On August 22, 2022, hackers attacked more than 80 Moldovan government web portals to shut down key elements of the e-governance platform used by citizens and businesses. Similar attacks soon followed across the region, including ones targeting government portals in Albania, Kosovo, and Montenegro.

As part of their responses to this threat, governments in the Western Balkans and Eastern Europe partnered with the U.S. Agency for International Development (USAID)’s Critical Infrastructure Digitalization and Resilience (CIDR) program, implemented by DAI. Among its cybersecurity development activities, CIDR works with governments to build capacity to reduce cyber threats to e-governance platforms.

Photo: Wikimedia Commons.

E-Governance Revolution—Promoting Efficiency and Trust

“E-governance” describes how state institutions use technology to increase citizen participation in the delivery of government services. By adopting electronic platforms and agency portals, governments provide citizens with a more convenient way to interact with government service providers, increasing service efficiency by saving time on transactions and making records easier to access and update.

For example, e-governance platforms remove the burden on rural residents to journey to the capital to make queries and fill out paperwork. Instead, residents can go online to attend to necessities such as nationally administered healthcare, vehicle registrations, and various licenses and permits. These platforms can also enable citizens to search judicial or fiscal decision archives.

E-governance applications and the digitization of paper records correspond with similar “good governance” reforms because they promote public trust by demonstrating government accountability, responsiveness, and transparency. With the relatively new democracies in the Western Balkans and Eastern Europe continuing to expand e-service offerings, the acceptance and use of these portals will depend on whether citizens view them as reliable and secure, making their cybersecurity essential.

Cyberattacks on E-Governance Portals

Both state-sponsored and ransomware groups target e-governance portals because their reliable operation is a priority for host governments. For the attackers, successfully hacking services harms governments by disrupting state services and eroding public confidence.

Since service-delivery applications depend on web portals, the primary method of attackers has been to overwhelm system resources through flooding attacks. This type of distributed denial-of-service (DDoS) attack has become the most prominent cyberattack across Eastern Europe. The attackers often make use of a global set of botnets—or pirated computer systems—to make the direction and scale of attacks difficult to predict and defend.

As noted in Cynthia’s Brumfield’s oft-cited article, “2022 was the Year of Crippling Ransomware Attacks on Small Countries,” the countries most challenged in economic growth and good governance are now seeing their nascent information systems increasingly targeted and exploited by hackers. The year 2022 also marked the rapid rise of DDoS attacks in Central and Eastern Europe. That summer, countries suffering attacks on government systems included Albania, Bosnia and Herzegovina, Kosovo, Moldova, Montenegro, North Macedonia, and Serbia. While most of these DDoS attacks had limited impacts, a serious intention to knock out services across multiple ministries was seen in the attacks on Albania, Moldova, and Montenegro.

CIDR/North Macedonia trains university and vocational instructors of IT and cybersecurity. Photo: CIDR.

Strengthening Portal Security

In the spring of 2022, CIDR launched country teams in Kosovo and North Macedonia—the first two of its six country teams. Initial planning focused on partnering with countries to help develop their cyber governance and workforces. While CIDR was not prioritizing e-governance protection, the events of 2022 prompted several assistance initiatives to strengthen the resistance and resilience of e-government portals. The participating governments and USAID shared an understanding that these portals facilitate important everyday activities such as commerce, healthcare, and agribusiness, to name a few.

USAID, through CIDR, has since worked with partner countries to identify vulnerabilities and provide technical assistance to strengthen security for e-governance portals. These results can be broken into three key categories:

Deployment of equipment: CIDR has deployed hardware and software to help mitigate DDoS attacks on government portals, such as firewalls configured to monitor incoming and outgoing network traffic on the portal to block specific traffic that appears to be threatening. As a result, governments have been able to limit the scale and duration of DDoS attacks and avoid the government-wide disruptions seen in 2022.

Engage multiple stakeholders: Recognizing that hackers continue to learn and adapt their tactics for institutional vulnerabilities, CIDR has worked with diverse senior officials and IT supervisors through working groups, seminars, and tabletop exercises to prepare government agencies to plan for and react to attacks targeting their operations.

Sustainable staff training: Technology and best practices are constantly changing in the cybersecurity field, so CIDR is helping governments stand up cyber-training platforms to provide practical training for their personnel. Whether used for continuous drills or for completing coursework leading to a certificate, these trainings will make it less likely that e-governance staff will be seeing a threat or attack vector for the first time at the start of an attack on their portals.

As one of CIDR’s Eastern European partners recently said, these efforts mark “steps” toward raising governments’ overall capacity for protecting the public digital space. CIDR will continue to help build countries’ capacity and capability to withstand the attacks of malevolent actors against e-government portals so citizens and their governments will be able to connect more safely.

DAI’s Dr. Robert Peacock is a Senior Strategic Technical Advisor on USAID CIDR.