Serbia’s efforts to respond to cyber security threats
The last decade has been marked by a series of high-profile cyber attacks on different OSCE-participating states. In 2007, the Estonian parliament, ministries and banks were subjected to a cyber attack. Two years later hackers used sophisticated software to target the Swiss foreign ministry. In May unknown hackers attacked the computer system of Germany’s parliament.
Serbia is also not immune to cyber threats. Last year, websites of official institutions and the media were victims of a direct distributed-denial-of-service (DDoS) attack in the aftermath of an incident at a football match with Albania. “Personal data of millions of citizens were leaked from the database of the Serbian Business Register Agency and e-mails of high-ranking interior ministry officials were taken over,” said Vladimir Radunovic, Director of Cyber-security and E-diplomacy Programmes of Diplo Centre Civil Society Organization (CSO). According to Radunovic, a countrywide cyber attack could result in a direct loss of more than 10 million Euros per day.
What is cyber-crime?
Cyber-crime encompasses any criminal act dealing with computers and networks. It also includes traditional crimes conducted through the Internet. For example, hate crimes, telemarketing, Internet fraud, identity theft and credit card account thefts are considered to be cybercrimes when the illegal activities are committed through the use of a computer and the Internet.
Current situation in Serbia
“In a country like Serbia, where more than 50% of the population has Internet access, citizens are increasingly relying on global IT networks in their daily life,” said the Head of the OSCE Mission to Serbia, Ambassador Peter Burkhard. He also noted that benefits of using the Internet are accompanied by risks which require joint efforts from government and academic institutions, civil society organizations and businesses. Currently the country does not have operational or legislative mechanisms to deal with them.
"Serbia is one of the few countries in Europe without a Computer Emergency Response Team (CERT) whose aim is to provide rapid response to cyber security threats and incidents,” said the Chairman of the Information Association of Serbia, Nikola Markovic, while speaking at the margins of the OSCE Mission to Serbia-supported conference on cyber security, which took place in Belgrade in June 2015.
Having CERT would help regional co-operation in the field of cyber security. Currently our regional partners do not know what to do with cyber-attack information they gather; how to share information or whom to alert in Serbia.
Creating a national cyber security framework
At the beginning of its 2015 OSCE Chairmanship, Serbia stressed that one of its priorities in the field of cyber security is to continue supporting the efforts by all 57 participating States to tackle the challenges in cyberspace. A key priority in this regard is to further the implementation of the first set of OSCE confidence building measures to reduce the risks of conflict stemming from the use of information and communication technologies.
The Serbian Chairmanship is currently in discussions with the OSCE and the Troika (an advisory body consisting of the current, previous and succeeding Chairpersons), and plans to organize a sub-regional expert workshop in fall which will look at effective national strategies to deal with cyber threats. Adopting a National Strategy for the Protection of Serbia against Cyber Risks is included in these plans.
A countrywide cyber attack could result in a direct loss of more than 10 million Euros per day.
The OSCE Mission to Serbia has been working with many stakeholders for years to address topics related to security sector reform process. And, as of recently, the topic of cybersecurity has become a part of it.
With its partner Diplo Centre, the Mission is implementing a project aimed at building institutional mechanisms for the prevention and quick response to cyber incidents.
“We are ready and would like to see Serbia create a proper legislative and institutional set-up at the national level to tackle the emerging security threats,” said Burkhard.
Vladimir Radunovic from the Diplo Centre stressed how important such efforts are in the face of the constantly evolving cyber threats saying that “the money one needs to invest into organizing a cyber-attack is small, risks for the attacker are small, but the consequences can be huge.”
The OSCE Mission to Serbia supported the 19 June conference in the framework of the extra budgetary project Consolidating the democratization process in the security sector in Serbia, funded by the Swedish Government.