Project
EU Support to Western Balkans Cybersecurity Capacity Building
About
Funders
Implementors
Partners
Themes & Topics
Region
Contact
Merle Maigre, Head of Cybersecurity Competence Center at the e-Governance Academy
Summary
The Western Balkan IPA III beneficiaries are striving to bolster their cyber resilience, aligning with EU standards and best practices. The rapid growth of the digital domain has amplified cyber threats, necessitating a robust cybersecurity framework. While political leaders in these countries acknowledge the importance of cybersecurity, challenges persist, including a lack of concrete action plans, limited resources, and the absence of public discourse on digitization and cybersecurity. The project aims to enhance cybersecurity in the region through governance models, legal frameworks, crisis management, and capacity building activities.
Details
Aim
To enhance the cyber resilience of the Western Balkan IPA III beneficiaries1 in compliance with EU acquis and best practices.
Context
Digital transformation has become a key driver for economic growth and societal changes. This premise also applies in the six Instrument for Pre-accession Assistance (IPA) beneficiaries of the Western Balkan region assessed in the scope of this study, namely Albania, Bosnia and Herzegovina, Kosovo,* North Macedonia, Montenegro, and Serbia. The rapid evolution of the cyber domain has led to increased cyber threats and risks affecting both providers and users of digitalised services and hence brought a growing realisation that a digital society and digital services cannot safely exist without a solid cybersecurity framework. Subsequently, cybersecurity and resilience have become important targets for domestic reforms in the Western Balkans and an aspect to be strengthened in international cooperation.
As expressed through public statements and adopted strategy documents, the majority of the political leadership in the Western Balkan IPA beneficiaries generally acknowledge the importance of cybersecurity. Of the six IPA beneficiaries in the region, four have a current national cybersecurity strategy1 in place, with the majority adopted after late 2020. For several of them, it is already their second or third cybersecurity strategy. However, general statements do not necessarily make it into the political agenda or practical deliveries, and the subject can be overshadowed by other political and economic priorities. A lack of political push on the implementation level has been commonly highlighted by the stakeholders interviewed in this project and is expressed in the failure to draw up concrete action plans for cybersecurity strategies, a lack of decisions pertaining to investment in cybersecurity matters, and committing dedicated resources for monitoring and oversight of implementation, in inadequate mandates and resources for the authorities to whom cybersecurity responsibilities have been allocated, and in the lack of involvement of nonstate actors in defining priorities and action plans, as further detailed in this report. Often, challenges affecting the cybersecurity posture stem from administrative or practical challenges beyond the cybersecurity domain, such as the central government and/or competent authorities lacking sufficient powers to enforce and follow through on legislative initiatives, or labour legislation limiting the availability of cybersecurity workforce due to limitations on public sector salaries. A lack of public discussion on digitalisation, e-government, and cybersecurity in essential sectors also impedes clear, measurable progress, as does the general shortage of cybersecurity know-how and skills among the workforce. These findings describe the varied reasons cited by experts for why political recognition of the topic in the Western Balkan region has not resulted in adequate prioritisation and support for improving cyber resilience.
Outcomes
Improved cybersecurity prevention, preparedness and response of relevant public and
private stakeholders in the Western Balkan IPA III beneficiaries.
Outputs
Cybersecurity governance and awareness
Legal framework, cyber norms and international law
Cyber risk and crisis management
Operational capabilities of Computer Security Incident Response Teams (CSIRTs)
Activities
Analyse a number of most relevant cybersecurity governance models in EU Member States.
Define advantages and disadvantages for each model and map the applicability of each for the Western Balkans.
Introduce international governance practice through workshops and study visits to Member State cybersecurity agencies.
Provide guidance about interagency cooperation models and about the role of the national coordination council as a mechanism for ensuring a coherent approach to cybersecurity.
Raise cybersecurity awareness of high-level decision-makers and officials through table top exercises
Build capacities on cybersecurity crisis communication and awareness raising
Support Western Balkan local civil society organisations to increase the capacity to conduct awareness raising events and campaigns (public, private, society).
Workshops on the international legal framework for cybersecurity and EU cybersecurity law
Advice on completion and adjusting domestic legal framework in the area of cybersecurity
Support the development of a mechanism for an inclusive legislative process on cybersecurity
Trainings on cyber diplomacy for foreign policy stakeholders
Facilitating (young) professionals’ participation in cybersecurity summer schools
Guidance for the collection and analysis of threats and vulnerabilities with the purpose of delivering regular assessments and reports on cybersecurity trends and challenges
Workshops for government and select Critical Information Infrastructure (CII) operators on cyber risk assessment and management methodologies
Provide guidance on developing minimum cybersecurity requirements for the secure deployment and operation of ICT products and services
Expert consulting and study visits (M11-M32)
Support certification of professionals of selected critical and government infrastructure in: IT project management, information security management, and business continuity plans.
Training and guidance on cyber threat information sharing principles, incident reporting, incident management and developing incident taxonomies
Technical exercises to respond to cyber-attack simulations in real-time to monitor, detect and mitigate cyber-attacks. Test the protocols of reporting and sharing information between the government agencies and other stakeholders
Support CSIRT experts in participating in international forums and conferences and capacity building events
Provision of specialised equipment and software for functional CSIRT team and other relevant stakeholders or cybersecurity.
Additional contact
Visar Bivolaku, Policy Officer, Legal Matters and Advisory on Rule of Law Section, European Union Office in Kosovo visar.bivolaku@eeas.europa.eu
Massimiliano.prozzo@eeas.europa
Additional links
EU Support to Western Balkans Cybersecurity Capacity Building | CILC website
The Cybil project repository is being continuously updated, and the information it contains is either publicly available, or consent for publication was given by the owner. Please contact the portal manager with any additional information or corrections. Whilst every reasonable effort is made to keep the content of this inventory accurate and up to date, no warranty or representation of any kind, express or implied, is made in relation to the accuracy, completeness or adequacy of the information contained in these pages.