《日内瓦安全部门治理中心-网络安全政策制定和能力建设——加强西巴尔干地区的区域合作(英文)-2021.5-24正式版.doc》由会员分享,可在线阅读,更多相关《日内瓦安全部门治理中心-网络安全政策制定和能力建设——加强西巴尔干地区的区域合作(英文)-2021.5-24正式版.doc(24页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、Geneva Centrefor Security SectorGovernanceCybersecurity Policy Development and Capacity Building Increasing regional cooperation in the Western BalkansDraen Maravi1About DCAFDCAF Geneva Centre for Security Sector Governance is dedicated to improving the se-curity of states and their people within a
2、framework of democratic governance, the rule of law, respect for human rights, and gender equality. Since its founding in 2000, DCAF has contributed to making peace and development more sustainable by assisting partner states, and international actors supporting these states, to improve the governan
3、ce of their security sector through inclusive and participatory reforms. It creates innovative knowledge prod-ucts, promotes norms and good practices, provides legal and policy advice and supports capacity-building of both state and non-state security sector stakeholders.DCAFs Foundation Council is
4、comprised of representatives of about 60 member states and the Canton of Geneva. Active in over 80 countries, DCAF is internationally recognized as one of the worlds leading centres of excellence for security sector governance (SSG) and security sector reform (SSR). DCAF is guided by the principles
5、of neutrality, impartiality, lo-cal ownership, inclusive participation, and gender equality. For more information visit www. dcaf.ch and follow us on Twitter DCAF_Geneva.DCAF - Geneva Centre for Security Sector GovernanceMaison de la Paix Chemin Eugne-Rigot 2ECH-1202 Geneva, SwitzerlandTel: +41 22 7
6、30 94 00infodcaf.chwww.dcaf.chTwitter DCAF_Geneva2Cybersecurity Policy Development and Capacity Building in the Western BalkansContentsEXECUTIVE SUMMARY4INTRODUCTION5COUNTRY OVERVIEW9Albania9Bosnia and Herzegovina10Kosovo*11Montenegro12North Macedonia13Serbia13REGIONAL OVERVIEW15WAY FORWARD18* This
7、designation is without prejudice to positions on status and is in line with UNSCR 1244(1999) and the ICJ Opinion on the Kosovo declaration of independence.3EXECUTIVE SUMMARYThe Declaration of 2020 Zagreb Summit between the European Union (EU) and Western Balkan leader notes that so-called hybrid act
8、ivities originating from third-state actors, in-cluding disinformation around COVID-19, have become increasingly prevalent in the West-ern Balkans. Such incidents expose the vulnerability of societies and infrastructure to cy-berattacks, cybercrime and hybrid threats. The Declaration calls for incre
9、ased cooperation to address disinformation and other hybrid activities.The Digital and Green Agenda for the Western Balkans, the Regional Cooperation Council (RCC), the Regional School of Public Administration (ReSPA) and other regional initiatives provide a general framework for enhanced cooperatio
10、n. Many international actors have supported cybersecurity in the Western Balkans over the years. Countries of the region are also aware of the benefits of regional cooperation. Closer regional collaboration will there-fore be beneficial for resilience building, enhancing cybersecurity and strategic
11、communi-cation. The cybersecurity workforce shortage and skills gap are also significant concerns for the economic development and national security, especially given the rapid digitization of global and regional economies. Besides, slow progress in public administration reforms is hindering progres
12、s in cybersecurity development.With clear political support and shared ownership, it would be possible to create more vital regional collaboration, facilitated by a customized joint framework in the form of a regional hub. Western Balkan economies could have a regional framework for cooperation comm
13、it-ted to supporting and strengthening cybersecurity strategies, policies, and competence at all levels of public administration, from non-experts to highly skilled professionals. Besides, this regional framework could support economies of the region in raising citizens aware-ness of cybersecurity a
14、nd potential cyber threats and speed up aligning countries align-ment with the EU acquis.Economies of the region could task the potential regional cybersecurity hub to operate across areas which are within the usual practices of national cybersecurity authorities, and with a focus on:Providing thoug
15、ht leadership and strategic development direction and analysis in the cyber-security space.Raising cybersecurity awareness at all levels of government.Sharing information, expertise, and knowledge; andEstablishing and promoting best practices based on common challenges.Finally, joint activities in t
16、his area could potentially count on more considerable donor sup-port if the Western Balkan economies themselves contribute and create greater sustainabil-ity of regional cooperation activities.4Cybersecurity Policy Development and Capacity Building in the Western BalkansINTRODUCTIONThe COVID-19 pand
17、emic is a global shock that has not spared the Western Balkans (WB). The final extent of its footprint in terms of loss of human lives and damage to the economy is still difficult to assess. However, early estimates foresee a drop of between 4% and 6% of gross domestic product in the region. During
18、the COVID -19 crisis, inclusive regional coop-eration has proven essential.1 At the Zagreb Summit on 6 May 2020, the European Union (EU) and Western Balkan leaders agreed that deepening regional economic integration has to be a prominent part of the Western Balkans recovery efforts.2 Such a common r
19、egion-al market must be inclusive, based on EU rules and built on the regional economic area multi-annual action plans achievements.The Zagreb Summit Declaration noted that hybrid activities originating from third-state ac-tors, including disinformation around COVID-19, have become increasingly prev
20、alent in the Western Balkans (and Turkey). Such incidents expose the vulnerability of societies and infrastructure to cyberattacks, cybercrime and hybrid threats. As stated in the Zagreb Dec-laration, the EU will increase its cooperation with Western Balkan economies to address disinformation and ot
21、her hybrid activities. Closer collaboration is therefore much needed in resilience building, cybersecurity and strategic communication. The cybersecurity work-force shortage and skills gap is a significant concern for economic development and nation-al security, especially in the global and regional
22、 economys rapid digitization.There are different opportunities for enhanced regional cooperation. The starting point for this deliberation could be to maintain the status quo. One dimension is to continue with the usual bilateral exchangeS between the countries in the WB region and third countries.
23、Secondly, existing regional forums could be used for joint activities, mainly regarding re-search activities. This has been the case so far within this field, particularly by the Regional Cooperation Council. Bilateral and multilateral donors could continue to provide support to individual countries
24、, but this could lead to parallel rather than joint capacity development. Also, existing differences between the countries and slow pace of EU integration prospects for the region as a whole, could be reinforced if they continue to develop national capaci-ties for cybersecurity at their own pace, wi
25、thout the (additional) possibility of making larger steps together.Whilst maintaining the status quo, it would be possible to create more vital regional col-laboration, facilitated by a customized joint framework. Western Balkan countries could have a regional framework for cooperation committed to
26、supporting and strengthening the enhancement of cybersecurity strategies, policies, and competence at all levels of pub-lic administration, from non-experts to highly skilled professionals. Besides, this regional framework could help raise citizens awareness of cybersecurity and potential cyber thre
27、ats (e.g. phishing attacks, botnets, financial and banking fraud, data fraud). It would be possible to design regional information campaigns and to support potential national ones, as demon-strated by the DCAF regional project. Such a framework could guide acceptable practices to promote safer onlin
28、e behaviour (e.g. cyber hygiene and cyber literacy) using both good and bad examples from any country in the region.Furthermore, a regional effort could help to speed up aligning countries actions with the EU acquis, and engage in promoting and analysing cybersecurity academic and professional educa
29、tion by dividing efforts and specializations among the nations in some way. Finally, all countries in the region suffer from similar challenges, such as a shortfall in cybersecurity122020 Communication on EU enlargement policy, Brussels, 6.10.2020 COM(2020) 660 final. Zagreb Declaration, 6 May 2020.
30、 https:/www.consilium.europa.eu/media/43776/zagreb-declara-tion-en-06052020.pdf5skills, which could jeopardize both national security and economic development. Since there are multiple efforts to approach the regions economic growth, such as the mini-Schengen initiative, the Green Agenda for the Wes
31、tern Balkans and others, it is reasonable to con-clude that the same approach could work for cybersecurity as well. Regional cooperation is vital if the economies in the region move more rapidly towards digitalization and e-com-merce. This policy paper aims to document the key features of existing r
32、egional cooperation in public policy development and civil servant capacity building, focusing on institutions in charge of cybersecurity policy development and incident response, whilst providing policy advice for future improvements.Public administration reform (PAR) is essential for improving gov
33、ernance at all levels.3 Such reform includes increased transparency and accountability, sound public financial manage-ment, and administration of a more professional nature. The existing capacities for govern-mental cybersecurity policies are strongly related to the countries general public adminis-
34、tration reform developments. Modest effects concerning PAR (in areas such as public policy drafting and implementation, accountability, human resources management, and profes-sional development of civil servants), are influencing cybersecurity policies, capacities of lead institutions, and cybersecu
35、rity incident handlers.The annual EU assessment4 is that Albania, North Macedonia, Montenegro, and Serbia are only moderately prepared regarding public administration reform. In Serbia no further prog-ress has been made, as the number of acting senior manager positions remains excessive, rather than
36、 being reduced. Kosovo* has achieved some level of preparation, while Bosnia and Herzegovina is at an early stage. There has been some progress in improving policy planning, but further efforts are needed in all countries to ensure substantial central gov-ernment quality control. Montenegro has stre
37、ngthened and rationalized policy planning and achieved a reduction in the number of strategic documents. Policies, legislation and public investments are still often prepared without impact assessments.5 Managerial accountabil-ity and professionalization of the civil service still need to be ensured
38、 in most countries, and excessive politicization has to be addressed. Transparent and merit-based procedures for recruitment, promotion, demotion and dismissal need to be embedded in the legislative frameworks and consistently implemented across public services. The structure of the state administra
39、tion should ensure effective lines of accountability. Most countries have made efforts to improve services to citizens and businesses, especially in the area of e-service delivery.6 The EU has concluded that enhanced inter-institutional coordination is needed to fully implement public administration
40、 reforms in the Western Balkans.National authorities focusing on cybersecurity should base their work on strategies and action plans developed in an inclusive process that benefits from input from academia, the business sector and civil society organizations. They should have significant human resou
41、rces, both in terms of numbers of personnel and competences, and rely on a solid retention policy to enable long-term developments to be put in place. Public administrations have always been information-processing organizations. In general, public administration bodies must have IT-related business
42、processes that are secure by design and a high level of related knowledge for all members of the public administration. Clear accountability and reporting lines for staff are essential, and for all senior managers dealing with sensitive public information and personal data. Public organizations are
43、dealing with a high volume of sensitive data and many have vulnerable cyber defences, which in some cases poses a risk for regional government organizations and the public sector in general.3456https:/eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52019DC02602020 Communication on EU enlargement p
44、olicy, Brussels, 6.10.2020 COM(2020) 660 FINAL. https:/eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52019DC0260 https:/eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX:52019DC02606Cybersecurity Policy Development and Capacity Building in the Western BalkansFurthermore, digitalization of public
45、 administration services is a vital priority for Western Balkan countries. The more government organizations embrace technology, the more ex-posed they are to threats in cyberspace. Nowadays, digital government agendas world-wide seek to keep abreast of digital networking and digital changes in a so
46、ciety based on information technology. Ever- increasing digitalization leads to fundamental changes in the business processes of public administrations as they try to offer customer-friendly services to citizens and businesses.Considering this, governments need to implement new safeguards in the for
47、m of continu-ous information security and legally compliant data protection. Cybersecurity measures are continually improving. Just as criminals are developing unknown attack vectors, firewalls, encryption and other security measures are becoming more robust. It would be a mistake, though, to think of this as a primarily technology-related issue. The greatest weakness of public organizations will always be the human factor. The biggest threat will usually come from within either from a malicious action or a fundamental human error.Attacks are still mostly due to someone making a m