal), and on the other
by providing assistance and advice to the bodies and
persons who are directly engaged in the work of the
aforementioned agencies. The point of contact in all
cases is assistance in personnel security clearance
and the exchange of data on security clearance to
access classified information.
Adjustments, definitions and positions on particular
issues regarding the protection of EU classified
information may, in addition to agencies, also refer
to other key parts of the EU (e.g. the European
Parliament), and to individual projects (e.g. Galileo
Project, FP7) or other areas of activity of the
European Union (critical infrastructure, procurement
procedures).
4.5.1.1 GALILEO
UVTP representatives also actively participate in
security committees, security accreditation bodies
and individual expert working groups set up by the
European Commission within its projects; thus we
participate in Galileo, EGNOS, GMES and FP 7
projects.
GALILEO is a strategic programme of the EU
Member States and a joint project of the European
Commission and the European Space Agency
(ESA). It is a civil project providing autonomy in
satellite navigation and, owing to its interoperability
with the existing satellite navigation systems (GPS),
it also enhances the global positioning accuracy.
Apart from its interoperability and global availability,
Galileo provides high reliability of the system and
information integrity.
10 let Urada RS za varovanje tajnih podatkov
Slika 19: Satelit Galileo (vir: ESA)
Figure 19: Galileo Satellite (Source: ESA)
Ponuditi »javno regulirane storitve« (PRS –
Public Regulated Service), namenjene izključno
uporabnikom, ki jih pooblasti vlada, za občutljive
aplikacije, ki zahtevajo visoko raven stalnosti storitve.
»Vladna storitev« uporablja močne in šifrirane
signale.
The purpose of Galileo programme's specific goals is
to ensure that the signals transmitted by the system
may be used for the following functions:
Sodelovati pri storitvi iskanja in reševanja (SAR
– Search and Rescue Support Service) sistema
COSPAS-SARSAT z odkrivanjem nujnih signalov, ki
jih oddajajo radijski oddajniki, in vračanjem sporočil
tem oddajnikom.
4.5.1.2 EGNOS (European Geostacionary
Navigation Overlay Service)
EGNOS je prva evropska pobuda na področju
satelitske navigacije. Osnovni cilj tega sistema
je zagotavljanje komplementarnih informacij kot
dodatek signaloma satelitskih navigacijskih sistemov
GPS in GLONASS (Rusija) ter izboljšanje parametrov
delovanja navigacijskega sistema. Gre za sistem, ki
služi zagotavljanju izboljšanja signalov za satelitsko
navigacijo, ki jo nudita ta navigacijska sistema. Te
signale EGNOS sprejme, jih korigira in opremi z
informacijo o integriteti ter pošlje uporabnikom.
4.5.1.3 GMES (Global Monitoring for
Environment and Security)
GMES je skupna pobuda Evropske komisije in
Evropske vesoljske agencije, njen cilj pa je doseči
neodvisno in operativno sposobnost opazovanja
Zemlje.
Cilj je racionalizirati uporabo več virov podatkov, da bi
dobili pravočasne in kakovostne informacije, storitve
To offer the »Open Service« (OS) which is free and
provides signals for timing and positioning and is
intended for mass application of radio navigation.
To offer the »Safety of Life Service« (SoL) which is
intended for users for whom the safety is essential and
which meets the requirements of air traffic, maritime
and railway sectors in particular. This service also
improves the open service performance through the
provision of timely warnings to the user when it fails
to meet certain margins of accuracy (integrity).
To offer the »Commercial Service« (CS) which through
its increased efficiency and data with a greater added
value than the data obtained by the »Open Service«
fosters the development of applications for business
or commercial purposes.
To offer the »Public Regulated Service« (PRS)
intended for specific users authorised by the
government for sensitive applications requiring a
high continuity of service. The »Government service«
uses strong and encrypted signals.
To participate in the »search and rescue support
service« (SAR) of the COSPAS-SARSAT system
by picking up signals from emergency beacons and
sending messages back to these beacons.
4.5.1.2 EGNOS (European Geostationary
Navigation Overlay Service)
EGNOS is the first European venture into satellite
navigation. This system is intended to augment the
two operational military satellite navigation systems
10 years of Government Office for The Protection of Classified Information (NSA)
63
in znanje, ter zagotoviti avtonomen in neodvisen
dostop do informacij v zvezi z okoljem in varnostjo.
Glavni uporabniki sistema GMES bodo pripravljavci
zakonodaje, saj jim bo GMES omogočil, da pripravijo
nacionalni, evropski in mednarodni zakonodajni okvir
na področju okolja (tudi podnebnih sprememb) ter
ukrepe za spremljanje izvajanja te zakonodaje.
– the American GPS and the Russian GLONASS –
and improve the parameters of navigation system
operation. This system improves the signals for
satellite navigation provided by these two navigation
systems. ENGOS receives these signals, corrects
them, furnishes them with information on the integrity
and sends them to the users.
Predstavniki UVTP sodelujemo v varnostnih odborih,
organih za varnostne akreditacije in posameznih
ekspertnih delovnih skupinah, ki jih je v okviru teh treh
projektov ustanovila Evropska komisija, saj na njih
obravnavamo tajne podatke EU, poleg tega pa nas
je Evropska komisija pozvala, da se jih udeležujemo
kot nacionalni varnostni organ.
4.5.1.3 Global Monitoring for Environment and
Security
4.5.1.4 Sedmi okvirni program evropskih
raziskav (FP7)
Its objective is to streamline the use of multiple data
sources with a view to providing timely and quality
information, services and knowledge and ensuring
autonomous and independent access to information
in relation to environment and security. Main GMES
users will be legislation drafters as GMES will enable
them to prepare national, European and international
legislative frameworks in the area of environment
(including climate change) and measures to monitor
the implementation of the relevant legislation.
Sedmi okvirni program evropskih raziskav FP7, ki se
zaključuje (leta 2013 ga bo nadomestil sedemletni
okvirni program za raziskave in razvoj Obzorje 2020)
je glavni instrument Evropske unije za financiranje
znanstvenega raziskovanja in razvoja.
V okviru precej zapletene strukture projektov je treba
odkriti, ali obstaja možnost, da se v življenjskem
ciklu programa pojavijo tajni podatki. Če je tako, je
naloga nacionalnega varnostnega organa države
vodje projekta, da oblikuje in pripravi projektno
dokumentacijo z opisom ravnanja v primeru nastanka
ali vključevanja tajnih podatkov.
Global Monitoring for Environment and Security
(GMES) is a joint initiative of the European
Commission and the European Space Agency,
which aims to develop independent and operational
services to monitor the Earth.
UVTP representatives participate in security
committees, security accreditation bodies and
individual expert working groups set up by the
European Commission within these three projects;
they deal with EU classified information and we
have been invited by the European Commission
to participate in our capacity of national security
agency.
4.5.1.4 The EU's seventh framework programme
for research
The EU's Seventh Framework Programme for
Research (FP7) is in its final phase; it will be
succeeded by Horizon 2020, a seven-year framework
programme for research and innovation. FP7 has
been the EU's main instrument for funding scientific
research and development.
The likelihood that classified information will
arise during a programme's life-cycle has to be
detected within a relatively complex structure of the
programme. If such a risk exists, the NSA of the
Member State project leader must draft and finalise
project documentation containing scenarios for any
potential occurrence or the inclusion of classified
information.
64
10 let Urada RS za varovanje tajnih podatkov
4.6 NATO
4.6. NATO
Slovenija je 29. marca 2004 postala članica
zveze Nato, potem ko je pri njenem depozitarju
v Washingtonu deponirala listino o pristopu k
Severnoatlantski pogodbi.
On 29 March 2004 Slovenia became NATO member
after having deposited its Instrument of Accession
to the North Atlantic Treaty with its depositary in
Washington.
Predpisi o varovanju tajnih podatkov v Republiki
Sloveniji so usklajeni s predpisi zveze Nato na tem
področju. Zakon o Sporazumu med pogodbenicami
Severnoatlantske pogodbe o varnosti podatkov
(Uradni list RS, št. 83/04) določa, da pogodbenice
varujejo tajne podatke zveze Nato označene kot
take, ali tiste, ki jih država članica predloži zvezi
Nato ali drugi državi članici v podporo programu,
projektu ali pogodbi zveze Nato. Natovi tajni podatki
ohranjajo stopnjo tajnosti podatkov, pogodbenice pa
storijo vse potrebno, da jih varujejo primerno stopnji
tajnosti. Zakon določa, da pogodbenice vzpostavijo
in izvajajo enotne minimalne varnostne standarde,
ki zagotavljajo enotno skupno raven varovanja
tajnih podatkov, in da tajnih podatkov ne uporabljajo
v druge namene kakor samo tiste, ki so določeni v
Severnoatlantski pogodbi, sklepih in resolucijah,
nanašajočih se na to pogodbo. Natovih tajnih
podatkov ne razkrivajo stranem, ki niso članice Nata,
brez soglasja lastnika podatkov.
The regulations governing the protection of classified
information in the Republic of Slovenia are in line with
the relevant NATO regulations. The Act Ratifying the
Agreement between the Parties to the North Atlantic
Treaty for the Security of Information (Ur. l. RS, no.
83/04) stipulates that the parties must protect NATO
classified information, marked as such, and classified
information of the member states submitted to another
member state in support of NATO programme,
project or contract. NATO classified information must
maintain the security classification of information
and the parties must make every effort to safeguard
it accordingly. The Act stipulates that the parties must
establish and implement security standards ensuring
a common degree of protection for classified
information and that classified information must not
be used for purposes other than those laid down
in the North Atlantic Treaty and the decisions and
resolutions pertaining to that Treaty. NATO classified
Slika 20: Uradni znak zveze NATO (vir: Nato)
Figure 20: Official NATO logo (Source: NATO)
Stopnja tajnosti – NATO
Security
classification –
Slovenia
Security classification – NATO
INTERNO
NATO RESTRICTED
RESTRICTED
NATO RESTRICTED
ZAUPNO
NATO CONFIDENTIAL
CONFIDENTIAL
NATO CONFIDENTIAL
TAJNO
NATO SECRET
SECRET
NATO SECRET
STROGO TAJNO
COSMIC TOP SECRET
TOP SECRET
COSMIC TOP SECRET
Stopnja tajnosti –
Slovenija
Preglednica 3: Primerjava stopenj tajnosti v Sloveniji
in zvezi Nato
Table 3: Slovenia and NATO security classification
comparison
10 years of Government Office for The Protection of Classified Information (NSA)
65
Tajni podatki zveze Nato se v tem zakonu opredelijo
tako, da podatki pomenijo védenje, ki se lahko
sporoča v kakršni koli obliki, in da tajni podatki
pomenijo podatke ali sredstva, za katere je določeno,
da morajo biti zavarovani pred nepooblaščenim
razkritjem in so bili določeni s stopnjo tajnosti, pri
čemer izraz sredstvo pomeni dokumente in vsak
del strojev, opreme ali orožja, ki je že bil izdelan ali
je v postopku izdelave, izraz dokument pa pomeni
vsak zapisan podatek ne glede na njegovo obliko ali
značilnost, vključno s pisnim ali natisnjenim gradivom,
karticami ali trakovi za obdelavo podatkov, zemljevidi,
kartami, fotografijami, slikami, risbami, grafikami,
skicami, delovnimi zapisi, kopijami in pisalnimi
trakovi ali reprodukcijami s sredstvi ali postopki ter
zvočnimi, glasovnimi, magnetnimi, elektronskimi,
optičnimi ali videoposnetki v kakršni koli obliki ter
prenosno opremo za avtomatsko obdelavo podatkov
z vgrajenimi računalniškimi sredstvi za shranjevanje
podatkov in odstranljivimi računalniškimi sredstvi za
shranjevanje podatkov.
4.6.1
Varnostni odbor NATA
Za usklajevanje, spremljanje in uresničevanje
varnostne politike zveze Nato skrbi Natov urad za
varnost (NOS – Nato Office of Security). Direktor
NOS je glavni svetovalec generalnega sekretarja za
varnostna vprašanja in predsednik Natovega odbora
za varnost (NSC – Nato Security Committee, ki se je
leta 2011 preimenoval v SC – Security Committee).
NOS ima več funkcij, zadolžen je varnosti znotraj
Nata. Z nadzori, inšpekcijami in ogledi v državah
članicah, Natovih telesih in pri vseh, ki razpolagajo
z Natovimi tajnimi podatki, preverja ustreznost
ukrepov in ravnanja s podatki ter akreditiranimi
komunikacijskimi in informacijskimi sistemi. Varnostno
politiko, direktive, usmeritve in druge dokumente ter
podporo delu na varnostnem področju odobri Natov
odbor za varnost (Nato Security Committee).
V varnostnem odboru sodelujejo predstavniki vseh
držav članic, in sicer nacionalnih varnostnih organov
(National Security Authority). Sestankom prisostvujejo
tudi predstavniki mednarodnega vojaškega osebja
Nata, strateških poveljstev in odborov, ki se ukvarjajo
z varnostnimi vprašanji. SC preučuje varnostna
vprašanja v najširšem pomenu besede in je
neposredno odgovoren Severnoatlantskemu svetu
(NAC - North Atlantic Council). Sodobni varnostni
izzivi so predmet razprav številnih odborov, od
katerih jih vsak obravnava z vidika svojih pristojnosti.
Gre za vprašanja vzpostavitve strateških odnosov
z novimi svetovnimi centri moči in vzpostavitve
evroatlantske skupnosti. Preseganje zgodovinskih
razlik in nezaupanja, nadzora nad orožjem in
razoroževanja je del krepitve čezatlantskih odnosov,
usmerjenih v azijsko-pacifiški prostor, ki zavezništvo
66
information must not be disclosed to non-NATO
parties without the consent of the originator.
The Act defines NATO classified information,
whereby information is defined as knowledge that
can be communicated in any form, while classified
information is defined as information or material
determined to require protection against unauthorised
disclosure which has been so designated by security
classification; the term material is deemed to include
documents and also any item of machinery or
equipment or weapons either manufactured or in
the process of manufacture, and the term document
means any recorded information regardless of its
physical form or characteristics, including, without
limitation, written or printed matter, data processing
cards and tapes, maps, charts, photographs,
paintings, drawings, engravings, sketches, working
notes and papers, carbon copies and ink ribbons, or
reproductions by an means or process, and sound,
voice, magnetic or electronic or optical or video
recordings in any form, and portable ADP equipment
with resident computer storage media, and removable
computer storage media.
4.6.1
NATO Security Committee
NATO security policy is coordinated, monitored and
implemented by the NATO Office of Security (NOS).
Its Director is the NATO Secretary General's principal
adviser on security issues and the Chairman of
the Security Committee; in 2011, NATO Security
Committee (NSC) was renamed the Security
Committee (SC). NOS has several functions and is
responsible for coordinating security within NATO.
The adequacy of the measures, the handling of
information and accredited communication and
information systems are verified by NOS through
controls, inspections and visits to member states, to
NATO bodies and to all who have NATO classified
information at their disposal. The security policy,
directives, guidelines and other documents, as well
as the support for work in the area of security, are
approved by the NATO Security Committee (NSC).
Representatives of all member states, i.e. their
National Security Authorities, participate in the work
of the Security Committee. Its meetings are also
attended by representatives of NATO international
military staff, strategic headquarters and committees
involved in security issues. It examines broad security
issues and is directly responsible to the North Atlantic
Council (NAC). The present security challenges
are discussed by numerous committees from the
viewpoint of their respective competencies; they
relate to the issues concerning the establishment of
strategic relations with new global centres of power
and the setting up of the Euro–Atlantic community.
10 let Urada RS za varovanje tajnih podatkov
ZDA z evropskimi državami še dodatno krepi.
Zagotavljanje energetske in kibernetske varnosti,
reševanje finančne krize in drugih varnostnih
vprašanj v državah članicah Nata se obravnava
prednostno in z zavedanjem, da Nato pri tem deluje
kot mesto usklajevanja in spodbujanja konkretnega
sodelovanja.
SC se sestaja v različnih formatih. Na izvršilni ravni
se praviloma sestaja dvakrat letno in obravnava
splošna varnostna vprašanja, kakor je navedeno
zgoraj, ter vprašanja varovanja tajnih podatkov.
Sestankov se udeležujejo direktorji nacionalnih
varnostnih organov držav članic Nata. SC sprejema
dokumente, ki so predhodno usklajeni med državami
članicami v drugih organih, kot so Security Policy
Format in Information Assurance Format. Gre za
dokumente – varnostno politiko, direktive in smernice,
ki zagotavljajo varovanje tajnih podatkov na področju
osebne varnosti, dokumentacijske varnosti, fizične in
industrijske varnosti ter komunikacijsko informacijske
varnosti. Sprejeti dokumenti veljajo za obravnavo
tajnih podatkov v okoljih miru in stabilnosti kakor tudi
v kriznih in vojnih področjih. Reguliran je tudi dostop
do tajnih podatkov državam nečlanicam zveze Nato,
ki dejavno sodelujejo v Natovih operacijah in zato
potrebujejo dostop do tajnih podatkov zveze Nato.
Glede na potrebe, se varnostni odbor sestaja
tudi v razširjenem sestavu, z dodanimi drugimi
državami, ki imajo status nečlanice Nata, t. i. NNN
(NonNatoNation). SC poroča NAC najmanj enkrat
letno.
4.6.2
Natova mednarodna konferenca
(Nato Security Committee/AdHoc
Working Group)
UVTP je v letu 2009 organiziral sestanek varnostnega
odbora na Brdu pri Kranju. Sestanka so se udeležili
predstavniki držav članic Nata. Na njem so bila med
drugim obravnavana občutljiva vprašanja dostopanja
do tajnih podatkov držav nečlanic Nata in sprejeti
pomembni sklepi, ki so omogočili kakovosten premik
pri pripravi dokumentov, ki naj bi to tudi formalno
omogočili. Zaradi tega je sestanek dobil status
izjemno pomembnega in občutljivega dogodka z
zelo pomembnimi razpravami. Udeležilo se ga je
veliko članov nacionalnih varnostnih organov držav
članic, agencij, strateških poveljstev in strokovnjakov
članic Nata. Na UVTP smo kot država gostiteljica
od predsedujočega dr. Giuseppeja Benassija in
takratnega direktorja NOS Michaela T. Evanoffa
prejeli tudi pisno pohvalo za izvrstno organizacijo
dogodka, ki je omogočila konstruktivno delovno
vzdušje, katerega rezultati so pomenili pomemben
mejnik v obravnavi tajnih podatkov. K uspešnosti
The endeavours to overcome historical divisions and
mistrust, and for arms control and disarmament are
oriented towards strengthening transatlantic relations
with the Asia-Pacific region and also contribute
towards reinforcing alliance between the U.S. and
European countries. The provision of energy and
cyber security, the solving of the financial crisis and
other security issues of the NATO member states
are topics discussed as a matter of priority, whereby
bearing in mind that, in this respect, NATO provides
a platform for coordinating and promoting actual
cooperation.
The Security Committee meets in different formats.
As a rule, it holds two meetings per year at Principal's
level to discuss general security issues, as described
above, and issues related to the protection of
classified information.
The meetings are attended by the Directors of
National Security Authorities of the NATO member
states. The Security Committee adopts documents
previously coordinated between the member states
within other bodies, i.e. in Security Policy Format
and in Information Assurance Format. These are
documents on security policy, directives and guidelines
for ensuring classified information protection in the
areas of personal security, documentation security,
physical and industrial security, and communication
and information security. The documents adopted
apply to the handling of classified information in the
stability and peace areas as well as in the crisis and
war areas. The access to classified information for
non–NATO countries, which are actively participating
in NATO operations and therefore need access to
NATO classified information, is also regulated.
Depending on the needs, the Security Committee
also meets in an extended formation, i.e. together
with other countries holding a non–NATO nation
(NNN) status. The Security Committee reports to the
North Atlantic Council at least once a year.
4.6.2
NATO international conference (NATO
Security Committee/Ad Hoc Working
Group)
In 2009, a Security Committee meeting was organised
by the UVTP at Brdo pri Kranju. The meeting was
attended by NATO member state representatives.
The discussion focused on sensitive issue of the nonNATO countries access to classified information; the
important decisions adopted at the meeting facilitated
a qualitative step forward in drafting documents to
formally regulate their access to such information. For
this reason, the meeting has been considered a very
significant and sensitive event that featured important
discussions. It was attended by numerous members
10 years of Government Office for The Protection of Classified Information (NSA)
67
konference so vsekakor prispevali tudi sodelavci
MORS in SV ter zaposleni JGZ Brdo.
4.6.3
Sporazum ATOMAL
UVTP je bil tudi nosilec aktivnosti pri sprejemanju tako
imenovanih predpisov ATOMAL. Republika Slovenija
je Sporazum med pogodbenicami Severnoatlantske
pogodbe o sodelovanju na področju jedrskih
podatkov s Tajno tehnično prilogo k Sporazumu
med pogodbenicami Severnoatlantske pogodbe
o sodelovanju na področju jedrskih podatkov
(katere varovanje tajnosti je 10. maja 2000 odpravil
Severnoatlantski svet) in Zaupno varnostno prilogo
k Sporazumu med pogodbenicami Severnoatlantske
pogodbe o sodelovanju na področju jedrskih podatkov
(katere varovanje tajnosti je 6. marca 1998 odpravil
Severnoatlantski svet) ratificirala aprila leta 2007
(Uradni list RS, Mednarodne pogodbe, št. 6/07 –
MSPJP), protokol, ki spreminja in dopolnjuje Zaupno
varnostno prilogo k Sporazumu med pogodbenicami
Severnoatlantske pogodbe o sodelovanju na
področju jedrskih podatkov pa leta 2009.
Sporazum Natu in njegovim članicam omogoča
medsebojno izmenjavo
podatkov z jedrskega
področja za krepitev skupne obrambe in varnosti.
Vlada Združenih držav Amerike po tem sporazumu
posreduje jedrske podatke, potrebne za razvoj
obrambnih načrtov, izobraževanje osebja, ki uporablja
jedrske podatke v zvezi z uporabo jedrskega orožja
oziroma učinki in posledicami uporabe jedrskega
orožja.
4.6.4
MISWG 2010
Začetki mednarodne delovne skupine za industrijsko
varnost (MISWG) segajo v leto 1985. Skupina
je nastala kot odziv na ugotovitev, da obstoječe
nezdružljive varnostne zahteve posameznih držav na
področju industrijskega sodelovanja v praksi postajajo
problem. Na sestanku predstavnikov držav članic
Nata, odgovornih za področje industrijske varnosti
(razen Islandije), so predstavniki ZDA, Velike Britanije
in Nemčije predlagali ustanovitev delovne skupine, ki
bi pregledala obstoječe varnostne standarde v vseh
državah članicah in pripravila priporočila za njihovo
poenotenje.
Na prvem uradnem sestanku delovne skupine je bilo
sprejeto njeno uradno ime, sčasoma pa je skupina
dobila tudi uradni emblem in zastavo.
Članstvo v MISWG je bilo prvotno omejeno na države
članice Nata, vendar se je leta 1999 skupina začela
postopoma odpirati navzven.
68
of the national security authorities, agencies, strategic
headquarters and experts from NATO member states.
The host country and the UVTP earned a written
commendation by Guiseppe Benassi, who chaired
the meeting, and Michael T. Evanoff, who was the
Director of the NATO Office of Security at the time,
for the excellent organisation of the event, which
created a constructive working atmosphere enabling
the meeting to become an important turning point in
dealing with classified information. Undoubtedly, the
credit for the conference's success also went to the
Ministry of Defence and the staff of the Slovenian
Armed Forces, as well as to JGZ Brdo State Protocol
Services personnel.
4.6.3
ATOMAL Agreement
The UVTP was also actively involved in the adoption
of the ATOMAL regulations. In April 2007, the Republic
of Slovenia ratified the Agreement between the
Parties to the North Atlantic Treaty for co-operation
regarding Atomic Information with Secret Technical
Annex to the Agreement between the Parties to
the North Atlantic Treaty for co-operation regarding
Atomic Information (declassified by the North Atlantic
Council on 10 May 2000) and Confidential Security
Annex to the Agreement between the Parties to
the North Atlantic Treaty for co-operation regarding
Atomic Information (declassified by the North Atlantic
Council on 6 March 1998) (Ur. l. RS, MP, no. 6/07);
the Protocol Amending the Security Annex to the
Agreement between the Parties to the North Atlantic
Treaty for Co-operation regarding Atomic Information
was ratified in 2009.
The Agreement enables NATO and its members
to exchange atomic information with a view to
strengthening mutual defence and security. In
accordance with this Agreement, the Government
of the United States of America communicates the
atomic information required for designing defence
plans and training of personnel using atomic
information in connection with the use of atomic
weapons and/or effects and results of its use.
4.6.4
Multinational Industrial Security
Working Group, 2010
The beginnings of the MISWG go back to 1985.
The group was established in response to the
finding that the applicable incompatible security
requirements of the individual states in the area of
industrial cooperation had become an impediment.
At a meeting of industrial security officials from all of
the NATO countries (with the exception of Iceland),
the German, UK, and US representatives proposed
the establishment of a working group which would
10 let Urada RS za varovanje tajnih podatkov
Slika 22: Priložnostni znak in simbolično srce
dobrodošlice
Figure 22: A commemorative emblem and symbolic
welcome heart
Slika 23: Mednarodna konferenca zveze Nato (Nato
Security Committee/AdHoc Working Group) –
Brdo pri Kranju, 8. do 11. junij 2009
Figure 23: NATO international conference (NATO
Security Committee/Ad Hoc Working Group), Brdo
pri Kranju from 8 to 11 June 2009
Sestankov MISWG, ki praviloma potekajo enkrat na
leto in so zaprtega tipa, se udeležujejo višji državni
uradniki, odgovorni za področje industrijske varnosti,
iz vseh držav članic Nata (razen Islandije), Avstralije,
Avstrije, Finske, Izraela, Nove Zelandije, Švedske in
Švice ter predstavnika Nata in Evropske komisije, ki
imata status opazovalca. Slovenija je članica MISWG
od leta 2003.
review each country's security procedures and
make recommendations for standard procedures.
The official name of the working group was adopted
at its first official meeting; a standard emblem was
developed at a later date.
MISWG membership was initially limited to NATO
member states; in 1999, the Group started to open
up.
10 years of Government Office for The Protection of Classified Information (NSA)
69
Odločitve MISWG se sprejemajo v obliki dokumentov,
ki niso pravno zavezujoči, kar pomeni, da je državam
članicam povsem prepuščena odločitev o tem, ali
bodo sprejete dokumente uvedle v svoje nacionalne
ureditve ali ne. Kljub navedenemu se z vstopom v
članstvo vsaka država neformalno obveže k temu,
da bo odločitve MISWG spoštovala v kar največjem
obsegu. Slednje je v povezavi s številom držav, ki
sodelujejo v MISWG, pomemben kazalnik razvoja
gibanja svetovne industrijske varnosti, hkrati pa
dokumenti MISWG predstavljajo pomembno podlago
za pripravo zavezujočih mednarodnih predpisov,
katerih oblikovanje in sprejemanje zakonov potekata
hitreje in z manj birokratskimi preprekami.
Slovenski nacionalni varnostni organ, katerega
naloge opravlja Urad Vlade RS za varovanje tajnih
podatkov, je leta 2010 nastopil v vlogi organizatorja
25. srečanja MISWG. To leto je bilo za skupino v
znamenju srebrnega jubileja, zato je imel vtis, ki ga
je urad naredil na udeležence, še toliko večjo težo.
Srečanje MISWG 2010 je potekalo od 7. do
9. septembra 2010 v kongresnem centru Brdo
pri Kranju, predsedovala pa mu je Maja Rožaj.
Navedeno srečanje je odprlo številne nove pobude,
katerih večina se je osredotočala na področje
kibernetske varnosti, možnosti za uravnoteženje
Slika 24: Zasedanje na konferenci MISWG 2010
70
As a rule, the MISWG meets once a year at closed
meetings attended by senior industrial security
officials from all of NATO countries (with the exception
of Iceland), Australia, Finland, Israel, New Zealand,
Sweden and Switzerland, and representatives of
NATO and the European Commission who have
observer status. Slovenia became a member of the
MISWG in 2003.
The MISWG's decisions are adopted in the form of
legally non-binding documents, which means that
member states decide whether to transpose them
into their national legislation. When joining the
MISWG, states nevertheless informally undertake
to comply with its decisions to the greatest extent
possible. Viewed together with the number of
countries participating in the MISWG, this represents
an important indicator of the global industrial security
trends; the MISWG documents also provide an
important basis for drafting binding international
regulations and national laws, facilitate their swift
drafting and adoption and diminish bureaucratic
barriers.
In Slovenia, NSA tasks are carried out by the Office
of the Government of the Republic of Slovenia for
the Protection of Classified Information; in 2010, it
organised the 25th MISWG meeting. That was the
Figure 24: MISWG 2010 Conference meeting
10 let Urada RS za varovanje tajnih podatkov
nacionalnih in mednarodnih zahtev na področju
industrijske varnosti v luči vse večjega obsega dela
in vse manjših finančnih sredstev, obširna razprava
se je razvila tudi o nadaljnji širitvi MISWG ter določitvi
meril in postopkov za pridružitev skupini bodisi v
vlogi opazovalca bodisi stalnega člana.
Velja poudariti dejstvo, da so imela slovenska
podjetja, ki se ukvarjajo z razvojem, proizvodnjo
in prometom opreme, sredstev ter storitev za
obrambne in varnostne namene, v okviru konference
priložnost predstaviti udeležencem lastno znanje in/
ali produkte.
Za uspešno izvedbo konference je bilo izjemno
pomembno tesno sodelovanje urada s številnimi
akterji, med katerimi velja izpostaviti predvsem
ministrstvo za gospodarstvo, ministrstvo za obrambo,
ministrstvo za zunanje zadeve, Gospodarsko
zbornico Slovenije in JGZ Brdo.
Častni govornici oziroma gostji konference sta bili
tedanja ministrica za obrambo dr. Ljubica Jelušič in
ministrica za gospodarstvo mag. Darja Radić.
year of the Group's silver jubilee, therefore the Office
endeavoured to make the best impression on the
participants.
The MISWG 2010 meeting was held at the Brdo
Congress Centre from 7–9 September 2010; it was
chaired by Maja Rožaj. Several new initiatives were put
forward; most of them focused on cyber security and
the prospects for balancing national and international
industrial safety requirements in the context of the
increasing scope of work and diminishing financial
resources; a thorough discussion was also held
on further MISWG enlargement and on defining
criteria and procedures for inviting new members or
observers into the Group.
Within the framework of the conference, the
Slovenian companies engaged in the development,
manufacture and trade of equipment, materials and
services for defence and security purposes presented
their knowledge and products to its participants.
Close cooperation between the Office and a number
of actors, particularly the Ministry of the Economy, the
Ministry of Defence, the Ministry of Foreign Affairs,
the Chamber of Commerce and Industry of Slovenia
and JGZ Brdo State Protocol Services, was vital for
the successful organisation of the conference.
The then ministers of defence and the economy,
Ljubica Jelušič and Darja Radić respectively, were
the speakers of honour and hosts of the conference.
Slika 25: Vodstvo MISWG 2010 in govornica mag.
Darja Radič, ministrica za gospodarstvo Republike
Slovenije
Figure 25: The MISWG 2010 chairpersons and the
Slovenian Minister of the Economy, Darja Radić.
10 years of Government Office for The Protection of Classified Information (NSA)
71
4.7 Regionalno
sodelovanje
4.7.1
South East European National
Security Authorities
Državni zbor Republike Slovenije je z namenom
potrditi zavezanost k sodelovanju, pomoči in razvoju
regiji Zahodnega Balkana leta 2010 sprejel Deklaracijo
o Zahodnem Balkanu. Vlada Republike Slovenije
je istega leta zato, da bi izboljšala usklajenost
delovanja na Zahodnem Balkanu, sprejela Smernice
za delovanje Republike Slovenije do Zahodnega
Balkana, vsako leto pa je na njihovi podlagi
pripravljen akcijski načrt za delovanje Republike
Slovenije do Zahodnega Balkana, v katerega je
dejavno vključen tudi UVTP. Poleg razvejanega
dvostranskega delovanja je vse pomembnejše tudi
regionalno sodelovanje.
Mednarodno regionalno organizacijo Regional
Cooperation Council (RCC) je South East European
Co-operation Process (SEECP) pooblastil za
nadaljnji razvoj regionalnega sodelovanja na
področju varnosti.
Postala naj bi osnovni steber za oblikovanje temelja
za regionalno izmenjavo tajnih podatkov, kar je
bistveni predpogoj za regionalno sodelovanje na
širšem varnostnem področju. Izmenjava tajnih
podatkov presega teritorialne meje države, kar je
pri večnacionalnem sodelovanju poseben izziv. Kot
osnovo za to je treba razviti in širiti sodelovanje
na dvostranski in mednarodni ravni na področju
varovanja tajnih podatkov kot elementa nacionalne
varnosti. V tem pogledu South East European
National Security Authorities (SEENSA) skuša
poiskati primerne rešitve in omogočiti skupen
regionalni večstranski pristop.
4.7 Regional cooperation
4.7.1
South-East European National Security
Authorities
In 2010 the National Assembly of the Republic of
Slovenia adopted a Declaration on the Western
Balkans with a view to reaffirming its commitment to
cooperation, support and development in the region.
In order to improve operational coordination in the
Western Balkans, the Government of the Republic
of Slovenia adopted the Guidelines for Slovenia's
Policy on the Western Balkans that year. On their
basis, the annual action plans for Slovenia's policy
on the Western Balkans, with the UVTP's active
involvement, are prepared. In addition to extensive
bilateral cooperation, regional cooperation is also
gaining importance.
The South-East European Co-operation Process
(SEECP) entrusted the Regional Cooperation Council
(RCC) a task to further develop regional cooperation
in the area of security.
The RCC is to provide the basis for developing
regional exchange of classified information, which is
a precondition for broader regional cooperation in the
field of security. Classified information is exchanged
across state borders, and this represents a particular
challenge for multilateral cooperation. Bearing this in
mind, bilateral and international cooperation in the
area of classified information protection – viewed as
an element of national security – should be developed
and enhanced. In this context, the South-East
European National Security Authorities (SEENSA)
endeavour to find appropriate solutions and facilitate
a common regional multilateral approach.
Razvoj dejavnosti na območju jugovzhodne Evrope
pri spodbujanju regionalnega in dvostranskega
sodelovanja med organi, pristojnimi za varnost in
obrambo, je jasno pokazal, da je treba podlago za
nadaljnjo krepitev sodelovanja poiskati v možnosti
za izmenjavo tajnih podatkov, kar bi pomenilo
vsestransko korist tega procesa. V tem pogledu so
nekateri nacionalni varnostni organi v jugovzhodni
Evropi (iz držav članic RCC) razvili medsebojne
Developments in the promotion of regional and
bilateral cooperation between authorities responsible
for security and defence in South-East Europe have
clearly shown that further strengthening of cooperation
should focus on the potential exchange of classified
information, which would render the process very
useful. In this context, the national security authorities
of some South-East European countries (members of
the RCC) have already established mutual relations
and concluded bilateral agreements. In addition, a
regional approach to establishing such cooperation
between national security authorities should also be
Slika 26: Znak RCC
Figure 26: RCC logo
72
10 let Urada RS za varovanje tajnih podatkov
odnose in podpisali dvostranske sporazume.
Poleg tega je treba upoštevati, da lahko nacionalni
varnostni organi razvijejo takšno sodelovanje tudi z
regionalnim pristopom. Pobudo SEENSA je podprl
SEECP na njihovem letnem srečanju voditeljev
držav leta 2010, potrjena pa je bila tudi na letnem
srečanju RCC. Pobuda je vključena v strateški in
delovni program RCC za obdobje 2011–2013.
Ta forum postaja vse bolj pomemben in koristen temelj
za izmenjavo mnenj in idej o enem najpomembnejših
področij regionalnega varnostnega sodelovanja.
Njegov cilj je krepitev regionalne varnosti, stabilnosti
in graditev medsebojnega zaupanja.
considered. The SEENSA initiative was supported at
the 2010 annual meeting of the Heads of State and
Government of the SEECP and was also approved
at the annual RCC meeting. The initiative has been
included in the RCC 2011–2013 work programme.
This forum has been gaining importance and
becoming a valuable platform for exchanging
opinions and ideas on one of the most important
areas of regional security cooperation. Its objective is
to strengthen regional security, stability and to foster
mutual trust.
10 years of Government Office for The Protection of Classified Information (NSA)
73
Foto galerija
Photo Gallery
Zaposleni na UVTP v letu 2012
(z leve proti desni) prva vrsta: mag. Mateja Kapš,
Tatjana Balorda, Maja Rožaj, Dora Uršič
druga vrsta: mag. Erik Schlegel, Damjan Razinger,
tretja vrsta: dr. Boštjan Petelinc,
Gregor Majcen, v. d. direktorja urada, Uroš Kogoj
četrta vrsta: Boris Mohar, Marko Rosandič,
mag. Milan Tarman peta vrsta: Igor Eršte in Miran
Skobe
Office of the Government of the Republic
of Slovenia for the Protection of Classified
Information staff, 2012
First row (left to right): Mateja Kapš, Tatjana Balorda,
Maja Rožaj and Dora Uršič. Second row: Erik
Schlegel and Damjan Razinger. Third row: Boštjan
Petelinc, Mr Gregor Majcen (Acting Director of the
Office) and Uroš Kogoj. Fourth row: Boris Mohar,
Marko Rosandič, Milan Tarman. Fifth row: Igor Eršte
and Miran Skobe
74
10 let Urada RS za varovanje tajnih podatkov
Delavnica Nato Infosec
NATO InfoSec Workshop
Delavnica Nato Infosec Workshop – Brdo pri Kranju,
28. do 30. januar 2009
NATO InfoSec Workshop — Brdo pri Kranju from 28
to 30 January 2009
Mednarodna konferenca zveze Nato
(Nato Security Committee/AdHoc
Working Group)
NATO international conference (NATO
Security Committee/Ad Hoc Working
Group)
Skupinska slika z mednarodne konference zveze
Nato (Nato Security Committee/AdHoc Working
Group) – Brdo pri Kranju, 8. do 11. junij 2009
Group photo — NATO international conference
(NATO Security Committee/Ad Hoc Working Group),
Brdo pri Kranju from 8 to 11 June 2009
10 years of Government Office for The Protection of Classified Information (NSA)
75
MISWG 2010
Multinational Industrial Security
Working Group, 2010
Skupinska slika MISWG 2010
Group photo — MISWG 2010
Zastave držav in mednarodnih organizacij na
konferenci MISWG 2010
The national flags and the flags of international
organisations, MISWG 2010
76
10 let Urada RS za varovanje tajnih podatkov
Poslovna predstavitev podjetja na MISWG 2010
Company business presentation, MISWG 2010
Poslovna predstavitev podjetja na MISWG 2010
Business presentation of a company, MISWG 2010
10 years of Government Office for The Protection of Classified Information (NSA)
77
Govor takratne ministrice za gospodarstvo mag.
Darje Radič
Former Slovenian Minister of the Economy, Darja
Radić, delivering her speech
Govor takratne ministrice za obrambo dr. Ljubice
Jelušič
Former Slovenian Minister of Defence, Ljubica
Jelušič, delivering her speech
78
10 let Urada RS za varovanje tajnih podatkov
Govor veleposlanika Charlesa Murta
Ambassador Charles Murto delivering his speech
Predaja vloge predsedovanja MISWG Republiki
Finski
Handing the MISWG presidency to Finland
10 years of Government Office for The Protection of Classified Information (NSA)
79
Dvostransko sodelovanje
Bilateral cooperation
Podpis sporazuma med Vlado Republike Slovenije
in Vlado Kraljevine Švedske o izmenjavi in
medsebojnem varovanju tajnih podatkov
Signing of the Agreement between the Government
of the Republic of Slovenia and the Government
of the Kingdom of Sweden on the Exchange and
Mutual Protection of Classified Information
Podpis sporazuma med Vlado Republike Slovenije
in Vlado Romunije o medsebojnem varovanju tajnih
podatkov.
Signing of the Agreement between the Government
of the Republic of Slovenia and the Government
of Romania on the Exchange and Mutual Protection
of Classified Information
80
10 let Urada RS za varovanje tajnih podatkov
Podpis sporazuma med Vlado Republike Slovenije
in Vlado Republike Hrvaške o medsebojnem
varovanju tajnih podatkov.
Signing of the Agreement between the Government
of the Republic of Slovenia and the Government
of the Republic of Croatia on the Exchange and
Mutual Protection of Classified Information
Sporazum med Vlado Republike Slovenije in
Svetom ministrov Republike Albanije o izmenjavi
in medsebojnem varovanju tajnih podatkov
Signing of the Agreement between the Government
of the Republic of Slovenia and the Council
of Ministers of the Republic of Albania on the
Exchange and Mutual Protection of Classified
Information
10 years of Government Office for The Protection of Classified Information (NSA)
81
Sporazum med Vlado Republike Slovenije in Vlado
Republike Makedonije o izmenjavi in medsebojnem
varovanju tajnih podatkov.
Signing of the Agreement between the Government
of the Republic of Slovenia and the Government
of the Republic of Macedonia on the Exchange
and Mutual Protection of Classified Information
Podpis sporazuma med Vlado Republike Slovenije
in Vlado Francoske republike o izmenjavi in
medsebojnem varovanju tajnih podatkov.
Signing of the Agreement between the Government
of the Republic of Slovenia and the Government
of the French Republic on the Exchange and Mutual
Protection of Classified Information
82
10 let Urada RS za varovanje tajnih podatkov
Podpis sporazuma med Vlado Republike Slovenije
in Vlado Republike Latvije o izmenjavi in
medsebojnem varovanju tajnih podatkov.
Signing of the Agreement between the Government
of the Republic of Slovenia and the Government
of the Republic of Latvia on the Exchange and
Mutual Protection of Classified Information
Podpis sporazuma med Vlado Republike Slovenije
in Vlado Republike Poljske o izmenjavi in
medsebojnem varovanju tajnih podatkov.
Signing of the Agreement between the Government
of the Republic of Slovenia and the Government
of the Republic of Poland on the Exchange and
Mutual Protection of Classified Information
10 years of Government Office for The Protection of Classified Information (NSA)
83
Podpis sporazuma med Republiko Slovenijo in
Češko republiko o izmenjavi in medsebojnem
varovanju tajnih podatkov.
Signing the Agreement between the Republic of
Slovenia and the Czech Republic on the Exchange
and Mutual Protection of Classified Information
Podpis sporazuma med Vlado Republike Slovenije
in Avstrijsko zvezno vlado o izmenjavi in
medsebojnem varovanju tajnih podatkov.
Signing of the Agreement between the Government
of the Republic of Slovenia and the Federal
Government of the Republic of Austria on the
Exchange and Mutual Protection of Classified
Information
84
10 let Urada RS za varovanje tajnih podatkov
Podpis sporazuma med Vlado Republike Slovenije
in Vlado Republike Finske o izmenjavi in
medsebojnem varovanju tajnih podatkov.
Signing of the Agreement between the Government
of the Republic of Slovenia and the Government
of the Republic of Finland on the Exchange and
Mutual Protection of Classified Information
10 years of Government Office for The Protection of Classified Information (NSA)
85
86
10 let Urada RS za varovanje tajnih podatkov