CMM Review Bosnia and Herzegovina (as part of the Global Cybersecurity Capacity Program I)

Summary

In collaboration with the World Bank (WB), the GCSCC, in collaboration with the Ministry of Communications and Transport, the Sector for Communications and Informatization, and the Department for Informatization, undertook a review assessment of the maturity of cybersecurity capacity in Bosnia and Herzegovina at the invitation of the Ministry of Communications and Transport using the Cybersecurity Capacity Maturity Model for Nations (CMM) between October 2018 and March 2019.

Details

Aim

The objective of this review was to enable the Government to gain an understanding of its cybersecurity capacity in order to develop the country’s national cybersecurity strategy, and to strategically prioritise investment in cybersecurity capacities.

Context

The Global Cyber Security Capacity Centre (GCSCC) conducts research to understand and identify trends in cybersecurity, to help the world prepare and respond to cyber threats. Together with a global multistakeholder community with expertise in cybersecurity capacity building, the Centre has developed a model that helps countries self-assess and identify their strengths and needs for their cybersecurity maturity. The Cybersecurity Capacity Maturity Model (CMM), which was last revised in 2021, considers cybersecurity maturity to comprise five dimensions which together constitute a wide breadth of national capacity that a country requires to be effective in delivering cybersecurity resilience. Dimension 1 looks at the country’s ability to develop and implement cybersecurity policies and strategy. Dimension 2 looks at culture and societal elements that affect public understanding and their ability to protect themselves in the cyberspace. Dimension 3 looks at the initiatives by different stakeholders in driving cybersecurity awareness among users. Dimension 4 looks at the capacity of countries to prosecute cybercrime and Dimension 5 looks at the availability of protective technologies and standards.

The GCSCC’s support to a CMM in Bosnia and Herzegovina was funded by the United Kingdom, Korea-World Bank Group Partnership Facility (KWPF) under its Global Cybersecurity Capacity Program.

Outcomes

The CMM review identified some relevant key findings, including the lack of coordination and communication at the cybersecurity level among governmental actors, the lack of cyber awareness amongst citizens and of awareness-raising initiatives, the lack of  institutional and legal harmonization within the judiciary system and also within standards, software and technologies utilised.

The successful CMM assessment facilitated both nationwide and international cooperation to support the efficient planning of the initiatives concerning the state level cybersecurity-related legislation and policy documents in this area. More precisely, the Global Cybersecurity Capacity Program presented the drafting process of the Strategic Cybersecurity Framework in Bosnia and Herzegovina and of the drafting of the Law on Cybersecurity in Bosnia and Herzegovina.

Outputs

The CMM report was completed in 2019.

A summary of the CMM’s findings and information on follow-on action was included in the World Bank’s report ‘Global Cybersecurity Capacity Program: Lessons Learned and Recommendations Towards Strengthening the Program’.

Activities

One of the main activities were the stakeholder roundtable consultations according to the CMM methodology that took place during 23-25 October 2018. The following stakeholders participated in the roundtables: academia, criminal justice, law enforcement, defence community, information technology officers and representatives from public-sector entities, critical-infrastructure owners, policy makers information-technology officers from the private sector (including financial institutions), telecommunications companies, the banking sector as well as international partners.

The World Bank facilitated, in cooperation with the MOCT and the Global Cybersecurity Center for Development (GCCD) of Korea Internet & Security Agency (KISA), the 2018 GCCD-Bosnia and Herzegovina Cybersecurity CMM workshop, organized in Sarajevo on 3-4 December 2018. Around 70 – 80 participants from 52 institutions attended the event. The main focus of the workshop was National Cybersecurity Policy, Legal Framework & CERT/CSIRT Operation.

MAIN WEBSITE LINK

Cybersecurity Capacity Review Bosnia and Herzegovina by Eva Nagyfejeo, Sarah Puello Alfonso :: SSRN