Podcast & blog: Safeguarding Digital Systems in the Western Balkans

Digitalization is rapidly transforming democratic processes. Ensuring digital security, as a consequence, has become paramount for safeguarding free and fair elections. Countries in the Western Balkans have recognized the critical role of cybersecurity in preserving the integrity of democratic systems, but at what cost?

Repeated high-profile cyberattacks over the past year have underscored the urgency of adopting a well-structured approach to cybersecurity. The European Union (EU) has stepped in with its “Cybersecurity Rapid Response for Albania, Montenegro, and North Macedonia” project, implemented by the e-Governance Academy, to bolster cyber resilience in the region.

At the Tallinn Digital Summit, stakeholders and representatives involved in the project explored challenges and pillars in making the Western Balkan cyberspace more secure. Moderated by Merle Maigre, Head of eGA’s Competence Centre on Cybersecurity, we hear from Dušan Polović, the Head of Cybersecurity Department of Montenegro, Igli Tafa, General Director of the National Authority for Electronic Certification and Cyber Security of Albania as well as Priit Vinkel, former Head of the Estonian State Electoral Office and e-Governance Academy Senior Expert about what it takes to learn, and bounce back, from cyber attacks.

Three pillars for cyber resilience

Digital elections are just one facet of the broader democratic process that increasingly involves technology. According to Priit Vinkel, former Head of the Estonian State Electoral Office and e-Governance Academy Senior Expert, three universal pillars should be the basis of resilience efforts:

• Coordination and cooperation
• Human resources
• Technology

It may come as a surprise to some, but human resources are more critical than technology in ensuring cybersecurity. Effective communication and coordination among people are essential. More so, in small countries – where cooperation among stakeholders becomes a key asset. Digital elections in Estonia, for example, highlight the importance of collaboration among various parties, including the government, political parties, and candidates.

Moreover, awareness raising and maintaining cyber hygiene are vital, both among the general public and public officials. Vinkel highlighted the significance of understanding the legacy issues associated with technology, emphasizing the need for constant updates and patches. It’s not just about having advanced technology; it’s about the people using it.

In addition to the government’s role, political parties and candidates also play a crucial role in ensuring cybersecurity during election campaigns. They need to be aware of risks and take necessary actions. In Estonia, candidates and parties can consult with the government regarding the security of their IT systems, recognizing that these make an integral part of the electoral ecosystem.

The importance of networking and regional collaboration

Dušan Polović, the Head of Cybersecurity Department of Montenegro, highlighted the significance of networking and international cooperation in addressing election-related cyber threats. “Every election in Montenegro had been accompanied by cyberattacks and hybrid threats in the past,” he notes. The 2022 cyberattack in August marked a turning point, as Montenegro learned valuable lessons in responding to such attacks.

Through the EU’s Cybersecurity Rapid Response project, Montenegro benefited from experts specifically focused on cyber issues during election campaigns. According to Polović, sharing experiences with these experts was extremely important, as it significantly helped improve resilience.

The need for better collaboration between states in the region is high on the agenda, though, given their limited resources. So what about forming regional cyber rapid response teams to efficiently share resources and expertise? Such collaboration could be a game-changer for the Western Balkans, Polović points out.

Strengthening cyber security and cooperation in Albania

Igli Tafa, General Director of the National Authority for Electronic Certification and Cyber Security of Albania, shared the experience of Albania in dealing with an unprecedented wave of cyberattacks linked to national foreign policy. And Albania’s response to these attacks involved diplomatic actions and measures to address vulnerabilities.

What emerged, however, is the crucial intersection between digital transformation and cybersecurity, with the need for both to progress hand in hand. As Albania digitized more than 95% of public services, it became a prime target for cyberattacks. To protect such ecosystem, Albania had to expand its definition of critical infrastructure to encompass more sectors than previously thought – including finance, transport, energy, education, and media.

To enhance cyber resilience, Albania initiated measures such as setting up threat hunter groups and strengthening cooperation with strategic partners like the EU and the US. The key point here is recognizing the importance of operational and technical plans for swift response to threats.

There is room, however, for increased regional cooperation in cybersecurity. Tafa outlined five pillars for Western Balkans countries to work on collectively:

• Sharing knowledge, including about threats and vulnerabilities.
• Forming a cyber coalition for regular collaboration.
• Investing in capacity building, both in experts and academia.
• Involvement in EU cybersecurity projects.
• Maintaining a unified voice on cyber diplomacy when engaging with the EU.

Digital security emerges as a matter of shared responsibility that transcends borders, particularly for small countries. Cooperation, capacity building, and regional collaboration in safeguarding democratic processes are key in the Western Balkans. In a rapidly evolving digital landscape, these principles are essential for ensuring free and fair elections and, ultimately, the health of democracy in the region.