Cybersecurity and cyber resilience are becoming increasingly crucial considerations for countries seeking to assert sovereignty and self-determination. This desire is particularly acute in regions such as Eastern Europe, South Caucasus, and the Western Balkans, all of which face increasingly complex cyberattacks emanating from nefarious individual and nation-state actors. As these countries navigate digitalization and the interconnectedness of their critical infrastructure (CI) operations, including financial networks and government services, they must strengthen their capacity to address vulnerabilities caused by new technological developments and an increasingly hostile international security environment. Domestic leadership, regional cohesion, and international support are pivotal in strengthening cybersecurity capacity, legislative and strategic frameworks, and institutions in these regions.
Countries of focus in Eastern Europe, South Caucasus, and the Western Balkans.
Enduring Notable Cyberattacks
Several countries such as Georgia, Montenegro, and Ukraine among others, have been targeted after aligning with Western institutions in the European Union or North Atlantic Treaty Organization (NATO). Attacks to their cyberspace have ranged from distributed denial-of-service (DDoS) and spear-phishing emails to malware and advanced persistent threat (APT) incursions that embed dormant malicious code in critical systems to leak data or allow access to attackers at a later time. These events have periodically exposed vulnerabilities and heightened the need for institutions to prepare for likely future intrusions into their cyberspace.
In 2017, Montenegro endured DDoS and spear-phishing attacks prior to its general election and accession into NATO. These attacks were attributed to APT28, also known as Fancy Bear, and according to U.S. intelligence services, tied to Russia’s military intelligence service, the Organization of the Main Intelligence Administration (more commonly known as GRU). The year marked a stark increase in such incidents, from only 22 in 2013, to almost 400 recorded by September 2017, according to a report by the Center for Investigative Journalism of Montenegro and Balkan Investigative Reporting Network. Moreover, pro-Western Georgia endured the latest in a line of cyberattacks in October 2019, when more than 15,000 pages of government websites were disrupted and defaced, and the broadcasts of two television stations interrupted. This attack was also attributed to GRU by the U.S. Department of State, specifically to GRU’s Main Center for Special Technologies, also known as Unit 74455 and Sandworm, thought to be behind the catastrophic 2017 NotPetya attack. Though originating in Ukraine, the NotPetya attack cost billions of dollars in unofficial damage across the world and has been dubbed the “most devastating cyberattack in history.”
Domestic leadership, regional cohesion, and international support are pivotal in strengthening cybersecurity capacity, legislative and strategic frameworks, and institutions in regions such as Eastern Europe, South Caucasus, and the Western Balkans.
International and Regional Support
Several countries in the region are working with Western powers to address their cybersecurity vulnerabilities in relation to these threats. In the aftermath of the 2017 attack in Montenegro, the country enlisted appropriate training for its small cybersecurity team with the help of U.S. and U.K. cybersecurity experts. The U.S. Agency for International Development (USAID) is expanding its assistance in the wider region by crafting the Countering Malign Kremlin Influence framework to counter Russian aggression, providing support to strengthen CI such as regional energy utilities. In March 2020, the U.S. Department of State pledged $8 million toward funding a new USAID cybersecurity project led by DAI, with a goal of eventually investing $38 million over the next four years to boost Ukraine’s cybersecurity capabilities through cyber workforce development and regulatory reforms.
Fortunately, there are countries and international organizations that may provide comparative guiding principles of strengthening cybersecurity resilience. Perhaps the most striking is nearby Estonia, which has overcome major cyberattacks to become one of the world’s heavyweights in setting international norms and providing assistance in cybersecurity. After 2007 attacks on parliament, ministry, financial, and other websites in Estonia from Russian IP addresses, the Ministry of Defense undertook responsibility for training leading cybersecurity experts and with the help of NATO, established the Cooperative Cyber Defense Centre of Excellence (CCD COE) in 2008. The CCD COE, both funded and directed by voluntarily participating states, focuses on research, development, training, and education in both the technical and nontechnical aspects of cyber defense. The Government of the Netherlands also showed leadership in this space to initiate the Global Forum for Cyber Expertise, a multi-stakeholder community of more than 115 members and partners aimed at strengthening cyber capacity and expertise globally.
Below are three recommendations to strengthen the ability of these countries to set the course of economic, political, and military alliances for themselves and mitigate the effect of foreign influence. In addition, these recommendations work towards making cyber capacity self-sustaining over time, whilst maintaining the international links necessary to help these countries both contribute to and benefit from the latest knowledge at an international level. This allows them to become not only recipients of best practices, but generators of best practices as well.
1. Develop institutions or mechanisms to address a shortage of skilled cybersecurity professionals. There has to be a concerted, two-pronged approach in arming existing professionals with the appropriate theoretical and practical knowledge in cybersecurity, alongside enabling a steady stream of talent to shore up deficiencies and lack of numbers in the public sector—a sector pivotal for the maintenance and operation of vulnerable CI assets. Initiatives akin to the U.K. Cyber Retraining Academy, or the National Centers of Academic Excellence in the United States are useful examples.
2. Establish and tailor country-specific cybersecurity maturity standards. Such customized standards will serve as tools to ensure and implement comprehensive and dynamic cyber regulation. Several international and domestic standards can be used to understand vulnerabilities, set country-specific standards and attain desired cyber maturity, such as MITRE’s ATT&CK Framework, United Kingdom and Canadian Cyber Essentials, or the National Institute of Standards and Technology’s National Initiative for Cybersecurity Education (NICE) Cybersecurity Workforce Framework.
3. Set up smaller robust regional cybersecurity centers. Similar to Estonia’s CCD COE, small regional cybersecurity centers will enable information sharing, research, monitoring, and reporting. This will be crucial in sharing best practices and resources while tracking new and diverse complex threats across the region.