Table of Contents Table of Contents
Previous Page  16 / 24 Next Page
Show Menu
Previous Page 16 / 24 Next Page
Page Background

south-east european




Cyber defense is a critical part of the develop-

ment of any country. A reliable cyber capacity is

essential for the South-East European region to

progress in the economic, political and social fields.

Many countries on a global scale have already

adopted national cyber security strategies and the

related legislation. Statistics show that a growing

number of countries have constituted national

mechanisms to counter cyber-incidents, engaging

their governments as well as the corporate, aca-

demic, and NGO sectors. The SEE region, with the

increasing digitalization of the service, the commer-

cial and the industrial sector, is also endangered by

cyber risks. This is why it is of greatest importance

for all SEE countries to create and maintain a legis-

lative and strategic framework and institutions that

are viable enough to be able to implement this


A report by the Geneva Centre for Democratic

Control of Armed Forces (DCAF) and DiploFoun-

dation (Diplo), resuming the results of the project

“Cybersecurity Capacity Building and Research

Programme for South-Eastern Europe”, shows that

all Western Balkan (WB) countries are formally

aligned with the core international mechanisms in

the field of cyber security such as the Budapest

Convention, although some countries still need to

work on transposing them into domestic legislation.

There is particular progress with the legal frame-

work for

fighting cyber crime in all the WB


yet the effective implementation of these mecha-

nisms still remains a challenge, the report claims.

According to the project conclusions, the coopera-

tion with the private sector on cyber security mat-

ters remains at an early stage of development

throughout the region. Few countries, such as Al-

bania and Montenegro, have developed strategic

documents on cyber security which consider insti-

tutional cooperation with civil society and the pri-

vate sector in the future. DCAF and Diplo came to

the conclusion that there is an ongoing process of

cyber security capacity building on educational lev-

el in the Balkan region, especially in Montenegro

and Bosnia and Herzegovina, which host academ-

ic postgraduate programmes.

Taking the Balkan vision toward cyber defense

and security into account, several countries are

much further progressing, such as Slovenia, Croat-

ia, Albania, Montenegro and Bosnia and Herzegov-

ina, in contrast to the more slowly progressing

Macedonia, Serbia and etc. However, multiple re-

searches in the field show that the region has ac-

cepted the importance of cyber defense and are

taking the necessary actions to fight cyber crime.

Such actions include achieving legal framework

compliance with the international perspectives, es-

tablishing national bodies to react to incidents oc-

curred in cyberspace, as well as establishing na-

Cybersecurity capacities

of South-East Europe

tional cyber security strategies. Below we summa-

rize some of the results by country of the cyber

security capacity building research conducted by



As the only EU member state in the region, Croat-

ia was obliged to complete the institutional and le-

gal framework in the cyber security area during its

accession process. For this reason, it has fully en-

acted all the necessary laws and regulations and

made them compatible with the EU regulation. To

this end, Croatia adopted its Law on Information

Security in 2007, which stipulated the creation of a

national CERT (n-CERT), the so-called CARNet.

Its main task is the processing of incidents on the

Internet, i.e. preservation of information security in

Croatia. In addition, there is also a government

CERT called ZSIS-CERT, situated in the Informa-

tion Systems Security Bureau (ISBB). The ISBB is

the central state authority responsible for technical

areas of information security of the Republic of

Croatia state bodies, which includes: creating stan-

dards of information security, security accreditation

of information security, managing crypto material

used in the exchange of classified information, and

coordination of prevention and response to com-

puter threats to information system security. Other

legal documents completing the Croatian CS

framework are the Security and Intelligence Sys-

tems Act of the Republic of Croatia (2006), the Data

Secrecy Act (2007), Regulation on Information Se-

curity Measures (2007) and Act on Critical Infra-

structures (2013). All these show a well-rounded

legal and operational environment.

The National Cyber Security Strategy of the Re-

public of Croatia and the Action Plan for its imple-

mentation were adopted in October 2015. This

overarching strategy is the most comprehensive

and systematic strategic document related to cyber

security in the Western Balkans. The strategy aims

to “…achieve a balanced and coordinated re-

sponse of various institutions representing all the

sectors of society to the security threats in modern-

day cyberspace. The Strategy recognizes the val-

ues that need to be protected, the competent insti-

tutions and measures for systematic implementa-

tion of such protection”. It clearly stipulates the need

for the creation of strategic documents related to

cyber-defense and cyber crime respectively. On an

institutional level, the Strategy assumes the cre-

ation of the National Cyber Security Council, which

will have large competencies in monitoring and co-

ordination of the implementation of the Strategy, its

possible changes, and in proposing the organiza-

tion of national exercises. However, its work is not

constrained to monitoring the implementation of the

Strategy – it has the authority to address issues

essential for cyber security management and,

among other things, to issue periodic assessments

of the state of security and define the cyber crisis

action plan. On the technical level, the Council will

be supported by the Operational and Technical Cy-

ber Security Coordination Group, and more impor-

tantly, it is tasked to submit reports directly to the

Government. Finally, although the Strategy stipu-

lates the need for strong public-private partner-

ships, there is no evidence of such for the time be-

ing in Croatia. At the same time, some forms of

professional education and capacity building are

conducted by the ISBB, the national CERT and the

university Center for Information Security.


Albania’s road towards safer and more resilient

cyberspace has begun with the National Cross-cut-

ting Strategy on Information Security (2008-2013).

The document briefly mentioned cyber security as

Source: Dreamstime