CIDR (USAID’S CRITICAL INFRASTRUCTURE, DIGITALISATION AND RESILIENCE PROGRAM) IN KOSOVO

Summary

To address the critical infrastructure cybersecurity gaps identified by USAID’s Europe and Eurasia (E&E) and in coordination with USAID Mission in Kosovo, CIDR (Critical Infrastructure, Digitalisation and Resilience Program) will: 1) establish a governance framework for cybersecurity in Kosovo by creating a multi-stakeholder critical infrastructure and cybersecurity working group (CICWG), 2) empower critical infrastructure entities in Kosovo to identify and address cybersecurity threats and, where possible, facilitate export of U.S technology and expertise to counter these threats; and 3) facilitate development of robust national and regional information sharing networks, promoting coordinated and collaborative response to cybersecurity threats.  

Details

Aim

The primary objective of CIDR is to elevate the overall cybersecurity standards within the region through locally-driven initiatives, fortifying critical infrastructure to ensure its resilience and continuous provision of essential services to citizens. 

Context

Energy, telecommunications, and electronic services play a pivotal role in enabling individuals to work, connect with one another, and flourish. Regrettably, the vital information networks that underpin these services, along with other critical infrastructure, often find themselves under siege by both individuals and organized groups. When these cyberattacks prove successful, they have the capacity to disrupt or even halt essential services, causing significant disruptions in communities and businesses, and inflicting harm upon nations. 

The USAID Critical Infrastructure Digitalization and Resilience (CIDR) program, a five-year initiative overseen by DAI on behalf of the U.S. Agency for International Development (USAID)’s Bureau for Europe and Eurasia, is designed to address these cybersecurity challenges. CIDR collaborates with partner governments and local organizations in assessing cybersecurity deficiencies and establishing priorities, providing recommendations, and devising strategic plans to enhance the security of critical infrastructure and key institutions. 

Operating within the Western Balkans, Black Sea Region, and South Caucasus, regions that have witnessed an escalation in diverse and intricate cyberattacks in recent years, CIDR is currently extending its support to Albania, Georgia, Kosovo, Moldova, North Macedonia, and Serbia. This support encompasses various facets such as workforce development, cybersecurity evaluations, cybersecurity governance, and the exchange of information on cyberattacks, threats, and potential solutions. 

CIDR conducts various activities, such as facilitating cybersecurity working groups, analyzing national needs, advising on EU-standard cybersecurity, promoting best practices in critical infrastructure, and addressing the demand for cybersecurity professionals. The program also seeks investments from the U.S. and Europe in targeted countries. Additionally, it collaborates with USAID’s U.S.-Europe Energy Bridge program, emphasizing the importance of robust cybersecurity for essential services. 

Outputs 

Anticipated results include: 

• Establishment of a multi-stakeholder, cross-sectorial critical infrastructure working group that will support the Government of Kosovo (GoK) efforts to effectively implement their evolving cybersecurity strategy;  
• Supporting GoK in establishing of the Kosovo’s national cybersecurity agency;  
• Two Selected CI sector are supported with cybersecurity improvement roadmaps.  
• Effective functioning of a national CSIRT in a way that ensures they capture relevant security incidents and trends and share the information with relevant national institutions.  

Activities

1. Establishment and facilitation of the Critical Infrastructure Cybersecurity Working Group (CICWG) 

• Identification of CI and CII in seven (7) sectors. CICWG will provide recommendation to GoK that will facilitate both Kosovo’s EU ambition and alignment with EU acquis.  
• Two table top exercise.    

2. Supporting GoK in establishment of the Kosovo’

3. Telecom and Energy sector are supported with sectorial cybersecurity roadmaps for risk diagnostic based on C2M2

4. Entity Level Audits of critical government services to identify any immediate critical cyber vulnerabilities.

Additional links

The 2022 U.S.-EU Cyber Dialogue – United States Department of State 

US-Europe Energy Bridge | Europe and Eurasia | Bureau for Europe and Eurasia | U.S. Agency for International Development (usaid.gov)  – see 3rd pillar for relevance.