Kosovo has improved on many areas of cybersecurity capacity and has gained a comprehensive understanding of existing gaps and opportunities for capacity building in recent years, a new report assessing Kosovo's cybersecurity says. The report uses the Cybersecurity Capacity Maturity Model for Nations (CMM) methodology, developed by the Global Cyber Security Capacity Centre (GCSCC) of the University of Oxford. This is the second such assessment by GCSCC researchers in Kosovo and was conducted with support from the Ministry of Economy and Environment. The initial exercise was conducted in 2015, thus making Kosovo the first country worldwide to have piloted the CMM and then undergone the CMM update assessment.
The new assessment found that Kosovo has undertaken critical steps in building cybersecurity capacity, most notably it has adopted its first National Cybersecurity Strategy (NCS). The 2019 CMM report showed that the NCS has given impetus to an ambitious legislative reform, including the overhaul of cybercrime legislation, the development of a comprehensive umbrella law on cybersecurity, and the creation of a legal basis for the identification of critical national infrastructure. The researchers concluded that it is crucial to maintain this momentum to enable the full enforcement of these legislative initiatives. Equal importance needs to be assigned to ensuring that established structures such as KOS-CERT have the resources and support available to fulfil their responsibilities. This last point extends to other institutions such as the Ministry of Economy and Environment, and the Ministry of Education, Science and Technology that need additional support to mitigate the talent retention problem in Kosovo and the shortage of skilled professionals in ICT and cybersecurity.
"Strengthening cybersecurity is a crucial step to ensure that all the ICT systems and infrastructures work together safely. We have taken the recommendations from the first Cybersecurity Maturity Model seriously and have made substantial progress in the policy domain", said Agim Kukaj, Director of Post, Telecommunications and ICT Department and Director of the Kosovo Digital Economy (KODE) Project at the Ministry of Economy and Environment. "The re-assessment is not only a guide to further improvements, but also a way of better understanding our weaknesses and strengths in a comparative manner."
This assessment was conducted under the Global Cybersecurity Capacity Program II, for which the financing came from Korea's Ministry of Economy and Finance, through the Korea-World Bank Group Partnership Facility (KWPF), which is administered by the World Bank. As part of this Program, the country also benefited from a capacity-building workshop delivered in November by the Global Cybersecurity Center for Development, part of Korea's Internet & Security Agency (KISA). The two-day workshop in November 2019 convened numerous local cybersecurity experts who got exposed to cutting-edge knowledge on cybersecurity from Republic of Korea.
The World Bank is also supporting, through the Digital Economy Project for Kosovo (KODE), improved access to better quality and high‐speed broadband services in rural areas and to online knowledge sources, services and labor markets among citizens, and public and academic institutions.
"Like every other sector of the connected economy, the public sector is also a perennial target for cyber-criminals, and we know that effective cybersecurity is about much more than technology tools", said Marco Mantovanelli, World Bank's Country Manager for Kosovo and North Macedonia. "The World Bank will continue to support Kosovo on this challenging, yet exciting journey in the years to come," he added.
The CMM aims to enable governments to benchmark cybersecurity capacity across five dimensions: cybersecurity policy and strategy; cyber culture and society; cybersecurity education, training and skills; legal and regulatory frameworks; and standards, organisations and technologies. The GCSCC and its strategic international partners have deployed the CMM in more than 80 countries around the world since its pilot in Kosovo in 2015.
"We congratulate the Government of Kosovo on the advances in the cybersecurity capacity since 2015." said Michael Goldsmith, Co-Director of the GCSCC. "The 2015 CMM review and the 2029 CMM re-assessment - the first conducted globally - have broadly coincided with the beginning and end of the life cycle of the first National Cybersecurity Strategy. As such, the second CMM review provided great opportunity to assess progress against a robust baseline and map out priorities for a successor strategy."
