The Western Balkans continue to take active steps towards strengthening the resilience of their national cybersecurity ecosystems in response to a growing threat landscape. Regional economies have developed relevant legislation, established new institutions, and built up technical and operational capacities to respond to crisis in Cyberspace, with increasing support from the international community. Western Balkan economies have also forged bilateral and multilateral partnerships, often moving towards EU and NATO approaches.
For the European Union, cybersecurity investment remains a priority in the region, with the EU cybersecurity strategy expressly stating that in the Western Balkans, “efforts should support the development of legislation and policies of partner countries in line with relevant EU cyber diplomacy policies and standards”. While there are already many successful investments and capacity building projects coming from EU Member States, institutions and other international actors, meaningful and long-term results will require a move to a more holistic approach to the internal and external dimensions of cybersecurity policy in the region.
To feed into this reflection, the EU Cyber Diplomacy Initiative – EU Cyber Direct in cooperation with the United Nations Development Programme organised cyber consultations between European Union and Western Balkans partners in Sarajevo, Bosnia and Herzegovina, on 27 through 29 of June 2022.
Following opening remarks by Krassimir Nikolov, the head of the European Integration, Political, Press and Information Section at the Delegation of the European Union to Bosnia and Herzegovina, and Georges Van Montfort, the deputy director at the UNDP Representation Office in Brussels, the programme was split into four thematic panel sessions and three workshops. The meeting brought together governmental experts and other stakeholders from the EU and the Western Balkans to discuss under the Chatham House rule, key questions around digital growth and cyber resilience, and the role for cyber diplomacy therein.
The consultations first discussed digital transformation in the context of geopolitical crisis, where participants outlined consequences and holistic approaches to digitalisation spurred by crises like the COVID-19 pandemic and the war in Ukraine. While challenges in the Western Balkans are not always unique to the region, it was stressed that countries should adopt a sectoral approach by building decentralised competences and response capacities, centrally coordinated at the national level. This should also include the creation of comprehensive awareness programmes, targeting specific stakeholder groups across Western Balkan societies. The consultations also discussed the role of confidence-building measures in strengthening regional cyber resilience. Consecutive sessions highlighted the ways in which functioning cooperation is happening through OSCE, but called for the need to better communicate the mutual benefits of incident reporting, information sharing as well as knowledge sharing among all stakeholders. Moreover, improving resilience will also require the agile alignment of legislative and strategic frameworks to address the evolving cybersecurity threat landscape, developments in the cyber sphere, and the resulting needs. On cybercrime meanwhile, there is a need for capacity development of additional relevant institutions and bodies, such as those in charge of investigation and prosecution of malicious acts and actors in cyberspace.
Workshops aimed to offer practical tools and methods to complement and enrich policy discussions, including a session on building robust cyber ecosystems based on the experiences of the CONCORDIA project, the modelling of the impact and responses to critical infrastructure attacks based on research from the PRECINT project, and an overview of the open-source tools and methods for combatting cybercrime employed by the CYCLOPES project.
Organised in cooperation with the French Presidency of the Council of the European Union and the Slovenian ministry of foreign affairs, the consultations concluded with a stock-taking of recent meetings and political commitments, and outlined the vision for a new regional training centre based in Podgorica.
Ultimately, enhancing cyber capacity in the Western Balkans means increasing European Cyber Resilience. The consultations made clear that while a strong interest to work with partners exists in the region, including by exchanging information and best practices, participating in joint projects and exercises, and pursuing closer cooperation and integration on legal and regulatory processes on cyber and digital issues, the EU’s commitment and engagements with local stakeholders is increasing but remains unstructured and fragmented. Strong technical cooperation has not yet translated to the political responsibility and investment, and meaningful growth and resilience will require both bottom-up approaches geared towards practitioners as well as a more consistent and coherent international engagement and domestic political support.