Having a National Cybersecurity Strategy (NCS) in place is key to ensuring a more coordinated and tailored approach to protecting a country’s national security, economic growth, and social well-being from cyber threats and to building stronger resilience, safety, security, and trust into the country’s digital transformation.
Achieving a stronger cybersecurity posture at the national level is a shared responsibility, which involves a multitude of actors (e.g., government authorities, law enforcement, private sector entities, and civil society, etc.) and requires coordinated actions and constant dialogue. In recent years, there has been increasing attention paid to cybersecurity policy and strategic planning and many countries have adopted an NCS.
The Western Balkans’ cybersecurity landscape
In the Western Balkans region (comprising Albania, Bosnia and Herzegovina, North Macedonia, Montenegro, Serbia, and Kosovo), the national cybersecurity strategy landscape remains uneven, and the pace of development of national strategies, policies, and legislations varies from countries that are still waiting to pass their first NCS to those that are already entering their third cycle of development and implementation of an NCS.
Supporting capabilities and enhancing regional dialogue
In order to support the development and strengthening of cybersecurity capabilities in the Western Balkans region, the International Telecommunication Union (ITU), Deloitte, and the Geneva Centre for Security Sector Governance (DCAF)1 co-organised a National Cybersecurity Strategy development workshop for Western Balkan economies in Skopje, North Macedonia in June 2019. The regional workshop was based on the first Guide to Developing a National Cybersecurity Strategy, which was created in 2018 to help countries develop an effective national cybersecurity framework to protect their socio-economic development from cyber threats.
The workshop was attended by state officials and relevant representatives from Western Balkan countries that were engaged in the drafting, evaluation, and implementation of their respective national legislative and strategic frameworks for cybersecurity. The workshop aimed at reviewing and elaborating on national cybersecurity strategies and policies already developed, and sharing country/regional best practices and case studies.
Built around the Guide’s key components and focus areas, the workshop consisted of presentations, assessment sessions, and hands-on exercises. During the workshop, the participants assessed specific cybersecurity challenges in their countries. Good practicws in drafting, implementing and monitoring NCS were discussed. By bringing together representatives from the region, the workshop also aimed at creating a ‘community of practice’ in the Western Balkans. The participants appreciated this opportunity to share experiences and discussing practical challenges.
The importance of NCS monitoring
DCAF experts led sessions on best practices in monitoring the implementation of NCS. Monitoring is crucial for the success of an NCS. All too often, countries develop well-written strategies, but put less effort into implementing them effectively. A monitoring system creates accountability, and it is important to measure if and how planned actions are put in place and whether planned activities are properly funded and institutions established. A good monitoring system can also help the country to learn lessons. For example, if certain actions could not be implemented because of structural problems (e.g., lack of expert staff available to implement activities) or budgetary constraints, then the planning of the next strategy should address these issues. Maybe more political commitment is needed, the necessary funds need to be made available, or the causes of structural problems, such as the lack of expertise, need to become part of the objectives of the next NCS.
Indeed, the challenges in implementing an NCS are often complex. In addition to regional workshops on NCS, it is important to organise inclusive discussions on the NCS at the local level. Different stakeholders should come together to share their experiences in drafting and implementing the NCS and discuss the way forward.
As a result of the 2019 Skopje workshop, DCAF published a paper reviewing the national cybersecurity landscape in the Western Balkans, titled National Cybersecurity Strategies in Western Balkan Economies, which offers insights into the national strategy of each Western Balkan country. This review examines if and how the national strategies address the good practices recommended in the Guide.
DCAF will continue to support Western Balkan countries in their efforts to implement or update their NCS, further strengthen their cybersecurity capabilities, and promote the importance of sustaining such dialogue within the region. This effort is not only aimed at strengthening the cybersecurity stance of these countries, but also at attaining EU and international standards for better opportunities and regional exchanges on digital and cybersecurity cooperation.
Authors:
Jennia Jin, Junior Project Officer, Europe and Central Asia Division, DCAF
Franziska Klopfer, Principal Programme Manager, Europe and Central Asia Division, DCAF
[1] For many years, DCAF has been involved in cybersecurity activities in the Western Balkans, by delivering guidance on policy and strategic levels, accompanying and monitoring the development of principles and good practices, and bringing stakeholders together to foster dialogue and exchange.
Today, as the Western Balkan economies are further formalising their cybersecurity legislation and harmonising it with the EU’s framework and good practices, DCAF continues to actively engage and support the cybersecurity activities in the region, notably through its current project “Good Governance in Cybersecurity in the Western Balkans” (2021-2024), once again funded by the UK FCDO.
1 For many years, DCAF has been involved in cybersecurity activities in the Western Balkans, by delivering guidance on policy and strategic levels, accompanying and monitoring the development of principles and good practices, and bringing stakeholders together to foster dialogue and exchange.
Today, as the Western Balkan economies are further formalising their cybersecurity legislation and harmonising it with the EU’s framework and good practices, DCAF continues to actively engage and support the cybersecurity activities in the region, notably through its current project “Good Governance in Cybersecurity in the Western Balkans” (2021-2024), once again funded by the UK FCDO.