Main Takeaways from the Western Balkan Digital Security Forum
By Merle Maigre and Jurijs Svirko
High-level representatives from Tirana, Sarajevo, Pristina, Podgorica, Skopje and Belgrade discussed the cybersecurity development in the Western Balkan region, shared knowledge and learned best practices of the EU at the Western Balkan Digital Security Forum on 14-15 June 2022 in Tallinn. The main takeaways from the forum are:
- People, trust and security are the enablers of a resilient digital ecosystem
In his opening speech, Andres Sutt, Minister of Entrepreneurship and Information Technology of Estonia, underlined three enablers of a resilient digital ecosystem that responds to crisis: people, trust and security. According to Minister Sutt, there is always a human factor in the heart of technology. To deliver a modern, secure customer experience for the people, the government needs to use up-to-date design and technology and harmonise the actual processes behind the technology. On trust, the Estonian government always works to be transparent to its people. Timely information sharing about vulnerabilities and cyber incidents is key to successfully counter the attacks and breaches. Lastly, Sutt emphasised that digital security is not an expense but an investment.
Andres Sutt. Photo by Raigo Pajula
- Security is indivisible and the Western Balkan partners can always count on Estonia
One of the most engaging speeches at the forum was the keynote by Jonatan Vseviov, Secretary-General of the Ministry of Foreign Affairs of Estonia. He said that security in Europe and anywhere in the world is indivisible. “Taking our focus off Ukraine is a grave mistake,” Mr Vseviov stressed. “Russia will not be the same as it was before the war, the EU and NATO likewise.” Since the war against Ukraine is not the war against Ukraine only, Jonatan Vseviov expressed hope that Estonia continues to support the cybersecurity resilience building in the Western Balkans, because we are stronger when we help others to mature.
A similar idea was expressed by Michela Matuella, Acting Director Western Balkans at DG NEAR, European Commission. “Cooperation with the Western Balkans is the geopolitical priority for the EU. At the time of war on our continent, cybersecurity is one of the areas where increased attention is needed,“ she said in her concluding words.
Jonatan Vseviov. Photo by Raigo Pajula
- Political leadership matters
The Cybersecurity Study on the Western Balkans presented by Merle Maigre, eGA’s Senior Cybersecurity Expert, addressed the challenges of cyber threats and highlighted the need to improve the overall security in compliance with the EU acquis and best practices. According to Merle Maigre, cybersecurity must be an indispensable component of digital transformation efforts in the Western Balkans. To make it happen, there is a need for bolder and clearer political leadership in the cybersecurity agenda. At the end of the day, the government, organisations and individuals are all responsible for cybersecurity. This was also echoed by Admirim Aliti, Minister for Information Society and Information of North Macedonia: “The cybersecurity report conducted by eGA shows where we are and where we should be. We first need to make some changes in our legislation, and secondly, we need to take steps to improve cybersecurity.“
Tõnu Tammer, Admirim Aliti, Bardhyl Dobra. Photo by Raigo Pajula
- Digitalisation and cybersecurity are two sides of the same coin
Digital transformation will only be successful if we succeed in ensuring cybersecurity – the reliability of data and networked systems. “We recognised that if we did not deal with cybersecurity, we would not get the best results from the digitalisation efforts due to all the cyber risks,” said Milan Dobrijević, State Secretary of the Ministry of Trade, Tourism and Telecommunications of Serbia. Yet sometimes best does not mean fast. “For the Western Balkans, there is a question of how we pool into our ecosystem,” stressed Luukas Ilves, Government CIO of Estonia. “Is it European, is it an ecosystem of democratic countries, excluding Russia and China? Therefore, Estonia has been late with 5G and moving to cloud because of the uncertainties with data protection and security.” Adding her perspective from Latvia, Baiba Kaškina, General Manager of CERT-LV, explained that the key moments in positioning the Computer Emergency Response Team as a partner with a proactive role in developing cyber resilience is to place the CERT within the government with a short chain of command, get the legislation drafting right, build on existing expertise and, finally, adapt to new challenges such as international requirements.
Merle Maigre, Luukas Ilves, Baiba Kaškina. Photo by Raigo Pajula
- Strategic level capacities are needed to leap to more resilient cyberspace
Even though responsibilities for cyberspace are spread among many stakeholders, the state still plays a principal role in creating a legal and policy environment to safeguard an open and secure internet that maximises the benefits of digitalisation for all society. The coalition with both private and public sectors facilitates more secure cyberspace. Also, improved enforcement mechanisms and strong legal frameworks are crucial, stressed Aivo Orav, Permanent Representative of Estonia to the EU. Raising awareness is important. This was also highlighted by Slavica Grkovska, Deputy Prime Minister of North Macedonia: “One of the challenges is to increase the awareness that cybersecurity is a serious everyday issue. This must start with a change of politicians’ mindset.“
Tanel Sepp, Slavica Grkovska, Wiktor Staniecki. Photo by Raigo Pajula
- Best practice in operational-level cybersecurity capacities must be shared
Trust in digital transformation and e-services is built entirely on security and data protection. As cyber threats, by nature, seldom affect only one organisation at a time, preventing and responding to cyber incidents become difficult unless a dedicated team is in place, equipped with adequate tools and processes, and manned with capable talent. “Through the EU platform, we can learn from each other and build on our experiences, in cyber and other topics,” said Wiktor Staniecki, Deputy Head of Division, SECDEFPOL.1, European External Action Service. “There is an extended willingness of the EU to reach out to our partners in the Western Balkans, to work together to improve our resilience and cybersecurity.”