Critical Infrastructure Digitalization and Resilience (CIDR) in North Macedonia

Summary

Critical Infrastructure Digitalization and Resilience (CIDR) is a five-year regional program managed by DAI for the U.S. Agency for International Development (USAID)’s Bureau for Europe and Eurasia. CIDR’s country teams work with partner governments and local stakeholders to: 1) accelerate cybersecurity workforce development, 2) empower organizations to identify and address cybersecurity threats, 3) strengthen cybersecurity governance, and 4) facilitate the sharing of cyber threat information.

North Macedonia Focus

The CIDR program in North Macedonia works with government ministries and institutions and other key partners to: 1) facilitate multi-stakeholder working groups that deliberate on national cybersecurity needs and inform policy and decision making, 2) develop the cyber workforce, including with support from the UK Foreign, Commonwealth & Development Office, 3) support cybersecurity information-sharing networks among the public sector and critical infrastructure, and 4) empower critical infrastructure entities and key institutions to identify and address cybersecurity threats.

Details

Aim

USAID, through CIDR, aims to help its partner countries improve their cybersecurity posture so critical infrastructure entities are more resilient and can continue to provide citizens with essential services. CIDR partner countries are Albania, Georgia, Kosovo, Moldova, Montenegro, North Macedonia, and Serbia.

Context

Countries in Eastern Europe are facing more diverse and complex cyberattacks targeting critical infrastructure. In response, the CIDR program is assisting partner governments and institutions to protect infrastructure such as energy, telecom, finance, and e-services from these malicious attacks.

Activities

Facilitate stakeholder collaboration. CIDR facilitates the multi-stakeholder, government-led Critical Infrastructure Cybersecurity Working Group (CICWG) that deliberates key issues and develops recommendations and priorities for strengthening the cybersecurity of specific entities and across government. Implemented in cooperation with the Ministry of Digital Transformation, the CICWG has helped inform legal and regulatory framework, cybersecurity governance, incident-response procedures, information-sharing mechanisms, and cyber workforce development.

Policy development. CIDR advises on best practices for cybersecurity strategy and governance models applicable to the national government structure. CIDR advises on the development of the Law on Network Information Security. CIDR supports CII operators to perform C2M2 self-evaluation and become compliant with procedures and standards set by national authorities and synced with the International Organization for Standardization (ISO) and National Institute of Standards and Technology (NIST). The UK Foreign, Commonwealth & Development Office also provides CIDR with support in policy development.

Expanding capacity of national CIRT. CIDR supported the Agency for Electronic Communication in its traditional hosting and execution of the 5^th National Coordination Exercise. Based on the findings of this simulated cyberattack, CIDR will contribute to the national incidence response plan.

Accelerate cybersecurity workforce. CIDR—with support from the UK Foreign, Commonwealth & Development Office—is developing cyber-related curricula to align academic institutions with cybersecurity market needs; CIDR is also empowering teaching staff at universities and other learning facilities with the skills to administer updated cyber curricula.

Sub-Activities

Cyber Pathways for Women: CIDR’s Cyber Pathways for Women (CPW) activity is assisting institutions and employers to identify the supply and demand inhibitors for women in cybersecurity careers and mitigate or remove these inhibitors. In North Macedonia, CPW launched and is facilitating university- and secondary school-level task forces; these strategic, multi-stakeholder groups are sparking dialog and action among the decision makers who affect cybersecurity academic and workforce development for women. Ultimately, these task forces aim to become a standing multi-year national program to attract more women toward cybersecurity careers and help address North Macedonia’s shortage of qualified cybersecurity professionals. CPW is being implemented as part of USAID’s Women’s Economic Empowerment (WEE) Initiative.

Ministry of Agriculture, Forestry, and Water Economy: CIDR is strengthening the cybersecurity posture of the ministry by using a risk-based approach to implement an information security management system, technical controls and measures, and updated and expanded cyber hygiene and resilience training. This assistance will also focus on broader adoption of security controls, technology adoption, and workforce upskilling across key government institutions to improve response capabilities in the face of a heightened threat environment in the region.