Belgrade Security Forum 2013 – Session 7: Assuring Cyber-Security in the Western Balkans and the Rest of Europe

A few months ago I have received the invitation letter from administration of Belgrade Security Forum, within goal of inviting me to be a speaker in one of the break out sessions. In particular the session topic is: Assuring Cyber-Security in the Western Balkans and the Rest of Europe. And of course, I have accepted the invitation. Speak of which, the Belgrade Security Forum has been in past few years. This – 2013 year was the third in the row event. And with it, we have continue the talk from the previous year session about cyber security: Cyber War and Cyber Crime: Responding to the Governance Challenges.

Turning to this year session, we had a very good chance to boost the enthusiasm from other panel discussion where chairman – Richard Thomson called me in between the discussion of Helsinki Plus 40: Strengthening the Security Community to Meet Current Security Challenges. Where he raise the issue of what and if it is possible with one click that someone could stop the energy, power supply or even telecommunication systems. And, my answer was very straightforward, indeed it is! This was a very good spur of inspiration of our breakout session.

Together with other speaker we came to conclusion that the best way to go ahead and to have an effective discussion is to open the most important questions relating to cyber security: Who? What? and How? But before further to the answers the above question, I would like also to mention that the speakers where kind of divided, in a good sense where we came from different regions as well as specialized fields in cyber security. In details, Baroness Pauline Neville-Jones was in related fields in government issues and challenges in cyber security. Where on other hand, I was a representative from the Wester Balkan region representative. Furthermore, Alexander Klimburg was more concentrating of different stakeholder, in other words multi stakeholders approach. Where last but not least, Jovan Kurbalija was in diplomacy, civil society and information technology. And finally, the moderator of the session was Vladimir Radunović, who manage to create a nice vibe between the speakers and the audience from the beginning until the end of the session. For more details of the session please follow the Breakout session report: Session 7: Assuring Cyber-Security in the Western Balkans and the Rest of Europe. For more information of the issues that we follow and given answers are available on the Agenda.

From left to right: Vladimir Radunović, Predrag Tasevski, Jovan Kurbalija, Alexander Klimburg and Baroness Pauline Neville-Jones

Also I would like to make some quick notes on the main cyber threats and possible effects that are linked to Western Balkan region. The most known and presented cyber threats are among the cybercrime. For instance in one hand are: employee fraud, minor and child pornography; using of mobile telephones and smartphones as tools to commit other crime; identity theft and credit card fraud. Where on the other hand are among the political, moral, ethical and other motivation reasons. Such as, web-based attacks, mostly committed by defacement or denial-of-service attacks. Then we have phising and spoofing social networking sites. Where the possible effects are for instance for individuals loss of money, and of course political or ethical doctrine. Moreover, awareness of roles and responsibilities of different actors, such as government, regulators, industry and civil society of risk are taken into consideration only the implementation of law. For instance, data protection law and so on. Turning to the industry and civil society is almost the same, although some of them are implementing the very known standards, such as ISO 27001 and so on. However, is this enough? The roles and responsibilities are only described in the data protection law and criminal law. Unfortunately, it is not carried out by the framework or even a strategy. Likelihood, awareness level in Western Balkans presented by my paper back book that I have conducted last year, Interactive Cyber Security Awareness Program Cyber Security Awareness Program. This book outlines the survey done around 1000 participants, from 11 to 63 years old. In diversity of carries, such as schools, universities, private and public organizations. In total we had 35% people using computers/internet from home and 26% from office. In particular and most interesting figures for us are results about the knowledge of protecting their IT assets, and in details: 16% are very knowledgeable, least knowledgeable are 13% and last but not least somewhat knowledgeable are 40%. Therefore from the results presented we can see that awareness level among the end users is vary. Coming to the end, if we want to make sure the involvement of end users in raising trust and securing the cyberspace we firstly have to start from strategy, than legal framework, followed by implementation, and so on. However, when it comes to step to get done by governments should be as follows:

• Develop and create strategy framework for Cyber-security, in particular, not to cover the area only of cyber crime, but also how to mitigate happened incidents.
• Rewrite and review the cyber crime law and data protection law.
• Create NGO or NPO that will deal not only for a concrete country but of course the entire region, as well.

In the end I have noted that some countries in Western Balkans do not have yet either, CERT – Critical Emergency Response Team nor CIRT – Critical Incident Response Team. Therefore, this action should be taken as soon as possible.

In summary, hope that the above notes will take effect, as well as will raise the awareness of the important in fact issue. Therefore we have to be simple and follow just simple three steps:

1. Strategical plan which will aim in business continuity.
2. Partnership between Groups, such as government, private and civil. As well as to provide awareness on the share bases.
3. Education the public, where we need to take an action of re-informing the school materials, and to provide the young generations guide of how to protect in cyber space and skills.

Thank you to the participant, speakers, guest, organizers and everyone for such a lovely stay in Belgrade.