Critical Infrastructure Digitalization and Resilience (CIDR) in Serbia

Summary

Critical Infrastructure Digitalization and Resilience (CIDR) is a five-year regional program managed by DAI for the U.S. Agency for International Development (USAID)’s Bureau for Europe and Eurasia. CIDR’s country teams work with partner governments and local stakeholders to: 1) accelerate cybersecurity workforce development, 2) empower organizations to identify and address cybersecurity threats, 3) strengthen cybersecurity governance, and 4) facilitate the sharing of cyber threat information.

Serbia Focus

The CIDR program in Serbia works with the Serbian government and other key partners to: 1) assess the cybersecurity posture of partner institutions, 2) strengthen partner institutions’ capacity to improve technology procurement and replacement procedures; hire, train, and retain qualified cybersecurity staff; and apply and manage digital technologies, 3) strengthen IT staffing through support on job descriptions, personnel selection, and training standards, and 4) develop Serbia’s supply of qualified cybersecurity professionals through the Cyber Pathways for Women activity.

Details

Aim

USAID, through CIDR, aims to help its partner countries improve their cybersecurity posture so critical infrastructure entities are more resilient and can continue to provide citizens with essential services. CIDR partner countries are Albania, Georgia, Kosovo, Moldova, Montenegro, North Macedonia, and Serbia.

Context

Countries in Eastern Europe are facing more diverse and complex cyberattacks targeting critical infrastructure. In response, the CIDR program is assisting partner governments and institutions to protect infrastructure such as energy, telecom, finance, and e-services from these malicious attacks.

Activities

High-Level Institutional Assessment. CIDR conducts cybersecurity assessments of partner institutions to identify procedural changes and technologies needed to meet international best practices and inform information security management system (ISMS) planning.

Analyze Risk and Register Assets. CIDR reviews technical infrastructure of institutions and creates registries of ICT assets and networks, inventorying existing information management and security assets and mapping cybersecurity and data protection risks.

Prioritize Cybersecurity Needs. CIDR develops risk-treatment plans with recommendations for institutions’ IT staff on procedural and architectural asset choices and guidance for senior management on institution-wide policies.

Advise and Train on Procurement. CIDR draws on cybersecurity assessments and joint planning to identify needs for equipment, software, and third-party services and provide training and mentorship to develop institutions’ procedures for identifying trusted vendors.

Train Management and IT Staff. CIDR jointly develops training plans with institution management, including for staff-wide cybersecurity and sensitive data confidentiality awareness training and for procedural training that supports procurement of new equipment and services.

Create Institutional Controls. CIDR develops organizational controls that enable institutions to review performance indicators and audit results for network security and sensitive information privacy, including for the training and means to regularly audit ICT security and review actual performance versus best practices.

Develop Cyber Pathways for Women. CIDR’s Cyber Pathways for Women activity is growing the number of females pursuing cybersecurity academic and career tracks, including by facilitating task forces and dialog among cybersecurity educators and employers, developing cyber curricula to meet future needs, establishing mentorships, and promoting career paths.