Cyber security is one of the aspects of the cooperation between Serbia and NATO which has recently gained much attention. For instance, in her interview for the European Western Balkans, Rose Gottemoeller, Deputy Secretary General of NATO, noted that some of the potential areas of cooperation one should be looking at were cyber security and cyber defence.
Permanent advancement of the information technologies led to changes in the threat landscape and instigated NATO to follow suit and adapt to the new circumstances. Therefore, cyber defence became a part of NATO’s core task of collective defence. The Alliance, too, works on reinforcing its capabilities for cyber education, training, and exercises.
In order to keep pace with aforementioned changes, an enhanced policy and action plan was endorsed at the Wales Summit in September 2014. The member states recognised that “strong partnerships play a key role in addressing cyber threats and risks” and will, therefore, “continue to engage actively on cyber issues with relevant partner nations on a case-by-case basis and with other international organizations”, reads the Wales Summit Declaration. Three years later, an updated action plan was endorsed by the Allies.
In July 2016, NATO member states “recognised cyberspace as a domain of operations in which NATO must defend itself as effectively as it does in the air, on land, and at sea” and made “a Cyber Defence Pledge in July 2016 to enhance their cyber defences, as a matter of priority”, according to official web page of NATO.
Cooperation with the third states on cyber security issues has been underway for some time now and the framework for such cooperation can be found in an array of instruments, from bilateral cooperation agreements and specifically tailored programmes for individual PfP countries, to already established programmes.
In the area of cyber security, Serbia’s legal framework is based on the Law on Information Security, adopted only recently, in 2016. The Law, among other things, calls for the creation of a Body for the Coordination of Information Security, including, among others, representatives of other public bodies, the academic community, and civil society.
In addition, Strategy for Development of Information Society in the Republic of Serbia until 2020 was adopted in May 2017, which underlines security of ICT systems, information security of citizens, fight against high-tech crime, information security of the Republic of Serbia and international cooperation as six priority areas. By adopting the Strategy, Serbia has fulfilled its obligation in the area of information security in its EU accession process.
A research report “Cyber security in the Western Balkans: Policy gaps and cooperation opportunities” writes that the legal mechanisms to fight cybercrime are in place.
However, according to the report, proper multidisciplinary cyber security education on the policy level is missing. There have been attempts at general awareness-raising about online safety, although limited in scope.
Cooperation on, inter alia, cyber security, has been stipulated by Individual Partnership Action Plan (IPAP), signed in 2015, which has provided a framework for further enhancing cooperation without any indication to membership aspiration, thus respecting Serbian declared military neutrality. According to IPAP, “the Republic of Serbia wishes to enhance its capabilities for protecting critical communication and information systems against cyber attacks”.
IPAP envisaged, for instance, development of national cyber defence policy and a strategy, adoption of necessary laws and bylaws, government-level mechanisms and international coordinating mechanisms to respond effectively to cyber attacks, etc. So far, Serbia has made progress in meeting what was envisaged and recommended, and the adoption of the Law and the strategy has been seen as an important step forward.
Although the cooperation between Serbia and NATO in the area of cyber defence is far from voluminous, it has, nevertheless, increased over time.
Already in 2007, Serbia joined NATO Science for Peace and Security (SPS) Programme and it has become increasingly active over time. One of the key priorities of SPS Programme is cyber defence, which includes protection of critical infrastructure, which implies sharing of best practices, capacity building and policies, support in developing cyber defence capabilities and support to the construction of information technology infrastructure, and cyber defence situation awareness.
Recently, training was held as a part of SPS Programme, during which civil servants from the Office of the National Security Council and Classified Information Protection of the government of Serbia were trained to deal with information systems security (INFOSEC) in real life situations. INFOSEC policy is deemed very important, as it can provide an additional tool to counter cyber threats. The training took place in Belgrade and Tallinn from 30 October until 10 November 2017.
“It was an excellent opportunity for us to enhance the cooperation between NATO and Serbia in the field of information security. We would like to emphasise the high motivation and a good spirit of the group that made the event a success,” said Major General Vello Loemaa of the European Cyber Security Initiative in Estonia, which is the institution that organised the training in coordination with Serbia’s Office of the National Security Council and Classified Information Protection.
The area of information security will certainly gain more attention due to the continuous development of the information technologies, their vulnerability and an array of threats. And so will Serbian cooperation with the EU, NATO and other partners.