The Balkans face a harrowing wake-up call over its fragile cybersecurity

Image: BeeBright / Shutterstock

The distressing incident that went on for days and weeks before being resolved revealed the alarming frailty of cybersecurity in North Macedonia. And it was not the first time that such an attack has taken place. A few years ago the country saw its election day disrupted by large-scale DDoS attacks, which paralysed its state electoral commission and delayed the announcement of the official results.

However, this small country is not the only one from the Western Balkans that has failed to deal with cyber-attacks targeting institutions. Last summer, neighbouring Albania and its critical digital infrastructure was heavily targeted by Iranian hackers. In September 2022, the website and the servers of the Bosnian parliament were brought down for more than two weeks. At the beginning of the year, Serbia’s defence ministry became a target of the hacker collective Anonymous. Last September, Montenegro’s government also suffered a massive attack that was allegedly carried out by pro-Russian hackers and crippled its online government information platforms.

Critical infrastructure under massive threats

Many of these cases show that the consequences of cyber-attacks can be staggering. They can disrupt financial systems, paralyse government operations, compromise sensitive data and undermine public trust in institutions. The interconnectedness of critical infrastructure and the reliance on digital systems have created fertile ground for cyber-criminals to exploit vulnerabilities and wreak havoc on a national scale.

Thus, in the face of increasingly innovative and sophisticated cyber threats almost on a daily basis, the Balkan countries now have a choice to make – either prioritise constant investments in the development and enhancement of security institutions’ capacities, or face much harsher consequences. This process also includes strengthening the protection of digital infrastructure, recognising the evolving nature of cyber threats.

As the North Macedonia case illustrates, it only takes one attack to completely shake a nation to its core – and to nearly cause a complete collapse of a healthcare system. As each new cyber-attack unfolds, it exposes a widening chasm in these countries’ cyber security infrastructure. The lack of robust defences and a coherent strategy to combat cyber threats highlights an urgent need for governments to take a stand when it comes to strengthening cyber security. At the same time, it is becoming imperative for the region to fortify its defences and bridge the gap between its current vulnerabilities and the ever-evolving tactics employed in the region by malicious actors such as Russia and Iran.

One glaring issue that demands immediate attention is the inadequacy of measures to protect sensitive data and critical systems. The recent onslaught of cyber-attacks across the region has also laid bare the vulnerability of these governments in safeguarding crucial information, leaving it susceptible to exploitation by various types of cyber-criminals. This revelation also warrants a comprehensive overhaul of existing protocols. For example, this could involve focusing on bolstering encryption mechanisms and enhancing access controls to prevent sensitive data from falling into the wrong hands.

Furthermore, Balkan governments must also urgently prioritise increasing cyber security awareness among both government and private sector entities, citizens included. The current landscape has also showcased a need for a unified effort to cultivate a culture of “cyber hygiene” and promoting a collective understanding of the evolving threat landscape.

A broader perspective

Although the focus here may be on individual countries like North Macedonia, a broader perspective is required to address the cybersecurity challenges faced by the entire region. Strategic investments in various areas can significantly enhance the collective resilience of Balkan nations against cyber threats. While equipping institutions with state-of-the-art technology and technical facilities is important, the key issue lies in securing and retaining high-quality specialised staff – a rare resource in itself, especially within the public sector. Therefore, investing in professional staff emerges as a crucial aspect in bolstering cybersecurity capabilities. The recruitment and education of cybersecurity specialists should be a priority for each of these countries.

Governments can incentivise and retain skilled personnel through attractive employment packages and develop comprehensive training programmes to bolster the cybersecurity skills of existing employees. By nurturing a highly competent workforce, the Balkan region can also cultivate a pool of experts capable of identifying and mitigating cyber dangers effectively.

Strengthening cybersecurity capabilities also calls for the establishment of robust programmes and systems. This includes implementing security processes to identify vulnerabilities swiftly, regularly updating software and hardware, and conducting routine security audits. By proactively addressing vulnerabilities and patching them promptly, the Balkan region can fortify its cybersecurity defences and stay one step ahead of potential attackers.

Spreading awareness through targeted campaigns can also be a pivotal step in countering cybersecurity threats effectively. Educating the public, businesses and government workers about the risks and recommended practices is essential. A strong culture of cybersecurity awareness through comprehensive training programmes and well-designed campaigns can motivate and empower individuals and organisations to adopt proactive measures. In turn, a collective understanding of cybersecurity threats and promoting best practices will allow the Balkan region to elevate its overall cybersecurity posture. Finally, collaboration emerges as a vital pillar in the fight against cyber threats. The Balkan nations should actively pursue collaboration between the public and private sectors and foster international partnerships with organisations specialising in cybersecurity.

Using NATO’s capacities and expertise

The escalating frequency and sophistication of the attacks have also underscored the urgent need for these countries to confront cybersecurity deficiencies head on. For the institutions that are at the forefront of dealing with such attacks, challenges now lie not only in restoring faith in the security of critical systems but also in adopting a proactive stance, bolstering cybersecurity practices and fostering a culture of resilience.

Moreover, there is also the fact that most of the countries in the region are also a part of NATO. With the help of the Alliance, members such as North Macedonia, Albania or Montenegro must seize this opportunity to forge a robust cybersecurity framework and enable the protection of critical infrastructure. Recognising the significance of this region, various US agencies have also recently stepped forward to provide support on multiple occasions, as illustrated following the attacks on the Montenegrin government. Such collaborative efforts involve sharing information on malware, cybersecurity training, and joint exercises, presenting avenues for bilateral or multilateral cooperation.

In this sense, NATO can play a crucial role in assisting its Balkan members in this critical endeavour. Acknowledging the ever-evolving cyber landscape, NATO officially designated cyber as an operational domain in 2016 and has since made significant strides in developing centres and platforms that facilitate coordination and the sharing of cyber capabilities among member nations and partner countries. By leveraging collaborative mechanisms, the Alliance can actively support the Balkan nations in their efforts to strengthen cybersecurity through its expertise, resources and collective defence principles. The Balkan nations, in turn, stand to benefit greatly from NATO’s support. By leveraging the expertise and resources available within the Alliance, they can strengthen their cybersecurity infrastructure, improve incident response capabilities and enhance their overall cybersecurity capacities.

Building long-term resilience

A collaborative approach would not only mitigate immediate risks but also build long-term resilience, enabling the Balkans to adapt to the evolving nature of cyber threats effectively. Another approach that the region could also take is to establish a unified protection framework for all government electronic services. This would involve agencies, ministries, local governments and any legal entity or state body operating within the region. One effective solution that could come out of this approach is the creation of state-wide Security Operation Centres (SOC) with a mixed ownership structure. These would favour the state at 51 per cent but remain open to collaboration with the private sector.

This SOC model would centralise and streamline cybersecurity efforts, enabling coordinated defence systems managed by the SOC’s operating company. This approach has proven successful in various EU countries and can serve as an exemplary model for the Balkan region.

While recognising the importance of these alliances, it is evident that international cooperation in the field of cybersecurity remains limited, even among EU member states. The differences in legal frameworks, qualifications, and readiness levels pose obstacles to effective collaboration. The same goes for the Balkan countries and addressing these challenges requires concerted efforts to bridge gaps and establish common ground for information exchange and joint initiatives.

Moreover, understanding the frailties exposed by such attacks, these countries can emerge stronger, more resilient and better equipped to confront the ever-looming spectre of cyber threats that pervade our interconnected world. However, for now the scars of these attacks remain a stark reminder of the glaring vulnerabilities that persist within the region’s cybersecurity landscape.

Bojan Stojkovski is a freelance journalist based in Skopje, North Macedonia covering foreign policy, technology and science. His work has appeared in Foreign Policy, ZDNet, Haaretz and various regional publications in the Western Balkans.

cybersecurity, Western Balkans